Hi. is it possible to get multiple http relayd relays listening on
localhost each with a different port # and each with a different ssl
certificate ?
I've followed a tutorial I found on the net about setting up a firewall
up so that no services we bound to any network interfaces and then using
pf rdr's to pass say https traffic to localhost where you have relayd
listening and let it do the ssl decryption. So if pf failed for some
reason then there would be no services available for anyone to connect to !
I've got this setup working for http and a single https certificate just
now and it seems to be working fine but I need to be able to host
multiple SSL Certificates. If seems that the certificate appears to need
to be named after the IP that it's listening on and this is going to
cause issues as there's only one 127.0.0.1 I think.
Our current setup consists of a pair of firewalls running openbsd, carp,
pf and relayd. Currently the carp interface has just one IP but we will
assign others to as we free up the other IP addresses in our range.
I guess it's not the best idea to do the ssl offloading on the firewall
so in the future when another server becomes available I will probably
want it to do the SSL decryption. I guess if we do that we could just
get the new server a number of IP addresses and let relayd listed on
each of them with the SSL certs named after each IP. (If that makes sense)
Could anyone give me some advice plz ?
Thanks
Keith
