Comments (8)
florian@ was able to figure out a working configuration but none of use could make sense of the "url" keyword.
Anyway, this construct works:
match request header "Host" value "www.domain1.tld" forward to
match request header "Host" value "www.domain2.tld" forward to
from relayd.
Sorry, I didn't look at the Issues here before.
Is this still open?
Are you mixing HTTP and HTTPS forwards in one relay? This is not supposed to be supported. Does it work with two non-ssl forwards?
Please also note that "ssl" has been renamed to "tls" in current.
from relayd.
On Tue, Jan 06, 2015 at 07:07:41AM -0800, Reyk Floeter wrote:
Sorry, I didn't look at the Issues here before.
Is this still open?
Yes...
Are you mixing HTTP and HTTPS forwards in one relay? This is not
supposed to be supported. Does it work with two non-ssl forwards?
Well, that was my initial example, but even not mixing http/https does not work.
See below for the smallest config I could come with that reproduces the issue.
Please also note that "ssl" has been renamed to "tls" in current.
Yeah, I know :-)
With this config, I always end up on the same server:
table { 192.168.1.1 }
table { 192.168.1.2 }
http protocol vhost {
match url "srv1.example.com" forward to
match url "srv2.example.com" forward to
}
relay vhost {
listen on 0.0.0.0 port www
protocol vhost
forward to port www
forward to port www
}
Antoine
from relayd.
Same Here, confirmed with -current ;)
from relayd.
I stumbled across the same issue with Reliability Fix #15 applied to relayd on 5.7 i386 -stable with a "SSL acceleration" relay.
Now I have cherry-picked this fix from 5.8/-current for the regression which haunted me for hours
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/relayd/relayd.c.diff?r1=1.142&r2=1.143
It seems to solve my problem. Currently, I am still testing from various browsers & sites which appears to be a bit tricky due caching, etc. ...
/etc/relayd.conf
...
http protocol httpsProto {
tcp {nodelay, sack, socket buffer 65536, backlog 128}
tls {no sslv3, tlsv1, no edh, ciphers 'HIGH:!aNULL', no client-renegotiation, cipher-server-preference}
return error
match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
match request header append "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"
...
match request path "/rs/cacti/*" forward to <cactiHosts>
pass
}
relay httpsRelayExt {
listen on $extAddr port 443 tls
protocol httpsProto
forward to <webHosts> port 80 mode hash check tcp interval 20
forward to <cactiHosts> port 80 check tcp interval 60
}
see also example /etc/relayd.conf and description of patch:
Small bug in relayd's forward to option to http rules (patch included)
J. Fischer Sun, 15 Mar 2015 10:42:56 -0700
https://www.mail-archive.com/[email protected]/msg05530.html
from relayd.
@ajacoutot how did your working config file look like?
im having the same problem here, im trying to get relayd to forward to different host based on the http Host header
from relayd.
@ajacoutot how did your working config file look like?
im having the same problem here, im trying to get relayd to forward to different host based on the http Host header
I am using this:
table <srv1> { 192.168.0.1 }
table <srv2> { 192.168.0.2 }
http protocol vhost {
match request header "Host" value "srv1.domain.tld" forward to <srv1>
match request header "Host" value "srv2.domain.tld" forward to <srv2>
}
relay vhost {
listen on egress port 443 tls
protocol vhost
forward with tls to <srv1> port https check icmp
forward with tls to <srv2> port https check icmp
}
from relayd.
i got it working without tls with this :)
so now i only need to get it running with different tls certificates
@ajacoutot how did your working config file look like?
im having the same problem here, im trying to get relayd to forward to different host based on the http Host headerI am using this:
table <srv1> { 192.168.0.1 } table <srv2> { 192.168.0.2 } http protocol vhost { match request header "Host" value "srv1.domain.tld" forward to <srv1> match request header "Host" value "srv2.domain.tld" forward to <srv2> } relay vhost { listen on egress port 443 tls protocol vhost forward with tls to <srv1> port https check icmp forward with tls to <srv2> port https check icmp }
from relayd.
Related Issues (18)
- "relayctl host disable" only disables host for one port
- Too many CLOSE_WAIT connections HOT 2
- relayd can't load certificates HOT 2
- relayctl reload causes relayd to "hang" HOT 1
- Redirect in relayd? HOT 3
- Add support for ECDSA server certificates HOT 1
- IPv6 and SSL certificates HOT 3
- relay http persistent connection HOT 1
- Relayd seems to strip away content from http payload. HOT 3
- SNI support HOT 2
- Better syntax errors
- relayd does not function with OpenSSL 1.1.x
- Redirect host with specific url HOT 1
- relayd MITM/TLS Inspection does not currently appear to support SNI
- Different rules in one relay seem to be interfering when the [with tls] option is used.
- mixing HTTP and HTTPS forwards in one/two relays HOT 1
- Repo out of date?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from relayd.