aljaz/aperture
1
1
Fork 0
mirror of https://github.com/lightninglabs/aperture.git synced 2025-12-27 05:54:24 +01:00
Code Issues Packages Projects Releases Wiki Activity
106 Commits 2 Branches 38 Tags
d6438114d44541b6b7abcb8c804fd39cd15b4b94
Commit Graph

106 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Olaoluwa Osuntokun
d6438114d4 aperture: relax TLS requirements 
In this commit, we modify our cipher suites and required TLS versions to
allow anything greater than TL 1.1. TLS 1.0 (sslv3) is broken so we
require versions that're safely above that. Without this change, widely
used clients such as `openssl` will fail to connect out to an Aperture
proxy.
 2020-08-21 19:44:10 -07:00
Olaoluwa Osuntokun
6c57ebe08f Merge pull request #40 from guggero/renew-selfsigned-only 
aperture: only renew certificate if we signed it
v0.1.1-beta 		2020-08-14 17:15:52 -07:00
Oliver Gugger
c82df1bddc aperture: only renew certificate if we signed it 
In case we use an externally provided certificate (which is created by
an external Let's Encrypt process for example), we don't want to try to
renew it. We identify our own certificates by the organization field we
set.
 2020-08-14 14:16:01 +02:00
Olaoluwa Osuntokun
537716305e Merge pull request #39 from guggero/invoice-status 
auth: check LSAT invoice status by payment hash
v0.1-beta 		2020-08-11 10:38:27 -07:00
Oliver Gugger
494ab47a60 challenger: add unit test 2020-08-11 10:08:45 +02:00
Oliver Gugger
a5f2f83685 aperture: use lnd client through interface 2020-08-11 10:08:44 +02:00
Oliver Gugger
97cf351b19 aperture: interrupt signals 2020-08-11 10:08:44 +02:00
Oliver Gugger
475bfb9675 aperture: create and start/stop challenger 2020-08-11 10:08:44 +02:00
Oliver Gugger
96e69a979c challenger+auth: implement invoice checker 2020-08-11 10:08:39 +02:00
Oliver Gugger
3b73ac96cb mod+lsat+test: copy test code to get rid of loop 
To get rid of the loop dependency, we copy the test code that we rely on
and fix some imports.
 2020-08-11 10:03:34 +02:00
Oliver Gugger
a625ad69b0 mod: update lnd, use lndclient repo 2020-08-07 17:33:02 +02:00
Olaoluwa Osuntokun
1d603fcec8 Merge pull request #38 from guggero/no-directory-listing 
config+proxy: disable static file serving by default
 2020-07-17 12:01:17 -07:00
Oliver Gugger
ec089c4723 config+proxy: disable static file serving by default 2020-07-17 11:09:23 +02:00
Olaoluwa Osuntokun
64ea3fbcac Merge pull request #37 from wpaulino/tor-nil-config 
aperture: check tor config nil-ness before access
 2020-05-20 17:20:41 -07:00
Wilmer Paulino
44b1b0963b aperture: check tor config nil-ness before access 
This prevents a panic on startup for instances running with
configurations that don't specify any Tor options.
 2020-05-18 15:59:43 -07:00
Wilmer Paulino
8352e577e2 Merge pull request #36 from ellemouton/custom-lsat-value-per-service 
aperture: Custom price per service
 2020-05-13 10:09:44 -07:00
Elle Mouton
162571ac45 aperture: Custom price per service 2020-05-13 09:57:40 +02:00
Oliver Gugger
57a5605990 Merge pull request #35 from guggero/tls-cipher-suites 
Use same lnd's `cert` package to create TLS config to fix TLS cipher suites
 2020-05-06 10:45:06 +02:00
Oliver Gugger
52e03c826b config+aperture: add insecure flag 2020-05-05 09:54:07 +02:00
Oliver Gugger
1214dd3ab7 aperture: fix cert validity and renew if about to expire 2020-05-05 09:54:00 +02:00
Oliver Gugger
b8855c2d18 aperture: streamline getTLSConfig 2020-05-05 09:43:45 +02:00
Oliver Gugger
489296abca aperture: extract TLS configuration into function 2020-05-05 09:43:44 +02:00
Oliver Gugger
ee865f0d39 aperture: remove unused certificate/key parameters 2020-05-05 09:43:44 +02:00
Oliver Gugger
e885935d8c aperture: restrict TLS ciphers to use 2020-05-05 09:43:38 +02:00
Oliver Gugger
52124e59f3 Merge pull request #30 from lispmeister/dockerize-all-the-things 
add Dockerfile
 2020-04-23 21:00:49 +02:00
lispmeister
0e68ea2499 add Dockerfile 
This Dockerfile enables the build of a Docker image for the Aperture
binary.

updated to golang:1.13 base image

add entrypoint

fix EXPOSE port number
 2020-04-23 22:58:34 +04:00
Oliver Gugger
7107124dc8 Merge pull request #33 from guggero/demo-link 
readme: fix link to demo
 2020-04-17 13:11:06 +02:00
Oliver Gugger
4043e29ddd readme: fix link to demo 2020-04-14 10:00:01 +02:00
Olaoluwa Osuntokun
86cc245072 Merge pull request #31 from lightninglabs/sample-conf-docs 
docs: add documentation to sample conf options
 2020-03-30 10:40:56 -07:00
Wilmer Paulino
8d67d5d342 docs: add documentation to sample conf options 2020-03-30 10:33:30 -07:00
Olaoluwa Osuntokun
2c1a5d6b7b Merge pull request #29 from guggero/lsat-move 
lsat: copy LSAT related code from loop repository
 2020-03-19 11:25:56 -07:00
Oliver Gugger
59268f8f59 auth+lsat: move LSAT specific code 2020-03-19 16:16:34 +01:00
Oliver Gugger
c2e191af14 multi: use moved lsat code 2020-03-19 16:12:33 +01:00
Oliver Gugger
36d004afb8 lsat: rename Interceptor to ClientInterceptor 2020-03-19 16:09:55 +01:00
Oliver Gugger
31e5169aec lsat: copy code from loop repo 2020-03-19 16:09:09 +01:00
Olaoluwa Osuntokun
f8257dda52 Merge pull request #28 from Roasbeef/aperture 
aperture: propagate rename
 2020-03-18 16:57:36 -07:00
Olaoluwa Osuntokun
0c14706fa4 aperture: propagate rename 2020-03-18 13:57:18 -07:00
Olaoluwa Osuntokun
e30cc0f060 Merge pull request #27 from wpaulino/listen-tor-onion-services 
kirin: allow handling client requests over Tor onion services
 2020-03-13 16:55:57 -07:00
Wilmer Paulino
494fdcc0a3 kirin: allow handling client requests over Tor onion services 
In this commit, we integrate Tor onion services into the proxy. Clients
can now make their requests through Tor's encrypted network. To make
this possible, there were a few quirks, the most important being that
clients were unable to establish encrypted HTTP/2 connections due to
TLS certificates not being able to verify onion services. To work around
this, we now spin up an additional HTTP/2 server _without TLS_ that's
not exposed to the outside world and can only be accessed through the
onion services, which already provide encryption.

Once the onion services are created, we store their private keys within
etcd to ensure we can recover them later on as the proxy is intended to
be long-lived.
 2020-03-13 12:54:33 -07:00
Olaoluwa Osuntokun
34b4e1f6a5 Merge pull request #26 from guggero/stream-interceptor 
lsat: server stream interceptor
 2020-02-17 15:50:49 -08:00
Oliver Gugger
1e20b175cd auth: add stream server interceptor 2020-02-03 17:10:59 +01:00
Oliver Gugger
0fffe01dcc auth: refactor interceptor token extraction 2020-02-03 17:10:58 +01:00
Olaoluwa Osuntokun
64393335db Merge pull request #25 from Roasbeef/auto-cert-bugfix 
kirin: fix bug when using pure autocert
 2020-01-22 18:10:14 -08:00
Olaoluwa Osuntokun
b18e4baed1 kirin: fix bug when using pure autocert 
When using the `autocert` route, we actually don't need to pass anything
into `ListenAndServeTLS`, instead we can pass blank strings.
 2020-01-22 17:35:31 -08:00
Olaoluwa Osuntokun
4b60be65ee challenger: rename macaroon name 2020-01-22 17:03:46 -08:00
Olaoluwa Osuntokun
de6be5daff Merge pull request #24 from Roasbeef/invoiceonly-mac 
challenger: modify to only use invoice macaroon
 2020-01-22 17:02:14 -08:00
Olaoluwa Osuntokun
e86965f6f9 challenger: modify to only use invoice macaroon 2020-01-22 16:56:03 -08:00
Olaoluwa Osuntokun
1d57c19fd1 Merge pull request #23 from guggero/update-readme 
readme: clarify install instructions
 2020-01-22 14:45:00 -08:00
Oliver Gugger
d1096b1df8 readme: clarify install instructions 2020-01-22 11:30:02 +01:00
Oliver Gugger
b002512fc3 Merge pull request #21 from guggero/install-doc 
doc: update installation instructions
 2020-01-16 13:06:14 +01:00