Michael, Appreciate you chiming in. I'm a fan of Absolute OpenBSD!
I'm having trouble reproducing the settings that I originally wrote about. I've tried to restore /etc/relayd.conf and /etc/pf.conf to what they were when I wrote the email. But right now, neither port 80 nor 443 are redirecting to the other ports. Earlier, port 80 was working while 443 was not. I'm at a loss as to why the behavior is not the same as before. Despite that trouble, I tried the commands you suggested. `relayd -dvvv` shows $ doas relayd -dvvv startup socket_rlimit: max open files 1024 init_filter: filter init done init_tables: created 2 tables socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 hce_notify_done: 127.0.0.1 (icmp ok) host 127.0.0.1, check icmp (32ms,icmp ok), state unknown -> up, availability 100.00% pfe_dispatch_hce: state 1 for host 1 127.0.0.1 hce_notify_done: 127.0.0.1 (icmp ok) host 127.0.0.1, check icmp (33ms,icmp ok), state unknown -> up, availability 100.00% pfe_dispatch_hce: state 1 for host 2 127.0.0.1 table https: 1 added, 0 deleted, 0 changed, 0 killed pfe_sync: enabling ruleset sync_ruleset: rule added to anchor "relayd/https" hce_notify_done: 127.0.0.1 (icmp ok) hce_notify_done: 127.0.0.1 (icmp ok) table http: 1 added, 0 deleted, 0 changed, 0 killed pfe_sync: enabling ruleset sync_ruleset: rule added to anchor "relayd/http" hce_notify_done: 127.0.0.1 (icmp ok) hce_notify_done: 127.0.0.1 (icmp ok) hce_notify_done: 127.0.0.1 (icmp ok) ...etc... and `relayctl sho sum` $ relayctl sho sum Id Type Name Avlblty Status 1 redirect https active 1 table httpshosts:8443 active (1 hosts) 1 host 127.0.0.1 100.00% up 2 redirect http active 2 table httpshosts:8080 active (1 hosts) -Dave On Sun, Mar 12, 2017, at 03:16 PM, Michael W. Lucas wrote: > On Sun, Mar 12, 2017 at 09:26:53AM +0100, Salvatore Cuzzilla wrote: > > Ciao Dave, > > > > I'm also playing with relayd as a L7 gateway and as far as I can see from > > your > > config there is no CA and key configured. In order for HTTPS to work relayd > > needs to be able to do TLS inspection and of course you should redirect all > > your https traffic to port 8443 (using PF for example). If you check the > > pf.conf man page under both the sections RELAYS and Examples you should be > > able to find a lot of good hints. > > He's using a redirect, not a relay, so it should work just fine. No L7 > stuff here, only low-level IP. > > Dave, looks OK to me. What does relayd -dvvv say? And relayctl sho sum ? > > -- > Michael W. Lucas Twitter @mwlauthor > nonfiction: https://www.michaelwlucas.com/ > fiction: https://www.michaelwarrenlucas.com/ > blog: http://blather.michaelwlucas.com/
