I'm struggling to figure out why network traffic is not making it to a service
I'm running.
What I'm trying to do is serve http and https from a non-standard server.
(Called `caddy`, if you're curious). I want to run this thing as non-root
user. I'm not aware of any way to have the non-root user open ports 80 or 443.
Which is great, so long as I can get traffic to those port to be redirected to
my server, which I have listening on 8080 and 8443 respectively.
I prefer the TLS traffic to 443 terminate at my server on 8443. And I've been
trying to do this with relayd redirects.
Here's what I've tried, in /etc/relayd.conf:
table <httpshosts> {127.0.0.1}
redirect "https" {
listen on 0.0.0.0 port 443
forward to <httpshosts> port 8443 check icmp
}
redirect "http" {
listen on 0.0.0.0 port 80
forward to <httpshosts> port 8080 check icmp
}
With that configuration, traffic on port 80 works as expected, my server
responds. But https traffic on port 443, as far as I can tell, never makes it
to my server listening on port 8443. I'm not sure why the two redirects which
are so similar do not behave the same way.
Possibly, the https redirect needs to use `route to` rather than `forward to`.
When I tried that, relayd errors with "missing interface to route to". I
couldn't figure out reading `man relayd.conf` how to get past that error. If
anyone has a working example, please share.
My questions for this group are (a) is there a smarter way than what I'm
trying? And if not (b) what am I doing wrong? Thanks in advance for any info!
-Dave
