Re: relayd forward with tls

Fri, 12 Jan 2024 00:19:05 -0800 

> Em qui., 11 de jan. de 2024 às 13:35, Michael Hekeler
> <mich...@hekeler.com> escreveu:
> >
> > > Jan  9 07:10:24 stable relayd[29792]: relay wwwtls, session 1 (1 active), 
> > > fqdn1, 127.0.0.1 -> 127.0.0.1:8080, done, GET -> 127.0.0.1:8080;
> > > Jan  9 07:10:25 stable relayd[28442]: relay wwwtls, session 1 (1 active), 
> > > fqdn2, 127.0.0.1 -> 127.0.0.1:8081, done, GET -> 127.0.0.1:8081;
> > > Jan  9 07:10:31 stable relayd[29792]: relay wwwtls2, session 2 (1 
> > > active), 0, 127.0.0.1 -> 127.0.0.1:8080, done, GET
> > > Jan  9 07:10:35 stable relayd[28442]: relay wwwtls2, session 2 (1 
> > > active), 0, 127.0.0.1 -> 127.0.0.1:8080, done, GET
> >
> > Please examine your log:
> > The first and the second request are processed by "relay wwwtls"
> > The first is tagged "fqdn1" and the second request is tagged "fqdn2"
> > The first is relayed to 127.0.0.1:8080
> > The second is relayed to 127.0.0.1:8081
> > All is fine here :-)
> >
> > Now look to the third and fourth requests.
> > They are both processed by wwwtls2.
> > But they are not tagged (see tag 0) and thats the problem!
> > Because the request stays untagged in the protocol the relay wwwtls2
> > chooses simply the first found forward rule: 127.0.0.1:8080
> >
> > So examine your requests:
> > This is fine: 'curl https://fqdn1'
> > But this not: 'curl https://fqdn1:4430'
> >
> > See the difference?
> >
> > The second sets in HTTP-Header "[HTTP_HOST] => fqdn1:4430"
> > Thats why you should match "fqdn1:4430" in relayd.conf:
> >
> > match request header "Host" value "fqdn1:4430" tag "fqdn1"
> > - or -
> > match request header "Host" value "fqdn1*" tag "fqdn1"
> >
> 
> That was exactly the problem.
> I didn't know how to read the logs nor the definition of HTTP_HOST.

Most browsers can show the HTTP-Header.
E.g. in firefox -> developer tools -> network -> just click on any
object and it will show headers (and much more)

Or you can place a simple script in httpd that dumps the header.
In PHP for example you can do: print_r($_SERVER);


What I do is placing a simple C program in /cgi-bin:

#include <stdio.h>

int
main(int argc, char *argv[])
{
        extern char **environ;
        printf("Content-Type: text/plain\n\n");
        for (int i = 0; environ[i] != NULL; i++) {
                printf("%s\n", environ[i]);
        }
}

Reply via email to