Does not work for me.
#/etc/relayd.conf
relayd_addr="127.0.0.1"
relayd_port="8080"
prefork 10
http protocol httpfilter {
# Return HTTP/HTML error pages to the client
return error
# Block disallowed sites
match request label "URL filtered!"
block request quick url "www.example.com/" value "*"
}
http protocol "http_tls" {
tls tlsv1
tls ca key "/etc/ssl/private/ca.key" password "secret"
tls ca cert "/etc/ssl/ca.crt"
}
relay httpproxy {
# Listen on localhost, accept diverted connections from pf(4)
listen on $relayd_addr port $relayd_port
protocol httpfilter
# Forward to the original target host
forward to destination
}
relay sslproxy {
listen on 127.0.0.1 port 8443 tls
protocol http_tls
transparent forward with tls to destination
}
#EOF
#Error messages
# relayd -d -vv -f /etc/relayd.conf
startup
socket_rlimit: max open files 1024
relay_load_certfiles: using ca certificate /etc/ssl/ca.crt
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
relay_load_certfiles: using ca key /etc/ssl/private/ca.key
/etc/relayd.conf:40: cannot load certificates for relay sslproxy
ca exiting, pid 1218
ca exiting, pid 23391
ca exiting, pid 2336
ca exiting, pid 19464
ca exiting, pid 11404
ca exiting, pid 17412
hce exiting, pid 27069
ca exiting, pid 21514
ca exiting, pid 1904
ca exiting, pid 17808
ca exiting, pid 28847
pfe exiting, pid 818
relay exiting, pid 19581
relay exiting, pid 424
relay exiting, pid 29429
relay exiting, pid 13760
relay exiting, pid 4374
relay exiting, pid 3337
relay exiting, pid 11683
relay exiting, pid 5846
relay exiting, pid 22453
relay exiting, pid 2398
#EOF
2015-05-03 18:51 GMT-03:00 Comète <com...@daknet.org>:
> That works ! Thanks a lot !
>
> 3 mai 2015 20:50 "mxb" a écrit:
>
>
> Try to
> create symlink in /etc/ssl/private.
> ln -s mydomain.org
> (http://mydomain.org).key 1.2.3.4.key, where “1.2.3.4” is your address in
> $ext_addr.
>
> //mxb
>
>
>
> On 3 maj 2015, at 13:04, Comète wrote:
> Hi,
>
> my
> tls key has no password and i already use it for other stuff, so i try to
> enable TLS with relayd like this:
>
> http protocol "http_tls" {
> tls tlsv1
> tls ca key "/etc/ssl/private/mydomain.org.key" password ""
> tls ca
> cert "/etc/ssl/mydomain.org.crt"
> }
>
> relay transptls {
> listen on
> $ext_addr port 443 tls
> protocol "http_tls"
> transparent forward
> with tls to "127.0.0.1" port http
> }
>
> but i get this error:
>
> startup
> socket_rlimit: max open files 1024
> socket_rlimit: max open files 1024
> relay_load_certfiles: using ca certificate /etc/ssl/mydomain.org.crt
> socket_rlimit: max open files 1024
> socket_rlimit: max open files 1024
> relay_load_certfiles: using ca key /etc/ssl/private/mydomain.org.key
> /etc/relayd.conf:24: cannot load certificates for relay transptls
> no actions,
> nothing to do
> ca exiting, pid 29173
> pfe exiting, pid 19946
> ca exiting, pid
> 3806
> ca exiting, pid 24689
> hce exiting, pid 32289
> relay exiting, pid 22936
> relay exiting, pid 25790
>
> So, is it possible to use a tls key without password
> with relayd ?
>
> Thank you
>
> Morgan
>
>
>
>
--
Antonio Feitosa (http://twitter.com/teebsd)
#Security Consultant, #OpenBSD addicted, #ARM hobbyst and #Blues
#Musician. #P2P is the real #cloudcomputing.
Rio de Janeiro, Brazil ·
Github: https://github.com/TeeBSD
Blog: http://teebsd.github.io/
