This is an old revision of the document!
Suppose you want to have relayd act as a reverse proxy for two different domains served on separate ports. In this case, suppose both www.ircnow.org and bnc.ircnow.org need relayd to provide TLS acceleration, but run on separate ports (1338 and 8080).
ext_addr="192.168.1.1"
webhost="127.0.0.1"
table <www> { $webhost }
table <bnc> { $webhost }
http protocol https {
match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
match request header append "X-Forwarded-By" \
value "$SERVER_ADDR:$SERVER_PORT"
match request header set "Connection" value "close"
# Various TCP options
tcp { sack, backlog 128 }
# tls { no tlsv1.0, ciphers HIGH }
# tls no session tickets
match request header "Host" value "bnc.ircnow.org" forward to <bnc>
match request header "Host" value "www.ircnow.org" forward to <www>
}
relay wwwtls {
# Run as a SSL/TLS accelerator
listen on $ext_addr port 443 tls
protocol https
# Forward to hosts in the table
forward to <bnc> port 1338 mode loadbalance check icmp
forward to <www> port 8080 mode loadbalance check icmp
}
You'll need corresponding TLS certs:
# ln -s /etc/ssl/example.com.fullchain.pem /etc/ssl/192.168.1.1:443.crt # ln -s /etc/ssl/private/example.com.key /etc/ssl/private/192.168.1.1:443.key # rcctl enable relayd # rcctl start relayd
WARNING: Do not have httpd listen on port 443, or else the reverse proxy will fail to forward based on hostname for android and iOS devices!