relayd not retrying relay's server-side connections

Sun, 06 Aug 2023 10:33:41 -0700 

I'm running relayd with the following relayd.conf on OpenBSD 7.3.

        relay forward_http {
                listen on ::1 port 7200
                forward to 127.0.0.1 port 7204 retry 30
        }

I was hoping it would do this:

- Listen for connections on ::1 port 7200.
- Each time a connection comes in, try up to 31 times to connect
  to 127.0.0.1, and if one of those tries succeeds, forward the
  connection.

(My goal is to smooth over intervals where the 127.0.0.1:7204 service
is restarting: I want connections from outside to stall rather than
fail.)

The forwarding is working, but as far as I can tell relayd is only
trying once to connect to 127.0.0.1:7204. My evidence is that if
nothing is listening on 127.0.0.1:7204 when I try to connect to ::1
port 7200, I get a failure instantly, and "tcpdump -ilo0 tcp" only
shows a couple of messages exchanged rather than 31 attempts.

Am I doing something wrong, or misunderstanding what that "retry"
option is supposed to do?

--------

Optional bonus question:

Even if get that working, I have a further problem: I actually want
to use "forward to <table>" syntax, but there doesn't seem to be a
place for a "retry" option there. The reason I want to use "forward
to <table>" syntax is that want to direct the connection based on
http parameters, and as far as I know that's not possible with
"forward to address" syntax.

Here's a more complete version of what I'm trying to do. It does
what I want, except for retrying when connecting to <fossil>. (In
practice I add three more "relay" stanzas, for all combinations of
http/https and inet/inet6.)

Is there some way to add retries to this?


table <httpd> { ::1 }
table <fossil> { 127.0.0.1 }

http protocol reverse_proxy {
        match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
        match request header append "X-Forwarded-Port" value "$SERVER_PORT"
        pass forward to <httpd>
        pass request header "Host" value "fossil.falsifian.org" \
                forward to <fossil>
        tls { keypair "falsifian.org" }
}

relay reverse_proxy_https_6 {
        listen on ::1 port 7201 tls
        protocol reverse_proxy
        forward to <httpd> port 7203
        forward to <fossil> port 7204
}


-- 
James

Reply via email to