fucksophie
896858e027
Some checks failed
Docker image builds / build (push) Waiting to run
Asset Build Verification / asset_verification (push) Has been cancelled
Docs deploy / build (push) Has been cancelled
Go Mod Tidy Check / go_mod_tidy_check (push) Has been cancelled
Go / go_tests (push) Has been cancelled
Package builds (unstable) / package_builds (push) Has been cancelled
Smoke tests / smoke-test (default-config-macro) (push) Has been cancelled
Smoke tests / smoke-test (docker-registry) (push) Has been cancelled
Smoke tests / smoke-test (double_slash) (push) Has been cancelled
Smoke tests / smoke-test (forced-language) (push) Has been cancelled
Smoke tests / smoke-test (git-clone) (push) Has been cancelled
Smoke tests / smoke-test (git-push) (push) Has been cancelled
Smoke tests / smoke-test (healthcheck) (push) Has been cancelled
Smoke tests / smoke-test (i18n) (push) Has been cancelled
Smoke tests / smoke-test (log-file) (push) Has been cancelled
Smoke tests / smoke-test (nginx) (push) Has been cancelled
Smoke tests / smoke-test (palemoon/amd64) (push) Has been cancelled
Smoke tests / smoke-test (robots_txt) (push) Has been cancelled
Check Spelling / Check Spelling (push) Has been cancelled
SSH CI / ssh (aarch64-16k) (push) Has been cancelled
SSH CI / ssh (aarch64-4k) (push) Has been cancelled
SSH CI / ssh (ppc64le) (push) Has been cancelled
SSH CI / ssh (riscv64) (push) Has been cancelled
zizmor / zizmor latest via PyPI (push) Has been cancelled
55 lines
1.6 KiB
Bash
Executable file
55 lines
1.6 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
|
|
set -euo pipefail
|
|
|
|
# Remove lingering .sock files, relayd and unixhttpd will do that too but
|
|
# measure twice, cut once.
|
|
rm *.sock ||:
|
|
|
|
# If the transient local TLS certificate doesn't exist, mint a new one
|
|
if [ ! -f ../pki/relayd.local.cetacean.club/cert.pem ]; then
|
|
# Subshell to contain the directory change
|
|
(
|
|
cd ../pki \
|
|
&& mkdir -p relayd.local.cetacean.club \
|
|
&& \
|
|
# Try using https://github.com/FiloSottile/mkcert for better DevEx,
|
|
# but fall back to using https://github.com/jsha/minica in case
|
|
# you don't have that installed.
|
|
(
|
|
mkcert \
|
|
--cert-file ./relayd.local.cetacean.club/cert.pem \
|
|
--key-file ./relayd.local.cetacean.club/key.pem relayd.local.cetacean.club \
|
|
|| go tool minica -domains relayd.local.cetacean.club
|
|
)
|
|
)
|
|
fi
|
|
|
|
# Build static assets
|
|
(cd ../.. && npm ci && npm run assets)
|
|
|
|
# Spawn three jobs:
|
|
|
|
# HTTP daemon that listens over a unix socket (implicitly ./unixhttpd.sock)
|
|
go run ../cmd/unixhttpd &
|
|
|
|
# A copy of Nuke, specifically for the current Git checkout
|
|
go tool nuke \
|
|
--bind=./nuke.sock \
|
|
--bind-network=unix \
|
|
--policy-fname=../nuke_configs/aggressive_403.yaml \
|
|
--target=unix://$(pwd)/unixhttpd.sock &
|
|
|
|
# A simple TLS terminator that forwards to Nuke, which will forward to
|
|
# unixhttpd
|
|
go run ../cmd/relayd \
|
|
--proxy-to=unix://./nuke.sock \
|
|
--cert-dir=../pki/relayd.local.cetacean.club &
|
|
|
|
# When you press control c, kill all the child processes to clean things up
|
|
trap 'echo signal received!; kill $(jobs -p); wait' SIGINT SIGTERM
|
|
|
|
echo "open https://relayd.local.cetacean.club:3004/reqmeta"
|
|
|
|
# Wait for all child processes to exit
|
|
wait
|