Annotation of src/etc/relayd.conf, Revision 1.7
1.7 ! reyk 1: # $OpenBSD: hoststated.conf,v 1.6 2007/02/26 20:43:32 reyk Exp $
1.1 pyr 2: #
3: # Macros
4: #
1.6 reyk 5: ext_addr="192.168.1.1"
1.1 pyr 6: webhost1="10.0.0.1"
7: webhost2="10.0.0.2"
1.7 ! reyk 8: sshhost1="10.0.0.3"
1.1 pyr 9:
10: #
11: # Global Options
12: #
13: # interval 10
14: # timeout 200
1.4 reyk 15: # prefork 5
1.1 pyr 16:
17: #
18: # Each table will be mapped to a pf table.
19: #
20: table webhosts {
1.2 pyr 21: real port http
1.1 pyr 22: check http "/" code 200
1.2 pyr 23: host $webhost1
24: host $webhost2
1.1 pyr 25: }
26:
27: table fallback {
1.2 pyr 28: real port http
1.1 pyr 29: check icmp
30: host 127.0.0.1
31: }
32:
33: #
34: # Services will be mapped to a rdr rule.
35: #
36: service www {
1.6 reyk 37: virtual host $ext_addr port http interface trunk0
1.1 pyr 38:
39: # tag every packet that goes thru the rdr rule with HOSTSTATED
40: tag HOSTSTATED
41:
42: table webhosts
43: backup table fallback
1.4 reyk 44: }
45:
46: #
1.7 ! reyk 47: # Relay and protocol for HTTP layer 7 loadbalancing and SSL acceleration
1.4 reyk 48: #
49: protocol httpssl {
1.7 ! reyk 50: protocol http
1.5 reyk 51: header append "$REMOTE_ADDR" to "X-Forwarded-For"
52: header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By"
53: header change "Connection" to "close"
1.4 reyk 54:
1.7 ! reyk 55: # Various TCP performance options
! 56: tcp { nodelay, sack, socket buffer 65536, backlog 128 }
1.4 reyk 57:
58: # ssl { no sslv2, sslv3, tlsv1, ciphers HIGH }
59: # ssl session cache disable
60: }
61:
62: relay wwwssl {
63: # Run as a SSL accelerator
1.6 reyk 64: listen on $ext_addr port 443 ssl
1.4 reyk 65: protocol httpssl
66:
67: # Forward to hosts in the webhosts table using a src/dst hash
68: table webhosts loadbalance
1.7 ! reyk 69: }
! 70:
! 71: #
! 72: # Relay and protocol for simple TCP forwarding on layer 7
! 73: #
! 74: protocol sshtcp {
! 75: protocol tcp
! 76:
! 77: # The TCP_NODELAY option is required for "smooth" terminal sessions
! 78: tcp nodelay
! 79: }
! 80:
! 81: relay sshgw {
! 82: # Run as a simple TCP relay
! 83: listen on $ext_addr port 2222
! 84: protocol sshtcp
! 85:
! 86: # Forward to the shared carp(4) address of an internal gateway
! 87: forward to $sshhost1 port 22
! 88: }
! 89:
! 90: #
! 91: # Relay and protocol for a transparent HTTP proxy
! 92: #
! 93: protocol httpfilter {
! 94: protocol http
! 95: header filter "Mozilla/4.0 (compatible; MSIE *" from "User-Agent"
! 96: response header filter "application/*" from "Content-Type"
! 97: }
! 98:
! 99: relay httpproxy {
! 100: # Listen on localhost, accept redirected connections from pf(4)
! 101: listen on 127.0.0.1 port 8080
! 102: protocol httpfilter
! 103:
! 104: # Forward to the original target host
! 105: nat lookup
1.1 pyr 106: }