Dear members,
I wonder if it's possible to achieve my goal:
- I've got two servers, a virtual one with OpenBSD as frontend, and a real one
as backend on a different network,
- I've got two domains, uprojekt.hu and biztonsagimentes.hu,
- I'd like serve the first domain's website from the OpenBSD server,
- I'd like to serve the second domain's website from the real server, but the
OpenBSD server should act as a proxy before the backend
My relayd configuration looks like this:
table <httpd> { 127.0.0.1 }
table <backend> { 45.67.158.169 }
http protocol "https" {
match request header set "X-Forwarded-For" value "$REMOTE_ADDR"
return error
pass request quick header "Host" value "uprojekt.hu" forward to <httpd>
tls keypair "uprojekt.hu"
tls keypair "biztonsagimentes.hu"
pass request quick header "Host" value "biztonsagimentes.hu" forward to
<backend>
}
relay "https" {
listen on egress port 443 tls
protocol https
forward with tls to <backend> port 443
forward to <httpd> port 8081
}
With this configuration only one domain works (biztonsagimentes.hu), the other
one does not. The log of the web server running on OpenBSD tells me that relayd
forwards the encrypted traffic to 127.0.0.1:8081 even though the rule "forward
to <httpd> port 8081" does not contain "with tls"
Gábor Hidvégi
