Hi,
I'm trying to configure relayd as a https relay for several http servers. My problem is that I can't get relayd to load my certificate files although they are in /etc/ssl and /etc/ssl/private. Is there any directive to explictly tell where the certs are?
Tests:
Config file (relevant part) :
Thanks in advance,
Tom
I'm trying to configure relayd as a https relay for several http servers. My problem is that I can't get relayd to load my certificate files although they are in /etc/ssl and /etc/ssl/private. Is there any directive to explictly tell where the certs are?
Tests:
Code:
======== START TESTS ======
[root@lb1 /etc/ssl]# relayd -d -v
startup
/usr/local/etc/relayd.conf:104: cannot load certificates for relay wwwssl
[root@lb1 /etc/ssl]# ls -la /etc/ssl/private/
total 8
drwxr-xr-x 2 root wheel 512 Jan 7 20:36 .
drwxr-xr-x 3 root wheel 512 Jan 7 20:34 ..
-rw-r--r-- 1 root wheel 704 Jan 7 20:39 127.0.0.1.csr
-rw------- 1 root wheel 963 Jan 7 20:38 127.0.0.1.key
[root@lb1 /etc/ssl]#
[root@lb1 /etc/ssl]#
[root@lb1 /etc/ssl]# ls -la /etc/ssl/
total 18
drwxr-xr-x 3 root wheel 512 Jan 7 20:34 .
drwxr-xr-x 20 root wheel 2048 Jan 7 19:24 ..
-rw-r--r-- 1 root wheel 952 Jan 7 20:40 127.0.0.1.crt
-rw-r--r-- 1 root wheel 9472 Feb 17 2011 openssl.cnf
drwxr-xr-x 2 root wheel 512 Jan 7 20:36 private
Config file (relevant part) :
Code:
[root@lb1 /etc/ssl]# cat /usr/local/etc/relayd.conf
ext_addr="127.0.0.1"
#
# Relay and protocol for HTTP layer 7 loadbalancing and SSL acceleration
#
http protocol httpssl {
header append "$REMOTE_ADDR" to "X-Forwarded-For"
header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By"
header change "Connection" to "close"
# Various TCP performance options
tcp { nodelay, sack, socket buffer 65536, backlog 128 }
ssl { no sslv2, sslv3, tlsv1, ciphers HIGH }
ssl session cache disable
}
relay wwwssl {
# Run as a SSL accelerator
listen on $ext_addr port 443 ssl
protocol httpssl
# Forward to hosts in the webhosts table using a src/dst hash
forward to <webhosts> port http mode loadbalance \
check http "/" code 200
}
======== END TESTS ======
Thanks in advance,
Tom