Hi, Unfortunately, I already tried using those header settings during my testing. And those don't solve my problem.
What 'match header set "Keep-Alive" value "$TIMEOUT"' does is force
relayd(8) to send a Keep-Alive header to httpd(8). But httpd(8) is
already replying with a "Connection: keep-alive" header. And that does
not prevent relayd(8) to reply to client with two Connection headers,
'Connection: keep-alive' and 'Connection: close\r\n'. Which is still
what makes the client close the connection.
I've attached a wireshark capture of the whole session.
Le Tue, Nov 16, 2021 at 06:25:52AM -0800, Paul Pace a écrit :
> I meant to reply earlier, since no one else did but I am brand-new to
> figuring out how to use relays.
>
> I think what you are looking for is in the relayd.conf(5)[1] examples
> section. Here is one example:
>
> The following configuration would add a relay to forward secure HTTPS
> connections to a pool of HTTP webservers using the loadbalance mode (TLS
> acceleration and layer 7 load balancing). The HTTP protocol definition will
> add two HTTP headers containing address information of the client and the
> server, set the “Keep-Alive” header value to the configured session timeout,
> and include the “sessid” variable in the hash to calculate the target host:
>
> http protocol "https" {
> match header set "X-Forwarded-For" \
> value "$REMOTE_ADDR"
> match header set "X-Forwarded-By" \
> value "$SERVER_ADDR:$SERVER_PORT"
> match header set "Keep-Alive" value "$TIMEOUT"
>
> match query hash "sessid"
>
> pass
> block path "/cgi-bin/index.cgi" value "*command=*"
>
> tls { no tlsv1.0, ciphers "HIGH" }
> }
>
> relay "tlsaccel" {
> listen on www.example.com port 443 tls
> protocol "https"
> forward to <phphosts> port 8080 mode loadbalance check tcp
> }
>
>
> And here is an excerpt from Relayd and Httpd Mastery:
>
> > Set
> > The set option sets an item’s value. Use this to change the value of a
> > HTTP
> > header, a query string, a URL, or anything else relayd can filter on. If
> > the thing
> > doesn’t exist, it gets added. The set option is most commonly used with
> > the
> > match operation.
> >
> > Here I change the Connection header. This header controls if the TCP/IP
> > connection should stay open once the request is granted, or if it should
> > terminate.
> > Many applications set this to keep-alive even if they don’t need it.
> > Here, we tell
> > relayd to rewrite the incoming client request and to make this header
> > always say
> > close.
> > match request header set "Connection" value "close"
>
> And another:
>
> > http protocol https {
> > match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
> > match request header append "X-Forwarded-By" \
> > value "$SERVER_ADDR:$SERVER_PORT"
> > match request header set "Connection" value "close"
> > # Various TCP performance options
> > tcp { nodelay, sack, socket buffer 65536, backlog 128 }
> > }
> > No matter what, we append our relay host’s information to the
> > X-Forwarded-
> > For and X-Forwarded-By headers. If the application doesn’t need these
> > headers,
> > their presence won’t hurt anything.
> >
> > The sample relayd.conf always changes the Connection header to close.
> > This
> > tells the server to answer a single HTTP request per TCP connection. The
> > alternative, keep-alive, tells the server to answer several HTTP
> > requests in a
> > single TCP connection. Putting everything in a single TCP connection
> > decreases
> > the networking overhead, but puts all the load on a single back-end
> > server.
> > Closing the connection with every request increases the networking
> > overhead but
> > spreads it between all of the servers in the farm. Test your application
> > with and
> > without close.
>
> Note the book covers OpenBSD 6.1 and some things have changed, but at least
> for myself I have learned basically how to use the tool, and with the man
> page I am able to figure out configurations for myself better than I ever
> did with nginx or Ubuntu.
>
> [1] https://man.openbsd.org/OpenBSD-7.0/relayd.conf#EXAMPLES
>
> I hope this helps.
> Paul
>
> On 2021-11-12 16:37, Joel Carnat wrote:
> > Hi,
> >
> > I have noticed that relayd(8) sends a "Connection: close" HTTP header
> > even if the backend server has sent a "Connection: keep-alive" HTTP
> > header.
> >
> > Here's my configuration:
> > # cat /etc/httpd.conf
> > server "default" {
> > listen on * port 80
> > location * {
> > root "/htdocs/hugo"
> > }
> > }
> >
> > # cat /etc/relayd.conf
> > ext_addr="127.0.0.1"
> > table <fallback> { 127.0.0.1 }
> > http protocol https {
> > match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
> > match request header append "X-Forwarded-By" \
> > value "$SERVER_ADDR:$SERVER_PORT"
> > tcp { sack, backlog 128 }
> > }
> > relay wwwtls {
> > listen on $ext_addr port 81
> > protocol https
> >
> > forward to <fallback> port http
> > }
> >
> > If I used curl(1) to get resources from httpd(8), it uses only one
> > HTTP connection:
> > # curl -Ivs http://localhost:80/ http://localhost:80/css/all.min.css
> > * Trying 127.0.0.1:80...
> > * Connected to localhost (127.0.0.1) port 80 (#0)
> > > HEAD / HTTP/1.1
> > > Host: localhost
> > > User-Agent: curl/7.79.0
> > > Accept: */*
> > >
> > * Mark bundle as not supporting multiuse
> > < HTTP/1.1 200 OK
> > HTTP/1.1 200 OK
> > < Connection: keep-alive
> > Connection: keep-alive
> > < Content-Length: 7729
> > Content-Length: 7729
> > < Content-Type: text/html
> > Content-Type: text/html
> > < Date: Sat, 13 Nov 2021 00:20:07 GMT
> > Date: Sat, 13 Nov 2021 00:20:07 GMT
> > < Last-Modified: Wed, 27 Oct 2021 07:27:51 GMT
> > Last-Modified: Wed, 27 Oct 2021 07:27:51 GMT
> > < Server: OpenBSD httpd
> > Server: OpenBSD httpd
> >
> > <
> > * Connection #0 to host localhost left intact
> > * Found bundle for host localhost: 0xcdeb98aae80 [serially]
> > * Can not multiplex, even if we wanted to!
> > * Re-using existing connection! (#0) with host localhost
> > * Connected to localhost (127.0.0.1) port 80 (#0)
> > > HEAD /css/all.min.css HTTP/1.1
> > > Host: localhost
> > > User-Agent: curl/7.79.0
> > > Accept: */*
> > >
> > * Mark bundle as not supporting multiuse
> > < HTTP/1.1 200 OK
> > HTTP/1.1 200 OK
> > < Connection: keep-alive
> > Connection: keep-alive
> > < Content-Length: 59344
> > Content-Length: 59344
> > < Content-Type: text/css
> > Content-Type: text/css
> > < Date: Sat, 13 Nov 2021 00:20:07 GMT
> > Date: Sat, 13 Nov 2021 00:20:07 GMT
> > < Last-Modified: Wed, 24 Mar 2021 22:34:18 GMT
> > Last-Modified: Wed, 24 Mar 2021 22:34:18 GMT
> > < Server: OpenBSD httpd
> > Server: OpenBSD httpd
> >
> > <
> > * Connection #0 to host localhost left intact
> >
> > But if I use curl(1) to get the same resources via relayd(8), the
> > connections are closed for each resources:
> > # curl -Ivs http://localhost:81/ http://localhost:81/css/all.min.css
> > * Trying 127.0.0.1:81...
> > * Connected to localhost (127.0.0.1) port 81 (#0)
> > > HEAD / HTTP/1.1
> > > Host: localhost:81
> > > User-Agent: curl/7.79.0
> > > Accept: */*
> > >
> > * Mark bundle as not supporting multiuse
> > < HTTP/1.1 200 OK
> > HTTP/1.1 200 OK
> > < Connection: keep-alive
> > Connection: keep-alive
> > < Connection: close
> > Connection: close
> > < Content-Length: 7729
> > Content-Length: 7729
> > < Content-Type: text/html
> > Content-Type: text/html
> > < Date: Sat, 13 Nov 2021 00:22:24 GMT
> > Date: Sat, 13 Nov 2021 00:22:24 GMT
> > < Last-Modified: Wed, 27 Oct 2021 07:27:51 GMT
> > Last-Modified: Wed, 27 Oct 2021 07:27:51 GMT
> > < Server: OpenBSD httpd
> > Server: OpenBSD httpd
> >
> > <
> > * Closing connection 0
> > * Hostname localhost was found in DNS cache
> > * Trying 127.0.0.1:81...
> > * Connected to localhost (127.0.0.1) port 81 (#1)
> > > HEAD /css/all.min.css HTTP/1.1
> > > Host: localhost:81
> > > User-Agent: curl/7.79.0
> > > Accept: */*
> > >
> > * Mark bundle as not supporting multiuse
> > < HTTP/1.1 200 OK
> > HTTP/1.1 200 OK
> > < Connection: keep-alive
> > Connection: keep-alive
> > < Connection: close
> > Connection: close
> > < Content-Length: 59344
> > Content-Length: 59344
> > < Content-Type: text/css
> > Content-Type: text/css
> > < Date: Sat, 13 Nov 2021 00:22:24 GMT
> > Date: Sat, 13 Nov 2021 00:22:24 GMT
> > < Last-Modified: Wed, 24 Mar 2021 22:34:18 GMT
> > Last-Modified: Wed, 24 Mar 2021 22:34:18 GMT
> > < Server: OpenBSD httpd
> > Server: OpenBSD httpd
> >
> > <
> > * Closing connection 1
> >
> > If I use telnet(1) and send the HTTP commands "by hand", I could see
> > that the HTTP connection was left up and that I could grab several
> > resources ; so the connection is not really closed by relayd(8).
> >
> > Is there a way to tell relayd(8) to not send that extra "Connection:
> > close" header?
> >
> > Thank you,
> > Joel C.
relayd-httpd.pcapng.gz
Description: application/gunzip
