Wednesday, September 20, 2017

Re: relayd https relay

there is of course a tls to much in the config

its just

relay "proxyssl" {
listen on $gateway port https
protocol "httpproxy"

forward to <new-webserver> port https
}


Am 20.09.2017 um 10:19 schrieb rosjat:
> Hi there,
>
> just a simple question about the  relaying of https connections. Is it
> possible to simple pass the https traffic to the webserver with relayd?
> My naive approach was simply checking the host name in the header and
> then forward it to http or https port. This works for http  but with
> https it doesnt.
>
>
> here are my relayd.conf parts
>
>
> http protocol "httpproxy" {
>
>                             match request quick header "Host" value
> "random-domain1.tld" forward to <new-webserver>
>                             match request quick header "Host" value
> "random-domain2.tld" forward to <old-webserver>
>
> }
>
> relay "proxy" {
>                listen on $gateway  port http
>                protocol "httpproxy"
>
>                forward to <new-webserver>  port http
>                forward to <old-webserver> port http
>
>               }
>
> relay "proxyssl" {
>        listen on $gateway  port https
>        protocol "httpproxy"
>
>        forward to <new-webserver>  port https tls
> }
>
> with this I dont get a relay for https it seems, if I add tls to the
> listen part I got told relayd cant find the certificates. And that is
> totally understanable because there are no certs on this machine for
> these domains because the are on the webserver machine.
>
>
> So it all boils down to the question, do I have to set up my
> certificates on the relay host to be able to use a https relay ?
>
>
> regards
>
>

--
Markus Rosjat fon: +49 351 8107223 mail: rosjat@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220 fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before
you print it, think about your responsibility and commitment to the
ENVIRONMENT

No comments:

Post a Comment