Wednesday, September 20, 2017

relayd transparent don't work

Hi,
I'm using relayd to check headers before serving my website with httpd.

I need to keep in httpd's logs the client IP address. So I try to use
the "transparent" keyword in relayd.conf, but in this case, relayd
doesn't work and I can't reach httpd.

Here is the **not working** relayd relevant configuration :

relay "tlsforward" {
listen on $ext_ip port 443 tls
protocol "https"
transparent forward to <local> port 8443 check tcp
}


here is the **working without transparent" relayd.conf :

table <local> { 127.0.0.1 }
ext_ip = 192.168.1.66

http protocol "http" {
tcp { nodelay, sack, socket buffer 65536, backlog 100 }
match response header set "Cache-Control" value "max-age=1814400"
match request header remove "Proxy"
match response header set "X-Xss-Protection" value "1; mode=block"
match response header set "Frame-Options" value "SAMEORIGIN"
match response header set "X-Frame-Options" value "SAMEORIGIN"
return error
}
relay "www" {
listen on $ext_ip port 80
protocol "http"
forward to 127.0.0.1 port 8080
}

http protocol "https" {
tcp { nodelay, sack, socket buffer 65536, backlog 100 }
match response header set "Cache-Control" value "max-age=1814400"
match request header remove "Proxy"
match response header set "X-Xss-Protection" value "1; mode=block"
match header append "X-Forwarded-For" \
value "$REMOTE_ADDR"
match header append "X-Forwarded-By" \
value "$SERVER_ADDR:$SERVER_PORT"
return error
pass
tls { no client-renegotiation, cipher-server-preference }
}

relay "tlsforward" {
listen on $ext_ip port 443 tls
protocol "https"
forward to <local> port 8443 check tcp
}


Any advice?

Regards

No comments:

Post a Comment