blob: f4b5013784acb0bb8f5e503373caabed46805a62 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
.Dd August 27, 2020
.Dt CALICO 1
.Os
.
.Sh NAME
.Nm calico
.Nd dispatches cat
.
.Sh SYNOPSIS
.Nm
.Op Fl H Ar host
.Op Fl P Ar port
.Op Fl t Ar timeout
.Ar directory
.
.Sh DESCRIPTION
The
.Nm
daemon
dispatches incoming TLS connections
to instances of
.Xr pounce 1
by Server Name Indication (SNI).
Instances of
.Xr pounce 1
should be configured with
.Fl U
to bind to UNIX-domain sockets
in the directory passed to
.Nm .
.
.Pp
Note that
.Nm
is not a proxy.
Incoming connections are passed directly
to instances of
.Xr pounce 1 ,
which handle TLS negotiation.
Instances of
.Xr pounce 1
and
.Nm
can be restarted
independently of each other.
.
.Pp
The arguments are as follows:
.Bl -tag -width Ds
.It Fl H Ar host
Bind to
.Ar host .
The default host is localhost.
.It Fl P Ar port
Bind to
.Ar port .
The default port is 6697.
.It Fl t Ar timeout
Set the timeout in milliseconds
after which a connection will be closed
if it has not sent the ClientHello message.
The default timeout is 1000 milliseconds.
.It Ar directory
The path to the directory containing
.Xr pounce 1
UNIX-domain sockets.
.El
.
.Sh EXAMPLES
Obtain certificates for
and dispatch to two instances of
.Xr pounce 1 :
.Bd -literal -offset indent
certbot certonly -d oftc.example.org
certbot certonly -d libera.example.org
pounce -U /var/run/calico -H oftc.example.org oftc.conf
pounce -U /var/run/calico -H libera.example.org libera.conf
calico -H example.org /var/run/calico
.Ed
.Pp
The two instances can be connected to via
.Li oftc.example.org:6697
and
.Li libera.example.org:6697 ,
respectively.
.
.Sh SEE ALSO
.Xr pounce 1
.
.Sh STANDARDS
.Bl -item
.It
.Rs
.%A D. Eastlake 3rd
.%T Transport Layer Security (TLS) Extensions: Extension Definitions
.%I IETF
.%R RFC 6066
.%U https://tools.ietf.org/html/rfc6066
.%D January 2011
.Re
.It
.Rs
.%A E. Rescorla
.%T The Transport Layer Security (TLS) Protocol Version 1.3
.%I IETF
.%R RFC 8446
.%U https://tools.ietf.org/html/rfc8446
.%D August 2018
.Re
.El
.
.Sh AUTHORS
.An June Bug Aq Mt june@causal.agency
.
.Sh BUGS
Send mail to
.Aq Mt list+pounce@causal.agency
or join
.Li #ascii.town
on
.Li irc.tilde.chat .
|