#!/usr/bin/env perl

use strict;
use warnings;

use Getopt::Long;
use Pod::Usage;

my $listen  = ':443';
my $backend = '127.0.0.1:8080';
my $method  = 'any';
my $cert_file;
my $key_file;
my $debug;
my $help;

GetOptions(
    "listen=s"    => \$listen,
    "backend=s"   => \$backend,
    "debug"       => \$debug,
    "cert_file=s" => \$cert_file,
    "key_file=s"  => \$key_file,
    "method=s"    => \$method,
    "help|?"      => \$help
) or pod2usage(2);

pod2usage(1) if $help;

if ($debug) {
    $ENV{APP_TLSME_DEBUG} = 1;
}

require App::TLSMe;
App::TLSMe->new(
    listen    => $listen,
    backend   => $backend,
    cert_file => $cert_file,
    key_file  => $key_file,
    method    => $method
)->run;

__END__

=head1 NAME

tlsme - TLS/SSL proxy

=head1 SYNOPSIS

tlsme [options]

Options:

    --help            brief help message

    --listen          listen on (default 0.0.0.0:443)
    --backend         backend address or path to unix socket (default 127.0.0.1:8080)

    --cert_file       path to certificate file (may contain a private key too)
    --key_file        path to private key file

    --method          the protocol parser to use ("SSLv2" | "SSLv3" | "TLSv1" | "any")

    --debug           debug mode

When option C<cert_file> is omitted default testing certificate is used.

=head1 DESCRIPTION

TLS/SSL proxy in front of the application creates a transparent encryption
tunnel.

=head1 HEADERS

HTTP headers C<X-Forwarded-For> and C<X-Forwarded-Proto> are added to the http
requests with corresponding values.

=cut
