Hi all,
I'm try to reproduce such a setup with relayd on OpenBSD 5.7-current.
Many change between the latest stable and the -current... I followed
changes in relayd.conf(5) but i'm still not able to get a working solution.
This is a draft, my first contact with relayd. My objective is to use
one virtual IPv4 public address to reach multiple webservices.
here is my relayd.conf, the behavior is quite simple, every GET goes on
web1 host, any clue ?
table web1 { 192.168.228.73 }
table web2 { 192.168.228.50 }
http protocol http_tls {
match header append X-Forwarded-For value $REMOTE_ADDR
match header append X-Forwarded-By value
$REMOTE_ADDR:$SERVER_PORT
match header set Keep-Alive value $TIMEOUT
match request url web1/ forward to web1
match request url web2/ forward to web2
tls { tlsv1, ciphers MEDIUM:HIGH }
tls ca key /etc/ssl/private/server.key password ReallyWantIt?
tls ca cert /etc/ssl/ca.crt
}
relay tls_accel {
listen on 192.168.228.101 port 443 tls
protocol http_tls
forward to web1 port 80 check tcp
forward to web2 port 80 check tcp
}
Frédéric.
Le 11/07/2014 14:12, Reyk Floeter a écrit :
Hi,
On Fri, Jun 20, 2014 at 10:35:13PM -0400, Predrag Punosevac wrote:
I am seriously reading realyd man pages for the first time in my life.
Namely I am after url suffix redirection. I will try to explain little
bit better.
I have close to 10 virtual hosts running behind OpenBSD firewall which
has a single public IP address. My boss insists that all virtual hosts
be reachable on the port 80. Can relayd do url suffix redirection? What
I mean is a map:
www.autonlab.org 10.0.0.0 host
www.autonlab.org/web1 10.0.0.1 host
www.autonlab.org/web2 10.0.0.2 host
www.autonlab.org/web3 10.0.0.3 host
and so on. Until now I was using nginx as a proxy and port redirection
www.autonlab.org 10.0.0.0
www.autonlab.org:8080 10.0.0.1
and so on so forth.
I didn't answer before because it was not supported by relayd but I
was working on the filter upgrade that got committed yesterday.
Your mail was almost a month ago, so you probably found another
solution now, but it works in -current and the upcoming release with
something like the following:
---snip---
table web0 { 10.0.0.0 }
table web1 { 10.0.0.1 }
table web2 { 10.0.0.2 }
table web3 { 10.0.0.3 }
http protocol autonlab {
return error
pass
match request patch /web1* forward to web1
match request patch /web2* forward to web2
match request patch /web3* forward to web3
}
relay autonlab {
listen on 128.2.204.171 port 80
protocol autonlab
# Main server table
forward to web0 check tcp port 80
# Additional server tables used by custom rules
forward to web1 check tcp port 80
forward to web2 check tcp port 80
forward to web3 check tcp port 80
}
---snap---
Reyk
--
Frédéric URBAN
*Frédéric URBAN*
Ingénieur Réseaux
frederic.ur...@ircad.fr mailto:frederic.ur...@ircad.fr
Tél. : +33 (0)3 88 119 038
IRCAD France
http://www.ircad.fr/ http://www.ircad.fr/
Suivez l'IRCAD sur Facebook
http://www.facebook.com/pages/IRCAD/193785273990141
*IRCAD France*
Hôpitaux Universitaires - 1, place de l'Hôpital - 67091 Strasbourg Cedex
- FRANCE