From 5247a4900bb79588094f9422833217ba78c3abc1 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Thu, 19 Oct 2017 14:07:37 +0200 Subject: for now disabled https relayd (as we need multi SAN certificates for domains via LetsEncrypt --- config/obr/pf.conf | 2 +- config/obr/relayd.conf | 25 ------------------------- 2 files changed, 1 insertion(+), 26 deletions(-) diff --git a/config/obr/pf.conf b/config/obr/pf.conf index ac62be4..f60828c 100644 --- a/config/obr/pf.conf +++ b/config/obr/pf.conf @@ -85,10 +85,10 @@ pass on $WLAN_if all # relayd and bruteforce attack scrubbing pass in on $ext_if proto tcp from any to port 80 -pass in on $ext_if proto tcp from any to port 443 # reroute public services to their machines in the LAN pass in on $ext_if proto tcp from any to port 25 rdr-to $euroweb +pass in on $ext_if proto tcp from any to port 443 rdr-to $euroweb pass in on $ext_if proto tcp from any to port 587 rdr-to $euroweb pass in on $ext_if proto tcp from any to port 110 rdr-to $euroweb pass in on $ext_if proto tcp from any to port 143 rdr-to $euroweb diff --git a/config/obr/relayd.conf b/config/obr/relayd.conf index 5857464..6be42f6 100644 --- a/config/obr/relayd.conf +++ b/config/obr/relayd.conf @@ -49,24 +49,6 @@ http protocol "http_protocol" { block request tagged disallowed_host label "BAD host" } -http protocol "https_protocol" { - - return error - - match request header append "X-Forwarded-For" value "$REMOTE_ADDR" - match request header append "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT" - match request header set "Connection" value "close" - match request header set "Keep-Alive" value "$TIMEOUT" - - match response header set "Server" value "None of your business" - - tcp { nodelay, sack, socket buffer 65536, backlog 128 } - -# tls ca key "/etc/ssl/private/webmail.andreasbaumann.cc.key" password "" -# tls ca cert "/etc/ssl/webmail.andreasbaumann.cc.crt" -# tls ca file "/etc/ssl/webmail.andreasbaumann.cc.intermediate.crt" -} - relay http_relay { listen on $EXT_IF port 80 protocol http_protocol @@ -74,11 +56,4 @@ relay http_relay { forward to port 80 forward to port 80 } - -relay https_relay { - listen on $EXT_IF port 443 tls - protocol https_protocol - - forward with tls to port 443 -} -- cgit v1.2.3-54-g00ecf