Openbsd

relayd.conf 無法為中繼 https 載入證書

  • December 18, 2020

我正在嘗試使用relaydand配置一個非常基本的反向代理httpd

以下是 的內容relayd.conf

log state changes
log connection
prefork 10

list="ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
ipv4="192.168.1.1"

table <www> { 127.0.0.1 }

http protocol "https" {
   tls ciphers $list

   return error

   match request header set "X-Forwarded-For" value "$REOTE_ADDR"
   match request header set "X-Forwarded-Port" value "$REMOTE_PORT"

   match response header set "Content-Security-Policy" value \
       "default-src 'self'"
   match response header set "Referrer-Policy" value "no-referrer"
   match response header set "Strict-Transport-Security" value \
       "max-age=15552000; includeSubDomains; preload"
   match response header set "X-Content-Type-Options" value "nosniff"
   match response header set "X-Frame-Options" value "SAMEORIGIN"
   match response header set "X-XSS-Protection" value "1; mode=block"

   match method GET tag ok
   match method HEAD tag ok

   block
   pass tagged ok forward to <www>
}

relay "https" {
   listen on $ipv4 port https tls
   protocol "https"
   forward to <www> port 8080
}

relay "http" {
   listen on $ipv4 port http
   forward to <www> port 8080
}

以下是中的證書文件/etc/ssl/

-r--r--r--   1 root  bin     342K Oct  4 16:47 cert.pem
-rw-r--r--   1 root  wheel   2.6K Oct  4 16:47 ikeca.cnf
-r--r--r--   1 root  wheel   3.7K Dec 17 07:34 example.com.fullchain.pem
-rw-r--r--   1 root  wheel   503B Dec 17 07:55 example.com.ocsp
lrwxr-xr-x   1 root  wheel    27B Dec 17 09:06 example.com:443.crt@ -> example.com.fullchain.pem
lrwxr-xr-x   1 root  wheel    18B Dec 17 09:06 example.com:443.ocsp@ -> example.com.ocsp
-r--r--r--   1 root  bin     745B Oct  4 16:47 openssl.cnf
drwx------   2 root  wheel   512B Dec 17 09:07 private/
-r--r--r--   1 root  bin    1006B Oct  4 16:47 x509v3.cnf

以下是中的證書文件/etc/ssl/private/

-r--------  1 root  wheel   3.2K Dec 17 07:33 example.com.key
lrwxr-xr-x  1 root  wheel    17B Dec 17 09:07 example.com:443.key@ -> example.com.key

# relayd -n
/etc/relayd.conf:38: cannot load certificates for relay https

這是我第一次配置relayd,所以不要拉任何拳。

嘗試在協議塊中添加以下行:tls keypair "example.com"

http protocol "https" {
       tls ciphers $list
       tls keypair "example.com"

引用自:https://unix.stackexchange.com/questions/625018

相關問答

Shell-Script

一個 GNU 並行作業隊列腳本

  • June 23, 2022
檢視問答
Freebsd

OpenBSD 上的“freebsd-update”等價物是什麼?

  • May 4, 2022
檢視問答
Networking

OpenBSD netstart 命令

  • April 22, 2022
檢視問答
Openbsd

Openbsd 線衛到線衛

  • April 18, 2022
檢視問答
Keyboard-Layout

使用 OpenBSD 的 Dvorak 程序員佈局

  • April 17, 2022
檢視問答
Gcc

在 OpenBSD 上 pkg_add gcc 之後沒有 gcc 執行檔

  • April 7, 2022
檢視問答