Sunday, September 01, 2019

Re: relayd: "listen on egress" only listens to IPv4 and not IPv6

Muhammad Kaisar Arkhan(hi@yukiisbo.red) on 2019.08.29 14:55:03 +0200:
> Hi Tom,
>
> > listen on 2a03:6000:9106::50f7:f07a:d1cc port 443 tls
>
> I've tried this before, it just results in this:
>
> /etc/relayd.conf:33: cannot load certificates for relay https2:443

Your error says "for relay https2", but the relayd.conf file you quote does
not have a relay "https2".

Please show the output of "relayd -nvv" and *exactly* the /etc/relayd.conf
file at the time when you ran the command.

Also i don't think relayd has support for "listen on egress",
it should alsways display

/etc/relayd.conf:##: invalid listen ip: egress

when you use

listen on egress port https tls

in your config.

> I'm not sure why it does this despite the fact I have clearly
> indicated which TLS certificates to use in relayd.conf with the
> new "tls keypair" feature.
>
> % cat /etc/relayd.conf
>
> log connection
>
> table <local_httpd> { 127.0.0.1 }
> table <local_rubywarden> { 127.0.0.1 }
> table <local_znc> { 127.0.0.1 }
>
> http protocol "reverse_proxy" {
> return error
>
> match header set "X-Forwarded-For" value "$REMOTE_ADDR"
> match header set "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"
>
> match request header "Host" value "znc.yukiisbo.red" \
> forward to <local_znc>
>
> tls keypair "yukiisbo.red"
> tls keypair "arkhan.io"
> tls keypair "znc.yukiisbo.red"
> }
>
> relay "https" {
> listen on vio0 port 443 tls
> listen on 2a03:6000:9106::50f7:f07a:d1cc port 443 tls
>
> protocol "reverse_proxy"
>
> forward to <local_httpd> port 80
> forward to <local_znc> port 6666
> }
>
> protocol "znc" {
> tls keypair "znc.yukiisbo.red"
> }
>
> relay "irc" {
> listen on vio0 port 6697 tls
> listen on 2a03:6000:9106::50f7:f07a:d1cc port 6697 tls
>
> protocol "znc"
> forward to <local_znc> port 6666
> }
>

--

No comments:

Post a Comment