Ciao Dave,
I'm also playing with relayd as a L7 gateway and as far as I can see from your
config there is no CA and key configured. In order for HTTPS to work relayd
needs to be able to do TLS inspection and of course you should redirect all
your https traffic to port 8443 (using PF for example). If you check the
pf.conf man page under both the sections RELAYS and Examples you should be
able to find a lot of good hints.
Regards,
Salvatore.
> On 12 Mar 2017, at 06:48, Dave Cohen <open...@dave-cohen.com> wrote:
>
> I'm struggling to figure out why network traffic is not making it to a
service I'm running.
>
> What I'm trying to do is serve http and https from a non-standard server.
(Called `caddy`, if you're curious). I want to run this thing as non-root
user. I'm not aware of any way to have the non-root user open ports 80 or
443. Which is great, so long as I can get traffic to those port to be
redirected to my server, which I have listening on 8080 and 8443
respectively.
>
> I prefer the TLS traffic to 443 terminate at my server on 8443. And I've
been trying to do this with relayd redirects.
>
> Here's what I've tried, in /etc/relayd.conf:
>
> table <httpshosts> {127.0.0.1}
>
> redirect "https" {
> listen on 0.0.0.0 port 443
> forward to <httpshosts> port 8443 check icmp
> }
>
> redirect "http" {
> listen on 0.0.0.0 port 80
> forward to <httpshosts> port 8080 check icmp
> }
>
>
>
> With that configuration, traffic on port 80 works as expected, my server
responds. But https traffic on port 443, as far as I can tell, never makes it
to my server listening on port 8443. I'm not sure why the two redirects which
are so similar do not behave the same way.
>
> Possibly, the https redirect needs to use `route to` rather than `forward
to`. When I tried that, relayd errors with "missing interface to route to".
I couldn't figure out reading `man relayd.conf` how to get past that error.
If anyone has a working example, please share.
>
> My questions for this group are (a) is there a smarter way than what I'm
trying? And if not (b) what am I doing wrong? Thanks in advance for any
info!
>
> -Dave
