On 2020-09-19, Benjamin Raskin <benjaminiras...@gmail.com> wrote:
> Hello, Misc;
>
> I'm attempting to configure relayd to work as a reverse proxy, such that all
> web traffic goes through relayd prior to reaching some web server. I'm
> confused as to how I am to configure the ssl cert and key options in the
> relayd configuration. The manual configures the protocol as follows:
>
> http protocol httpfilter {
> tls ca key "/etc/ssl/private/ca.key" password "password123"
> tls ca cert "/etc/ssl/ca.crt"
> }
>
> Where do I get the password for the key? I'm using certbot to generate the
> certs, and at no time was I prompted to enter, or given a password. Am I
> missing something in terms of configuration or cert generation, or have I
> gotten everything all wrong? Thank you in advance.
>
>
> Ben Raskin
>
>
"tls ca key/cert" are for TLS inspection, aka MITM. In that case
you provide a key for a private CA not a regular CA-signed server
certificate, and relayd generates certificates on-the-fly matching the
requested hostname, the password is the password used when encrypting
the key for that CA.
This is not what you want for a regular reverse proxy. For that case
there are predefined filenames, see the FILES section of relayd.conf(5).
(It's not very obvious - last time I tried to do this with relayd
I ended up using ktrace before I remembered how to do it. I normally
go straight to nginx for reverse proxying as it's so much easier to
configure and more flexible...).
