autocert
This commit is contained in:
parent
7436b359d2
commit
8b5dc9dccb
2
go.sum
2
go.sum
|
@ -1,7 +1,9 @@
|
||||||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
||||||
golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 h1:cg5LA/zNPRzIXIWSCxQW10Rvpy94aQh3LT/ShoCpkHw=
|
golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 h1:cg5LA/zNPRzIXIWSCxQW10Rvpy94aQh3LT/ShoCpkHw=
|
||||||
golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||||
|
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 h1:0GoQqolDA55aaLxZyTzK/Y2ePZzZTUrRacwib7cNsYQ=
|
||||||
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||||
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||||
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||||
|
golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
|
||||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||||
|
|
43
main.go
43
main.go
|
@ -7,10 +7,15 @@ import (
|
||||||
"log"
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
|
"path/filepath"
|
||||||
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"golang.org/x/crypto/acme/autocert"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
home, _ = os.UserHomeDir()
|
||||||
version = "undefined"
|
version = "undefined"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -26,6 +31,23 @@ func arg_fail(msg string) {
|
||||||
os.Exit(2)
|
os.Exit(2)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type CSVArg []string
|
||||||
|
|
||||||
|
func (a *CSVArg) Set(s string) error {
|
||||||
|
*a = strings.Split(s, ",")
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (a *CSVArg) String() string {
|
||||||
|
if a == nil {
|
||||||
|
return "<nil>"
|
||||||
|
}
|
||||||
|
if *a == nil {
|
||||||
|
return "<empty>"
|
||||||
|
}
|
||||||
|
return strings.Join(*a, ",")
|
||||||
|
}
|
||||||
|
|
||||||
type CLIArgs struct {
|
type CLIArgs struct {
|
||||||
bind_address string
|
bind_address string
|
||||||
auth string
|
auth string
|
||||||
|
@ -35,7 +57,10 @@ type CLIArgs struct {
|
||||||
list_ciphers bool
|
list_ciphers bool
|
||||||
ciphers string
|
ciphers string
|
||||||
disableHTTP2 bool
|
disableHTTP2 bool
|
||||||
showVersion bool
|
showVersion bool
|
||||||
|
autocert bool
|
||||||
|
autocertWhitelist CSVArg
|
||||||
|
autocertDir string
|
||||||
}
|
}
|
||||||
|
|
||||||
func list_ciphers() {
|
func list_ciphers() {
|
||||||
|
@ -58,6 +83,9 @@ func parse_args() CLIArgs {
|
||||||
flag.StringVar(&args.ciphers, "ciphers", "", "colon-separated list of enabled ciphers")
|
flag.StringVar(&args.ciphers, "ciphers", "", "colon-separated list of enabled ciphers")
|
||||||
flag.BoolVar(&args.disableHTTP2, "disable-http2", false, "disable HTTP2")
|
flag.BoolVar(&args.disableHTTP2, "disable-http2", false, "disable HTTP2")
|
||||||
flag.BoolVar(&args.showVersion, "version", false, "show program version and exit")
|
flag.BoolVar(&args.showVersion, "version", false, "show program version and exit")
|
||||||
|
flag.BoolVar(&args.autocert, "autocert", false, "issue TLS certificates automatically")
|
||||||
|
flag.Var(&args.autocertWhitelist, "autocert-whitelist", "restrict autocert domains to this comma-separated list")
|
||||||
|
flag.StringVar(&args.autocertDir, "autocert-dir", filepath.Join(home, ".dumbproxy", "autocert"), "path to autocert cache")
|
||||||
flag.Parse()
|
flag.Parse()
|
||||||
return args
|
return args
|
||||||
}
|
}
|
||||||
|
@ -70,7 +98,6 @@ func run() int {
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
if args.list_ciphers {
|
if args.list_ciphers {
|
||||||
list_ciphers()
|
list_ciphers()
|
||||||
return 0
|
return 0
|
||||||
|
@ -116,6 +143,18 @@ func run() int {
|
||||||
cfg.CipherSuites = makeCipherList(args.ciphers)
|
cfg.CipherSuites = makeCipherList(args.ciphers)
|
||||||
server.TLSConfig = cfg
|
server.TLSConfig = cfg
|
||||||
err = server.ListenAndServeTLS("", "")
|
err = server.ListenAndServeTLS("", "")
|
||||||
|
} else if args.autocert {
|
||||||
|
m := &autocert.Manager{
|
||||||
|
Cache: autocert.DirCache(args.autocertDir),
|
||||||
|
Prompt: autocert.AcceptTOS,
|
||||||
|
}
|
||||||
|
if args.autocertWhitelist != nil {
|
||||||
|
m.HostPolicy = autocert.HostWhitelist([]string(args.autocertWhitelist)...)
|
||||||
|
}
|
||||||
|
cfg := m.TLSConfig()
|
||||||
|
cfg.CipherSuites = makeCipherList(args.ciphers)
|
||||||
|
server.TLSConfig = cfg
|
||||||
|
err = server.ListenAndServeTLS("", "")
|
||||||
} else {
|
} else {
|
||||||
err = server.ListenAndServe()
|
err = server.ListenAndServe()
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue