Relayd.conf 无法加载中继 https 的证书

tag-icon tag-icon openbsd
Relayd.conf 无法加载中继 https 的证书

relayd我正在尝试使用和配置一个非常基本的反向代理httpd

以下是 的内容relayd.conf

log state changes
log connection
prefork 10

list="ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
ipv4="192.168.1.1"

table <www> { 127.0.0.1 }

http protocol "https" {
    tls ciphers $list

    return error

    match request header set "X-Forwarded-For" value "$REOTE_ADDR"
    match request header set "X-Forwarded-Port" value "$REMOTE_PORT"

    match response header set "Content-Security-Policy" value \
        "default-src 'self'"
    match response header set "Referrer-Policy" value "no-referrer"
    match response header set "Strict-Transport-Security" value \
        "max-age=15552000; includeSubDomains; preload"
    match response header set "X-Content-Type-Options" value "nosniff"
    match response header set "X-Frame-Options" value "SAMEORIGIN"
    match response header set "X-XSS-Protection" value "1; mode=block"

    match method GET tag ok
    match method HEAD tag ok

    block
    pass tagged ok forward to <www>
}

relay "https" {
    listen on $ipv4 port https tls
    protocol "https"
    forward to <www> port 8080
}

relay "http" {
    listen on $ipv4 port http
    forward to <www> port 8080
}

以下是以下位置的证书文件/etc/ssl/

-r--r--r--   1 root  bin     342K Oct  4 16:47 cert.pem
-rw-r--r--   1 root  wheel   2.6K Oct  4 16:47 ikeca.cnf
-r--r--r--   1 root  wheel   3.7K Dec 17 07:34 example.com.fullchain.pem
-rw-r--r--   1 root  wheel   503B Dec 17 07:55 example.com.ocsp
lrwxr-xr-x   1 root  wheel    27B Dec 17 09:06 example.com:443.crt@ -> example.com.fullchain.pem
lrwxr-xr-x   1 root  wheel    18B Dec 17 09:06 example.com:443.ocsp@ -> example.com.ocsp
-r--r--r--   1 root  bin     745B Oct  4 16:47 openssl.cnf
drwx------   2 root  wheel   512B Dec 17 09:07 private/
-r--r--r--   1 root  bin    1006B Oct  4 16:47 x509v3.cnf

以下是以下位置的证书文件/etc/ssl/private/

-r--------  1 root  wheel   3.2K Dec 17 07:33 example.com.key
lrwxr-xr-x  1 root  wheel    17B Dec 17 09:07 example.com:443.key@ -> example.com.key

# relayd -n
/etc/relayd.conf:38: cannot load certificates for relay https

这是我第一次配置relayd,所以不要手下留情。

答案1

尝试在协议块中添加以下行:tls keypair "example.com"

http protocol "https" {
        tls ciphers $list
        tls keypair "example.com"

相关内容