| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455 |
- #!/usr/bin/env bash
- set -euo pipefail
- # Remove lingering .sock files, relayd and unixhttpd will do that too but
- # measure twice, cut once.
- rm *.sock ||:
- # If the transient local TLS certificate doesn't exist, mint a new one
- if [ ! -f ../pki/relayd.local.cetacean.club/cert.pem ]; then
- # Subshell to contain the directory change
- (
- cd ../pki \
- && mkdir -p relayd.local.cetacean.club \
- && \
- # Try using https://github.com/FiloSottile/mkcert for better DevEx,
- # but fall back to using https://github.com/jsha/minica in case
- # you don't have that installed.
- (
- mkcert \
- --cert-file ./relayd.local.cetacean.club/cert.pem \
- --key-file ./relayd.local.cetacean.club/key.pem relayd.local.cetacean.club \
- || go tool minica -domains relayd.local.cetacean.club
- )
- )
- fi
- # Build static assets
- (cd ../.. && npm ci && npm run assets)
- # Spawn three jobs:
- # HTTP daemon that listens over a unix socket (implicitly ./unixhttpd.sock)
- go run ../cmd/unixhttpd &
- # A copy of Anubis, specifically for the current Git checkout
- go tool anubis \
- --bind=./anubis.sock \
- --bind-network=unix \
- --policy-fname=../anubis_configs/aggressive_403.yaml \
- --target=unix://$(pwd)/unixhttpd.sock &
- # A simple TLS terminator that forwards to Anubis, which will forward to
- # unixhttpd
- go run ../cmd/relayd \
- --proxy-to=unix://./anubis.sock \
- --cert-dir=../pki/relayd.local.cetacean.club &
- # When you press control c, kill all the child processes to clean things up
- trap 'echo signal received!; kill $(jobs -p); wait' SIGINT SIGTERM
- echo "open https://relayd.local.cetacean.club:3004/reqmeta"
- # Wait for all child processes to exit
- wait
|
