Hi all,
I'm try to reproduce such a setup with relayd on OpenBSD 5.7-current.
Many change between the latest stable and the -current... I followed
changes in relayd.conf(5) but i'm still not able to get a working solution.
This is a draft, my first contact with relayd. My objective is to use
one virtual IPv4 public address to reach multiple webservices.
here is my relayd.conf, the behavior is quite simple, every GET goes on
web1 host, any clue ?
table <web1> { 192.168.228.73 }
table <web2> { 192.168.228.50 }
http protocol "http_tls" {
match header append "X-Forwarded-For" value "$REMOTE_ADDR"
match header append "X-Forwarded-By" value
"$REMOTE_ADDR:$SERVER_PORT"
match header set "Keep-Alive" value "$TIMEOUT"
match request url "web1/" forward to <web1>
match request url "web2/" forward to <web2>
tls { tlsv1, ciphers "MEDIUM:HIGH" }
tls ca key "/etc/ssl/private/server.key" password "ReallyWantIt?"
tls ca cert "/etc/ssl/ca.crt"
}
relay "tls_accel" {
listen on 192.168.228.101 port 443 tls
protocol "http_tls"
forward to <web1> port 80 check tcp
forward to <web2> port 80 check tcp
}
Frédéric.
Le 11/07/2014 14:12, Reyk Floeter a écrit :
> Hi,
>
> On Fri, Jun 20, 2014 at 10:35:13PM -0400, Predrag Punosevac wrote:
>> I am seriously reading realyd man pages for the first time in my life.
>> Namely I am after url suffix redirection. I will try to explain little
>> bit better.
>>
>> I have close to 10 virtual hosts running behind OpenBSD firewall which
>> has a single public IP address. My boss insists that all virtual hosts
>> be reachable on the port 80. Can relayd do url suffix redirection? What
>> I mean is a map:
>>
>> www.autonlab.org ----> 10.0.0.0 host
>> www.autonlab.org/web1 ----> 10.0.0.1 host
>> www.autonlab.org/web2 ----> 10.0.0.2 host
>> www.autonlab.org/web3 ----> 10.0.0.3 host
>>
>> and so on. Until now I was using nginx as a proxy and port redirection
>>
>> www.autonlab.org ----> 10.0.0.0
>> www.autonlab.org:8080 ----> 10.0.0.1
>>
>> and so on so forth.
>>
> I didn't answer before because it was not supported by relayd but I
> was working on the filter upgrade that got committed yesterday.
>
> Your mail was almost a month ago, so you probably found another
> solution now, but it works in -current and the upcoming release with
> something like the following:
>
> ---snip---
> table <web0> { 10.0.0.0 }
> table <web1> { 10.0.0.1 }
> table <web2> { 10.0.0.2 }
> table <web3> { 10.0.0.3 }
>
> http protocol autonlab {
> return error
> pass
> match request patch "/web1*" forward to <web1>
> match request patch "/web2*" forward to <web2>
> match request patch "/web3*" forward to <web3>
> }
>
> relay autonlab {
> listen on 128.2.204.171 port 80
> protocol autonlab
>
> # Main server table
> forward to <web0> check tcp port 80
>
> # Additional server tables used by custom rules
> forward to <web1> check tcp port 80
> forward to <web2> check tcp port 80
> forward to <web3> check tcp port 80
> }
> ---snap---
>
> Reyk
--
Frédéric URBAN
*Frédéric URBAN*
Ingénieur Réseaux
frederic.ur...@ircad.fr <mailto:frederic.ur...@ircad.fr>
Tél. : +33 (0)3 88 119 038
IRCAD France
http://www.ircad.fr/ <http://www.ircad.fr/>
Suivez l'IRCAD sur Facebook
<http://www.facebook.com/pages/IRCAD/193785273990141>
*IRCAD France*
Hôpitaux Universitaires - 1, place de l'Hôpital - 67091 Strasbourg Cedex
- FRANCE
