On 10/7/2023 9:00 PM, Courtney wrote:
Hello everyone,
I'm seeking an ideal way to make secure https connections to a handful of
web servers in my house.
I'm currently doing this with haproxy by having it inspect the SNI on
the incoming traffic and route based on that. At the time I set it up
relayd didn't support SNI inspection, not sure if it's been added since.
The main downsides to doing this:
- haproxy has to be in the traffic path
- haproxy has to run as root (ick)
The traffic isn't decrypted by haproxy at all. I'm not sure how this
will be affected by encrypted SNI/encrypted client hello.
Relayd can also decrypt the traffic, then re-encrypt it from relayd to
the web server. See "TLS RELAYS" in the man page.
