bulk release update

.dockerignore

@@ -6,3 +6,18 @@
 # CI cache folder storing docker images
 ci-exports
 
+/i2p-tools
+/cert.pem
+/key.pem
+/_netdb
+i2pseeds.su3
+*.pem
+onion.key
+tmp/
+i2p-tools-*
+*.crl
+*.crt
+*.pem
+plugin
+reseed-tools*
+data-dir*

CHANGELOG.md

@@ -1,3 +1,12 @@
+2021-12-16
+ * app.Version = "0.2.11"
+ * include license file in plugin
+
+2021-12-14
+ * app.Version = "0.2.10"
+ * restart changelog
+ * fix websiteURL in plugin.config
+
 2019-04-21
  * app.Version = "0.1.7"
  * enabling TLS 1.3 *only*

Makefile

@@ -1,7 +1,11 @@
 
-VERSION=0.2.4
+VERSION=0.2.13
 APP=reseed-tools
 USER_GH=eyedeekay
+CGO_ENABLED=0
+export CGO_ENABLED=0
+PLUGIN_PORT=7671
+export PLUGIN_PORT=7671
 
 GOOS?=$(shell uname -s | tr A-Z a-z)
 GOARCH?="amd64"
@@ -106,18 +110,18 @@ gofmt:
 try:
 	mkdir -p tmp && \
 		cd tmp && \
-		../reseed-tools-$(GOOS)-$(GOARCH) reseed --signer=you@mail.i2p --netdb=/home/idk/.i2p/netDb --tlsHost=your-domain.tld --onion --p2p --i2p --littleboss=start
+		../reseed-tools-$(GOOS)-$(GOARCH) reseed --signer=you@mail.i2p --netdb=/home/idk/.i2p/netDb --tlsHost=your-domain.tld --onion --p2p --i2p
 
 stop:
 	mkdir -p tmp && \
 		cd tmp && \
-		../reseed-tools-$(GOOS)-$(GOARCH) reseed --signer=you@mail.i2p --netdb=/home/idk/.i2p/netDb --tlsHost=your-domain.tld --onion --p2p --i2p --littleboss=stop
+		../reseed-tools-$(GOOS)-$(GOARCH) reseed --signer=you@mail.i2p --netdb=/home/idk/.i2p/netDb --tlsHost=your-domain.tld --onion --p2p --i2p
 
 docker:
 	docker build -t eyedeekay/reseed .
 
 docker-push: docker
-	docker push --disable-content-trust false eyedeekay/reseed:$(VERSION)
+	docker push --disable-content-trust=false eyedeekay/reseed:$(VERSION)
 
 users:
 	docker run --rm eyedeekay/reseed cat /etc/passwd
@@ -180,7 +184,7 @@ jar: gojava
 release: version upload checkinstall upload-single-deb plugins upload-su3s upload-bin 
 
 version:
-	cat README.md | gothub release -s $(GITHUB_TOKEN) -u $(USER_GH) -r $(APP) -t v$(VERSION) -d -
+	cat README.md | gothub release -s $(GITHUB_TOKEN) -u $(USER_GH) -r $(APP) -t v$(VERSION) -d -; true
 
 delete-version:
 	gothub delete -s $(GITHUB_TOKEN) -u $(USER_GH) -r $(APP) -t v$(VERSION)
@@ -233,7 +237,7 @@ upload-bin:
 rm-su3s:
 	rm *.su3 -f
 
-download-su3s: rm-su3s
+download-su3s:
 	GOOS=darwin GOARCH=amd64 make download-single-su3
 	GOOS=darwin GOARCH=arm64 make download-single-su3
 	GOOS=linux GOARCH=386 make download-single-su3
@@ -260,7 +264,7 @@ upload-su3s:
 	GOOS=windows GOARCH=386 make upload-single-su3
 
 download-single-su3:
-	wget -N -c "https://github.com/eyedeekay/reseed-tools/releases/download/v$(VERSION)/reseed-tools-$(GOOS)-$(GOARCH).su3"
+	wget-ds "https://github.com/eyedeekay/reseed-tools/releases/download/v$(VERSION)/reseed-tools-$(GOOS)-$(GOARCH).su3"
 
 upload-single-deb:
 	gothub upload -R -s $(GITHUB_TOKEN) -u $(USER_GH) -r $(APP) -t v$(VERSION) -f reseed-tools_$(VERSION)-1_amd64.deb -l "`sha256sum reseed-tools_$(VERSION)-1_amd64.deb`" -n "reseed-tools_$(VERSION)-1_amd64.deb"
@@ -274,25 +278,32 @@ upload-single-su3:
 tmp/content:
 	mkdir -p tmp
 	cp -rv content tmp/content
+	echo "you@mail.i2p" > tmp/signer
 
 tmp/lib:
 	mkdir -p tmp/lib
-	cp "$(HOME)/Workspace/GIT_WORK/i2p.i2p/build/shellservice.jar" tmp/lib/shellservice.jar
+#	cp "$(HOME)/build/shellservice.jar" tmp/lib/shellservice.jar
 
-su3s: tmp/content tmp/lib
+tmp/LICENSE:
+	cp LICENSE.md tmp/LICENSE
+
+SIGNER_DIR=$(HOME)/i2p-go-keys/
+
+su3s: tmp/content tmp/lib tmp/LICENSE
 	i2p.plugin.native -name=reseed-tools-$(GOOS)-$(GOARCH) \
 		-signer=hankhill19580@gmail.com \
+		-signer-dir=$(SIGNER_DIR) \
 		-version "$(VERSION)" \
 		-author=hankhill19580@gmail.com \
 		-autostart=true \
 		-clientname=reseed-tools-$(GOOS)-$(GOARCH) \
-		-command="reseed-tools-$(GOOS)-$(GOARCH) reseed --yes --signer=you@mail.i2p --netdb=\$$CONFIG/netDb" \
+		-command="reseed-tools-$(GOOS)-$(GOARCH) reseed --yes --signer=\$$PLUGIN/signer --port=$(PLUGIN_PORT)" \
 		-consolename="Reseed Tools" \
-		-consoleurl="http://127.0.0.1:8443" \
+		-consoleurl="https://127.0.0.1:$(PLUGIN_PORT)" \
 		-updateurl="http://idk.i2p/reseed-tools/reseed-tools-$(GOOS)-$(GOARCH).su3" \
 		-website="http://idk.i2p/reseed-tools/" \
 		-icondata="content/images/reseed-icon.png" \
-		-delaystart="3" \
+		-delaystart="1" \
 		-desc="`cat description-pak`" \
 		-exename=reseed-tools-$(GOOS)-$(GOARCH) \
 		-targetos="$(GOOS)" \

README.md

@@ -1,10 +1,15 @@
 I2P Reseed Tools
 ==================
 
+![Reseed Tools Poster](content/images/reseed.png)
+
 This tool provides a secure and efficient reseed server for the I2P network.
 There are several utility commands to create, sign, and validate SU3 files.
 Please note that this requires at least Go version 1.13, and uses Go Modules.
 
+Standard reseeds are distributed with the I2P packages. To get your reseed
+included, apply on [zzz.i2p](http://zzz.i2p).
+
 ## Dependencies
 
 `go`, `git`, and optionally `make` are required to build the project.
@@ -31,6 +36,14 @@ and via the github mirror at https://github.com/eyedeekay/reseed-tools/releases.
 These can be installed by adding them on the 
 [http://127.0.0.1:7657/configplugins](http://127.0.0.1:7657/configplugins).
 
+After installing the plugin, you should immediately edit the `$PLUGIN/signer`
+file in order to set your `--signer` email, which is used to name your keys.
+You can find the `$PLUGIN` directory in your I2P config directory, which is
+usually `$HOME/.i2p` on Unixes.
+
+This will allow the developers to contact you if your reseed has issues
+and will authenticate your reseed to the I2P routers that use it.
+
 - darwin/amd64: [http://idk.i2p/reseed-tools/reseed-tools-darwin-amd64.su3](http://idk.i2p/reseed-tools/reseed-tools-darwin-amd64.su3)
 - darwin/arm64: [http://idk.i2p/reseed-tools/reseed-tools-darwin-arm64.su3](http://idk.i2p/reseed-tools/reseed-tools-darwin-arm64.su3)
 - linux/386: [http://idk.i2p/reseed-tools/reseed-tools-linux-386.su3](http://idk.i2p/reseed-tools/reseed-tools-linux-386.su3)
@@ -62,7 +75,12 @@ Debian users who are running I2P as a system service must also run the
 the I2P service's netDb directory. On Debian and Ubuntu, that user is `i2psvc`
 and the netDb directory is: `/var/lib/i2p/i2p-config/netDb`.
 
-##### Systemd Service
+##### Service Integration
+
+Support for running as a system service as part of the reseed package
+is new. PR's that improve integration are welcome.
+
+###### Systemd Service
 
 A systemd service is provided which should work with the I2P Debian package
 when reseed-tools is installed in `/usr/bin/reseed-tools`. If you install with
@@ -80,7 +98,7 @@ this you should edit the `/etc/systemd/system/reseed.d/reseed.service`.
 - To reload the systemd services: `sudo systemctl daemon-reload`
 - To view the status/logs: `sudo journalctl -u reseed.service`
 
-##### SysV Service
+###### SysV Service
 
 An initscript is also provided. The initscript, unlike the systemd service,
 cannot schedule itself to restart. You should restart the service roughly once
@@ -114,4 +132,4 @@ reseed-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --port=84
 ```
 
 - **Usage** [More examples can be found here.](EXAMPLES.md)
-- **Docker** [Eocker examples can be found here](DOCKER.md)
+- **Docker** [Docker examples can be found here](DOCKER.md)

cmd/i2pd.go

@@ -0,0 +1,12 @@
+//go:build i2pd
+// +build i2pd
+
+package cmd
+
+import (
+	i2pd "github.com/eyedeekay/go-i2pd/goi2pd"
+)
+
+func InitializeI2PD() func() {
+	return i2pd.InitI2PSAM(nil)
+}

cmd/keygen.go

@@ -27,6 +27,7 @@ func NewKeygenCommand() cli.Command {
 func keygenAction(c *cli.Context) {
 	signerID := c.String("signer")
 	tlsHost := c.String("tlsHost")
+	trustProxy := c.Bool("trustProxy")
 
 	if signerID == "" && tlsHost == "" {
 		fmt.Println("You must specify either --tlsHost or --signer")
@@ -40,10 +41,12 @@ func keygenAction(c *cli.Context) {
 		}
 	}
 
-	if tlsHost != "" {
-		if err := createTLSCertificate(tlsHost); nil != err {
-			fmt.Println(err)
-			return
+	if trustProxy {
+		if tlsHost != "" {
+			if err := createTLSCertificate(tlsHost); nil != err {
+				fmt.Println(err)
+				return
+			}
 		}
 	}
 }

cmd/reseed.go

@@ -2,6 +2,8 @@ package cmd
 
 import (
 	"context"
+	"strings"
+
 	//"flag"
 	"fmt"
 	"io/ioutil"
@@ -30,11 +32,11 @@ func getDefaultSigner() string {
 	if intentionalsigner == "" {
 		adminsigner := os.Getenv("MAILTO")
 		if adminsigner != "" {
-			return adminsigner
+			return strings.Replace(adminsigner, "\n", "", -1)
 		}
 		return ""
 	}
-	return intentionalsigner
+	return strings.Replace(intentionalsigner, "\n", "", -1)
 }
 
 func getHostName() string {
@@ -42,7 +44,7 @@ func getHostName() string {
 	if hostname == "" {
 		hostname, _ = os.Hostname()
 	}
-	return hostname
+	return strings.Replace(hostname, "\n", "", -1)
 }
 
 func NewReseedCommand() cli.Command {
@@ -214,6 +216,16 @@ func LoadKeys(keysPath string, c *cli.Context) (i2pkeys.I2PKeys, error) {
 	}
 }
 
+// fileExists checks if a file exists and is not a directory before we
+// try using it to prevent further errors.
+func fileExists(filename string) bool {
+	info, err := os.Stat(filename)
+	if os.IsNotExist(err) {
+		return false
+	}
+	return !info.IsDir()
+}
+
 func reseedAction(c *cli.Context) {
 	netdbDir := c.String("netdb")
 	if netdbDir == "" {
@@ -222,10 +234,22 @@ func reseedAction(c *cli.Context) {
 	}
 
 	signerID := c.String("signer")
-	if signerID == "" {
+	if signerID == "" || signerID == "you@mail.i2p" {
 		fmt.Println("--signer is required")
 		return
 	}
+	if !strings.Contains(signerID, "@") {
+		if !fileExists(signerID) {
+			fmt.Println("--signer must be an email address or a file containing an email address.")
+			return
+		}
+		bytes, err := ioutil.ReadFile(signerID)
+		if err != nil {
+			fmt.Println("--signer must be an email address or a file containing an email address.")
+			return
+		}
+		signerID = string(bytes)
+	}
 
 	var tlsCert, tlsKey string
 	tlsHost := c.String("tlsHost")
@@ -256,18 +280,21 @@ func reseedAction(c *cli.Context) {
 
 		// prompt to create tls keys if they don't exist?
 		auto := c.Bool("yes")
-		// use ACME?
-		acme := c.Bool("acme")
-		if acme {
-			acmeserver := c.String("acmeserver")
-			err := checkUseAcmeCert(tlsHost, signerID, acmeserver, &tlsCert, &tlsKey, auto)
-			if nil != err {
-				log.Fatalln(err)
-			}
-		} else {
-			err := checkOrNewTLSCert(tlsHost, &tlsCert, &tlsKey, auto)
-			if nil != err {
-				log.Fatalln(err)
+		ignore := c.Bool("ignore")
+		if !ignore {
+			// use ACME?
+			acme := c.Bool("acme")
+			if acme {
+				acmeserver := c.String("acmeserver")
+				err := checkUseAcmeCert(tlsHost, signerID, acmeserver, &tlsCert, &tlsKey, auto)
+				if nil != err {
+					log.Fatalln(err)
+				}
+			} else {
+				err := checkOrNewTLSCert(tlsHost, &tlsCert, &tlsKey, auto)
+				if nil != err {
+					log.Fatalln(err)
+				}
 			}
 		}
 
@@ -295,9 +322,12 @@ func reseedAction(c *cli.Context) {
 
 			// prompt to create tls keys if they don't exist?
 			auto := c.Bool("yes")
-			err := checkOrNewTLSCert(i2pTlsHost, &i2pTlsCert, &i2pTlsKey, auto)
-			if nil != err {
-				log.Fatalln(err)
+			ignore := c.Bool("trustProxy")
+			if !ignore {
+				err := checkOrNewTLSCert(i2pTlsHost, &i2pTlsCert, &i2pTlsKey, auto)
+				if nil != err {
+					log.Fatalln(err)
+				}
 			}
 		}
 	}
@@ -337,9 +367,12 @@ func reseedAction(c *cli.Context) {
 
 			// prompt to create tls keys if they don't exist?
 			auto := c.Bool("yes")
-			err := checkOrNewTLSCert(onionTlsHost, &onionTlsCert, &onionTlsKey, auto)
-			if nil != err {
-				log.Fatalln(err)
+			ignore := c.Bool("trustProxy")
+			if !ignore {
+				err := checkOrNewTLSCert(onionTlsHost, &onionTlsCert, &onionTlsKey, auto)
+				if nil != err {
+					log.Fatalln(err)
+				}
 			}
 		}
 	}
@@ -401,7 +434,7 @@ func reseedAction(c *cli.Context) {
 			reseedP2P(c, reseeder)
 		}
 	}
-	if tlsHost != "" && tlsCert != "" && tlsKey != "" {
+	if !c.Bool("trustProxy") {
 		log.Printf("HTTPS server starting\n")
 		reseedHTTPS(c, tlsCert, tlsKey, reseeder)
 	} else {

cmd/utils.go

@@ -347,6 +347,10 @@ func createSigningCertificate(signerID string) error {
 }
 
 func createTLSCertificate(host string) error {
+	return CreateTLSCertificate(host)
+}
+
+func CreateTLSCertificate(host string) error {
 	fmt.Println("Generating TLS keys. This may take a minute...")
 	priv, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
 	if err != nil {

content/lang/ar/homepage.md

@@ -0,0 +1,18 @@
+هذا هو خادم I2P Reseed
+=============================
+
+I2P هي شبكة نظير إلى نظير تستخدم "توجيه الثوم" للحفاظ على الخصوصية.
+تساعدك عقد Reseed على الاتصال بـ I2P لأول مرة ، وعلى الرغم من ذلك
+يجب عليك فقط استخدامها مرة واحدة كل فترة ، فهي مهمة جدًا
+خدمات.
+
+[لمزيد من المعلومات حول I2P ، قم بزيارة موقع المشروع] (https://geti2p.net)
+------------------------------------------------------------------------
+
+[! [إعادة المساعدة] (images / reseed.png)] (https://geti2p.net)
+
+  - [مزيد من المعلومات حول عمليات إعادة التوريد] (https://geti2p.net/en/docs/reseed)
+  - [تعرف على كيفية تشغيل Reseed] (https://geti2p.net/en/get-involved/guides/reseed)
+  - [اقرأ رمز خادم إعادة التزويد وتعرّف على المزيد من خيارات إعادة التزويد] (https://i2pgit.org/idk/reseed-tools)
+
+### هل لديك مشاكل في الاتصال؟ إليك رابط لمرة واحدة لحزمة إعادة إرسال لك.

content/lang/bn/homepage.md

@@ -0,0 +1,18 @@
+এটি একটি I2P রিসিড সার্ভার
+============================
+
+I2P হল একটি পিয়ার-টু-পিয়ার নেটওয়ার্ক যা গোপনীয়তা বজায় রাখতে "গার্লিক রাউটিং" ব্যবহার করে।
+রিসিড নোড আপনাকে প্রথমবার I2P এর সাথে সংযুক্ত হতে সাহায্য করে, এবং যদিও
+আপনি শুধুমাত্র একটি মহান সময়ের মধ্যে একবার তাদের ব্যবহার করা উচিত, তারা খুবই গুরুত্বপূর্ণ
+সেবা.
+
+[I2P সম্পর্কে আরও জানতে, প্রকল্পের ওয়েবসাইট দেখুন](https://geti2p.net)
+-------------------------------------------------------------------------------------
+
+[![রিসিড করতে সাহায্য করুন](images/reseed.png)](https://geti2p.net)
+
+  - [রিসিড সম্পর্কে আরও জানুন](https://geti2p.net/en/docs/reseed)
+  - [কিভাবে রিসিড চালাতে হয় তা জানুন](https://geti2p.net/en/get-involved/guides/reseed)
+  - [রিসিড সার্ভার কোড পড়ুন এবং আরও রিসিড বিকল্প সম্পর্কে জানুন](https://i2pgit.org/idk/reseed-tools)
+
+### সংযোগ সমস্যা হচ্ছে? এখানে আপনার জন্য একটি রিসিড বান্ডেলের একটি এককালীন লিঙ্ক রয়েছে৷

content/lang/de/homepage.md

@@ -0,0 +1,18 @@
+Dies ist ein I2P-Reseed-Server
+============================
+
+I2P ist ein Peer-to-Peer-Netzwerk, das „Garlic Routing“ verwendet, um die Privatsphäre zu wahren.
+Reseed-Knoten helfen Ihnen, zum ersten Mal mit I2P verbunden zu werden, und das obwohl
+Sie sollten sie nur ab und zu verwenden müssen, sie sind sehr wichtig
+Dienstleistungen.
+
+[Um mehr über I2P zu erfahren, besuchen Sie die Projektwebsite](https://geti2p.net)
+------------------------------------------------------------------------
+
+[![Hilfe neu aussäen](images/reseed.png)](https://geti2p.net)
+
+  - [Erfahren Sie mehr über Reseeds](https://geti2p.net/en/docs/reseed)
+  - [Erfahren Sie, wie Sie einen Reseed ausführen](https://geti2p.net/en/get-involved/guides/reseed)
+  - [Lesen Sie den Re-Seed-Server-Code und erfahren Sie mehr über Re-Seed-Optionen](https://i2pgit.org/idk/reseed-tools)
+
+### Haben Sie Verbindungsprobleme? Hier ist ein einmaliger Link zu einem Re-Seed-Bundle für Sie.

content/lang/en/homepage.md

@@ -1,4 +1,4 @@
-You have found an I2P Reseed
+This is an I2P Reseed Server
 ============================
 
 I2P is a peer-to-peer network which uses “Garlic Routing” to maintain privacy.
@@ -11,8 +11,8 @@ services.
 
 [![Help reseed](images/reseed.png)](https://geti2p.net)
 
- - [Learn more about reseeds here:](https://geti2p.net/en/docs/reseed)
- - [Learn how to run a reseed here:](https://geti2p.net/en/get-involved/guides/reseed)
- - [Read the reseed server code and learn about more reseed options here:](https://i2pgit.org/idk/reseed-tools)
+ - [Learn more about reseeds](https://geti2p.net/en/docs/reseed)
+ - [Learn how to run a reseed](https://geti2p.net/en/get-involved/guides/reseed)
+ - [Read the reseed server code and learn about more reseed options](https://i2pgit.org/idk/reseed-tools)
 
 ### Having connection issues? Here is a one-time link to a reseed bundle for you.

content/lang/es/homepage.md

@@ -0,0 +1,18 @@
+Este es un servidor de reinicio I2P
+============================
+
+I2P es una red de igual a igual que utiliza "Enrutamiento de ajo" para mantener la privacidad.
+Los nodos de reseed le ayudan a conectarse a I2P por primera vez, y aunque
+solo debería tener que usarlos de vez en cuando, son muy importantes
+servicios.
+
+[Para obtener más información sobre I2P, visite el sitio web del proyecto] (https://geti2p.net)
+------------------------------------------------------------------------
+
+[! [Help reseed] (images / reseed.png)] (https://geti2p.net)
+
+  - [Obtenga más información sobre reseeds] (https://geti2p.net/en/docs/reseed)
+  - [Aprenda a ejecutar un reseed] (https://geti2p.net/en/get-involved/guides/reseed)
+  - [Lea el código del servidor reseed y conozca más opciones de reseed] (https://i2pgit.org/idk/reseed-tools)
+
+### ¿Tienes problemas de conexión? Aquí hay un enlace único a un paquete reseed para usted.

content/lang/fr/homepage.md

@@ -0,0 +1,18 @@
+Ceci est un serveur de réensemencement I2P
+============================
+
+I2P est un réseau peer-to-peer qui utilise le « routage à l'ail » pour maintenir la confidentialité.
+Les nœuds de réamorçage vous aident à vous connecter à I2P pour la première fois, et même si
+vous ne devriez avoir à les utiliser qu'une fois de temps en temps, ils sont très importants
+prestations de service.
+
+[Pour en savoir plus sur I2P, visitez le site Web du projet](https://geti2p.net)
+------------------------------------------------------------------------
+
+[![Aide à reseed](images/reseed.png)](https://geti2p.net)
+
+  - [En savoir plus sur les réensemencements](https://geti2p.net/en/docs/reseed)
+  - [Apprenez à exécuter un reseed](https://geti2p.net/en/get-involved/guides/reseed)
+  - [Lire le code du serveur de réensemencement et en savoir plus sur les options de réensemencement] (https://i2pgit.org/idk/reseed-tools)
+
+### Vous avez des problèmes de connexion ? Voici un lien unique vers un paquet de graines pour vous.

content/lang/hi/homepage.md

@@ -0,0 +1,18 @@
+यह एक I2P शोधित सर्वर है
+===========================
+
+I2P एक पीयर-टू-पीयर नेटवर्क है जो गोपनीयता बनाए रखने के लिए "लहसुन रूटिंग" का उपयोग करता है।
+रीसेड नोड्स आपको पहली बार I2P से कनेक्ट होने में मदद करते हैं, और भले ही
+आपको उन्हें केवल एक बार ही उपयोग करना चाहिए, वे बहुत महत्वपूर्ण हैं
+सेवाएं।
+
+[I2P के बारे में अधिक जानने के लिए, प्रोजेक्ट वेबसाइट पर जाएँ](https://geti2p.net)
+-------------------------------------------------------------------------
+
+[![Reseed में मदद करें](images/reseed.png)](https://geti2p.net)
+
+  - [रिसेड्स के बारे में और जानें](https://geti2p.net/hi/docs/reseed)
+  - [रिसेड चलाना सीखें](https://geti2p.net/hi/get-involved/guides/reseed)
+  - [रीडेड सर्वर कोड पढ़ें और अधिक शोध विकल्पों के बारे में जानें](https://i2pgit.org/idk/reseed-tools)
+
+### कनेक्शन की समस्या आ रही है? यहां आपके लिए एक शोधित बंडल का वन-टाइम लिंक दिया गया है।

content/lang/id/homepage.md

@@ -0,0 +1,18 @@
+Ini adalah Server Reseed I2P
+==============================
+
+I2P adalah jaringan peer-to-peer yang menggunakan "Garlic Routing" untuk menjaga privasi.
+Reseed node membantu Anda terhubung ke I2P untuk pertama kalinya, dan meskipun
+Anda hanya perlu menggunakannya sesekali, itu sangat penting
+jasa.
+
+[Untuk mempelajari lebih lanjut tentang I2P, kunjungi situs web proyek](https://geti2p.net)
+-------------------------------------------------- -----------------------
+
+[![Bantu reseed](images/reseed.png)](https://geti2p.net)
+
+  - [Pelajari lebih lanjut tentang reseed](https://geti2p.net/en/docs/reseed)
+  - [Pelajari cara menjalankan reseed](https://geti2p.net/en/get-involved/guides/reseed)
+  - [Baca kode server reseed dan pelajari tentang opsi reseed lainnya](https://i2pgit.org/idk/reseed-tools)
+
+### Mengalami masalah koneksi? Berikut ini tautan satu kali ke bundel reseed untuk Anda.

content/lang/jp/homepage.md

@@ -0,0 +1,18 @@
+これはI2PReseedServerです
+============================
+
+I2Pは、プライバシーを維持するために「GarlicRouting」を使用するピアツーピアネットワークです。
+再シードノードは、I2Pに初めて接続するのに役立ちます。
+たまに一度だけ使用する必要があります、それらは非常に重要です
+サービス。
+
+[I2Pの詳細については、プロジェクトのWebサイトにアクセスしてください]（https://geti2p.net）
+------------------------------------------------------------------------
+
+[！[再シードのヘルプ]（images / reseed.png）]（https://geti2p.net）
+
+  -[再シードの詳細]（https://geti2p.net/en/docs/reseed）
+  -[再シードの実行方法を学ぶ]（https://geti2p.net/en/get-involved/guides/reseed）
+  -[再シードサーバーコードを読み、再シードオプションの詳細を確認してください]（https://i2pgit.org/idk/reseed-tools）
+
+###接続に問題がありますか？ これがあなたのための再シードバンドルへのワンタイムリンクです。

content/lang/ko/homepage.md

@@ -0,0 +1,18 @@
+I2P Reseed 서버입니다.
+==============================
+
+I2P는 "Garlic Routing"을 사용하여 개인 정보를 유지하는 P2P 네트워크입니다.
+Reseed 노드는 처음으로 I2P에 연결하는 데 도움이 됩니다.
+아주 가끔은 한 번만 사용해야 하므로 매우 중요합니다.
+서비스.
+
+[I2P에 대한 자세한 내용은 프로젝트 웹 사이트를 방문하십시오.](https://geti2p.net)
+------------------------------------------------------------------------
+
+[![Help reseed](images/reseed.png)](https://geti2p.net)
+
+  - [리시드에 대해 자세히 알아보기](https://geti2p.net/en/docs/reseed)
+  - [리시드 실행 방법 알아보기](https://geti2p.net/en/get-involved/guides/reseed)
+  - [리시드 서버 코드를 읽고 더 많은 리시드 옵션에 대해 알아보세요](https://i2pgit.org/idk/reseed-tools)
+
+### 연결 문제가 있습니까? 다음은 reseed 번들에 대한 일회성 링크입니다.

content/lang/pr/homepage.md

@@ -0,0 +1,18 @@
+Este é um servidor I2P Reseed
+==============================
+
+I2P é uma rede ponto a ponto que usa “Roteamento de alho” para manter a privacidade.
+Nós Reseed ajudam você a se conectar ao I2P pela primeira vez, e mesmo que
+você só deve ter que usá-los de vez em quando, eles são muito importantes
+Serviços.
+
+[Para saber mais sobre I2P, visite o site do projeto] (https://geti2p.net)
+------------------------------------------------------------------------
+
+[! [Help reseed] (images / reseed.png)] (https://geti2p.net)
+
+  - [Saiba mais sobre reseeds] (https://geti2p.net/en/docs/reseed)
+  - [Saiba como executar uma nova propagação] (https://geti2p.net/en/get-involved/guides/reseed)
+  - [Leia o código do servidor de nova propagação e aprenda sobre mais opções de nova propagação] (https://i2pgit.org/idk/reseed-tools)
+
+### Tendo problemas de conexão? Aqui está um link único para um pacote reenviado para você.

content/lang/ru/homepage.md

@@ -0,0 +1,18 @@
+Это сервер I2P Reseed
+============================
+
+I2P - это одноранговая сеть, которая использует «Garlic Routing» для обеспечения конфиденциальности.
+Узлы с повторным заполнением помогут вам впервые подключиться к I2P, и даже если
+вы должны использовать их только время от времени, они очень важны
+Сервисы.
+
+[Чтобы узнать больше об I2P, посетите сайт проекта] (https://geti2p.net)
+------------------------------------------------------------------------
+
+[! [Повторное заполнение справки] (images / Reseed.png)] (https://geti2p.net)
+
+  - [Подробнее о Reseeds] (https://geti2p.net/en/docs/reseed)
+  - [Узнайте, как запустить повторное заполнение] (https://geti2p.net/en/get-involved/guides/reseed)
+  - [Прочтите код сервера повторного заполнения и узнайте о дополнительных параметрах повторного заполнения] (https://i2pgit.org/idk/reseed-tools)
+
+### Возникли проблемы с подключением? Вот вам одноразовая ссылка на набор повторных рассылок.

content/lang/zh/homepage.md

@@ -0,0 +1,18 @@
+这是一个 I2P Reseed 服务器
+============================
+
+I2P 是一种点对点网络，它使用“大蒜路由”来维护隐私。
+Reseed 节点可帮助您首次连接到 I2P，即使
+你应该只需要偶尔使用它们，它们非常重要
+服务。
+
+【了解更多关于I2P，请访问项目网站】(https://geti2p.net)
+-----------------------------------------------------------------
+
+[![帮助重新播种](images/reseed.png)](https://geti2p.net)
+
+  - [了解更多关于 reseeds](https://geti2p.net/en/docs/reseed)
+  - [了解如何进行重新播种](https://geti2p.net/en/get-involved/guides/reseed)
+  - [阅读 reseed 服务器代码并了解更多 reseed 选项](https://i2pgit.org/idk/reseed-tools)
+
+### 有连接问题？ 这是为您提供的重新种子包的一次性链接。

content/style.css

@@ -1,17 +1,20 @@
 body {
-	font-family: "Roboto";
-	font-family: monospace;
+	font-family: "Roboto", monospace;
 	text-align: justify;
 	background-color: #D9D9D9;
 }
 h1 {
 	width: 55%;
 	margin-left: 45%;
+	margin-top: 5%;
 }
 h2 {
 	width: 55%;
 	margin-left: 45%;
 }
+#homepage > h2:nth-child(3) > a:nth-child(1) {
+	text-decoration: none;
+}
 h3 {
 	width: 55%;
 	margin-left: 45%;
@@ -27,6 +30,8 @@ li {
 }
 p {
 	max-width: 55%;
+	font-size: 1.2em;
+	margin-right: 2%;
 }
 #homepage > p:nth-child(2){
 	margin-left: 45%;
@@ -34,16 +39,30 @@ p {
 
 img {
 	position: absolute;
+	margin-top: 3%;
 	top: 5%;
 	left: 5%;
 	width: 35%;
 	display: inline;
+	margin-bottom: 5%;
+	padding-bottom: 5%;
+	
 }
 
 .inline {
 	display: inline;
 }
 
+.link-button {
+	margin-top: 3%;
+	padding: 2%;
+	padding-left: 5%;
+	padding-right: 5%;
+	margin-left: -3%;
+	border-radius: 20%;
+	border-style: groove;
+}
+
 .link-button:focus {
 	outline: none;
 }
@@ -51,3 +70,8 @@ img {
 .link-button:active {
 	color:red;
 }
+
+figure > img {
+    max-width: 35%;
+    display: inline;
+}

description-pak

@@ -1,2 +1 @@
-Reseed tools is a self-contained, easy-to-configure I2P reseed service
- which can be run on any OS.
+Reseed tools is a self-contained, easy-to-configure I2P reseed service which can be run on any OS.

entrypoint.sh

@@ -1,5 +1,7 @@
 #! /usr/bin/env sh
 
+cd /var/lib/i2p/i2p-config/reseed
+
 cp -r /var/lib/i2p/go/src/i2pgit.org/idk/reseed-tools/content ./content
 
 /var/lib/i2p/go/src/i2pgit.org/idk/reseed-tools/reseed-tools reseed --yes=true --netdb=/var/lib/i2p/i2p-config/netDb $@

etc/init.d/reseed

@@ -19,15 +19,15 @@ fi
 RUNOPTS=" reseed --yes=true --netdb=$NETDBDIR $MORE_OPTIONS "
 
 start() {
-    start-stop-daemon --user $RUNAS --chuid $RUNAS --exec $SCRIPT --chdir $RUNDIR --make-pidfile --pidfile $RUNDIR/reseed.pid --start -- $RUNOPTS
+    start-stop-daemon --background --user $RUNAS --chuid $RUNAS --exec $SCRIPT --chdir $RUNDIR --make-pidfile --pidfile $RUNDIR/reseed.pid --start -- $RUNOPTS
 }
 
 stop() {
-    start-stop-daemon --user $RUNAS --exec $SCRIPT --chdir $RUNDIR --remove-pidfile --pidfile $RUNDIR/reseed.pid --stop
+    start-stop-daemon --background --user $RUNAS --exec $SCRIPT --chdir $RUNDIR --remove-pidfile --pidfile $RUNDIR/reseed.pid --stop
 }
 
 status() {
-    start-stop-daemon --user $RUNAS --exec $SCRIPT --chdir $RUNDIR --remove-pidfile --pidfile $RUNDIR/reseed.pid --status
+    start-stop-daemon --background --user $RUNAS --exec $SCRIPT --chdir $RUNDIR --pidfile $RUNDIR/reseed.pid --status
 }
 
 restart() {

go.mod

@@ -16,6 +16,7 @@ require (
 	github.com/throttled/throttled/v2 v2.7.1
 	github.com/urfave/cli v1.22.5
 	gitlab.com/golang-commonmark/markdown v0.0.0-20191127184510-91b5b3c99c19
+	github.com/eyedeekay/go-i2pd v0.0.0-20220213070306-9807541b2dfc
 	golang.org/x/text v0.3.5
 )
 
@@ -26,3 +27,5 @@ replace github.com/libp2p/go-libp2p-core => github.com/libp2p/go-libp2p-core v0.
 replace github.com/libp2p/go-libp2p-gostream => github.com/libp2p/go-libp2p-gostream v0.3.1
 
 replace github.com/libp2p/go-libp2p-http => github.com/libp2p/go-libp2p-http v0.2.0
+
+replace github.com/eyedeekay/go-i2pd v0.0.0-20220213070306-9807541b2dfc => ./go-i2pd 

go.sum

@@ -137,6 +137,8 @@ github.com/eyedeekay/go-fpw v0.0.0-20200512022837-c8b4dcdc74d4/go.mod h1:RyCx7Ku
 github.com/eyedeekay/go-i2cp v0.0.0-20190716135428-6d41bed718b0 h1:rnn9OlD/3+tATEZNuiMR1C84O5CX8bZL2qqgttprKrw=
 github.com/eyedeekay/go-i2cp v0.0.0-20190716135428-6d41bed718b0/go.mod h1:+P0fIhkqIYjo7exMJRTlSteRMbRyHbiBiKw+YlPWk+c=
 github.com/eyedeekay/go-i2pcontrol v0.0.0-20200110011336-510cca77e350/go.mod h1:bhIQsVpbNNXMtcoZ9UF4hLQleOjaCgKGXiRRhNc8TOA=
+github.com/eyedeekay/i2pd v0.3.0-1stbinrelease.0.20210702172028-5d01ee95810a h1:dALePX8FUwdy71vN77GMEc/B1Otu5dRGkDlb7maULfQ=
+github.com/eyedeekay/i2pd v0.3.0-1stbinrelease.0.20210702172028-5d01ee95810a/go.mod h1:4qJhWn+yNrWRbqFHhU8kl7JgbcW1hm3PMgvlPlxO3gg=
 github.com/eyedeekay/ramp v0.0.0-20190429201811-305b382042ab/go.mod h1:h7mvUAMgZ/rtRDUOkvKTK+8LnDMeUhJSoa5EPdB51fc=
 github.com/eyedeekay/sam3 v0.32.2/go.mod h1:Y3igFVzN4ybqkkpfUWULGhw7WRp8lieq0ORXbLBbcZM=
 github.com/eyedeekay/sam3 v0.32.32 h1:9Ea1Ere5O8Clx8zYxKnvhrWy7R96Q4FvxlPskYf8VW0=

index.html

@@ -6,7 +6,11 @@
 </head>
 <body>
 <h1 id="i2p-reseed-tools">I2P Reseed Tools</h1>
+<figure>
+<img src="content/images/reseed.png" alt="" /><figcaption>Reseed Tools Poster</figcaption>
+</figure>
 <p>This tool provides a secure and efficient reseed server for the I2P network. There are several utility commands to create, sign, and validate SU3 files. Please note that this requires at least Go version 1.13, and uses Go Modules.</p>
+<p>Standard reseeds are distributed with the I2P packages. To get your reseed included, apply on <a href="http://zzz.i2p">zzz.i2p</a>.</p>
 <h2 id="dependencies">Dependencies</h2>
 <p><code>go</code>, <code>git</code>, and optionally <code>make</code> are required to build the project. Precompiled binaries for most platforms are available at my github mirror https://github.com/eyedeekay/i2p-tools-1.</p>
 <p>In order to install the build-dependencies on Ubuntu or Debian, you may use:</p>
@@ -15,6 +19,8 @@
 <p>Reseed-tools can be run as a user, as a freestanding service, or be installed as an I2P Plugin. It will attempt to configure itself automatically. You should make sure to set the <code>--signer</code> flag or the <code>RESEED_EMAIL</code> environment variable to configure your signing keys/contact info.</p>
 <h4 id="plugin-install-urls">Plugin install URL’s</h4>
 <p>Plugin releases are available inside of i2p at http://idk.i2p/reseed-tools/ and via the github mirror at https://github.com/eyedeekay/reseed-tools/releases. These can be installed by adding them on the <a href="http://127.0.0.1:7657/configplugins">http://127.0.0.1:7657/configplugins</a>.</p>
+<p>After installing the plugin, you should immediately edit the <code>$PLUGIN/signer</code> file in order to set your <code>--signer</code> email, which is used to name your keys. You can find the <code>$PLUGIN</code> directory in your I2P config directory, which is usually <code>$HOME/.i2p</code> on Unixes.</p>
+<p>This will allow the developers to contact you if your reseed has issues and will authenticate your reseed to the I2P routers that use it.</p>
 <ul>
 <li>darwin/amd64: <a href="http://idk.i2p/reseed-tools/reseed-tools-darwin-amd64.su3">http://idk.i2p/reseed-tools/reseed-tools-darwin-amd64.su3</a></li>
 <li>darwin/arm64: <a href="http://idk.i2p/reseed-tools/reseed-tools-darwin-arm64.su3">http://idk.i2p/reseed-tools/reseed-tools-darwin-arm64.su3</a></li>
@@ -61,7 +67,7 @@ sudo make install</code></pre>
 <pre><code>reseed-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --port=8443 --ip=127.0.0.1 --trustProxy</code></pre>
 <ul>
 <li><strong>Usage</strong> <a href="EXAMPLES.md">More examples can be found here.</a></li>
-<li><strong>Docker</strong> <a href="DOCKER.md">Eocker examples can be found here</a></li>
+<li><strong>Docker</strong> <a href="DOCKER.md">Docker examples can be found here</a></li>
 </ul>
 </body>
 </html>

main.go

@@ -19,7 +19,7 @@ func main() {
 
 	app := cli.NewApp()
 	app.Name = "reseed-tools"
-	app.Version = "0.1.9"
+	app.Version = "0.2.9"
 	app.Usage = "I2P tools and reseed server"
 	app.Author = "eyedeekay"
 	app.Email = "hankhill19580@gmail.com"

reseed/homepage.go

@@ -2,6 +2,7 @@ package reseed
 
 import (
 	"io/ioutil"
+	"log"
 	"net/http"
 	"os"
 	"path/filepath"
@@ -13,6 +14,18 @@ import (
 
 var SupportedLanguages = []language.Tag{
 	language.English,
+	language.Russian,
+	language.SimplifiedChinese,
+	language.Arabic,
+	language.Portuguese,
+	language.German,
+	language.French,
+	language.Spanish,
+	language.Indonesian,
+	language.Hindi,
+	language.Japanese,
+	language.Korean,
+	language.Bengali,
 }
 var CachedLanguagePages = map[string]string{}
 var CachedDataPages = map[string][]byte{}
@@ -54,8 +67,17 @@ func (srv *Server) HandleARealBrowser(w http.ResponseWriter, r *http.Request) {
 	}
 	lang, _ := r.Cookie("lang")
 	accept := r.Header.Get("Accept-Language")
+	log.Printf("lang: '%s', accept: '%s'\n", lang, accept)
+	for name, values := range r.Header {
+		// Loop over all values for the name.
+		for _, value := range values {
+			log.Printf("name: '%s', value: '%s'\n", name, value)
+		}
+	}
 	tag, _ := language.MatchStrings(matcher, lang.String(), accept)
+	log.Printf("tag: '%s'\n", tag)
 	base, _ := tag.Base()
+	log.Printf("base: '%s'\n", base)
 
 	switch r.URL.Path {
 	case "/style.css":
@@ -69,6 +91,14 @@ func (srv *Server) HandleARealBrowser(w http.ResponseWriter, r *http.Request) {
 		if strings.HasPrefix(image, "images") {
 			w.Header().Set("Content-Type", "image/png")
 			HandleAFile(w, "images", strings.TrimPrefix(strings.TrimPrefix(r.URL.Path, "/"), "images"))
+		} else if strings.HasPrefix(image, "ping") {
+			PingEverybody()
+			http.Redirect(w, r, "/readout", http.StatusFound)
+		} else if strings.HasPrefix(image, "readout") {
+			w.Header().Set("Content-Type", "text/html")
+			w.Write([]byte(header))
+			ReadOut(w)
+			w.Write([]byte(footer))
 		} else {
 			w.Header().Set("Content-Type", "text/html")
 			w.Write([]byte(header))
@@ -76,9 +106,10 @@ func (srv *Server) HandleARealBrowser(w http.ResponseWriter, r *http.Request) {
 			w.Write([]byte(`<ul><li><form method="post" action="/i2pseeds" class="inline">
 			<input type="hidden" name="onetime" value="` + srv.Acceptable() + `">
 			<button type="submit" name="submit_param" value="submit_value" class="link-button">
-			Bundle
+			Reseed
 			</button>
 			</form></li></ul>`))
+			ReadOut(w)
 			w.Write([]byte(footer))
 		}
 	}
@@ -86,7 +117,7 @@ func (srv *Server) HandleARealBrowser(w http.ResponseWriter, r *http.Request) {
 
 func HandleAFile(w http.ResponseWriter, dirPath, file string) {
 	file = filepath.Join(dirPath, file)
-	if _, prs := CachedDataPages[file]; prs == false {
+	if _, prs := CachedDataPages[file]; !prs {
 		path := filepath.Join(BaseContentPath, file)
 		f, err := ioutil.ReadFile(path)
 		if err != nil {
@@ -101,7 +132,7 @@ func HandleAFile(w http.ResponseWriter, dirPath, file string) {
 }
 
 func HandleALocalizedFile(w http.ResponseWriter, dirPath string) {
-	if _, prs := CachedLanguagePages[dirPath]; prs == false {
+	if _, prs := CachedLanguagePages[dirPath]; !prs {
 		dir := filepath.Join(BaseContentPath, "lang", dirPath)
 		files, err := ioutil.ReadDir(dir)
 		if err != nil {

reseed/ping.go

@@ -0,0 +1,123 @@
+package reseed
+
+import (
+	"fmt"
+	"io/ioutil"
+	"log"
+	"net/http"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+)
+
+// Ping requests an `.su3` from another reseed server and return true if
+// the reseed server is alive If the reseed server is not alive, returns
+// false and the status of the request as an error
+func Ping(url string) (bool, error) {
+	if strings.HasSuffix(url, "i2pseeds.su3") {
+		url = url + "i2pseeds.su3"
+	}
+	req, err := http.NewRequest("GET", url, nil)
+	if err != nil {
+		return false, err
+	}
+	req.Header.Set("User-Agent", i2pUserAgent)
+
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return false, err
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode != 200 {
+		return false, fmt.Errorf("%s", resp.Status)
+	}
+	return true, nil
+}
+
+func PingWriteContent(url string) error {
+	date := time.Now().Format("2006-01-02")
+	path := strings.Replace(url, "http://", "", 1)
+	path = strings.Replace(path, "https://", "", 1)
+	path = strings.Replace(path, "/", "", -1)
+	path = filepath.Join(BaseContentPath, path+"-"+date+".ping")
+	if _, err := os.Stat(path); err != nil {
+		result, err := Ping(url)
+		if result {
+			log.Printf("Ping: %s OK", url)
+			err := ioutil.WriteFile(path, []byte("Alive: Status OK"), 0644)
+			return err
+		} else {
+			log.Printf("Ping: %s %s", url, err)
+			err := ioutil.WriteFile(path, []byte("Dead: "+err.Error()), 0644)
+			return err
+		}
+	}
+	return nil
+}
+
+//TODO: make this a configuration option
+var AllReseeds = []string{
+	"https://banana.incognet.io/",
+	"https://i2p.novg.net/",
+	"https://i2pseed.creativecowpat.net:8443/",
+	"https://reseed.diva.exchange/",
+	"https://reseed.i2pgit.org/",
+	"https://reseed.memcpy.io/",
+	"https://reseed.onion.im/",
+	"https://reseed2.i2p.net/",
+}
+
+func PingEverybody() []string {
+	var nonerrs []string
+	for _, url := range AllReseeds {
+		err := PingWriteContent(url)
+		if err == nil {
+			nonerrs = append(nonerrs, url)
+		} else {
+			nonerrs = append(nonerrs, err.Error()+"-"+url)
+		}
+	}
+	return nonerrs
+}
+
+// Get a list of all files ending in ping in the BaseContentPath
+func GetPingFiles() ([]string, error) {
+	var files []string
+	date := time.Now().Format("2006-01-02")
+	err := filepath.Walk(BaseContentPath, func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+		if strings.HasSuffix(path, ".ping") && strings.Contains(path, date) {
+			files = append(files, path)
+		}
+		return nil
+	})
+	if len(files) == 0 {
+		return nil, fmt.Errorf("No ping files found")
+	}
+	return files, err
+}
+
+func ReadOut(w http.ResponseWriter) {
+	pinglist, err := GetPingFiles()
+	if err == nil {
+		fmt.Fprintf(w, "<h3>Reseed Server Statuses</h3>")
+		fmt.Fprintf(w, "<div><p>This feature is experimental and may not always provide accurate results.</p></div>")
+		fmt.Fprintf(w, "</div><p><ul>")
+		for _, file := range pinglist {
+			ping, err := ioutil.ReadFile(file)
+			host := strings.Replace(file, ".ping", "", 1)
+			host = filepath.Base(host)
+			if err == nil {
+				fmt.Fprintf(w, "<li><strong>%s</strong> - %s</li>\n", host, ping)
+			} else {
+				fmt.Fprintf(w, "<li><strong>%s</strong> - No ping file found</li>\n", host)
+			}
+		}
+		fmt.Fprintf(w, "</ul></p></div>")
+	} else {
+		fmt.Fprintf(w, "<h4>No ping files found, check back later for reseed stats</h4>")
+	}
+}

reseed/utils.go

@@ -34,8 +34,16 @@ func SignerFilename(signer string) string {
 }
 
 func NewTLSCertificate(host string, priv *ecdsa.PrivateKey) ([]byte, error) {
+	return NewTLSCertificateAltNames(priv, host)
+}
+
+func NewTLSCertificateAltNames(priv *ecdsa.PrivateKey, hosts ...string) ([]byte, error) {
 	notBefore := time.Now()
 	notAfter := notBefore.Add(5 * 365 * 24 * time.Hour)
+	host := ""
+	if len(hosts) > 0 {
+		host = hosts[0]
+	}
 
 	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
 	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
@@ -61,9 +69,10 @@ func NewTLSCertificate(host string, priv *ecdsa.PrivateKey) ([]byte, error) {
 		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
 		BasicConstraintsValid: true,
 		IsCA:                  true,
+		DNSNames:              hosts[1:],
 	}
 
-	hosts := strings.Split(host, ",")
+	hosts = strings.Split(host, ",")
 	for _, h := range hosts {
 		if ip := net.ParseIP(h); ip != nil {
 			template.IPAddresses = append(template.IPAddresses, ip)