Paul Pace <p...@mostlybsd.com> writes: > Hello! > > I have an OpenBSD server that hosts multiple services listening on > various ports (some projects have their own web server, some projects > require a reverse proxy, some projects just use httpd, etc.). This > server receives requests via relayd on a different server. I was > hoping to not insert relayd between every request to the host, but > it's not the end of the world if this is the only viable solution > while using relayd. > > The requests to relayd go to domains (e.g., www.example.com, > serviceone.example.com, servicetwo.example.com, etc.) for web services > (ports 80 and 443), but I cannot figure out a way to specify a port on > the target server to forward requests to when there are multiple ports > (e.g., www is on port 80, serviceone is on port 8080, servicetwo is on > port 44443, etc.). Running relayd -n does not report syntax errors > when there are multiple forward to rules for the same target server > with different ports in the relay block, but I can't find a way to > specify which request should go to which port.
Hi, I'm not sure this could answer your issue but here is a sketch of what I'm using on some servers: --8<---------------cut here---------------start------------->8--- table <www> { 127.0.0.1 } table <service-one> { 127.0.0.1 } table <service-two> { 127.0.0.1 } http protocol "secure" { tcp { nodelay, sack, socket buffer 65536, backlog 128 } tls { no tlsv1.0, ciphers HIGH, keypair example.com } # Matching is done here on Host match request quick header "Host" value "example.com" \ forward to <www> match request quick header "Host" value "service1.example.com" \ forward to <service-one> match request quick header "Host" value "service2.example.com" \ forward to <service-two> } relay "secure-proxy" { listen on 0.0.0.0 port 443 tls protocol "secure" # Forward to different services forward with tls to <www> port 80 check tls forward with tls to <service-one> port 8080 check tls forward with tls to <service-two> port 44443 check tls } --8<---------------cut here---------------end--------------->8--- Best regards, -- Manuel Giraud