From 14d12619ff7c37923dfb14590aa30d713e8801cc Mon Sep 17 00:00:00 2001
From: reyk <>
Date: Mon, 26 Feb 2007 13:58:31 +0000
Subject: [PATCH] add an relay example

ok pyr@
---
 src/etc/hoststated.conf | 28 +++++++++++++++++++++++++++-
 src/etc/relayd.conf     | 28 +++++++++++++++++++++++++++-
 2 files changed, 54 insertions(+), 2 deletions(-)

diff --git a/src/etc/hoststated.conf b/src/etc/hoststated.conf
index c6a251db..ed3c66fc 100644
--- a/src/etc/hoststated.conf
+++ b/src/etc/hoststated.conf
@@ -1,4 +1,4 @@
-# $OpenBSD: hoststated.conf,v 1.3 2007/02/26 13:04:34 pyr Exp $
+# $OpenBSD: hoststated.conf,v 1.4 2007/02/26 13:58:31 reyk Exp $
 #
 # Macros
 #
@@ -10,6 +10,7 @@ webhost2="10.0.0.2"
 #
 # interval 10
 # timeout 200
+# prefork 5
 
 #
 # Each table will be mapped to a pf table.
@@ -39,3 +40,28 @@ service www {
 	table webhosts
 	backup table fallback
 }
+
+#
+# Relays and protocols are used for Layer 7 loadbalancing
+#
+protocol httpssl {
+        protocol http
+        append "$REMOTE_ADDR" to "X-Forwarded-For"
+        append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By"
+	change "Connection" to "close"
+
+        # Various TCP performance options
+        tcp { nodelay, sack, socket buffer 65536, backlog 128 }
+
+#	ssl { no sslv2, sslv3, tlsv1, ciphers HIGH }
+#	ssl session cache disable
+}
+
+relay wwwssl {
+	# Run as a SSL accelerator
+	listen on 192.168.1.1 port 443 ssl
+	protocol httpssl
+
+	# Forward to hosts in the webhosts table using a src/dst hash
+	table webhosts loadbalance
+}
diff --git a/src/etc/relayd.conf b/src/etc/relayd.conf
index 52eb13b9..21cad067 100644
--- a/src/etc/relayd.conf
+++ b/src/etc/relayd.conf
@@ -1,4 +1,4 @@
-# $OpenBSD: relayd.conf,v 1.3 2007/02/26 13:04:34 pyr Exp $
+# $OpenBSD: relayd.conf,v 1.4 2007/02/26 13:58:31 reyk Exp $
 #
 # Macros
 #
@@ -10,6 +10,7 @@ webhost2="10.0.0.2"
 #
 # interval 10
 # timeout 200
+# prefork 5
 
 #
 # Each table will be mapped to a pf table.
@@ -39,3 +40,28 @@ service www {
 	table webhosts
 	backup table fallback
 }
+
+#
+# Relays and protocols are used for Layer 7 loadbalancing
+#
+protocol httpssl {
+        protocol http
+        append "$REMOTE_ADDR" to "X-Forwarded-For"
+        append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By"
+	change "Connection" to "close"
+
+        # Various TCP performance options
+        tcp { nodelay, sack, socket buffer 65536, backlog 128 }
+
+#	ssl { no sslv2, sslv3, tlsv1, ciphers HIGH }
+#	ssl session cache disable
+}
+
+relay wwwssl {
+	# Run as a SSL accelerator
+	listen on 192.168.1.1 port 443 ssl
+	protocol httpssl
+
+	# Forward to hosts in the webhosts table using a src/dst hash
+	table webhosts loadbalance
+}