On Sun, 20 Jul 2025 21:57:09 +0200,
Marc Chantreux <m...@unistra.fr> wrote:
>
> On Sun, Jul 20, 2025 at 01:56:44PM +0200, Kirill A. Korinsky wrote:
> > relay https {
> > listen on egress port 443 tls
> > protocol https
> > forward to <vaultwarden> port 8000 \
> > check http "/" code 200
> > forward to <fallback> port 80 \
> > check http "/" code 200
> > }
>
> As far as I understand, you don't need a table to forward from the
> relay.
>
Probably, but by some reason I had used it.
I don't recall why, I touched it a few years ago.
But if I not mistaken it simple doesn't work without table.
> > Let me explain how it works:
> >
> > - by default everything is routed to httpd on the same machine with TLS
> > certificate XXX.com;
> >
> > - when I add new host I add a new new named table with distation addresses,
> > tls keypair into http protocl with expected host header, and direction to
> > which port the traffic should be forwarded.
> >
> > I not sure that it is cleaner way or the right way, but it works.
>
> this was the thing I tried to do in the last version I posted but it
> seems the first forward is the used one.
>
> I tried both with or without "quick".
>
> I'm now trying to read the relayd code …
>
Well, this is a copy and paste from a machine where I use it. So, this
defently works :)
Also, I suggest to avoid "quick", it makes things more complicated.
--
wbr, Kirill
