Hello,
ga...@hidvegi.net (Hidvégi Gábor), 2025.06.20 (Fri) 19:30 (CEST):
> Dear members,
>
> I wonder if it's possible to achieve my goal:
> - I've got two servers, a virtual one with OpenBSD as frontend, and a real
> one as backend on a different network,
> - I've got two domains, uprojekt.hu and biztonsagimentes.hu,
> - I'd like serve the first domain's website from the OpenBSD server,
> - I'd like to serve the second domain's website from the real server, but the
> OpenBSD server should act as a proxy before the backend
>
> My relayd configuration looks like this:
> table <httpd> { 127.0.0.1 }
> table <backend> { 45.67.158.169 }
>
> http protocol "https" {
> match request header set "X-Forwarded-For" value "$REMOTE_ADDR"
>
> return error
>
> pass request quick header "Host" value "uprojekt.hu" forward to <httpd>
>
> tls keypair "uprojekt.hu"
> tls keypair "biztonsagimentes.hu"
I'd try with these lines moved above the first "pass request" line.
And I'd remove the "quick" keyword to maintain my sanity in the long run.
Other then that I did not find errors in your config when comparing with
my working configs, though I never used "forward with tls".
Marcus
> pass request quick header "Host" value "biztonsagimentes.hu" forward to
> <backend>
> }
>
> relay "https" {
> listen on egress port 443 tls
> protocol https
> forward with tls to <backend> port 443
> forward to <httpd> port 8081
> }
>
> With this configuration only one domain works (biztonsagimentes.hu),
> the other one does not. The log of the web server running on OpenBSD
> tells me that relayd forwards the encrypted traffic to 127.0.0.1:8081
> even though the rule "forward to <httpd> port 8081" does not contain
> "with tls"
>
> Gábor Hidvégi
>
