OpenBSD relayd(8)
“relayd is a daemon to relay and dynamically redirect incoming connections to a target host. Its main purposes are to run as a load-balancer, application layer gateway, or transparent proxy. The daemon is able to monitor groups of hosts for availability, which is determined by checking for a specific service common to a host group. When availability is confirmed, layer 3 and/or layer 7 forwarding services are set up by relayd.”
THIS WILL NOT WORK!
goals:
- setup reverse https proxy
- example for gitea
## setup "/etc/relayd.conf"
table <gitea> { example.com }
http protocol "httpproxy" {
pass request quick header "Host" value "gitea.example.com" \
forward to <gitea>
block
}
relay "proxy" {
listen on example.com port 80
listen on example.com port 443 tls
protocol "httpproxy"
forward to <gitea> port 3000
}
## generate certificate
> openssl req \
-x509 -nodes \
-subj "/C=DE/ST=Germany/L=Magdeburg/O=x33u/OU=webdev/CN=192.168.1.10" \
-newkey rsa:4096 \
-keyout /etc/ssl/private/example.com.key \
-out /etc/ssl/example.com.crt \
-days 365
relayd(8)
auto catch correct certificate when name match FQDN/IP
## testing "relayd.conf" file
> relayd -nf /etc/relayd.conf
## start relayd forced
> rcctl -f start relayd
## enable relayd
> rcctl enable relayd
15-09-2019