Date: Mon, 18 May 2015 13:39:23 +0000 (UTC) From: Ryan Steinmetz <zi@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r386682 - in head/security: . hitch hitch/files Message-ID: <201505181339.t4IDdN4T004450@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: zi Date: Mon May 18 13:39:23 2015 New Revision: 386682 URL: https://svnweb.freebsd.org/changeset/ports/386682 Log: New port: security/hitch: hitch is a network proxy that terminates TLS/SSL connections and forwards the unencrypted traffic to some backend. It's designed to handle 10s of thousands of connections efficiently on multicore machines. WWW: https://github.com/varnish/hitch/ Added: head/security/hitch/ head/security/hitch/Makefile (contents, props changed) head/security/hitch/distinfo (contents, props changed) head/security/hitch/files/ head/security/hitch/files/hitch.conf.sample (contents, props changed) head/security/hitch/files/hitch.in (contents, props changed) head/security/hitch/pkg-descr (contents, props changed) head/security/hitch/pkg-message (contents, props changed) head/security/hitch/pkg-plist (contents, props changed) Modified: head/security/Makefile Modified: head/security/Makefile ============================================================================== --- head/security/Makefile Mon May 18 13:35:56 2015 (r386681) +++ head/security/Makefile Mon May 18 13:39:23 2015 (r386682) @@ -173,6 +173,7 @@ SUBDIR += hackbot SUBDIR += hamachi SUBDIR += heimdal + SUBDIR += hitch SUBDIR += hlfl SUBDIR += hmap SUBDIR += honggfuzz Added: head/security/hitch/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/hitch/Makefile Mon May 18 13:39:23 2015 (r386682) @@ -0,0 +1,36 @@ +# Created by: Ryan Steinmetz <zi@FreeBSD.org> +# $FreeBSD$ + +PORTNAME= hitch +DISTVERSIONPREFIX= ${PORTNAME}- +DISTVERSION= 1.0.0-beta1 +CATEGORIES= security + +MAINTAINER= zi@FreeBSD.org +COMMENT= TLS proxy to forward connections to an unencrypted backend + +LICENSE= BSD2CLAUSE + +LIB_DEPENDS= libev.so:${PORTSDIR}/devel/libev + +USERS= nobody +GROUPS= nobody + +USES= autoreconf +GNU_CONFIGURE= yes +CONFIGURE_ARGS= --localstatedir=/var/run +USE_OPENSSL= yes +USE_RC_SUBR= ${PORTNAME} +CPPFLAGS+= -I${LOCALBASE}/include +LDFLAGS+= -L${LOCALBASE}/lib +USE_GITHUB= yes +GH_ACCOUNT= varnish + +post-patch: + ${REINPLACE_CMD} 's|stud|${PORTNAME}|g' ${WRKSRC}/*.* ${WRKSRC}/src/* + +post-install: + ${MKDIR} ${STAGEDIR}${PREFIX}/etc + ${INSTALL_DATA} ${FILESDIR}/${PORTNAME}.conf.sample ${STAGEDIR}${PREFIX}/etc/ + +.include <bsd.port.mk> Added: head/security/hitch/distinfo ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/hitch/distinfo Mon May 18 13:39:23 2015 (r386682) @@ -0,0 +1,2 @@ +SHA256 (varnish-hitch-hitch-1.0.0-beta1_GH0.tar.gz) = 9214f748a28a2ac726197ad74720889dcba345fecf0369259df7769e3a734d3d +SIZE (varnish-hitch-hitch-1.0.0-beta1_GH0.tar.gz) = 48476 Added: head/security/hitch/files/hitch.conf.sample ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/hitch/files/hitch.conf.sample Mon May 18 13:39:23 2015 (r386682) @@ -0,0 +1,130 @@ +# +# stud(8), The Scalable TLS Unwrapping Daemon's configuration +# + +# NOTE: all config file parameters can be overriden +# from command line! + +# Listening address. REQUIRED. +# +# type: string +# syntax: [HOST]:PORT +frontend = "[*]:8443" + +# Upstream server address. REQUIRED. +# +# type: string +# syntax: [HOST]:PORT. +backend = "[127.0.0.1]:8000" + +# SSL x509 certificate file. REQUIRED. +# List multiple certs to use SNI. Certs are used in the order they +# are listed; the last cert listed will be used if none of the others match +# +# type: string +pem-file = "" + +# SSL protocol. +# +# tls = on +# ssl = off + +# List of allowed SSL ciphers. +# +# Run openssl ciphers for list of available ciphers. +# type: string +ciphers = "" + +# Enforce server cipher list order +# +# type: boolean +prefer-server-ciphers = off + +# Use specified SSL engine +# +# type: string +ssl-engine = "" + +# Number of worker processes +# +# type: integer +workers = 1 + +# Listen backlog size +# +# type: integer +backlog = 100 + +# TCP socket keepalive interval in seconds +# +# type: integer +keepalive = 3600 + +# Chroot directory +# +# type: string +chroot = "" + +# Set uid after binding a socket +# +# type: string +user = "nobody" + +# Set gid after binding a socket +# +# type: string +group = "nobody" + +# Quiet execution, report only error messages +# +# type: boolean +quiet = off + +# Use syslog for logging +# +# type: boolean +syslog = on + +# Syslog facility to use +# +# type: string +syslog-facility = "daemon" + +# Run as daemon +# +# type: boolean +daemon = on + +# Report client address by writing IP before sending data +# +# NOTE: This option is mutually exclusive with option write-proxy-v2, write-proxy and proxy-proxy. +# +# type: boolean +write-ip = off + +# Report client address using SENDPROXY protocol, see +# http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt +# for details. +# +# NOTE: This option is mutually exclusive with option write-proxy-v2, write-ip and proxy-proxy. +# +# type: boolean +write-proxy = off + +# Report client address using SENDPROXY v2 binary protocol, see +# http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt +# for details. +# +# NOTE: This option is mutually exclusive with option write-ip, write-proxy and proxy-proxy. +# +# type: boolean +write-proxy-v2 = off + +# Proxy an existing SENDPROXY protocol header through this request. +# +# NOTE: This option is mutually exclusive with option write-proxy-v2, write-ip and write-proxy. +# +# type: boolean +proxy-proxy = off + +# EOF Added: head/security/hitch/files/hitch.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/hitch/files/hitch.in Mon May 18 13:39:23 2015 (r386682) @@ -0,0 +1,38 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: hitch +# REQUIRE: NETWORKING SERVERS +# BEFORE: DAEMON +# KEYWORD: shutdown + +# +# Add some of the following variables to /etc/rc.conf to configure hitch: +# hitch_enable (bool): Set to "NO" by default. +# Set it to "YES" to enable hitch. +# hitch_config (str): Default "%%PREFIX%%/etc/hitch.conf" +# Set it to the full path to the config file +# that hitch will use during the automated +# start-up. +# hitch_pidfile (str): Default "%%PREFIX%%/var/hitch/hitch.pid" +# Set it to the value of 'pid' in +# the hitch.conf file. +# + +. /etc/rc.subr + +name="hitch" +rcvar=hitch_enable + +load_rc_config $name + +: ${hitch_enable="NO"} +: ${hitch_config="%%PREFIX%%/etc/hitch.conf"} + +command="%%PREFIX%%/sbin/hitch-openssl" +command_args="--daemon -u nobody -g nobody -s --config=${hitch_config}" + +required_files=${hitch_config} +run_rc_command "$1" Added: head/security/hitch/pkg-descr ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/hitch/pkg-descr Mon May 18 13:39:23 2015 (r386682) @@ -0,0 +1,5 @@ +hitch is a network proxy that terminates TLS/SSL connections and forwards +the unencrypted traffic to some backend. It's designed to handle 10s of +thousands of connections efficiently on multicore machines. + +WWW: https://github.com/varnish/hitch/ Added: head/security/hitch/pkg-message ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/hitch/pkg-message Mon May 18 13:39:23 2015 (r386682) @@ -0,0 +1,2 @@ +Don't forget to append DH params to your pem file using: +openssl dhparam -rand - 1024 >> /path/to/cert.pem Added: head/security/hitch/pkg-plist ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/hitch/pkg-plist Mon May 18 13:39:23 2015 (r386682) @@ -0,0 +1,3 @@ +man/man8/hitch.8.gz +sbin/hitch-openssl +@sample etc/hitch.conf.sample
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201505181339.t4IDdN4T004450>