On Sun, 20 Jul 2025 08:42:48 +0200,
Marc Chantreux <[email protected]> wrote:
>
> now everything goes to :8200. I feel I'm getting closer.
>
I use this way:
table <vaultwarden> { 127.0.0.1 retry 5 }
...
table <fallback> { 127.0.0.1 retry 5 }
http protocol https {
tls keypair XXX.com
pass request forward to <fallback>
...
tls keypair vaultwarden.XXX.com
pass request header "Host" \
value "vaultwarden.XXX.com" forward to <vaultwarden>
}
relay https {
listen on egress port 443 tls
protocol https
forward to <vaultwarden> port 8000 \
check http "/" code 200
...
forward to <fallback> port 80 \
check http "/" code 200
}
Let me explain how it works:
- by default everything is routed to httpd on the same machine with TLS
certificate XXX.com;
- when I add new host I add a new new named table with distation addresses,
tls keypair into http protocl with expected host header, and direction to
which port the traffic should be forwarded.
I not sure that it is cleaner way or the right way, but it works.
--
wbr, Kirill
