Someone else with that issue?
2015-05-30 17:28 GMT-03:00 Antonio Feitosa <antonio....@gmail.com>:
> Does not work for me.
>
> #/etc/relayd.conf
>
> relayd_addr="127.0.0.1"
> relayd_port="8080"
>
> prefork 10
>
> http protocol httpfilter {
> # Return HTTP/HTML error pages to the client
> return error
>
> # Block disallowed sites
> match request label "URL filtered!"
> block request quick url "www.example.com/" value "*"
> }
>
> http protocol "http_tls" {
> tls tlsv1
> tls ca key "/etc/ssl/private/ca.key" password "secret"
> tls ca cert "/etc/ssl/ca.crt"
> }
>
> relay httpproxy {
> # Listen on localhost, accept diverted connections from pf(4)
> listen on $relayd_addr port $relayd_port
> protocol httpfilter
>
> # Forward to the original target host
> forward to destination
> }
>
> relay sslproxy {
> listen on 127.0.0.1 port 8443 tls
> protocol http_tls
>
> transparent forward with tls to destination
> }
> #EOF
>
> #Error messages
>
> # relayd -d -vv -f /etc/relayd.conf
> startup
> socket_rlimit: max open files 1024
> relay_load_certfiles: using ca certificate /etc/ssl/ca.crt
> socket_rlimit: max open files 1024
> socket_rlimit: max open files 1024
> socket_rlimit: max open files 1024
> socket_rlimit: max open files 1024
> socket_rlimit: max open files 1024
> socket_rlimit: max open files 1024
> socket_rlimit: max open files 1024
> socket_rlimit: max open files 1024
> socket_rlimit: max open files 1024
> socket_rlimit: max open files 1024
> relay_load_certfiles: using ca key /etc/ssl/private/ca.key
> /etc/relayd.conf:40: cannot load certificates for relay sslproxy
> ca exiting, pid 1218
> ca exiting, pid 23391
> ca exiting, pid 2336
> ca exiting, pid 19464
> ca exiting, pid 11404
> ca exiting, pid 17412
> hce exiting, pid 27069
> ca exiting, pid 21514
> ca exiting, pid 1904
> ca exiting, pid 17808
> ca exiting, pid 28847
> pfe exiting, pid 818
> relay exiting, pid 19581
> relay exiting, pid 424
> relay exiting, pid 29429
> relay exiting, pid 13760
> relay exiting, pid 4374
> relay exiting, pid 3337
> relay exiting, pid 11683
> relay exiting, pid 5846
> relay exiting, pid 22453
> relay exiting, pid 2398
> #EOF
> 2015-05-03 18:51 GMT-03:00 Comète <com...@daknet.org>:
>> That works ! Thanks a lot !
>>
>> 3 mai 2015 20:50 "mxb" a écrit:
>>
>>
>> Try to
>> create symlink in /etc/ssl/private.
>> ln -s mydomain.org
>> (http://mydomain.org).key 1.2.3.4.key, where “1.2.3.4” is your address in
>> $ext_addr.
>>
>> //mxb
>>
>>
>>
>> On 3 maj 2015, at 13:04, Comète wrote:
>> Hi,
>>
>> my
>> tls key has no password and i already use it for other stuff, so i try to
>> enable TLS with relayd like this:
>>
>> http protocol "http_tls" {
>> tls tlsv1
>> tls ca key "/etc/ssl/private/mydomain.org.key" password ""
>> tls ca
>> cert "/etc/ssl/mydomain.org.crt"
>> }
>>
>> relay transptls {
>> listen on
>> $ext_addr port 443 tls
>> protocol "http_tls"
>> transparent forward
>> with tls to "127.0.0.1" port http
>> }
>>
>> but i get this error:
>>
>> startup
>> socket_rlimit: max open files 1024
>> socket_rlimit: max open files 1024
>> relay_load_certfiles: using ca certificate /etc/ssl/mydomain.org.crt
>> socket_rlimit: max open files 1024
>> socket_rlimit: max open files 1024
>> relay_load_certfiles: using ca key /etc/ssl/private/mydomain.org.key
>> /etc/relayd.conf:24: cannot load certificates for relay transptls
>> no actions,
>> nothing to do
>> ca exiting, pid 29173
>> pfe exiting, pid 19946
>> ca exiting, pid
>> 3806
>> ca exiting, pid 24689
>> hce exiting, pid 32289
>> relay exiting, pid 22936
>> relay exiting, pid 25790
>>
>> So, is it possible to use a tls key without password
>> with relayd ?
>>
>> Thank you
>>
>> Morgan
>>
>>
>>
>>
>
>
>
> --
> Antonio Feitosa (http://twitter.com/teebsd)
> #Security Consultant, #OpenBSD addicted, #ARM hobbyst and #Blues
> #Musician. #P2P is the real #cloudcomputing.
> Rio de Janeiro, Brazil ·
> Github: https://github.com/TeeBSD
> Blog: http://teebsd.github.io/
--
Antonio Feitosa (http://twitter.com/teebsd)
#Security Consultant, #OpenBSD addicted, #ARM hobbyst and #Blues
#Musician. #P2P is the real #cloudcomputing.
Rio de Janeiro, Brazil ·
Github: https://github.com/TeeBSD
Blog: http://teebsd.github.io/
