Proxy SSL pour httpd

À utiliser avec httpd pour déléguer la gestion des connexions sécurisées.

include "/home/justin/ips.conf"

table  { 127.0.0.1 }
table  { 127.0.0.1 }

http protocol "wwwsecure" {
	tls keypair "bloguslibrus.fr"

	tcp { nodelay, sack, socket buffer 65536, backlog 128 }

	# anti robots sur wordpress que je n'ai pas
	block quick path "/wp-*" label 'Stop scanning for wordpres
s.'
	
	match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
	match request header append "X-Forwarded-Port" value "$REMOTE_PORT"

	match response header set "Referrer-Policy" value "no-referrer"
	match response header set "X-Content-Type-Options" value "nosniff"
	match response header set "X-Frame-Options" value "deny"
	match response header set "X-XSS-Protection" value "1; mode=block"
	match response header set "Content-Security-Policy" value "upgrade-insecure-requests"
	match response header set "Permissions-Policy" value "interest-cohort=()"
	match response header set "Strict-Transport-Security" value "max-age=31536000; includeSubDomains; preload"

	pass  request  quick  header  "Host"  value  "bloguslibrus.fr"       forward  to  
	pass request quick header "Host" value "honk.bloguslibrus.fr" forward to 

	return error
	pass
}

relay "wwwsecure" {
    listen on 0.0.0.0 port 443 tls
    protocol wwwsecure
    forward to  port 8080 check tcp
    forward to  port 31337 check tcp
}
relay "wwwsecure6" {
    listen on :: port 443 tls
    protocol wwwsecure
    forward to  port 8080 check tcp
    forward to  port 31337 check tcp
}

Connexion(s) : openbsd