]> Sergey Matveev's repositories - tofuproxy.git/blobdiff - cmd/tofuproxy/main.go
projects / tofuproxy.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Refactoring
[tofuproxy.git] / cmd / tofuproxy / main.go
diff --git a/cmd/tofuproxy/main.go b/cmd/tofuproxy/main.go
new file mode 100644 (file)
index 0000000..5ad6e62
--- /dev/null
+++ b/cmd/tofuproxy/main.go
@@ -0,0 +1,72 @@
+/*
+tofuproxy -- HTTP proxy with TLS certificates management
+Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 3 of the License.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package main
+
+import (
+       "flag"
+       "log"
+       "net"
+       "net/http"
+
+       "go.cypherpunks.ru/ucspi"
+       "go.stargrave.org/tofuproxy"
+       "go.stargrave.org/tofuproxy/fifos"
+)
+
+func main() {
+       crtPath := flag.String("cert", "cert.pem", "Path to server X.509 certificate")
+       prvPath := flag.String("key", "prv.pem", "Path to server PKCS#8 private key")
+       bind := flag.String("bind", "[::1]:8080", "Bind address")
+       certs := flag.String("certs", "certs", "Directory with pinned certificates")
+       dnsSrv := flag.String("dns", "[::1]:53", "DNS server")
+       fifosDir := flag.String("fifos", "fifos", "Directory with FIFOs")
+       notai := flag.Bool("notai", false, "Do not prepend TAI64N to logs")
+       flag.Parse()
+       log.SetFlags(log.Lshortfile)
+
+       var err error
+       _, caCert, err := ucspi.CertificateFromFile(*crtPath)
+       if err != nil {
+               log.Fatalln(err)
+       }
+       caPrv, err := ucspi.PrivateKeyFromFile(*prvPath)
+       if err != nil {
+               log.Fatalln(err)
+       }
+
+       fifos.NoTAI = *notai
+       fifos.FIFOs = *fifosDir
+       fifos.Init()
+       tofuproxy.Certs = *certs
+       tofuproxy.DNSSrv = *dnsSrv
+       tofuproxy.CACert = caCert
+       tofuproxy.CAPrv = caPrv
+
+       ln, err := net.Listen("tcp", *bind)
+       if err != nil {
+               log.Fatalln(err)
+       }
+       srv := http.Server{
+               Handler:      &tofuproxy.Handler{},
+               TLSNextProto: tofuproxy.TLSNextProtoS,
+       }
+       log.Println("listening:", *bind, "certs:", *certs)
+       if err := srv.Serve(ln); err != nil {
+               log.Fatalln(err)
+       }
+}
Flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU manager, WARC/geminispace browser