-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
416a1fc
commit 6efb193
Showing
1 changed file
with
43 additions
and
43 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -28,7 +28,7 @@ var help = ` | |
| Commands: | ||
| server - runs chissl in server mode | ||
| client - runs chissl in client mode | ||
| admin - runs local admin client for user management | ||
| admin - runs local admin client for user management | ||
| Read more: | ||
| https://github.com/NextChapterSoftware/chissl | ||
|
|
@@ -132,9 +132,9 @@ var serverHelp = ` | |
| } | ||
| when <user> connects, their <pass> will be verified and then | ||
| each of the remote addresses will be compared against the list | ||
| of address regular expressions for a match. Addresses will always | ||
| of address regular expressions for a match. Addresses will always | ||
| come in the form: | ||
| "local-port:local-host->remote-port:remote-host" | ||
| "local-port:local-host->remote-port:remote-host" | ||
| This file will be automatically reloaded on change. | ||
| --auth, An optional string representing a single user with full | ||
|
|
@@ -165,9 +165,9 @@ var serverHelp = ` | |
| provide a certificate notification email by setting CHISEL_LE_EMAIL. | ||
| --tls-ca, a path to a PEM encoded CA certificate bundle or a directory | ||
| holding multiple PEM encode CA certificate bundle files, which is used to | ||
| validate client connections. The provided CA certificates will be used | ||
| instead of the system roots. This is commonly used to implement mutual-TLS. | ||
| holding multiple PEM encode CA certificate bundle files, which is used to | ||
| validate client connections. The provided CA certificates will be used | ||
| instead of the system roots. This is commonly used to implement mutual-TLS. | ||
| ` + commonHelp | ||
|
|
||
| func server(args []string) { | ||
|
|
@@ -297,50 +297,50 @@ var clientHelp = ` | |
| <remote>s are remote connections tunneled through the server, each of | ||
| which come in the form: | ||
| local-port:local-host->remote-port:remote-host | ||
| ■ local-port (port on server) is required*. | ||
| ■ local-port (port on server) is required*. | ||
| ■ local-host (interface on server) defaults to 0.0.0.0 (all interfaces). | ||
| ■ remote-port is required*. | ||
| ■ remote-port is required*. | ||
| ■ remote-host defaults to 127.0.0.1 | ||
| example remotes | ||
| example remotes | ||
| 8080->80 | ||
| 8080:0.0.0.0->80 | ||
| 8089->80:neverssl.com | ||
| Options: | ||
| --profile, path to profile configuration yaml file. Defaults to | ||
| $HOME/chissl/profile.yaml. Profile yaml file allows users to | ||
| set all client arguments and configurations using a static file. | ||
| YAML Options: | ||
| --- | ||
| fingerprint: "sample_fingerprint" | ||
| auth: "user:password" | ||
| keepalive: 30s | ||
| max-retry-count: 10 | ||
| max-retry-interval: 2m | ||
| server: "example.com" | ||
| proxy: "http://admin:[email protected]:8081" | ||
| remotes: | ||
| - 8089->80:neverssl.com | ||
| --profile, path to profile configuration yaml file. Defaults to | ||
| $HOME/chissl/profile.yaml. Profile yaml file allows users to | ||
| set all client arguments and configurations using a static file. | ||
| YAML Options: | ||
| --- | ||
| fingerprint: "sample_fingerprint" | ||
| auth: "user:password" | ||
| keepalive: 30s | ||
| max-retry-count: 10 | ||
| max-retry-interval: 2m | ||
| server: "example.com" | ||
| proxy: "http://admin:[email protected]:8081" | ||
| remotes: | ||
| - 8089->80:neverssl.com | ||
| - 8080->80 | ||
| headers: | ||
| Foo: ["Bar"] | ||
| tls: | ||
| tls-skip-verify: true | ||
| tls-ca: "/path/to/ca" | ||
| tls-cert: "/path/to/cert" | ||
| tls-key: "/path/to/key" | ||
| hostname: "example.com" | ||
| verbose: true | ||
| headers: | ||
| Foo: ["Bar"] | ||
| tls: | ||
| tls-skip-verify: true | ||
| tls-ca: "/path/to/ca" | ||
| tls-cert: "/path/to/cert" | ||
| tls-key: "/path/to/key" | ||
| hostname: "example.com" | ||
| verbose: true | ||
| --fingerprint, A *strongly recommended* fingerprint string | ||
| to perform host-key validation against the server's public key. | ||
| Fingerprint mismatches will close the connection. | ||
| Fingerprints are generated by hashing the ECDSA public key using | ||
| SHA256 and encoding the result in base64. | ||
| Fingerprints must be 44 characters containing a trailing equals (=). | ||
| Fingerprint mismatches will close the connection. | ||
| Fingerprints are generated by hashing the ECDSA public key using | ||
| SHA256 and encoding the result in base64. | ||
| Fingerprints must be 44 characters containing a trailing equals (=). | ||
| --auth, An optional username and password (client authentication) | ||
| in the form: "<user>:<pass>". These credentials are compared to | ||
|
|
@@ -368,7 +368,7 @@ var clientHelp = ` | |
| --hostname, Optionally set the 'Host' header (defaults to the host | ||
| found in the server url). | ||
| --sni, Override the ServerName when using TLS (defaults to the | ||
| --sni, Override the ServerName when using TLS (defaults to the | ||
| hostname). | ||
| --tls-ca, An optional root certificate bundle used to verify the | ||
|
|
@@ -383,11 +383,11 @@ var clientHelp = ` | |
| may be still verified (see --fingerprint) after inner connection | ||
| is established. | ||
| --tls-key, a path to a PEM encoded private key used for client | ||
| --tls-key, a path to a PEM encoded private key used for client | ||
| authentication (mutual-TLS). | ||
| --tls-cert, a path to a PEM encoded certificate matching the provided | ||
| private key. The certificate must have client authentication | ||
| --tls-cert, a path to a PEM encoded certificate matching the provided | ||
| private key. The certificate must have client authentication | ||
| enabled (mutual-TLS). | ||
| ` + commonHelp | ||
|
|
||
|
|
||