diff options
author | Andreas Baumann <mail@andreasbaumann.cc> | 2017-10-19 14:07:37 +0200 |
---|---|---|
committer | Andreas Baumann <mail@andreasbaumann.cc> | 2017-10-19 14:07:37 +0200 |
commit | 5247a4900bb79588094f9422833217ba78c3abc1 (patch) | |
tree | c9579164fd89604d8d313fd3b5d074bebf3c2165 | |
parent | 545207c6738fe5dc93f4db46705f5a2890c3024e (diff) | |
download | OpenBSD-firewall-5247a4900bb79588094f9422833217ba78c3abc1.tar.gz OpenBSD-firewall-5247a4900bb79588094f9422833217ba78c3abc1.tar.bz2 |
for now disabled https relayd (as we need multi SAN certificates for domains via LetsEncrypt
-rw-r--r-- | config/obr/pf.conf | 2 | ||||
-rw-r--r-- | config/obr/relayd.conf | 25 |
2 files changed, 1 insertions, 26 deletions
diff --git a/config/obr/pf.conf b/config/obr/pf.conf index ac62be4..f60828c 100644 --- a/config/obr/pf.conf +++ b/config/obr/pf.conf @@ -85,10 +85,10 @@ pass on $WLAN_if all # relayd and bruteforce attack scrubbing pass in on $ext_if proto tcp from any to port 80 -pass in on $ext_if proto tcp from any to port 443 # reroute public services to their machines in the LAN pass in on $ext_if proto tcp from any to port 25 rdr-to $euroweb +pass in on $ext_if proto tcp from any to port 443 rdr-to $euroweb pass in on $ext_if proto tcp from any to port 587 rdr-to $euroweb pass in on $ext_if proto tcp from any to port 110 rdr-to $euroweb pass in on $ext_if proto tcp from any to port 143 rdr-to $euroweb diff --git a/config/obr/relayd.conf b/config/obr/relayd.conf index 5857464..6be42f6 100644 --- a/config/obr/relayd.conf +++ b/config/obr/relayd.conf @@ -49,24 +49,6 @@ http protocol "http_protocol" { block request tagged disallowed_host label "BAD host" } -http protocol "https_protocol" { - - return error - - match request header append "X-Forwarded-For" value "$REMOTE_ADDR" - match request header append "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT" - match request header set "Connection" value "close" - match request header set "Keep-Alive" value "$TIMEOUT" - - match response header set "Server" value "None of your business" - - tcp { nodelay, sack, socket buffer 65536, backlog 128 } - -# tls ca key "/etc/ssl/private/webmail.andreasbaumann.cc.key" password "" -# tls ca cert "/etc/ssl/webmail.andreasbaumann.cc.crt" -# tls ca file "/etc/ssl/webmail.andreasbaumann.cc.intermediate.crt" -} - relay http_relay { listen on $EXT_IF port 80 protocol http_protocol @@ -74,11 +56,4 @@ relay http_relay { forward to <euroweb> port 80 forward to <euroserver> port 80 } - -relay https_relay { - listen on $EXT_IF port 443 tls - protocol https_protocol - - forward with tls to <euroweb> port 443 -} |