Annotation of src/etc/relayd.conf, Revision 1.5
1.5 ! reyk 1: # $OpenBSD: hoststated.conf,v 1.4 2007/02/26 13:58:31 reyk Exp $
1.1 pyr 2: #
3: # Macros
4: #
5: webhost1="10.0.0.1"
6: webhost2="10.0.0.2"
7:
8: #
9: # Global Options
10: #
11: # interval 10
12: # timeout 200
1.4 reyk 13: # prefork 5
1.1 pyr 14:
15: #
16: # Each table will be mapped to a pf table.
17: #
18: table webhosts {
1.2 pyr 19: real port http
1.1 pyr 20: check http "/" code 200
1.2 pyr 21: host $webhost1
22: host $webhost2
1.1 pyr 23: }
24:
25: table fallback {
1.2 pyr 26: real port http
1.1 pyr 27: check icmp
28: host 127.0.0.1
29: }
30:
31: #
32: # Services will be mapped to a rdr rule.
33: #
34: service www {
1.3 pyr 35: virtual host 192.168.1.1 port http interface trunk0
1.1 pyr 36:
37: # tag every packet that goes thru the rdr rule with HOSTSTATED
38: tag HOSTSTATED
39:
40: table webhosts
41: backup table fallback
1.4 reyk 42: }
43:
44: #
45: # Relays and protocols are used for Layer 7 loadbalancing
46: #
47: protocol httpssl {
48: protocol http
1.5 ! reyk 49: header append "$REMOTE_ADDR" to "X-Forwarded-For"
! 50: header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By"
! 51: header change "Connection" to "close"
1.4 reyk 52:
53: # Various TCP performance options
54: tcp { nodelay, sack, socket buffer 65536, backlog 128 }
55:
56: # ssl { no sslv2, sslv3, tlsv1, ciphers HIGH }
57: # ssl session cache disable
58: }
59:
60: relay wwwssl {
61: # Run as a SSL accelerator
62: listen on 192.168.1.1 port 443 ssl
63: protocol httpssl
64:
65: # Forward to hosts in the webhosts table using a src/dst hash
66: table webhosts loadbalance
1.1 pyr 67: }