about summary refs log tree commit diff
CALICO(1) FreeBSD General Commands Manual CALICO(1)

calico
dispatches cat

calico [-H host] [-P port] [-t timeout] directory

The calico daemon dispatches incoming TLS connections to instances of pounce(1) by Server Name Indication (SNI). Instances of pounce(1) should be configured with -U to bind to UNIX-domain sockets in the directory passed to calico.

Note that calico is not a proxy. Incoming connections are passed directly to instances of pounce(1), which handle TLS negotiation. Instances of pounce(1) and calico can be restarted independently of each other.

The arguments are as follows:

host
Bind to host. The default host is localhost.
port
Bind to port. The default port is 6697.
timeout
Set the timeout in milliseconds after which a connection will be closed if it has not sent the ClientHello message. The default timeout is 1000 milliseconds.
directory
The path to the directory containing pounce(1) UNIX-domain sockets.

Obtain certificates for and dispatch to two instances of pounce(1):
certbot certonly -d oftc.example.org
certbot certonly -d libera.example.org
pounce -U /var/run/calico -H oftc.example.org oftc.conf
pounce -U /var/run/calico -H libera.example.org libera.conf
calico -H example.org /var/run/calico

The two instances can be connected to via oftc.example.org:6697 and libera.example.org:6697, respectively.

pounce(1)

June Bug <june@causal.agency>

Send mail to <list+pounce@causal.agency> or join #ascii.town on irc.tilde.chat.
August 27, 2020 FreeBSD 12.2-RELEASE-p7