Hi All!
I migrated some of my servers from Linux to OpenBSD and I appreciate
this OS a lot. But I stumbled over two things when re-installing my web
sites and services, for which I used initially relayd and httpd. After
trying with different configurations and not finding anything related on
Google or in the man pages, I decided to send in these two questions:
1. The first question is related to httpd and handling of error pages
(http errors). I created a directory "errdocs" underneath /var/www and
put in several documents, among them 403.html, 404.html, err.html.
I updated /etc/httpd.conf accordingly (first in the global section, then
in the server sections, no difference). A "404" on the top level sends
me the 404.html file as expected. Example: "<mydomain>/gaga.html". Same
for "<mydomain>gaga", so it seems independent of mime type or file
extentsion. But as soon as the path contains a "/", the file "err.html"
is used instead, so I get the rendered "err.html" when I request
"<mydomain>/gaga/" instead of "<mydomain>/gaga". This seems a bit
unexpected to me but could be intended behaviour. I can live with that,
but wanted to understand if I made something wrong.
2. I tried TLS termination on relayd and then forward to the backend
servers. Worked fine until the last refresh of my keys in August: Let's
encrypt issues certificates with P-384 algorithm, seems to be the new
default (I have not asked for specifically for an RSA key), and relayd
doesn't like this, it expects RSA keys for the certificates for TLS
termination. Not a big deal, I could ask for a RSA key and right now I
use HA proxy, but I'd prefer not to put too many different packages on
my system. Any plan when relayd will be able to use the new cipher
algorithms?
These are only questions, no bugs.
Any response welcome. Kind regards
Stephan