In relayd.conf you use something like this for each domain you are reverse
proxying:
# load certs
tls keypair www.example.com
tls keypair www.another_example.net
tls keypair www.third_example.com
Put your certs in
/etc/ssl/
and keys in
/etc/ssl/private/
they have to be named so they match the domains in relayd.conf so for above:
/etc/ssl/www.example.com.crt
/etc/ssl/private/www.example.com.key
and permissions on the /etc/ssl/private dir need to be restrictive.
On Sun, 20 Sep 2020 at 08:15, Benjamin Raskin <benjaminiras...@gmail.com>
wrote:
> Hello, Misc;
>
> I'm attempting to configure relayd to work as a reverse proxy, such that
> all
> web traffic goes through relayd prior to reaching some web server. I'm
> confused as to how I am to configure the ssl cert and key options in the
> relayd configuration. The manual configures the protocol as follows:
>
> http protocol httpfilter {
> tls ca key "/etc/ssl/private/ca.key" password "password123"
> tls ca cert "/etc/ssl/ca.crt"
> }
>
> Where do I get the password for the key? I'm using certbot to generate the
> certs, and at no time was I prompted to enter, or given a password. Am I
> missing something in terms of configuration or cert generation, or have I
> gotten everything all wrong? Thank you in advance.
>
>
> Ben Raskin
>
>
