Re: Ajaxterm with httpd?

Sat, 06 Jun 2015 06:16:24 -0700 

On Fri 05/06/2015 19:30, Alessandro DE LAURENZIS wrote:
> Hi Raf,
> 
> On Fri 05/06/2015 03:33, Raf Czlonka wrote:
> > Httpd is not required in order to run 'ajaxterm' - it runs on its own
> > webserver.
> > 
> > On -current:
> > 
> > sudo pkg_add ajaxterm
> > sudo rcctl start ajaxterm
> > x-www-browser http://localhost:8022/
> > 
> > It's not tremendously useful on localhost, mind you :^), so you'll need
> > to use relayd(8) in order to both forward the HTTP traffic to port 8022
> > on localhost as well as encapsulate it in TLS - a simple 'rdr-to' pf(4)
> > rule will suffice for testing, and *only* testing, purposes (i.e. do
> > *not* send your username or password over plain HTTP on an untrusted
> > network.
> 
> In fact, I'm already using plain HTTP by means of a rdr-to rule in pf:
> 
> pass in on $ext_if proto tcp from any to any port 8022 rdr-to 127.0.0.1 port 
> 8022
> 
> and, of course, it is only for testing purpose. Now, in order to make
> the server accessible from the Internet, I need to encapsulate the
> traffic in TLS - as you correctly said - and I was thinking to something
> similar to the Apache's "proxy" plugin.
> 
> As far as I understand from your reply, this can be obtained using
> relayd (and not httpd); ok, I'll dig into the documentation.
> 
I ended up with the following relayd.conf:

#
# Macros
#
ext_addr="192.168.1.10"
ajaxterm_ext_port="44322"
int_addr="127.0.0.1"
ajaxterm_int_port="8022"

#
# Global Options
#
interval        10
timeout         200
prefork         5

#
# Relay for ajaxterm TLS connection
#
relay ajaxterm_proxy {
        listen on $ext_addr port $ajaxterm_ext_port tls
        forward to $int_addr port $ajaxterm_int_port
}

Of course, private key and public certificate have been created with the
expected names:

openssl genrsa -out /etc/ssl/private/192.168.1.10:44322.key
openssl req -new -x509 -key /etc/ssl/private/192.168.1.10:44322.key -out 
/etc/ssl/192.168.1.10:44322.crt -days 3650

All seems to be pretty functional, but I hope someone would comment on
this, confirming that my understanding is correct (this is my first
attempt with networking in general and relayd stuff in particular...)

Cheers

-- 
Alessandro DE LAURENZIS
[mailto:just22....@gmail.com]
LinkedIn: http://it.linkedin.com/in/delaurenzis

Reply via email to