Hi,
I'm using relayd to check headers before serving my website with httpd.
I need to keep in httpd's logs the client IP address. So I try to use
the "transparent" keyword in relayd.conf, but in this case, relayd
doesn't work and I can't reach httpd.
Here is the **not working** relayd relevant configuration :
relay "tlsforward" {
listen on $ext_ip port 443 tls
protocol "https"
transparent forward to <local> port 8443 check tcp
}
here is the **working without transparent" relayd.conf :
table <local> { 127.0.0.1 }
ext_ip = 192.168.1.66
http protocol "http" {
tcp { nodelay, sack, socket buffer 65536, backlog 100 }
match response header set "Cache-Control" value
"max-age=1814400"
match request header remove "Proxy"
match response header set "X-Xss-Protection" value "1;
mode=block"
match response header set "Frame-Options" value "SAMEORIGIN"
match response header set "X-Frame-Options" value "SAMEORIGIN"
return error
}
relay "www" {
listen on $ext_ip port 80
protocol "http"
forward to 127.0.0.1 port 8080
}
http protocol "https" {
tcp { nodelay, sack, socket buffer 65536, backlog 100 }
match response header set "Cache-Control" value
"max-age=1814400"
match request header remove "Proxy"
match response header set "X-Xss-Protection" value "1;
mode=block"
match header append "X-Forwarded-For" \
value "$REMOTE_ADDR"
match header append "X-Forwarded-By" \
value "$SERVER_ADDR:$SERVER_PORT"
return error
pass
tls { no client-renegotiation, cipher-server-preference }
}
relay "tlsforward" {
listen on $ext_ip port 443 tls
protocol "https"
forward to <local> port 8443 check tcp
}
Any advice?
Regards
