Hi,
so I added the with tls keywords to the relay and my webserver gets
request now but from my relayhost and this is making the way back quiet
hard :(
so I added the X Headers for Forwarded-For and Forwarded-By but it still
leaves the question how to tell the relayhost to just let it all out
like in a normal rdr-to rule in pf? Like I said pf rule just works fine
so the traffic can go thorugh all the interfaces just fine.
regards
MArkus
Am 21.09.2017 um 08:27 schrieb rosjat:
Hi there,
ok I tried the with tls option and I can al least see relayd tries to
send the request to the webserver. I still cant get a proper response
from the webserver. When I do da simple rdr-to rule in pf it just works.
Do I need to do some magic that I miss still?
Regards
MArkus
Am 21.09.2017 um 07:19 schrieb rosjat:
Hi Ronan,
thanks for the hint I'll give it a try!
regards
Markus
Am 20.09.2017 um 21:30 schrieb Ronan Viel:
Hi,
This kind of config works perfectly on my box. I am not sure SNI has
something to do here as relayd terminates the https connection, gets
all the headers and reopens a new one.
I just think you forgot the "with tls" in your forward directive below:
relay "proxyssl" {
listen on $gateway port https
protocol "httpproxy"
forward with tls to <new-webserver> port https
}
Do not forget to set a "ca file" in your protocol section if you want
relayd to check the certificate of your target's server (see
relayd.conf man).
Ronan
--
Markus Rosjat fon: +49 351 8107223 mail: ros...@ghweb.de
G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden
http://www.ghweb.de
fon: +49 351 8107220 fax: +49 351 8107227
Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before
you print it, think about your responsibility and commitment to the
ENVIRONMENT
