CALICO(1) | FreeBSD General Commands Manual | CALICO(1) |
NAME
calico
—
dispatches cat
SYNOPSIS
calico |
[-H host]
[-P port]
[-t timeout]
directory |
DESCRIPTION
Thecalico
daemon dispatches incoming TLS connections to
instances of pounce(1) by Server Name
Indication (SNI). Instances of pounce(1)
should be configured with -U
to bind to UNIX-domain
sockets in the directory passed to calico
.
Note that calico
is not a proxy. Incoming
connections are passed directly to instances of
pounce(1), which handle TLS negotiation.
Instances of pounce(1) and
calico
can be restarted independently of each
other.
The arguments are as follows:
-H
host- Bind to host. The default host is localhost.
-P
port- Bind to port. The default port is 6697.
-t
timeout- Set the timeout in milliseconds after which a connection will be closed if it has not sent the ClientHello message. The default timeout is 1000 milliseconds.
- directory
- The path to the directory containing pounce(1) UNIX-domain sockets.
EXAMPLES
Obtain certificates for and dispatch to two instances of pounce(1):certbot certonly -d oftc.example.org certbot certonly -d freenode.example.org pounce -U /var/run/calico -H oftc.example.org oftc.conf pounce -U /var/run/calico -H freenode.example.org freenode.conf calico -H example.org /var/run/calico
The two instances can be connected to via
oftc.example.org:6697
and
freenode.example.org:6697
, respectively.
SEE ALSO
pounce(1)STANDARDS
- D. Eastlake 3rd, Transport Layer Security (TLS) Extensions: Extension Definitions, IETF, RFC 6066, https://tools.ietf.org/html/rfc6066, January 2011.
- E. Rescorla, The Transport Layer Security (TLS) Protocol Version 1.3, IETF, RFC 8446, https://tools.ietf.org/html/rfc8446, August 2018.
AUTHORS
June Bug <june@causal.agency>BUGS
Send mail to <list+pounce@causal.agency> or join#ascii.town
on
chat.freenode.net
.
August 27, 2020 | FreeBSD 12.2-RELEASE-p4 |