stdiscosrv and strelaysrv behind OpenBSD relayd

The docs have helpful instructions for configuring stdiscosrv to run behind a reverse proxy using Nginx, Apache, or Caddy, but I wonder if someone could offer some guidance about configuring it to run behind OpenBSD relayd.

Also, is it possible to run strelaysrv behind relayd with TLS terminated by relayd? I see that strelaysrv, unlike stdiscosrv, lacks a -http flag to use with a reverse proxy.

You can’t really terminate it, as both of these need client certificates to prove clients identity. Discovery server supports getting certificates in an extra http header (assuming relayd supports passing that down), relays don’t use http and use pure tls (other than for status page etc)

Thank you very much, @AudriusButkevicius. relayd handles straightforward analogues of two of the four important headers listed in the docs:

match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
match request header append "X-Client-Port" value "$REMOTE_PORT"

However, I do not know how to get relayd to set a value for “X-SSL-Cert” or request the client SSL certificate but not require it to be signed by a trusted CA.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.