diff options
author | Alex Auvolat <alex@adnab.me> | 2022-04-20 15:29:24 +0200 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2022-04-20 15:29:24 +0200 |
commit | 226fbabf655656f16ca883c8489a2360abdb8367 (patch) | |
tree | 2983e42a4cdccc408f2added26d9df21342fdd7a /tlsproxy | |
parent | 7c1444b7143710066f5173119a529c3b5e101300 (diff) | |
download | nixcfg-226fbabf655656f16ca883c8489a2360abdb8367.tar.gz nixcfg-226fbabf655656f16ca883c8489a2360abdb8367.zip |
tlsproxy from pass; fix tls stuff
Diffstat (limited to 'tlsproxy')
-rwxr-xr-x | tlsproxy | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/tlsproxy b/tlsproxy new file mode 100755 index 0000000..7546b81 --- /dev/null +++ b/tlsproxy @@ -0,0 +1,47 @@ +#!/bin/sh + +set -xe + +# Enter proper cluster subdirectory + +cd $(dirname $0) + +CLUSTER="$1" +if [ ! -d "cluster/$CLUSTER" ]; then + echo "Usage: $0 <cluster name>" + echo "The cluster name must be the name of a subdirectory of cluster/" + exit 1 +fi + +PREFIX="deuxfleurs/cluster/$CLUSTER" + +# Do actual stuff + +YEAR=$(date +%Y) + +CERTDIR=$(mktemp -d) + +_int() { + echo "Caught SIGINT signal!" + rm -rv $CERTDIR + kill -INT "$child1" 2>/dev/null + kill -INT "$child2" 2>/dev/null +} + +trap _int SIGINT + +pass $PREFIX/nomad$YEAR.crt > $CERTDIR/nomad.crt +pass $PREFIX/nomad$YEAR-client.crt > $CERTDIR/nomad-client.crt +pass $PREFIX/nomad$YEAR-client.key > $CERTDIR/nomad-client.key +pass $PREFIX/consul$YEAR.crt > $CERTDIR/consul.crt +pass $PREFIX/consul$YEAR-client.crt > $CERTDIR/consul-client.crt +pass $PREFIX/consul$YEAR-client.key > $CERTDIR/consul-client.key + +socat -dd tcp4-listen:4646,reuseaddr,fork openssl:localhost:14646,cert=$CERTDIR/nomad-client.crt,key=$CERTDIR/nomad-client.key,cafile=$CERTDIR/nomad.crt & +child1=$! + +socat -dd tcp4-listen:8500,reuseaddr,fork openssl:localhost:8501,cert=$CERTDIR/consul-client.crt,key=$CERTDIR/consul-client.key,cafile=$CERTDIR/consul.crt & +child2=$! + +wait "$child1" +wait "$child2" |