Relayd with SNI and TLS keypairs

By Finde Labs |  Nov 2, 2019  | openbsd, relayd, sni, httpd

Back when this article was written, on setting up a relayd load-balancer with two back-end httpd servers, relayd did not have the capability of handling multiple tls relays with unique domain names. This meant that each tls relay required a unique IP per domain. This was in part due to the fact that relayd had no SNI support. I am happy to say that with OpenBSD 6.6, this is no longer the case.

Continue Reading...

Configuring acme-client on OpenBSD

By Finde Labs |  Jan 22, 2019  | openbsd, encryption, httpd, acme-client

I hate spending money on things I don’t absolutely have to. Maybe that’s why I like opensource. I also like encryption. Therefore, I really like acme-client on OpenBSD. They have such an easy setup for generating your own SSL certs for use by a web server. In the article, I will walk through not only the basic configs that I’ve used. I am also writing a follow-up article that will illustrate how to create a quick ansible playbook that will do all the heavy lifting for you.

Continue Reading...