|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
Port 80 to 443 without httpd
Hi,
I use openBSD box and relayd to forward https traffic to LAN. The relayd listens to external connections on port 443 and distributes http packets to other internal company servers. The openBSD box does not host any web pages so there is no need for httpd to be up. Still, I would like to capture incoming traffic on port 80 and feed it back to the 443, so that relayd can do its distributing job. Is it possible to do without any webserver on openBSD? |
|
|||
I have a different setup. I use relayd for handling the https encryption and send the requests to a http server. This server answers back to relayd, which encrypts the received answer and relays it to the client
A snippet from my relayd.conf: Code:
# --- relay to "httpd", which send back a permanent redirect 301 for https relay "www" { listen on $EXTERNAL port http protocol "http" forward to $LOCALHOST port http } # receive https/TLS requests from browser clients # forward unencrypted http to webserver 127.0.0.1:44380 # wrap received http replies from 127.0.0.1:44380 with https/TLS # and relay back to client relay "tls-to-http" { listen on $EXTERNAL port https tls protocol "https-secure-headers" forward to $LOCALHOST port 44380 } Code:
# --- a permanent redirect from http to https server "siralas.nl" { listen on 127.0.0.1 port 80 #listen on egress port 80 root "/htdocs" block return 301 "https://$SERVER_NAME$REQUEST_URI" }
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Thank you for the reply!
In the relay "www" you use protocol "http". Could you post its content? For now I use httpd to send permanent redirect 301 status for each server separately. Your solution seems to be more elegant. |
|
|||
At this moment I cannot provide you the details you ask. Give me one or two days and then I will post the complete configuration ....
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
Tags |
relayd openbsd |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Automating the "vi /etc/httpd.conf", httpd -n, rcctl restart httpd" treadmill | J65nko | Guides | 0 | 18th May 2021 12:58 AM |
httpd - URI manipulation | Scripter | OpenBSD General | 1 | 7th December 2019 01:07 PM |
cms for httpd | psypro | OpenBSD General | 1 | 9th August 2016 08:51 PM |
nagios-web vs. new httpd | bceverly | OpenBSD Packages and Ports | 1 | 7th October 2015 02:29 AM |
New httpd and PHP | morophla | OpenBSD Packages and Ports | 21 | 31st August 2015 09:54 PM |