> On 31 May 2019, at 12:15, Kamil Andrusz wrote:
>
> Hello Misc!
>
> I’m trying to get relayd working in the following scenario:
> - relayd listens on external IP port 443 with tls
> - based on the path relay to one of two hosts:
> o webhost listening on 443 with tls
> o bwhost listening on 4567 just http
>
> Everything works fine for the webhost. For bwhost I get:
> $ curl https://testhost.net/bwhost/index.php
> curl: (52) Empty reply from server
>
> Is it possible to get this working? Am I missing something obvious?
>
> My relayd config is simple:
> ext_if="10.0.0.1"
> table { 192.168.3.1 }
> table { 192.168.3.2 }
>
> http protocol https {
>match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
>match request header append "X-Forwarded-By” \
> value "$SERVER_ADDR:$SERVER_PORT"
>match request header set "Connection" value "close"
>
>pass request path "/*" forward to
>pass request path "/bwhost/*" forward to
> }
>
> relay https {
>listen on $ext_if port 443 tls
>protocol "https"
>forward to port 4567
>forward with tls to port 443
> }
>
> Thanks for help!
>
Silly to reply to my own mail, BUT. I "fixed” it. After a bit of debugging it
turned out, that even though for there’s just „forward to”, relayd is
using TLS to connect to it. So I worked around this by using the following
solution. It works, even though it shouldn’t be necessary, I think. So, I added
additional protocol section, where I pass all the traffic and a relay section
just for that one host.
relay https {
listen on $ext_if port 443 tls
protocol "https"
forward to port 8443
forward with tls to port 443
}
http protocol bwhostfilter {
pass forward to
}
relay bwhostfilter {
listen on 127.0.0.1 port 8443 tls
protocol bwhostfilter
forward to port 4567
}
Any hints on how broken this idea is are welcome :) I’m begining to wonder,
might this be a bug in relayd?
Kamil
