Re: relayd.conf and multiple webservers on the inside

2011-04-14 Thread Pete Vickers 
depending on your dns name flexability, another possible alternative is to use
site names like bob.example.com and alice.example.com then you can run both
via a single wildcard SSL cert "*.example.com" on the single IP address.


/Pete


On 14. apr. 2011, at 20:45, Matthew Dempsky  wrote:

> On Thu, Apr 14, 2011 at 11:36 AM, Matthew Dempsky 
wrote:
>> On Thu, Apr 14, 2011 at 11:09 AM, Kevin Chadwick 
wrote:
>>> Are you sure you want to do this. Do you want any ssl on these sites,
>>> because you'll need ugly :port on your ssl urls if you do.
>>
>> Using Subject Alternative Names, you can get a single SSL certificate
>> that covers multiple hostnames.
>
> Alternatively, if someone adds SNI support to relayd, then you could
> still use multiple distinct SSL certificates as well.  The version of
> OpenSSL in base already supports SNI.
>
> Also, both of these solutions assume relayd is the SSL termination
> point for both web sites.  If instead you want the backends to be
> responsible for handling SSL, then yeah, you need to use separate IP
> addresses or ports.

Re: relayd.conf and multiple webservers on the inside

2011-04-14 Thread richardtoohey 
Quoting Fernando Clvarez :

> Hi,
> 
> Is there any way to enable a reverse proxy using relayd to redirect web
> requests to different webservers depending on the http header?
> 
> To clarify: (Internet) 1 IP address -> OpenBSD Box -> 2 Web servers
> (LAN)
> If I point to www.server1.com be redirected to webserver 1, and if I go
> to
> www.server2.com be redirected to webserver2, using the same IP on both
> domain names.
> 
> As relayd.conf protocol section filters to one destination, and relay
> section then applies only one defined protocol, I have no idea on how
> to
> achieve this.

Don't think so, no.  Things might have moved on since this from Stuart, so I'd
love to be told I'm wrong!

http://marc.info/?l=openbsd-misc&m=126278061325299&w=2

> 
> Thank you in advance,

Re: relayd.conf and multiple webservers on the inside

2011-04-14 Thread Matthew Dempsky 
On Thu, Apr 14, 2011 at 11:36 AM, Matthew Dempsky  wrote:
> On Thu, Apr 14, 2011 at 11:09 AM, Kevin Chadwick  
> wrote:
>> Are you sure you want to do this. Do you want any ssl on these sites,
>> because you'll need ugly :port on your ssl urls if you do.
>
> Using Subject Alternative Names, you can get a single SSL certificate
> that covers multiple hostnames.

Alternatively, if someone adds SNI support to relayd, then you could
still use multiple distinct SSL certificates as well.  The version of
OpenSSL in base already supports SNI.

Also, both of these solutions assume relayd is the SSL termination
point for both web sites.  If instead you want the backends to be
responsible for handling SSL, then yeah, you need to use separate IP
addresses or ports.

Re: relayd.conf and multiple webservers on the inside

2011-04-14 Thread Matthew Dempsky 
On Thu, Apr 14, 2011 at 11:09 AM, Kevin Chadwick  wrote:
> Are you sure you want to do this. Do you want any ssl on these sites,
> because you'll need ugly :port on your ssl urls if you do.

Using Subject Alternative Names, you can get a single SSL certificate
that covers multiple hostnames.

Re: relayd.conf and multiple webservers on the inside

2011-04-14 Thread Kevin Chadwick 
On Thu, 14 Apr 2011 18:06:13 +0200
Fernando Clvarez wrote:

> To clarify: (Internet) 1 IP address -> OpenBSD Box -> 2 Web servers  (LAN)
> If I point to  www.server1.com be redirected to webserver 1, and if I go to
> www.server2.com be redirected to webserver2, using the same IP on both
> domain names.

Are you sure you want to do this. Do you want any ssl on these sites,
because you'll need ugly :port on your ssl urls if you do. IPs should
be cheap too.

Another possibility is to have both web servers serving both sites with
session tracking or are these seperately controlled/seperate owners.

relayd.conf and multiple webservers on the inside

2011-04-14 Thread Fernando Álvarez 
Hi,

Is there any way to enable a reverse proxy using relayd to redirect web
requests to different webservers depending on the http header?

To clarify: (Internet) 1 IP address -> OpenBSD Box -> 2 Web servers  (LAN)
If I point to  www.server1.com be redirected to webserver 1, and if I go to
www.server2.com be redirected to webserver2, using the same IP on both
domain names.

As relayd.conf protocol section filters to one destination, and relay
section then applies only one defined protocol, I have no idea on how to
achieve this.

Thank you in advance,