Re: Relayd forward to multiple ports on one target host?

Thu, 02 May 2024 07:04:20 -0700 


On Thu, May 02, 2024 at 06:34:51AM -0700, Paul Pace wrote:
> Hello!
> 
> I have an OpenBSD server that hosts multiple services listening on various
> ports (some projects have their own web server, some projects require a
> reverse proxy, some projects just use httpd, etc.). This server receives
> requests via relayd on a different server. I was hoping to not insert relayd
> between every request to the host, but it's not the end of the world if this
> is the only viable solution while using relayd.
> 
> The requests to relayd go to domains (e.g., www.example.com,
> serviceone.example.com, servicetwo.example.com, etc.) for web services
> (ports 80 and 443), but I cannot figure out a way to specify a port on the
> target server to forward requests to when there are multiple ports (e.g.,
> www is on port 80, serviceone is on port 8080, servicetwo is on port 44443,
> etc.). Running relayd -n does not report syntax errors when there are
> multiple forward to rules for the same target server with different ports in
> the relay block, but I can't find a way to specify which request should go
> to which port.
> 
> Thank you,
> 
> Paul
> 

Not sure if this is what you are looking for but, I use something like
this on my relayd.conf:

    table <www> { 10.17.16.10 }
    table <serviceone> { 10.17.16.10 }
    table <servicetwo> { 10.17.16.10 }

    http protocol "http_revproxy" {
      match request header "Host" value "www.example.com" forward to <www>
      match request header "Host" value "serviceone.example.com" forward to 
<serviceone>
    }
    https protocol "https_revproxy" {
       tls keypair "servicetwo.example.com"
       match request header "Host" value "servicetwo.example.com" forward to 
<servicetwo>
    }

    relay "http_relay" {
      listen on re0 port 80
      protocol "http_revproxy"

      forward to <www> port 80 check tcp
      forward to <serviceone> port 8080 check tcp
    }
    relay "https_relay" {
      listen on re0 port 443
      protocol "https_revproxy"

      forward to <servicetwo> port 8888 check tcp
    }


Three notes:
- servicetwo is internally served over simple HTTP (i.e. no TLS) on port
  8888. So you get HTTPS between the client and relayd, and HTTP between
  relayd and the service itself

- change re0 to the appropriate interface on the "listen" lines

- I find it preferable to have everything going through relayd,
  especially since in makes it easier for me to centralise the whole TLS
  certificates dance.

--

Reply via email to