Here is what I did, which I learned from the httpd & relayd book by Michael W Lucas (I recommend). I cannot remember why I set the top header options, I must have been trying to learn about them. The host ones are to figure out the site and send the connection to the table above.
ext_addr="..." int_addr="127.0.0.1" vm1_addr="192.0.2.11" vm2_addr="192.0.2.12" vm3_addr="192.0.2.13" vm4_addr="192.0.2.14" table <myself> { $int_addr } table <website> { $vm1_addr $vm2_addr $vm3_addr $vm4_addr } # Relay and protocol for HTTP layer 7 loadbalancing and SSL/TLS acceleration http protocol https { # playing with these options match request header append "X-Forwarded-For" value "$REMOTE_ADDR" match request header append "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT" match request header set "Keep-Alive" value "$TIMEOUT" match request header set "Connection" value "close" match request header "Host" value "website.example.com" forward to <website> match request header "Host" value "example.com" forward to <myself> match request header "Host" value "www.example.com" forward to <myself> } relay wwwtls { # Run as a SSL/TLS accelerator listen on $ext_addr port 443 tls protocol https forward to <myself> port 80 check tcp forward to <website> port 80 mode loadbalance check tcp } V/r, Bryan On Thu, Sep 28, 2017 at 7:32 AM, mabi <m...@protonmail.ch> wrote: > Hi, > > I was wondering if it is possible to use relayd as load balancer with TLS > termination for multiple different websites residing on different server. > > From reading the man page I understand that for this purpose I will need > to use one "relay" entity per website which will then have its own "http > protocol" entity. If this is correct, this means I will require one public > IP address per website which seems to me a bit a waste hence my asking. > > The alternative would be to have one "relay" entity but this means I can > only have one "http protocol" entity assigned to it from my understanding. > This also means that I would have to have to use one single SSL certificate > file which includes every CN for each of my website. My feeling tells me > that this does not sound good practice. Then how would relayd know that > website www.website1.com has to be forwarded to the hosts in <table1> and > that website www.website2.com has to be forwarded to the hosts in > <table2>? Would you in the "http protocol" entity filter using the HTTP > "Host" header (such as SNI)? > > Sorry for all these questions but I am trying to find out the best > way/good practice to setup a relayd TLS load balancer for a different > websites/webapps/domains and can't find much documentation about this > specific case. > > Note here that I will be using the acme-client for all of the domains. > > Thanks for your input. > > Best, > Mabi