> On 31 May 2019, at 12:15, Kamil Andrusz <wizz@mniam.net> wrote:
>
> Hello Misc!
>
> I'm trying to get relayd working in the following scenario:
> - relayd listens on external IP port 443 with tls
> - based on the path relay to one of two hosts:
> o webhost listening on 443 with tls
> o bwhost listening on 4567 just http
>
> Everything works fine for the webhost. For bwhost I get:
> $ curl https://testhost.net/bwhost/index.php
> curl: (52) Empty reply from server
>
> Is it possible to get this working? Am I missing something obvious?
>
> My relayd config is simple:
> ext_if="10.0.0.1"
> table <webhost> { 192.168.3.1 }
> table <bwhost> { 192.168.3.2 }
>
> http protocol https {
> match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
> match request header append "X-Forwarded-By" \
> value "$SERVER_ADDR:$SERVER_PORT"
> match request header set "Connection" value "close"
>
> pass request path "/*" forward to <webhost>
> pass request path "/bwhost/*" forward to <bwhost>
> }
>
> relay https {
> listen on $ext_if port 443 tls
> protocol "https"
> forward to <bwhost> port 4567
> forward with tls to <webhost> port 443
> }
>
> Thanks for help!
>
Silly to reply to my own mail, BUT. I "fixed" it. After a bit of debugging it turned out, that even though for <bwhost> there's just „forward to", relayd is using TLS to connect to it. So I worked around this by using the following solution. It works, even though it shouldn't be necessary, I think. So, I added additional protocol section, where I pass all the traffic and a relay section just for that one host.
relay https {
listen on $ext_if port 443 tls
protocol "https"
forward to <bwhost> port 8443
forward with tls to <webhost> port 443
}
http protocol bwhostfilter {
pass forward to <bwhost>
}
relay bwhostfilter {
listen on 127.0.0.1 port 8443 tls
protocol bwhostfilter
forward to <bwhost> port 4567
}
Any hints on how broken this idea is are welcome :) I'm begining to wonder, might this be a bug in relayd?
Kamil
No comments:
Post a Comment