aboutsummaryrefslogblamecommitdiff
path: root/tlsproxy
blob: 4f9febeb3550c4af8e29fd4332f4889828cf8610 (plain) (tree)
1
2
3
4
5
6
7
8
9
                   







                                   
                                                         








                                                                              
                


















                                                                
                                                                                                                                                                                 

         
                                                                                                                                                                                   



              
#!/usr/bin/env bash

set -xe

# Enter proper cluster subdirectory

cd $(dirname $0)

CLUSTER="$1"
if [ ! -d "cluster/$CLUSTER" ] || [ -z "$CLUSTER" ]; then
	echo "Usage: $0 <cluster name>"
	echo "The cluster name must be the name of a subdirectory of cluster/"
	exit 1
fi

PREFIX="deuxfleurs/cluster/$CLUSTER"

# Do actual stuff

YEAR=$(date +%Y)

CERTDIR=$(mktemp -d)

_int() {
  echo "Caught SIGINT signal!"
  rm -rv $CERTDIR
  kill -INT "$child1" 2>/dev/null
  kill -INT "$child2" 2>/dev/null
}

trap _int SIGINT

pass $PREFIX/nomad$YEAR.crt > $CERTDIR/nomad.crt
pass $PREFIX/nomad$YEAR-client.crt > $CERTDIR/nomad-client.crt
pass $PREFIX/nomad$YEAR-client.key > $CERTDIR/nomad-client.key
pass $PREFIX/consul$YEAR.crt > $CERTDIR/consul.crt
pass $PREFIX/consul$YEAR-client.crt > $CERTDIR/consul-client.crt
pass $PREFIX/consul$YEAR-client.key > $CERTDIR/consul-client.key

socat -dd tcp-listen:4646,reuseaddr,fork,bind=127.0.0.1 openssl:localhost:14646,cert=$CERTDIR/nomad-client.crt,key=$CERTDIR/nomad-client.key,cafile=$CERTDIR/nomad.crt,verify=0 &
child1=$!

socat -dd tcp-listen:8500,reuseaddr,fork,bind=127.0.0.1 openssl:localhost:8501,cert=$CERTDIR/consul-client.crt,key=$CERTDIR/consul-client.key,cafile=$CERTDIR/consul.crt,verify=0 &
child2=$!

wait "$child1"
wait "$child2"