Re: Relayd forward to multiple ports on one target host?

Thu, 02 May 2024 07:33:35 -0700 

Paul Pace <p...@mostlybsd.com> writes:

> Hello!
>
> I have an OpenBSD server that hosts multiple services listening on
> various ports (some projects have their own web server, some projects
> require a reverse proxy, some projects just use httpd, etc.). This
> server receives requests via relayd on a different server. I was
> hoping to not insert relayd between every request to the host, but
> it's not the end of the world if this is the only viable solution
> while using relayd.
>
> The requests to relayd go to domains (e.g., www.example.com,
> serviceone.example.com, servicetwo.example.com, etc.) for web services
> (ports 80 and 443), but I cannot figure out a way to specify a port on
> the target server to forward requests to when there are multiple ports
> (e.g., www is on port 80, serviceone is on port 8080, servicetwo is on
> port 44443, etc.). Running relayd -n does not report syntax errors
> when there are multiple forward to rules for the same target server
> with different ports in the relay block, but I can't find a way to
> specify which request should go to which port.

Hi,

I'm not sure this could answer your issue but here is a sketch of what
I'm using on some servers:

--8<---------------cut here---------------start------------->8---
table <www> { 127.0.0.1 }
table <service-one> { 127.0.0.1 }
table <service-two> { 127.0.0.1 }

http protocol "secure" {
     tcp { nodelay, sack, socket buffer 65536, backlog 128 }
     tls { no tlsv1.0, ciphers HIGH, keypair example.com }

     # Matching is done here on Host
     match request quick header "Host" value "example.com" \
           forward to <www>
     match request quick header "Host" value "service1.example.com" \
           forward to <service-one>
     match request quick header "Host" value "service2.example.com" \
           forward to <service-two>
}

relay "secure-proxy" {
      listen on 0.0.0.0 port 443 tls
      protocol "secure"

      # Forward to different services
      forward with tls to <www> port 80 check tls
      forward with tls to <service-one> port 8080 check tls
      forward with tls to <service-two> port 44443 check tls
}
--8<---------------cut here---------------end--------------->8---

Best regards,
-- 
Manuel Giraud

Reply via email to