Compare commits
4 Commits
ed080df734
...
3e8d967595
Author | SHA1 | Date |
---|---|---|
nervuri | 3e8d967595 | |
nervuri | e896674f39 | |
nervuri | 5bba2500af | |
nervuri | 9743f24eab |
|
@ -51,7 +51,7 @@ After=network.target
|
|||
[Service]
|
||||
Type=simple
|
||||
Restart=always
|
||||
ExecStart=client-hello-mirror -u www-data -c /etc/letsencrypt/live/example.org/cert.pem -k /etc/letsencrypt/live/example.org/privkey.pem :443 2>/var/log/client-hello-mirror-error.log
|
||||
ExecStart=client-hello-mirror -u www-data -c /etc/letsencrypt/live/example.org/fullchain.pem -k /etc/letsencrypt/live/example.org/privkey.pem :443 2>/var/log/client-hello-mirror-error.log
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
@ -71,3 +71,9 @@ A standard web-facing setup involves using a CA-signed certificate and binding t
|
|||
## Redirect http:// to https://
|
||||
|
||||
For this you'll need to use another web server, such as nginx.
|
||||
|
||||
## Update
|
||||
|
||||
```
|
||||
go get -u tildegit.org/nervuri/client-hello-mirror
|
||||
```
|
||||
|
|
|
@ -138,6 +138,10 @@ func peek(conn net.Conn, tlsConfig *tls.Config) {
|
|||
log.Println(err)
|
||||
return
|
||||
}
|
||||
if buf.Bytes()[0] != 0x16 {
|
||||
// Not a Client Hello message.
|
||||
return
|
||||
}
|
||||
length := binary.BigEndian.Uint16(buf.Bytes()[3:5])
|
||||
_, err = io.CopyN(&buf, conn, int64(length))
|
||||
if err != nil {
|
||||
|
@ -291,6 +295,7 @@ func main() {
|
|||
tlsConfig := tls.Config{
|
||||
Certificates: []tls.Certificate{cert},
|
||||
//MaxVersion: tls.VersionTLS12,
|
||||
NextProtos: []string{"http/1.1"},
|
||||
}
|
||||
|
||||
// Listen for connections
|
||||
|
|
Loading…
Reference in New Issue