I don't think you can know the host header unless you decrypt the https using a certificate. It seems that idea would require SNI but I don't know if they have SNI in relayd/httpd. (I could be wrong about that.)
In mine I have listen on $ext_addr port 443 tls. Then exists /etc/ssl/ipaddr:443.crt file. Look at phrase "/etc/ssl/address:port.crt" in relayd.conf(5). The book below shows this scenario and how to use acme-client to get a free certificate from Let's Encrypt. https://www.michaelwlucas.com/tools/relayd V/r, Bryan On Wed, Sep 20, 2017 at 4:37 AM, rosjat <ros...@ghweb.de> wrote: > there is of course a tls to much in the config > > its just > > relay "proxyssl" { > listen on $gateway port https > protocol "httpproxy" > > forward to <new-webserver> port https > } > > > Am 20.09.2017 um 10:19 schrieb rosjat: > >> Hi there, >> >> just a simple question about the relaying of https connections. Is it >> possible to simple pass the https traffic to the webserver with relayd? My >> naive approach was simply checking the host name in the header and then >> forward it to http or https port. This works for http but with https it >> doesnt. >> >> >> here are my relayd.conf parts >> >> >> http protocol "httpproxy" { >> >> match request quick header "Host" value >> "random-domain1.tld" forward to <new-webserver> >> match request quick header "Host" value >> "random-domain2.tld" forward to <old-webserver> >> >> } >> >> relay "proxy" { >> listen on $gateway port http >> protocol "httpproxy" >> >> forward to <new-webserver> port http >> forward to <old-webserver> port http >> >> } >> >> relay "proxyssl" { >> listen on $gateway port https >> protocol "httpproxy" >> >> forward to <new-webserver> port https tls >> } >> >> with this I dont get a relay for https it seems, if I add tls to the >> listen part I got told relayd cant find the certificates. And that is >> totally understanable because there are no certs on this machine for these >> domains because the are on the webserver machine. >> >> >> So it all boils down to the question, do I have to set up my certificates >> on the relay host to be able to use a https relay ? >> >> >> regards >> >> >> > -- > Markus Rosjat fon: +49 351 8107223 mail: ros...@ghweb.de > > G+H Webservice GbR Gorzolla, Herrmann > Königsbrücker Str. 70, 01099 Dresden > > http://www.ghweb.de > fon: +49 351 8107220 fax: +49 351 8107227 > > Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before > you print it, think about your responsibility and commitment to the > ENVIRONMENT > >
