Fincer
/
openntpd-openbsd
mirror of https://github.com/Fincer/openntpd-openbsd
1
0
Fork 0
Code Issues 0 Projects 0 Releases 61 Wiki Activity
Browse Source

some changes to the relayd.conf configuration language and grammar. 

the tables will look more like pf tables, it is easier to re-use
tables with different options, "services" will become "redirections"
(they refer to rdr pf rules), sync configuration directives of
redirect (l3, ex-service) relay (l7) sections (for example "virtual
host" will become "listen on"), all target definitions will start with
"forward to", etc. pp. (see relay.conf(5) and etc/relayd.conf)
discussed with pyr and deraadt
ok pyr@
OPENBSD_4_3
reyk 17 years ago
parent
ba22e1efe9
commit
ce21ececea
1 changed files with 13 additions and 27 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +13
    -27
      src/etc/relayd.conf

+ 13
- 27
src/etc/relayd.conf View File

@ -1,4 +1,4 @@
# $OpenBSD: relayd.conf,v 1.10 2007/12/07 17:17:00 reyk Exp $
# $OpenBSD: relayd.conf,v 1.11 2007/12/08 17:07:08 reyk Exp $
# #
# Macros # Macros
# #
@ -17,37 +17,26 @@ sshhost1="10.0.0.3"
# #
# Each table will be mapped to a pf table. # Each table will be mapped to a pf table.
# #
table webhosts {
real port http
check http "/" code 200
host $webhost1
host $webhost2
}
table fallback {
real port http
check icmp
host 127.0.0.1
}
table <webhosts> { $webhost1 $webhost2 }
table <fallback> { 127.0.0.1 }
# #
# Services will be mapped to a rdr rule. # Services will be mapped to a rdr rule.
# #
service www {
virtual host $ext_addr port http interface trunk0
redirect www {
listen on $ext_addr port http interface trunk0
# tag every packet that goes thru the rdr rule with RELAYD # tag every packet that goes thru the rdr rule with RELAYD
tag RELAYD tag RELAYD
table webhosts
backup table fallback
forward to <webhosts> check http "/" code 200
forward to <fallback> check icmp
} }
# #
# Relay and protocol for HTTP layer 7 loadbalancing and SSL acceleration # Relay and protocol for HTTP layer 7 loadbalancing and SSL acceleration
# #
protocol httpssl {
protocol http
http protocol httpssl {
header append "$REMOTE_ADDR" to "X-Forwarded-For" header append "$REMOTE_ADDR" to "X-Forwarded-For"
header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By" header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By"
header change "Connection" to "close" header change "Connection" to "close"
@ -65,15 +54,14 @@ relay wwwssl {
protocol httpssl protocol httpssl
# Forward to hosts in the webhosts table using a src/dst hash # Forward to hosts in the webhosts table using a src/dst hash
table webhosts loadbalance
forward to <webhosts> port http mode loadbalance \
check http "/" code 200
} }
# #
# Relay and protocol for simple TCP forwarding on layer 7 # Relay and protocol for simple TCP forwarding on layer 7
# #
protocol sshtcp {
protocol tcp
tcp protocol sshtcp {
# The TCP_NODELAY option is required for "smooth" terminal sessions # The TCP_NODELAY option is required for "smooth" terminal sessions
tcp nodelay tcp nodelay
} }
@ -90,9 +78,7 @@ relay sshgw {
# #
# Relay and protocol for a transparent HTTP proxy # Relay and protocol for a transparent HTTP proxy
# #
protocol httpfilter {
protocol http
http protocol httpfilter {
# Return HTTP/HTML error pages to the client # Return HTTP/HTML error pages to the client
return error return error
@ -115,5 +101,5 @@ relay httpproxy {
protocol httpfilter protocol httpfilter
# Forward to the original target host # Forward to the original target host
nat lookup
forward to nat lookup
} }

Write Preview
Loading…
Cancel
Save