On 2021-08-11, Vladimir Nikishkin <[email protected]> wrote: > I do not think my setup is related to "TLS Inspection". > > There is no problem connecting to the TLS-enabled backend. The problem > appears when connecting to the HTTP backend, when, _at the same time_, > in the same relay there is another redirect to the TLS backend. > > On Wed, 11 Aug 2021 at 16:15, Jean-Pierre de Villiers ><[email protected]> wrote: >> >> On 21/08/11 02:40pm, Vladimir Nikishkin wrote: >> > However, if I keep "with tls", the requests to port 81 are going >> > encrypted, and are failing with the following message in relayd logs: >> > `SSL routines:ST_CONNECT:tlsv1 alert protocol version`, >> > `TLS handshake error: handshake failed:`. >> >> What you're currently attemting is referred to as TLS inspection in >> relayd.conf(5). This is when one combines client and server modes. >> >> In order for TLS inspection to function properly the protocol options >> "ca cert" and "ca key" both need to be set. Further details found in >> the "TLS Relays" and "Protocols" sections of relayd.conf(5). >> >> Regards, >> JP > > >
I don't think you can mix separate http and https backends like that in the same relay. You probably need a more flexible reverse proxy (haproxy, nginx, apache httpd, varnish, etc) to split up the requests how you're trying to do them. -- Please keep replies on the mailing list.
