On Thu, May 02, 2024 at 06:34:51AM -0700, Paul Pace wrote: > Hello! > > I have an OpenBSD server that hosts multiple services listening on various > ports (some projects have their own web server, some projects require a > reverse proxy, some projects just use httpd, etc.). This server receives > requests via relayd on a different server. I was hoping to not insert relayd > between every request to the host, but it's not the end of the world if this > is the only viable solution while using relayd. > > The requests to relayd go to domains (e.g., www.example.com, > serviceone.example.com, servicetwo.example.com, etc.) for web services > (ports 80 and 443), but I cannot figure out a way to specify a port on the > target server to forward requests to when there are multiple ports (e.g., > www is on port 80, serviceone is on port 8080, servicetwo is on port 44443, > etc.). Running relayd -n does not report syntax errors when there are > multiple forward to rules for the same target server with different ports in > the relay block, but I can't find a way to specify which request should go > to which port. > > Thank you, > > Paul >
Not sure if this is what you are looking for but, I use something like this on my relayd.conf: table <www> { 10.17.16.10 } table <serviceone> { 10.17.16.10 } table <servicetwo> { 10.17.16.10 } http protocol "http_revproxy" { match request header "Host" value "www.example.com" forward to <www> match request header "Host" value "serviceone.example.com" forward to <serviceone> } https protocol "https_revproxy" { tls keypair "servicetwo.example.com" match request header "Host" value "servicetwo.example.com" forward to <servicetwo> } relay "http_relay" { listen on re0 port 80 protocol "http_revproxy" forward to <www> port 80 check tcp forward to <serviceone> port 8080 check tcp } relay "https_relay" { listen on re0 port 443 protocol "https_revproxy" forward to <servicetwo> port 8888 check tcp } Three notes: - servicetwo is internally served over simple HTTP (i.e. no TLS) on port 8888. So you get HTTPS between the client and relayd, and HTTP between relayd and the service itself - change re0 to the appropriate interface on the "listen" lines - I find it preferable to have everything going through relayd, especially since in makes it easier for me to centralise the whole TLS certificates dance. --