Annotation of src/etc/hoststated.conf, Revision 1.6
1.6 ! reyk 1: # $OpenBSD: hoststated.conf,v 1.5 2007/02/26 19:25:25 reyk Exp $
1.1 pyr 2: #
3: # Macros
4: #
1.6 ! reyk 5: ext_addr="192.168.1.1"
1.1 pyr 6: webhost1="10.0.0.1"
7: webhost2="10.0.0.2"
8:
9: #
10: # Global Options
11: #
12: # interval 10
13: # timeout 200
1.4 reyk 14: # prefork 5
1.1 pyr 15:
16: #
17: # Each table will be mapped to a pf table.
18: #
19: table webhosts {
1.2 pyr 20: real port http
1.1 pyr 21: check http "/" code 200
1.2 pyr 22: host $webhost1
23: host $webhost2
1.1 pyr 24: }
25:
26: table fallback {
1.2 pyr 27: real port http
1.1 pyr 28: check icmp
29: host 127.0.0.1
30: }
31:
32: #
33: # Services will be mapped to a rdr rule.
34: #
35: service www {
1.6 ! reyk 36: virtual host $ext_addr port http interface trunk0
1.1 pyr 37:
38: # tag every packet that goes thru the rdr rule with HOSTSTATED
39: tag HOSTSTATED
40:
41: table webhosts
42: backup table fallback
1.4 reyk 43: }
44:
45: #
46: # Relays and protocols are used for Layer 7 loadbalancing
47: #
48: protocol httpssl {
49: protocol http
1.5 reyk 50: header append "$REMOTE_ADDR" to "X-Forwarded-For"
51: header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By"
52: header change "Connection" to "close"
1.4 reyk 53:
54: # Various TCP performance options
55: tcp { nodelay, sack, socket buffer 65536, backlog 128 }
56:
57: # ssl { no sslv2, sslv3, tlsv1, ciphers HIGH }
58: # ssl session cache disable
59: }
60:
61: relay wwwssl {
62: # Run as a SSL accelerator
1.6 ! reyk 63: listen on $ext_addr port 443 ssl
1.4 reyk 64: protocol httpssl
65:
66: # Forward to hosts in the webhosts table using a src/dst hash
67: table webhosts loadbalance
1.1 pyr 68: }