Hi. This is relayd on OpenBSD amd64/current. I am trying to use

I stumbled across the same issue with Reliability Fix <a class="issue-link js-issue-li

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

<a class="user-mention notranslate" data-hovercard-type="user" data-hover

cannot match multiple URLs about relayd HOT 8 CLOSED

ajacoutot commented on September 28, 2024

cannot match multiple URLs

from relayd.

Comments (8)

ajacoutot commented on September 28, 2024 1

florian@ was able to figure out a working configuration but none of use could make sense of the "url" keyword.
Anyway, this construct works:
match request header "Host" value "www.domain1.tld" forward to
match request header "Host" value "www.domain2.tld" forward to

from relayd.

reyk commented on September 28, 2024

Sorry, I didn't look at the Issues here before.
Is this still open?

Are you mixing HTTP and HTTPS forwards in one relay? This is not supposed to be supported. Does it work with two non-ssl forwards?

Please also note that "ssl" has been renamed to "tls" in current.

from relayd.

ajacoutot commented on September 28, 2024

On Tue, Jan 06, 2015 at 07:07:41AM -0800, Reyk Floeter wrote:

Sorry, I didn't look at the Issues here before.
Is this still open?

Yes...

Are you mixing HTTP and HTTPS forwards in one relay? This is not
supposed to be supported. Does it work with two non-ssl forwards?

Well, that was my initial example, but even not mixing http/https does not work.
See below for the smallest config I could come with that reproduces the issue.

Please also note that "ssl" has been renamed to "tls" in current.

Yeah, I know :-)

With this config, I always end up on the same server:

table { 192.168.1.1 }
table { 192.168.1.2 }

http protocol vhost {
match url "srv1.example.com" forward to
match url "srv2.example.com" forward to
}

relay vhost {
listen on 0.0.0.0 port www
protocol vhost
forward to port www
forward to port www
}

Antoine

from relayd.

frederic-urban commented on September 28, 2024

Same Here, confirmed with -current ;)

from relayd.

hb9cwp commented on September 28, 2024

I stumbled across the same issue with Reliability Fix #15 applied to relayd on 5.7 i386 -stable with a "SSL acceleration" relay.

Now I have cherry-picked this fix from 5.8/-current for the regression which haunted me for hours
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/relayd/relayd.c.diff?r1=1.142&r2=1.143
It seems to solve my problem. Currently, I am still testing from various browsers & sites which appears to be a bit tricky due caching, etc. ...

/etc/relayd.conf 
...
http protocol httpsProto {
 tcp {nodelay, sack, socket buffer 65536, backlog 128}
 tls {no sslv3, tlsv1, no edh, ciphers 'HIGH:!aNULL', no client-renegotiation, cipher-server-preference}
 return error
 match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
 match request header append "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"
 ...
 match request path "/rs/cacti/*" forward to <cactiHosts>
 pass
}

relay httpsRelayExt {
 listen on $extAddr port 443 tls
 protocol httpsProto
 forward to <webHosts> port 80  mode hash  check tcp  interval 20
 forward to <cactiHosts> port 80  check tcp  interval 60
}

see also example /etc/relayd.conf and description of patch:
Small bug in relayd's forward to option to http rules (patch included)
J. Fischer Sun, 15 Mar 2015 10:42:56 -0700
https://www.mail-archive.com/[email protected]/msg05530.html

from relayd.

flipchan commented on September 28, 2024

@ajacoutot how did your working config file look like?
im having the same problem here, im trying to get relayd to forward to different host based on the http Host header

from relayd.

ajacoutot commented on September 28, 2024

@ajacoutot how did your working config file look like?
im having the same problem here, im trying to get relayd to forward to different host based on the http Host header

I am using this:

table <srv1> { 192.168.0.1 }
table <srv2> { 192.168.0.2 }

http protocol vhost {
        match request header "Host" value "srv1.domain.tld" forward to <srv1>
        match request header "Host" value "srv2.domain.tld" forward to <srv2>
}

relay vhost {
        listen on egress port 443 tls
        protocol vhost
        forward with tls to <srv1> port https check icmp
        forward with tls to <srv2> port https check icmp
}

from relayd.

flipchan commented on September 28, 2024

i got it working without tls with this :)
so now i only need to get it running with different tls certificates

@ajacoutot how did your working config file look like?
im having the same problem here, im trying to get relayd to forward to different host based on the http Host header

I am using this:

table <srv1> { 192.168.0.1 }
table <srv2> { 192.168.0.2 }

http protocol vhost {
        match request header "Host" value "srv1.domain.tld" forward to <srv1>
        match request header "Host" value "srv2.domain.tld" forward to <srv2>
}

relay vhost {
        listen on egress port 443 tls
        protocol vhost
        forward with tls to <srv1> port https check icmp
        forward with tls to <srv2> port https check icmp
}

from relayd.

cannot match multiple URLs about relayd HOT 8 CLOSED

Comments (8)

Related Issues (18)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent