Monday, October 09, 2023

Re: relayd ssl termination advice

Maybe I am wrong, but I thought that relayd was not capable of doing
TLS pass through? That would be preferable if it is possible.

Courtney


On 10/9/23 00:42, Kapetanakis Giannis wrote:
> On 08/10/2023 04:00, Courtney wrote:
>> Ultimately, I want to serve a handful of services on 80/443 that are
>> easily accessible internally and externally, and I don't want to have
>> unencrypted traffic between relayd and my server for the services that
>> are passing sessions and such.
>
> Then don't terminate the connection on relayd. Use redirect instead of a relay and terminate on the web server itself.
>
> It will also be a little faster since the router/relayd will only route/pass the packets to the appropriate backend server.
>
> For internal traffic you have to use appropriate DNS (local IP) and maybe a different certificate.
>
> G
>

No comments:

Post a Comment