I want to go with let's encrypt certifcates so if I provide the pem
created by the acme-client it should be ok even it seems not for now.
I dont know if relayd development is going to add SNI sometime soon but
for now I could live with a certificate that basically has all my served
domains as
On Thu, September 21, 2017 8:25 am, rosjat wrote:
> I try to figure out the ca file option mentioned by ronan maybe this is
> some kind of option here.
>
Using 'ca file' means you have to decrypt the SSL connection from the
clients with relayd then re-encrypt from relayd to the web servers.
Clien
I try to figure out the ca file option mentioned by ronan maybe this is
some kind of option here.
Am 21.09.2017 um 14:11 schrieb trondd:
On Thu, September 21, 2017 3:49 am, rosjat wrote:
Hi,
so I added the with tls keywords to the relay and my webserver gets
request now but from my relayhost
On Thu, September 21, 2017 3:49 am, rosjat wrote:
> Hi,
>
> so I added the with tls keywords to the relay and my webserver gets
> request now but from my relayhost and this is making the way back quiet
> hard :(
>
> so I added the X Headers for Forwarded-For and Forwarded-By but it still
> leaves t
Hi,
so I added the with tls keywords to the relay and my webserver gets
request now but from my relayhost and this is making the way back quiet
hard :(
so I added the X Headers for Forwarded-For and Forwarded-By but it still
leaves the question how to tell the relayhost to just let it all ou
Hi there,
ok I tried the with tls option and I can al least see relayd tries to
send the request to the webserver. I still cant get a proper response
from the webserver. When I do da simple rdr-to rule in pf it just works.
Do I need to do some magic that I miss still?
Regards
MArkus
Am 21.
Hi Ronan,
thanks for the hint I'll give it a try!
regards
Markus
Am 20.09.2017 um 21:30 schrieb Ronan Viel:
Hi,
This kind of config works perfectly on my box. I am not sure SNI has something
to do here as relayd terminates the https connection, gets all the headers and
reopens a new one.
I
Hi,
This kind of config works perfectly on my box. I am not sure SNI has something
to do here as relayd terminates the https connection, gets all the headers and
reopens a new one.
I just think you forgot the "with tls" in your forward directive below:
relay "proxyssl" {
listen on $gate
On Wed, September 20, 2017 8:10 am, Bryan Harris wrote:
> I don't think you can know the host header unless you decrypt the https
> using a certificate. It seems that idea would require SNI but I don't
> know
> if they have SNI in relayd/httpd. (I could be wrong about that.)
>
httpd has SNI, rel
Hi Brian,
I know that scenario but I want to serve a individual certificate for
every virtual host (httpd can do that) so I was looking for a simple
relay by looking at the header but I might cant get it to work this way :(
Am 20.09.2017 um 14:10 schrieb Bryan Harris:
I don't think you can
I don't think you can know the host header unless you decrypt the https
using a certificate. It seems that idea would require SNI but I don't know
if they have SNI in relayd/httpd. (I could be wrong about that.)
In mine I have listen on $ext_addr port 443 tls. Then exists
/etc/ssl/ipaddr:443.cr
there is of course a tls to much in the config
its just
relay "proxyssl" {
listen on $gateway port https
protocol "httpproxy"
forward to port https
}
Am 20.09.2017 um 10:19 schrieb rosjat:
Hi there,
just a simple question about theĀ relaying of https connections.
12 matches
Mail list logo
