On 10/7/2023 9:00 PM, Courtney wrote:
> Hello everyone,
>
> I'm seeking an ideal way to make secure https connections to a handful of
> web servers in my house.
I'm currently doing this with haproxy by having it inspect the SNI on
the incoming traffic and route based on that. At the time I set it up
relayd didn't support SNI inspection, not sure if it's been added since.
The main downsides to doing this:
- haproxy has to be in the traffic path
- haproxy has to run as root (ick)
The traffic isn't decrypted by haproxy at all. I'm not sure how this
will be affected by encrypted SNI/encrypted client hello.
Relayd can also decrypt the traffic, then re-encrypt it from relayd to
the web server. See "TLS RELAYS" in the man page.
No comments:
Post a Comment