nixcfg/tlsproxy

48 lines
1.3 KiB
Text
Raw Normal View History

#!/usr/bin/env bash
2022-04-20 13:29:24 +00:00
set -xe
# Enter proper cluster subdirectory
cd $(dirname $0)
CLUSTER="$1"
if [ ! -d "cluster/$CLUSTER" ] || [ -z "$CLUSTER" ]; then
2022-04-20 13:29:24 +00:00
echo "Usage: $0 <cluster name>"
echo "The cluster name must be the name of a subdirectory of cluster/"
exit 1
fi
PREFIX="deuxfleurs/cluster/$CLUSTER"
# Do actual stuff
2024-03-16 17:53:11 +00:00
YEAR=$(date +%Y)
2022-04-20 13:29:24 +00:00
CERTDIR=$(mktemp -d)
_int() {
echo "Caught SIGINT signal!"
rm -rv $CERTDIR
kill -INT "$child1" 2>/dev/null
kill -INT "$child2" 2>/dev/null
}
trap _int SIGINT
pass $PREFIX/nomad$YEAR.crt > $CERTDIR/nomad.crt
pass $PREFIX/nomad$YEAR-client.crt > $CERTDIR/nomad-client.crt
pass $PREFIX/nomad$YEAR-client.key > $CERTDIR/nomad-client.key
pass $PREFIX/consul$YEAR.crt > $CERTDIR/consul.crt
pass $PREFIX/consul$YEAR-client.crt > $CERTDIR/consul-client.crt
pass $PREFIX/consul$YEAR-client.key > $CERTDIR/consul-client.key
socat -dd tcp-listen:4646,reuseaddr,fork,bind=127.0.0.1 openssl:localhost:14646,cert=$CERTDIR/nomad-client.crt,key=$CERTDIR/nomad-client.key,cafile=$CERTDIR/nomad.crt,verify=0 &
2022-04-20 13:29:24 +00:00
child1=$!
socat -dd tcp-listen:8500,reuseaddr,fork,bind=127.0.0.1 openssl:localhost:8501,cert=$CERTDIR/consul-client.crt,key=$CERTDIR/consul-client.key,cafile=$CERTDIR/consul.crt,verify=0 &
2022-04-20 13:29:24 +00:00
child2=$!
wait "$child1"
wait "$child2"