> On Jul 10, 2020, at 11:42 PM, Gabri Tofano <ga...@tofanos.com> wrote: > > >> Does http work with redirects? It wasn’t clear if it did or not in >> your first post. > > It doesn't work with http and that is the redirect that I was testing. > >> Indications from your pf anchor rules and the down >> status above, and the check http attribute on the https forward to >> directives tell me relayd isn’t liking your check http configuration >> for port 443. >> Start by switching to check icmp or check tcp or something else, see >> if it works, unless you can fix the check http based on logs or >> otherwise. > > I changed it to tcp and now the servers are showing as "up": > > LAB1-LB1# relayctl sh sum > Id Type Name Avlblty Status > 1 redirect http active > 1 table web_servers:80 active (1 > hosts) > 1 host 172.16.101.31 100.00% up > 2 table nc_servers:80 active (1 > hosts) > 2 host 172.16.101.32 100.00% up > 2 redirect https active > 3 table web_servers:443 active (1 > hosts) > 3 host 172.16.101.31 100.00% up > 4 table nc_servers:443 active (1 > hosts) > 4 host 172.16.101.32 100.00% up > > However I was hoping to fix the http redirect first and then move to https, > but it > looks like more of a "general issue" with redirects in my current > configuration. > > Thanks
If http redirection isn’t working, I’d be curious from where you’re trying to connect or what router you have configured on the backend hosts. I see you’re relayd box and back ends are on the same network. If you’re trying to connect from another address in 172.16.101.x to your relayd setup, it won’t work reliably. It might also not work reliably or at all, if you are not routing responses through the relayd host. If they are replying direct, any PF scrub normalization, tcp sequence handling, etc., all get lost, among other issues. I hope this is the cause of your issues, otherwise you’re going to need to include more information for your setup, or at a minimum some relayd logs. -Brian