Annotation of src/etc/hoststated.conf, Revision 1.4
1.4 ! reyk 1: # $OpenBSD: hoststated.conf,v 1.3 2007/02/26 13:04:34 pyr Exp $
1.1 pyr 2: #
3: # Macros
4: #
5: webhost1="10.0.0.1"
6: webhost2="10.0.0.2"
7:
8: #
9: # Global Options
10: #
11: # interval 10
12: # timeout 200
1.4 ! reyk 13: # prefork 5
1.1 pyr 14:
15: #
16: # Each table will be mapped to a pf table.
17: #
18: table webhosts {
1.2 pyr 19: real port http
1.1 pyr 20: check http "/" code 200
1.2 pyr 21: host $webhost1
22: host $webhost2
1.1 pyr 23: }
24:
25: table fallback {
1.2 pyr 26: real port http
1.1 pyr 27: check icmp
28: host 127.0.0.1
29: }
30:
31: #
32: # Services will be mapped to a rdr rule.
33: #
34: service www {
1.3 pyr 35: virtual host 192.168.1.1 port http interface trunk0
1.1 pyr 36:
37: # tag every packet that goes thru the rdr rule with HOSTSTATED
38: tag HOSTSTATED
39:
40: table webhosts
41: backup table fallback
1.4 ! reyk 42: }
! 43:
! 44: #
! 45: # Relays and protocols are used for Layer 7 loadbalancing
! 46: #
! 47: protocol httpssl {
! 48: protocol http
! 49: append "$REMOTE_ADDR" to "X-Forwarded-For"
! 50: append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By"
! 51: change "Connection" to "close"
! 52:
! 53: # Various TCP performance options
! 54: tcp { nodelay, sack, socket buffer 65536, backlog 128 }
! 55:
! 56: # ssl { no sslv2, sslv3, tlsv1, ciphers HIGH }
! 57: # ssl session cache disable
! 58: }
! 59:
! 60: relay wwwssl {
! 61: # Run as a SSL accelerator
! 62: listen on 192.168.1.1 port 443 ssl
! 63: protocol httpssl
! 64:
! 65: # Forward to hosts in the webhosts table using a src/dst hash
! 66: table webhosts loadbalance
1.1 pyr 67: }