From owner-svn-ports-head@FreeBSD.ORG Mon May 18 13:39:26 2015 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0DFC620C; Mon, 18 May 2015 13:39:26 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E32661954; Mon, 18 May 2015 13:39:25 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t4IDdPnG004462; Mon, 18 May 2015 13:39:25 GMT (envelope-from zi@FreeBSD.org) Received: (from zi@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t4IDdN4T004450; Mon, 18 May 2015 13:39:23 GMT (envelope-from zi@FreeBSD.org) Message-Id: <201505181339.t4IDdN4T004450@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: zi set sender to zi@FreeBSD.org using -f From: Ryan Steinmetz Date: Mon, 18 May 2015 13:39:23 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r386682 - in head/security: . hitch hitch/files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 May 2015 13:39:26 -0000 Author: zi Date: Mon May 18 13:39:23 2015 New Revision: 386682 URL: https://svnweb.freebsd.org/changeset/ports/386682 Log: New port: security/hitch: hitch is a network proxy that terminates TLS/SSL connections and forwards the unencrypted traffic to some backend. It's designed to handle 10s of thousands of connections efficiently on multicore machines. WWW: https://github.com/varnish/hitch/ Added: head/security/hitch/ head/security/hitch/Makefile (contents, props changed) head/security/hitch/distinfo (contents, props changed) head/security/hitch/files/ head/security/hitch/files/hitch.conf.sample (contents, props changed) head/security/hitch/files/hitch.in (contents, props changed) head/security/hitch/pkg-descr (contents, props changed) head/security/hitch/pkg-message (contents, props changed) head/security/hitch/pkg-plist (contents, props changed) Modified: head/security/Makefile Modified: head/security/Makefile ============================================================================== --- head/security/Makefile Mon May 18 13:35:56 2015 (r386681) +++ head/security/Makefile Mon May 18 13:39:23 2015 (r386682) @@ -173,6 +173,7 @@ SUBDIR += hackbot SUBDIR += hamachi SUBDIR += heimdal + SUBDIR += hitch SUBDIR += hlfl SUBDIR += hmap SUBDIR += honggfuzz Added: head/security/hitch/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/hitch/Makefile Mon May 18 13:39:23 2015 (r386682) @@ -0,0 +1,36 @@ +# Created by: Ryan Steinmetz +# $FreeBSD$ + +PORTNAME= hitch +DISTVERSIONPREFIX= ${PORTNAME}- +DISTVERSION= 1.0.0-beta1 +CATEGORIES= security + +MAINTAINER= zi@FreeBSD.org +COMMENT= TLS proxy to forward connections to an unencrypted backend + +LICENSE= BSD2CLAUSE + +LIB_DEPENDS= libev.so:${PORTSDIR}/devel/libev + +USERS= nobody +GROUPS= nobody + +USES= autoreconf +GNU_CONFIGURE= yes +CONFIGURE_ARGS= --localstatedir=/var/run +USE_OPENSSL= yes +USE_RC_SUBR= ${PORTNAME} +CPPFLAGS+= -I${LOCALBASE}/include +LDFLAGS+= -L${LOCALBASE}/lib +USE_GITHUB= yes +GH_ACCOUNT= varnish + +post-patch: + ${REINPLACE_CMD} 's|stud|${PORTNAME}|g' ${WRKSRC}/*.* ${WRKSRC}/src/* + +post-install: + ${MKDIR} ${STAGEDIR}${PREFIX}/etc + ${INSTALL_DATA} ${FILESDIR}/${PORTNAME}.conf.sample ${STAGEDIR}${PREFIX}/etc/ + +.include Added: head/security/hitch/distinfo ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/hitch/distinfo Mon May 18 13:39:23 2015 (r386682) @@ -0,0 +1,2 @@ +SHA256 (varnish-hitch-hitch-1.0.0-beta1_GH0.tar.gz) = 9214f748a28a2ac726197ad74720889dcba345fecf0369259df7769e3a734d3d +SIZE (varnish-hitch-hitch-1.0.0-beta1_GH0.tar.gz) = 48476 Added: head/security/hitch/files/hitch.conf.sample ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/hitch/files/hitch.conf.sample Mon May 18 13:39:23 2015 (r386682) @@ -0,0 +1,130 @@ +# +# stud(8), The Scalable TLS Unwrapping Daemon's configuration +# + +# NOTE: all config file parameters can be overriden +# from command line! + +# Listening address. REQUIRED. +# +# type: string +# syntax: [HOST]:PORT +frontend = "[*]:8443" + +# Upstream server address. REQUIRED. +# +# type: string +# syntax: [HOST]:PORT. +backend = "[127.0.0.1]:8000" + +# SSL x509 certificate file. REQUIRED. +# List multiple certs to use SNI. Certs are used in the order they +# are listed; the last cert listed will be used if none of the others match +# +# type: string +pem-file = "" + +# SSL protocol. +# +# tls = on +# ssl = off + +# List of allowed SSL ciphers. +# +# Run openssl ciphers for list of available ciphers. +# type: string +ciphers = "" + +# Enforce server cipher list order +# +# type: boolean +prefer-server-ciphers = off + +# Use specified SSL engine +# +# type: string +ssl-engine = "" + +# Number of worker processes +# +# type: integer +workers = 1 + +# Listen backlog size +# +# type: integer +backlog = 100 + +# TCP socket keepalive interval in seconds +# +# type: integer +keepalive = 3600 + +# Chroot directory +# +# type: string +chroot = "" + +# Set uid after binding a socket +# +# type: string +user = "nobody" + +# Set gid after binding a socket +# +# type: string +group = "nobody" + +# Quiet execution, report only error messages +# +# type: boolean +quiet = off + +# Use syslog for logging +# +# type: boolean +syslog = on + +# Syslog facility to use +# +# type: string +syslog-facility = "daemon" + +# Run as daemon +# +# type: boolean +daemon = on + +# Report client address by writing IP before sending data +# +# NOTE: This option is mutually exclusive with option write-proxy-v2, write-proxy and proxy-proxy. +# +# type: boolean +write-ip = off + +# Report client address using SENDPROXY protocol, see +# http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt +# for details. +# +# NOTE: This option is mutually exclusive with option write-proxy-v2, write-ip and proxy-proxy. +# +# type: boolean +write-proxy = off + +# Report client address using SENDPROXY v2 binary protocol, see +# http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt +# for details. +# +# NOTE: This option is mutually exclusive with option write-ip, write-proxy and proxy-proxy. +# +# type: boolean +write-proxy-v2 = off + +# Proxy an existing SENDPROXY protocol header through this request. +# +# NOTE: This option is mutually exclusive with option write-proxy-v2, write-ip and write-proxy. +# +# type: boolean +proxy-proxy = off + +# EOF Added: head/security/hitch/files/hitch.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/hitch/files/hitch.in Mon May 18 13:39:23 2015 (r386682) @@ -0,0 +1,38 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: hitch +# REQUIRE: NETWORKING SERVERS +# BEFORE: DAEMON +# KEYWORD: shutdown + +# +# Add some of the following variables to /etc/rc.conf to configure hitch: +# hitch_enable (bool): Set to "NO" by default. +# Set it to "YES" to enable hitch. +# hitch_config (str): Default "%%PREFIX%%/etc/hitch.conf" +# Set it to the full path to the config file +# that hitch will use during the automated +# start-up. +# hitch_pidfile (str): Default "%%PREFIX%%/var/hitch/hitch.pid" +# Set it to the value of 'pid' in +# the hitch.conf file. +# + +. /etc/rc.subr + +name="hitch" +rcvar=hitch_enable + +load_rc_config $name + +: ${hitch_enable="NO"} +: ${hitch_config="%%PREFIX%%/etc/hitch.conf"} + +command="%%PREFIX%%/sbin/hitch-openssl" +command_args="--daemon -u nobody -g nobody -s --config=${hitch_config}" + +required_files=${hitch_config} +run_rc_command "$1" Added: head/security/hitch/pkg-descr ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/hitch/pkg-descr Mon May 18 13:39:23 2015 (r386682) @@ -0,0 +1,5 @@ +hitch is a network proxy that terminates TLS/SSL connections and forwards +the unencrypted traffic to some backend. It's designed to handle 10s of +thousands of connections efficiently on multicore machines. + +WWW: https://github.com/varnish/hitch/ Added: head/security/hitch/pkg-message ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/hitch/pkg-message Mon May 18 13:39:23 2015 (r386682) @@ -0,0 +1,2 @@ +Don't forget to append DH params to your pem file using: +openssl dhparam -rand - 1024 >> /path/to/cert.pem Added: head/security/hitch/pkg-plist ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/hitch/pkg-plist Mon May 18 13:39:23 2015 (r386682) @@ -0,0 +1,3 @@ +man/man8/hitch.8.gz +sbin/hitch-openssl +@sample etc/hitch.conf.sample