Chris Narkiewicz
2021-04-06 00:13:25 UTC
Hi,
I'm configuring relayd to run grafana vhost (grafana does not
support FastCGI).
My relayd.conf is:
http protocol "www" {
match request header "Host" value "grafana.mydomain.net" forward to <lo>
tls keypair grafana.mydomain.net
}
relay "www" {
listen on wg0 port 443 tls
protocol www
forward to <lo> port 3000
}
# end if relayd.conf
TLS certificate has been generated using easyrsa, and it uses EC algo
with secp384r1 curve.
When I start relayd, it complains about unsupported key size:
ca_engine_init: using RSA privsep engine
...
ssl_ctx_fake_private_key: key size 832 not support
When I use RSA certificate generated using Let's Encrypt, it works.
Does it support EC? Am I doing something wrong?
Full relayd output in verbose mode:
grafana# relayd -dvv
startup
pfe: filter init done
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
relay_load_certfiles: using certificate /etc/ssl/grafana.mydomain.net.crt
relay_load_certfiles: using private key /etc/ssl/private/grafana.mydomain.net.key
parent_tls_ticket_rekey: rekeying tickets
relay_privinit: adding relay www
protocol 1: name www
flags: used, relay flags: tls
tls flags: tlsv1.2, tlsv1.3, cipher-server-preference
tls session tickets: disabled
type: http
match request header "Host" value "grafana.mydomain.net" forward to <lo>
socket_rlimit: max open files 1024
ca_engine_init: using RSA privsep engine
ca_engine_init: using RSA privsep engine
ca_engine_init: using RSA privsep engine
ca_engine_init: using RSA privsep engine
relay_tls_ctx_create: loading certificate
ssl_ctx_fake_private_key: key size 832 not support
Cheers,
Chris
I'm configuring relayd to run grafana vhost (grafana does not
support FastCGI).
My relayd.conf is:
http protocol "www" {
match request header "Host" value "grafana.mydomain.net" forward to <lo>
tls keypair grafana.mydomain.net
}
relay "www" {
listen on wg0 port 443 tls
protocol www
forward to <lo> port 3000
}
# end if relayd.conf
TLS certificate has been generated using easyrsa, and it uses EC algo
with secp384r1 curve.
When I start relayd, it complains about unsupported key size:
ca_engine_init: using RSA privsep engine
...
ssl_ctx_fake_private_key: key size 832 not support
When I use RSA certificate generated using Let's Encrypt, it works.
Does it support EC? Am I doing something wrong?
Full relayd output in verbose mode:
grafana# relayd -dvv
startup
pfe: filter init done
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
relay_load_certfiles: using certificate /etc/ssl/grafana.mydomain.net.crt
relay_load_certfiles: using private key /etc/ssl/private/grafana.mydomain.net.key
parent_tls_ticket_rekey: rekeying tickets
relay_privinit: adding relay www
protocol 1: name www
flags: used, relay flags: tls
tls flags: tlsv1.2, tlsv1.3, cipher-server-preference
tls session tickets: disabled
type: http
match request header "Host" value "grafana.mydomain.net" forward to <lo>
socket_rlimit: max open files 1024
ca_engine_init: using RSA privsep engine
ca_engine_init: using RSA privsep engine
ca_engine_init: using RSA privsep engine
ca_engine_init: using RSA privsep engine
relay_tls_ctx_create: loading certificate
ssl_ctx_fake_private_key: key size 832 not support
Cheers,
Chris