DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 1st November 2021
drz8 drz8 is offline
New User
 
Join Date: Oct 2021
Posts: 2
Default Port 80 to 443 without httpd

Hi,
I use openBSD box and relayd to forward https traffic to LAN. The relayd listens to external connections on port 443 and distributes http packets to other internal company servers.
The openBSD box does not host any web pages so there is no need for httpd to be up.

Still, I would like to capture incoming traffic on port 80 and feed it back to the 443, so that relayd can do its distributing job.

Is it possible to do without any webserver on openBSD?
Reply With Quote
  #2   (View Single Post)  
Old 2nd November 2021
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

I have a different setup. I use relayd for handling the https encryption and send the requests to a http server. This server answers back to relayd, which encrypts the received answer and relays it to the client

A snippet from my relayd.conf:
Code:
# ---  relay to "httpd", which send back a permanent redirect 301 for https

relay "www" {
    listen on $EXTERNAL port http
    protocol "http"
    forward to $LOCALHOST port http
}

# receive https/TLS requests from browser clients
# forward unencrypted http to webserver 127.0.0.1:44380
# wrap received http replies from 127.0.0.1:44380 with https/TLS
# and relay back to client

relay "tls-to-http" {
    listen on $EXTERNAL port https tls
    protocol "https-secure-headers"
    forward to $LOCALHOST port 44380 
}
The section that tells the client to use https instead of http (from the OpenBSD httpd.conf):
Code:
# --- a permanent redirect from http to https 
server  "siralas.nl" {
        listen on 127.0.0.1  port 80
        #listen on egress  port 80
        root "/htdocs"
        block return 301 "https://$SERVER_NAME$REQUEST_URI"
}
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 10th April 2022
drz8 drz8 is offline
New User
 
Join Date: Oct 2021
Posts: 2
Default

Thank you for the reply!

In the relay "www" you use protocol "http". Could you post its content?

For now I use httpd to send permanent redirect 301 status for each server separately.
Your solution seems to be more elegant.
Reply With Quote
  #4   (View Single Post)  
Old 11th April 2022
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

At this moment I cannot provide you the details you ask. Give me one or two days and then I will post the complete configuration ....
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Reply

Tags
relayd openbsd

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Automating the "vi /etc/httpd.conf", httpd -n, rcctl restart httpd" treadmill J65nko Guides 0 18th May 2021 12:58 AM
httpd - URI manipulation Scripter OpenBSD General 1 7th December 2019 01:07 PM
cms for httpd psypro OpenBSD General 1 9th August 2016 08:51 PM
nagios-web vs. new httpd bceverly OpenBSD Packages and Ports 1 7th October 2015 02:29 AM
New httpd and PHP morophla OpenBSD Packages and Ports 21 31st August 2015 09:54 PM


All times are GMT. The time now is 03:18 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick