| CALICO(1) | FreeBSD General Commands Manual | CALICO(1) |
NAME
calico —
dispatches cat
SYNOPSIS
calico |
[-H host]
[-P port]
[-t timeout]
directory |
DESCRIPTION
Thecalico daemon dispatches incoming TLS connections to
instances of pounce(1) by Server Name
Indication (SNI). Instances of pounce(1)
should be configured with -U to bind to UNIX-domain
sockets in the directory passed to calico.
Note that calico is not a proxy. Incoming
connections are passed directly to instances of
pounce(1), which handle TLS negotiation.
Instances of pounce(1) and
calico can be restarted independently of each
other.
The arguments are as follows:
-Hhost- Bind to host. The default host is localhost.
-Pport- Bind to port. The default port is 6697.
-ttimeout- Set the timeout in milliseconds after which a connection will be closed if it has not sent the ClientHello message. The default timeout is 1000 milliseconds.
- directory
- The path to the directory containing pounce(1) UNIX-domain sockets.
EXAMPLES
Obtain certificates for and dispatch to two instances of pounce(1):certbot certonly -d oftc.example.org certbot certonly -d libera.example.org pounce -U /var/run/calico -H oftc.example.org oftc.conf pounce -U /var/run/calico -H libera.example.org libera.conf calico -H example.org /var/run/calico
The two instances can be connected to via
oftc.example.org:6697 and
libera.example.org:6697, respectively.
SEE ALSO
pounce(1)STANDARDS
- D. Eastlake 3rd, Transport Layer Security (TLS) Extensions: Extension Definitions, IETF, RFC 6066, https://tools.ietf.org/html/rfc6066, January 2011.
- E. Rescorla, The Transport Layer Security (TLS) Protocol Version 1.3, IETF, RFC 8446, https://tools.ietf.org/html/rfc8446, August 2018.
AUTHORS
June Bug <june@causal.agency>BUGS
Send mail to <list+pounce@causal.agency> or join#ascii.town on
irc.tilde.chat.
| August 27, 2020 | FreeBSD 12.2-RELEASE-p7 |