Hi,
I got this VPS here where I'm hosting a bunch of static sites for friends and
family with httpd (Let's Encrypt). Now, however, I've agreed to host a bunch of
Django (Unicorn) and Rails (Puma) apps as well, and I'm starting to think maybe
I've bitten off more than I can chew.
Am I on the right path here? Would anybody mind giving me a nudge in the right
direction?
+----+----------+---------+----------------------+
Internet | pf | relayd | httpd | staticsite1.com:8000 |
| | (80/443) | | staticsite2.com:8000 |
| | | | staticsite3.com:8000 |
| | | | staticsite4.com:8000 |
| | | +----------------------+
| | | Unicorn | djangoapp1.com:7001 |
| | | | djangoapp2.com:7002 |
| | | +----------------------+
| | | Puma | railsapp1.com:6001 |
| | | | railsapp2.com:6002 |
+----+----------+---------+----------------------+
--
# /etc/pf.conf
pass in on $ext_if inet proto tcp from any to $ext_if port { 80, 443 } keep
state
--
# /etc/relayd.conf
my_ip="127.0.0.1"
relayd_port="80"
table <static_sites> { $my_ip }
table <django_apps> { $my_ip }
table <rails_apps> { $my_ip }
http protocol "httpfilter" {
tcp { nodelay, sack, backlog 128 }
return error
match header set "X-Client-IP" value "$REMOTE_ADDR:$REMOTE_PORT"
match header set "X-Forwarded-For" value "$REMOTE_ADDR"
match header set "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"
}
relay "reverseproxy" {
listen on $my_ip port $relayd_port
protocol "httpfilter"
forward to <static_sites> port 8000
forward to <django_apps> port 7001
forward to <django_apps> port 7002
forward to <rails_apps> port 6001
forward to <rails_apps> port 6002
}
--
# /etc/httpd.conf
server "staticsite1.com" {
listen on * port 8000
root "/htdocs/staticsite1.com"
[...]
}
server "staticsite1.com" {
listen on * tls port 443
root "/htdocs/staticsite1.com"
[...]
}
[...]
--
Thanks, Joe
