--- /dev/null
+/*
+tofuproxy -- HTTP proxy with TLS certificates management
+Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 3 of the License.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package main
+
+import (
+ "flag"
+ "log"
+ "net"
+ "net/http"
+
+ "go.cypherpunks.ru/ucspi"
+ "go.stargrave.org/tofuproxy"
+ "go.stargrave.org/tofuproxy/fifos"
+)
+
+func main() {
+ crtPath := flag.String("cert", "cert.pem", "Path to server X.509 certificate")
+ prvPath := flag.String("key", "prv.pem", "Path to server PKCS#8 private key")
+ bind := flag.String("bind", "[::1]:8080", "Bind address")
+ certs := flag.String("certs", "certs", "Directory with pinned certificates")
+ dnsSrv := flag.String("dns", "[::1]:53", "DNS server")
+ fifosDir := flag.String("fifos", "fifos", "Directory with FIFOs")
+ notai := flag.Bool("notai", false, "Do not prepend TAI64N to logs")
+ flag.Parse()
+ log.SetFlags(log.Lshortfile)
+
+ var err error
+ _, caCert, err := ucspi.CertificateFromFile(*crtPath)
+ if err != nil {
+ log.Fatalln(err)
+ }
+ caPrv, err := ucspi.PrivateKeyFromFile(*prvPath)
+ if err != nil {
+ log.Fatalln(err)
+ }
+
+ fifos.NoTAI = *notai
+ fifos.FIFOs = *fifosDir
+ fifos.Init()
+ tofuproxy.Certs = *certs
+ tofuproxy.DNSSrv = *dnsSrv
+ tofuproxy.CACert = caCert
+ tofuproxy.CAPrv = caPrv
+
+ ln, err := net.Listen("tcp", *bind)
+ if err != nil {
+ log.Fatalln(err)
+ }
+ srv := http.Server{
+ Handler: &tofuproxy.Handler{},
+ TLSNextProto: tofuproxy.TLSNextProtoS,
+ }
+ log.Println("listening:", *bind, "certs:", *certs)
+ if err := srv.Serve(ln); err != nil {
+ log.Fatalln(err)
+ }
+}