CALICO(1) FreeBSD General Commands Manual CALICO(1)

dispatches cat

calico [-H host] [-P port] [-t timeout] directory

The calico daemon dispatches incoming TLS connections to instances of pounce(1) by Server Name Indication (SNI). Instances of pounce(1) should be configured with -U to bind to UNIX-domain sockets in the directory passed to calico.

Note that calico is not a proxy. Incoming connections are passed directly to instances of pounce(1), which handle TLS negotiation. Instances of pounce(1) and calico can be restarted independently of each other.

The arguments are as follows:

Bind to host. The default host is localhost.
Bind to port. The default port is 6697.
Set the timeout in milliseconds after which a connection will be closed if it has not sent the ClientHello message. The default timeout is 1000 milliseconds.
The path to the directory containing pounce(1) UNIX-domain sockets.

Obtain certificates for and dispatch to two instances of pounce(1):
certbot certonly -d oftc.example.org
certbot certonly -d freenode.example.org
pounce -U /var/run/calico -H oftc.example.org oftc.conf
pounce -U /var/run/calico -H freenode.example.org freenode.conf
calico -H example.org /var/run/calico

The two instances can be connected to via oftc.example.org:6697 and freenode.example.org:6697, respectively.


June Bug <june@causal.agency>

Send mail to <list+pounce@causal.agency> or join #ascii.town on chat.freenode.net.
August 27, 2020 FreeBSD 12.1-RELEASE-p10