Closed d47081 closed 5 months ago
As understand, the listen
address should be common and server
defined as child construction, but it's not work
Hello, thanks for the report.
The configuration seems correct to me.
I believe the certificate error comes from the upstream server, the one listening at the IPv6 addresses. When using a IP address (v4 or v6 doesn't matter) in a relay-to
directive, the SNI (the remote server name) is missing and should be specified in the configuration file. I should point this out in the documentation.
Do you still get errors when specifying the remote server name using the sni
directive in the proxy block, for e.g.:
proxy {
relay-to 301:5eb5:f061:678e::b port 1965
verifyname off
sni "remote-server-name"
}
verifyname off
only applies to gmid-the-proxy itself, it won't complain if the certificate used by the upstream server doesn't match what it expects, but doesn't stop the upstream server from complaining that there's a missing SNI.
Thanks much! it works properly with sni
provided!
Happy to know that it worked :) I'll try to make the documentation more clear in this regard.
Thanks
Just one question: how can I define default server case?
Something like default
in nginx
Not sure, as I never really considered this use-case, but maybe something like:
server "*" {
alias "example.com" # eventually
# ...
}
should do it. It should be put ~last~ first however, otherwise it would match all the requests.
edit: I should document the order of which the server are matched, and should probably be inverted too to match the locations, since they currently use a different order from each other.
It should be fairly easy to add a keyword (e.g. default server { ... }
) for this however, or maybe just use the first if no server was matched.
Thanks, will try - seems it getting last one in list
Hello,
I want to use single IPv4 to make proxy for 2 domains, but on defining 2 servers as on example - get certificate mismatch