Hello Misc, Full config at end of email.
I've discussed the below in #openbsd on freenode, and was told to come here. At present, I have a setup where I need multiple unrelated servers under a single IP address. I used relayd to do https interception, read the Host header, and make decisions. The very relevant part of my config is this: forward to <httpback> port 80 forward with tls to <httpsback> port 443 The order here does not matter (unlike most relayd configs, I know, but I've tested in my configuration and it works). When I have "with tls" on that second line, I see error lines like: relay web, session 3 (1 active), 0, [redacted] -> 10.0.0.102:80, TLS handshake error: handshake failed: error:14FFF3E7:SSL routines:(UNKNOWN)SSL_internal:unknown failure occurred, GET: Undefined error: 0 and, unhelpfully, relayd responds with no response. There is no return. Or, as curl puts it: curl: (52) Empty reply from server When I remove "with tls" then I successfully reach the http backend, but since the https backend requires ssl, that connection no longer works. So it seems that 'with tls" affects all "forward" clauses, not just the one to which it's attached. I believe this to be a bug. cat >/etc/relayd.conf <<EOF table <httpsback> { "10.0.0.101" } table <httpback> { "10.0.0.102" } # obviously obfuscated some values interval 5 timeout 1000 log connection http protocol web { return error match header set "X-Client-IP" value "$REMOTE_ADDR:$REMOTE_PORT" match header set "X-Forwarded-For" value "$REMOTE_ADDR" match header set "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT" http websockets pass request quick header "Host" value "myhost.example.com" path "/Client/*" forward to <httpsback> pass request quick header "Host" value "otherhost.example.com" forward to <httpback> block } relay web { listen on 10.0.0.100 port 443 tls protocol web forward to <httpback> port 80 check http "/webservice.asmx" code 405 forward with tls to <httpsback> port 443 check https "/Client/SupportedBrowsers.html" host "myhost.example.com" code 200 } EOF