aboutsummaryrefslogtreecommitdiff
path: root/tlsproxy
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2022-04-20 15:29:24 +0200
committerAlex Auvolat <alex@adnab.me>2022-04-20 15:29:24 +0200
commit226fbabf655656f16ca883c8489a2360abdb8367 (patch)
tree2983e42a4cdccc408f2added26d9df21342fdd7a /tlsproxy
parent7c1444b7143710066f5173119a529c3b5e101300 (diff)
downloadnixcfg-226fbabf655656f16ca883c8489a2360abdb8367.tar.gz
nixcfg-226fbabf655656f16ca883c8489a2360abdb8367.zip
tlsproxy from pass; fix tls stuff
Diffstat (limited to 'tlsproxy')
-rwxr-xr-xtlsproxy47
1 files changed, 47 insertions, 0 deletions
diff --git a/tlsproxy b/tlsproxy
new file mode 100755
index 0000000..7546b81
--- /dev/null
+++ b/tlsproxy
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -xe
+
+# Enter proper cluster subdirectory
+
+cd $(dirname $0)
+
+CLUSTER="$1"
+if [ ! -d "cluster/$CLUSTER" ]; then
+ echo "Usage: $0 <cluster name>"
+ echo "The cluster name must be the name of a subdirectory of cluster/"
+ exit 1
+fi
+
+PREFIX="deuxfleurs/cluster/$CLUSTER"
+
+# Do actual stuff
+
+YEAR=$(date +%Y)
+
+CERTDIR=$(mktemp -d)
+
+_int() {
+ echo "Caught SIGINT signal!"
+ rm -rv $CERTDIR
+ kill -INT "$child1" 2>/dev/null
+ kill -INT "$child2" 2>/dev/null
+}
+
+trap _int SIGINT
+
+pass $PREFIX/nomad$YEAR.crt > $CERTDIR/nomad.crt
+pass $PREFIX/nomad$YEAR-client.crt > $CERTDIR/nomad-client.crt
+pass $PREFIX/nomad$YEAR-client.key > $CERTDIR/nomad-client.key
+pass $PREFIX/consul$YEAR.crt > $CERTDIR/consul.crt
+pass $PREFIX/consul$YEAR-client.crt > $CERTDIR/consul-client.crt
+pass $PREFIX/consul$YEAR-client.key > $CERTDIR/consul-client.key
+
+socat -dd tcp4-listen:4646,reuseaddr,fork openssl:localhost:14646,cert=$CERTDIR/nomad-client.crt,key=$CERTDIR/nomad-client.key,cafile=$CERTDIR/nomad.crt &
+child1=$!
+
+socat -dd tcp4-listen:8500,reuseaddr,fork openssl:localhost:8501,cert=$CERTDIR/consul-client.crt,key=$CERTDIR/consul-client.key,cafile=$CERTDIR/consul.crt &
+child2=$!
+
+wait "$child1"
+wait "$child2"