On 2021-08-11, Vladimir Nikishkin <lockywolf@gmail.com> wrote:
> I do not think my setup is related to "TLS Inspection".
>
> There is no problem connecting to the TLS-enabled backend. The problem
> appears when connecting to the HTTP backend, when, _at the same time_,
> in the same relay there is another redirect to the TLS backend.
>
> On Wed, 11 Aug 2021 at 16:15, Jean-Pierre de Villiers
><jeanpierre@jeanpierredevilliers.xyz> wrote:
>>
>> On 21/08/11 02:40pm, Vladimir Nikishkin wrote:
>> > However, if I keep "with tls", the requests to port 81 are going
>> > encrypted, and are failing with the following message in relayd logs:
>> > `SSL routines:ST_CONNECT:tlsv1 alert protocol version`,
>> > `TLS handshake error: handshake failed:`.
>>
>> What you're currently attemting is referred to as TLS inspection in
>> relayd.conf(5). This is when one combines client and server modes.
>>
>> In order for TLS inspection to function properly the protocol options
>> "ca cert" and "ca key" both need to be set. Further details found in
>> the "TLS Relays" and "Protocols" sections of relayd.conf(5).
>>
>> Regards,
>> JP
>
>
>
I don't think you can mix separate http and https backends like that
in the same relay. You probably need a more flexible reverse proxy
(haproxy, nginx, apache httpd, varnish, etc) to split up the requests
how you're trying to do them.
--
Please keep replies on the mailing list.
No comments:
Post a Comment