On 2009-02-09, kevin thompson <kevin.david.thomp...@gmail.com> wrote:
> Is there something in my configuration file that I need to specify to ensure
> that https requests are sent to the servers? I've looked at a few examples
> online and I haven't seen anything that fits the bill. Here is my
> relayd.conf file
basically it looks like you want to decrypt, adjust the headers,
and then re-encrypt to the server.
relayd doesn't have this feature (mitm mode? :-)
it could probably be added as an option to "forward to" for a
relay, but this would bring some questions about how to handle
invalid certificates at the backend server, etc... (and without
safe ways to handle that, you might as well keep the cleartext
to the backend).
with what's currently available in relayd, you would have to
use a plain TCP relay for HTTPS.
> table <ssl_server> { www.mnsu.edu, secure.mnsu.edu }
> web_port="80"
> ssl_port="443"
> bge0_ip="134.29.32.88"
>
> interval 10
> timeout 200
> prefork 5
> log updates
>
> http protocol "httpfilter" {
> # TCP Performance options
> tcp { nodelay, sack, socket buffer 65536, backlog 100 }
>
> # Return HTTP/HTML error pages
> return error
>
> # allow logging of remote client ips to internal web servers
> header append "$REMOTE_ADDR" to "X-Forwarded-For"
>
> # Set keep alive timeout to global timeout
> header change "Keep-Alive" to "$TIMEOUT"
>
> # Close connection upon receipt
> header change "Connection" to "close"
>
> # Anonymize webservers name/type
> response header change "Server" to "Something"
>
> # SSL options
> ssl { sslv3, tlsv1, ciphers "HIGH:!ADH", no sslv2 }
> }
>
> relay web_proxy {
> listen on $bge0_ip port $ssl_port ssl
> protocol "httpfilter"
> forward to <ssl_server> port $ssl_port mode loadbalance check https "/"
> code 200
> }
