Thanks for the reply, Claudio. Damnit Batman! I knew I forgot to give
you some relevant data. Sorry 'bout that. Here is my relayd.conf file.
It's nothing spectacular. Relayd is proxying my Ghost Blog.
http protocol https {
match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
match request header append "X-Forwarded-By" \
value "$SERVER_ADDR:$SERVER_PORT"
match request header append "X-Forwarded-Proto" value "https"
match request header set "Keep-Alive" value "$TIMEOUT"
tcp { nodelay, sack, socket buffer 65536, backlog 128 }
tls { no tlsv1.0, ciphers HIGH }
tls no session tickets
}
relay ghost {
listen on vio0 port 443 tls
protocol https
forward to 127.0.0.1 port 2368
}
On 4/7/2018 3:32 AM, Claudio Jeker wrote:
On Fri, Apr 06, 2018 at 09:28:01AM -0400, Matt Schwartz wrote:
Hi misc@
I am running relayd as a reverse TLS proxy on OpenBSD 6.3 release with the
GENERIC kernel. I have noticed two issues that happen: (1) netstat reports
that the Recv-q for the ip protocol steadily climbs and never goes back to 0
unless I restart relayd and (2) I am getting a lot of spurious TLS handshake
errors that I can't pin down. I am running relayd with relayd -vv logging.
Below is output from my relayd.log and dmesg.
Not sure what the problem is with the IP Recv-q without looking at the
config. For the TLS errors, relayd in 6.3 logs a bit more that's all.