Yep, that's how I've set it up.
certs:
Code:
/etc/ssl/ca.crt
/etc/ssl/127.0.0.1:8443.crt
/etc/ssl/private/ca.key
/etc/ssl/private/127.0.0.1:8443.key
/etc/relayd.conf:
Code:
http protocol httpfilter {
return error
match request label "URL filtered!"
block request quick url "example.com/" value "*"
}
http protocol tlsfilter {
return error
match request label "URL filtered!"
block request quick url "example.com/" value "*"
tls ca key "/etc/ssl/private/ca.key" password "password"
tls ca cert "/etc/ssl/ca.crt"
}
relay httpproxy {
listen on 127.0.0.1 port 8080
protocol httpfilter
forward to destination
}
relay tlsproxy {
listen on 127.0.0.1 port 8443 tls
protocol tlsfilter
forward with tls to destination
}
relevant portion of /etc/pf.conf:
Code:
pass in quick log on $int_ifs inet proto { tcp udp } from $wired_if:network to port 53 rdr-to $wired_if:0
pass in log on $int_ifs inet proto tcp from $wired_if:network to port www divert-to localhost port 8080
pass in log on $int_ifs inet proto tcp from $wired_if:network to port https divert-to localhost port 8443
With this setup, Chromium complains that the cert for
https://duckduckgo.com/ doesn't match (since the name on the cert is 127.0.0.1).