[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-misc
Subject:    Relayd cannot load keypair
From:       James Chase <mr.jdchase () gmail ! com>
Date:       2021-02-28 21:19:17
Message-ID: CAFosHnFsXk-Hfxr0GApBo2+-K9+az9ZSkfwhz-8_wVFefJrQwg () mail ! gmail ! com
[Download RAW message or body]

I'm on openbsd 6.8, ran syspatch today.
relayd.conf:

table <nextcloudservice> { 192.168.1.158 }
http protocol "httpproxy" {
    pass request quick header "Host" value "nextcloud.mydomain.com" \
        forward to <nextcloudservice>
    block
}
relay "proxy" {
   listen on 192.168.1.156 port 80
   protocol "httpproxy"
   forward to <nextcloudservice> port 80
}
http protocol "https" {
  tls keypair nextcloud.mydomain.com
  return error
  pass
}
relay "secure_proxy" {
    listen on 192.168.1.156 port 443 tls
    protocol https
    forward to <nextcloudservice> port 80
}

Works for regular http, but when I try adding the https blocks I get:

/etc/relayd.conf:25: cannot load keypair nextcloud.mydomain.com
for relay secure_proxy

The keys are in /etc/ssl/ and /etc/ssl/private, and I got them from
acme-client via lets encrypt. Named:
nextcloud.mydomain.com:443.fullchain.crt
and
nextcloud.mydomain.com:443.key

Also tried generating them without the ports and with .pem,
etc.

Also, I've tried replacing 192.168.1.156 in the listen on
line in secure_proxy with "nextcloud.mydomain.com"
I've tried various examples online as well. Any help would
be appreciated! At this point it feels like a bug, but apparently
others have it working.

[prev in list] [next in list] [prev in thread] [next in thread]