I want to go with let's encrypt certifcates so if I provide the pem
created by the acme-client it should be ok even it seems not for now.
I dont know if relayd development is going to add SNI sometime soon but
for now I could live with a certificate that basically has all my served
domains as
On Thu, September 21, 2017 8:25 am, rosjat wrote:
> I try to figure out the ca file option mentioned by ronan maybe this is
> some kind of option here.
>
Using 'ca file' means you have to decrypt the SSL connection from the
clients with relayd then re-encrypt from relayd to the web servers.
I try to figure out the ca file option mentioned by ronan maybe this is
some kind of option here.
Am 21.09.2017 um 14:11 schrieb trondd:
On Thu, September 21, 2017 3:49 am, rosjat wrote:
Hi,
so I added the with tls keywords to the relay and my webserver gets
request now but from my relayhost
On Thu, September 21, 2017 3:49 am, rosjat wrote:
> Hi,
>
> so I added the with tls keywords to the relay and my webserver gets
> request now but from my relayhost and this is making the way back quiet
> hard :(
>
> so I added the X Headers for Forwarded-For and Forwarded-By but it still
> leaves
Hi,
so I added the with tls keywords to the relay and my webserver gets
request now but from my relayhost and this is making the way back quiet
hard :(
so I added the X Headers for Forwarded-For and Forwarded-By but it still
leaves the question how to tell the relayhost to just let it all
Hi there,
ok I tried the with tls option and I can al least see relayd tries to
send the request to the webserver. I still cant get a proper response
from the webserver. When I do da simple rdr-to rule in pf it just works.
Do I need to do some magic that I miss still?
Regards
MArkus
Am
Hi Ronan,
thanks for the hint I'll give it a try!
regards
Markus
Am 20.09.2017 um 21:30 schrieb Ronan Viel:
Hi,
This kind of config works perfectly on my box. I am not sure SNI has something
to do here as relayd terminates the https connection, gets all the headers and
reopens a new one.
I
Hi,
This kind of config works perfectly on my box. I am not sure SNI has something
to do here as relayd terminates the https connection, gets all the headers and
reopens a new one.
I just think you forgot the "with tls" in your forward directive below:
relay "proxyssl" {
listen on
On Wed, September 20, 2017 8:10 am, Bryan Harris wrote:
> I don't think you can know the host header unless you decrypt the https
> using a certificate. It seems that idea would require SNI but I don't
> know
> if they have SNI in relayd/httpd. (I could be wrong about that.)
>
httpd has SNI,
Hi Brian,
I know that scenario but I want to serve a individual certificate for
every virtual host (httpd can do that) so I was looking for a simple
relay by looking at the header but I might cant get it to work this way :(
Am 20.09.2017 um 14:10 schrieb Bryan Harris:
I don't think you
I don't think you can know the host header unless you decrypt the https
using a certificate. It seems that idea would require SNI but I don't know
if they have SNI in relayd/httpd. (I could be wrong about that.)
In mine I have listen on $ext_addr port 443 tls. Then exists
there is of course a tls to much in the config
its just
relay "proxyssl" {
listen on $gateway port https
protocol "httpproxy"
forward to port https
}
Am 20.09.2017 um 10:19 schrieb rosjat:
Hi there,
just a simple question about the relaying of https connections.
Hi there,
just a simple question about the relaying of https connections. Is it
possible to simple pass the https traffic to the webserver with relayd?
My naive approach was simply checking the host name in the header and
then forward it to http or https port. This works for http but with
13 matches
Mail list logo