tlsproxy from pass; fix tls stuff

1 files changed, 47 insertions, 0 deletions

diff --git a/tlsproxy b/tlsproxy
new file mode 100755
index 0000000..7546b81
--- /dev/null
+++ b/tlsproxy
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -xe
+
+# Enter proper cluster subdirectory
+
+cd $(dirname $0)
+
+CLUSTER="$1"
+if [ ! -d "cluster/$CLUSTER" ]; then
+	echo "Usage: $0 <cluster name>"
+	echo "The cluster name must be the name of a subdirectory of cluster/"
+	exit 1
+fi
+
+PREFIX="deuxfleurs/cluster/$CLUSTER"
+
+# Do actual stuff
+
+YEAR=$(date +%Y)
+
+CERTDIR=$(mktemp -d)
+
+_int() {
+  echo "Caught SIGINT signal!"
+  rm -rv $CERTDIR
+  kill -INT "$child1" 2>/dev/null
+  kill -INT "$child2" 2>/dev/null
+}
+
+trap _int SIGINT
+
+pass $PREFIX/nomad$YEAR.crt > $CERTDIR/nomad.crt
+pass $PREFIX/nomad$YEAR-client.crt > $CERTDIR/nomad-client.crt
+pass $PREFIX/nomad$YEAR-client.key > $CERTDIR/nomad-client.key
+pass $PREFIX/consul$YEAR.crt > $CERTDIR/consul.crt
+pass $PREFIX/consul$YEAR-client.crt > $CERTDIR/consul-client.crt
+pass $PREFIX/consul$YEAR-client.key > $CERTDIR/consul-client.key
+
+socat -dd tcp4-listen:4646,reuseaddr,fork openssl:localhost:14646,cert=$CERTDIR/nomad-client.crt,key=$CERTDIR/nomad-client.key,cafile=$CERTDIR/nomad.crt &
+child1=$!
+
+socat -dd tcp4-listen:8500,reuseaddr,fork openssl:localhost:8501,cert=$CERTDIR/consul-client.crt,key=$CERTDIR/consul-client.key,cafile=$CERTDIR/consul.crt &
+child2=$!
+
+wait "$child1"
+wait "$child2"