Hi,
so I added the with tls keywords to the relay and my webserver gets
request now but from my relayhost and this is making the way back quiet
hard :(
so I added the X Headers for Forwarded-For and Forwarded-By but it still
leaves the question how to tell the relayhost to just let it all out
like in a normal rdr-to rule in pf? Like I said pf rule just works fine
so the traffic can go thorugh all the interfaces just fine.
regards
MArkus
Am 21.09.2017 um 08:27 schrieb rosjat:
> Hi there,
>
> ok I tried the with tls option and I can al least see relayd tries to
> send the request to the webserver. I still cant get a proper response
> from the webserver. When I do da simple rdr-to rule in pf it just works.
>
> Do I need to do some magic that I miss still?
>
> Regards
>
> MArkus
>
> Am 21.09.2017 um 07:19 schrieb rosjat:
>> Hi Ronan,
>>
>> thanks for the hint I'll give it a try!
>>
>> regards
>>
>> Markus
>>
>> Am 20.09.2017 um 21:30 schrieb Ronan Viel:
>>> Hi,
>>> This kind of config works perfectly on my box. I am not sure SNI has
>>> something to do here as relayd terminates the https connection, gets
>>> all the headers and reopens a new one.
>>> I just think you forgot the "with tls" in your forward directive below:
>>>
>>> relay "proxyssl" {
>>> listen on $gateway port https
>>> protocol "httpproxy"
>>>
>>> forward with tls to <new-webserver> port https
>>> }
>>>
>>> Do not forget to set a "ca file" in your protocol section if you want
>>> relayd to check the certificate of your target's server (see
>>> relayd.conf man).
>>>
>>> Ronan
>>>
>>
>
--
Markus Rosjat fon: +49 351 8107223 mail: rosjat@ghweb.de
G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden
http://www.ghweb.de
fon: +49 351 8107220 fax: +49 351 8107227
Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before
you print it, think about your responsibility and commitment to the
ENVIRONMENT
No comments:
Post a Comment