|
|
# $OpenBSD: relayd.conf,v 1.6 2007/02/26 20:43:32 reyk Exp $
|
|
|
#
|
|
|
# Macros
|
|
|
#
|
|
|
ext_addr="192.168.1.1"
|
|
|
webhost1="10.0.0.1"
|
|
|
webhost2="10.0.0.2"
|
|
|
|
|
|
#
|
|
|
# Global Options
|
|
|
#
|
|
|
# interval 10
|
|
|
# timeout 200
|
|
|
# prefork 5
|
|
|
|
|
|
#
|
|
|
# Each table will be mapped to a pf table.
|
|
|
#
|
|
|
table webhosts {
|
|
|
real port http
|
|
|
check http "/" code 200
|
|
|
host $webhost1
|
|
|
host $webhost2
|
|
|
}
|
|
|
|
|
|
table fallback {
|
|
|
real port http
|
|
|
check icmp
|
|
|
host 127.0.0.1
|
|
|
}
|
|
|
|
|
|
#
|
|
|
# Services will be mapped to a rdr rule.
|
|
|
#
|
|
|
service www {
|
|
|
virtual host $ext_addr port http interface trunk0
|
|
|
|
|
|
# tag every packet that goes thru the rdr rule with HOSTSTATED
|
|
|
tag HOSTSTATED
|
|
|
|
|
|
table webhosts
|
|
|
backup table fallback
|
|
|
}
|
|
|
|
|
|
#
|
|
|
# Relays and protocols are used for Layer 7 loadbalancing
|
|
|
#
|
|
|
protocol httpssl {
|
|
|
protocol http
|
|
|
header append "$REMOTE_ADDR" to "X-Forwarded-For"
|
|
|
header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By"
|
|
|
header change "Connection" to "close"
|
|
|
|
|
|
# Various TCP performance options
|
|
|
tcp { nodelay, sack, socket buffer 65536, backlog 128 }
|
|
|
|
|
|
# ssl { no sslv2, sslv3, tlsv1, ciphers HIGH }
|
|
|
# ssl session cache disable
|
|
|
}
|
|
|
|
|
|
relay wwwssl {
|
|
|
# Run as a SSL accelerator
|
|
|
listen on $ext_addr port 443 ssl
|
|
|
protocol httpssl
|
|
|
|
|
|
# Forward to hosts in the webhosts table using a src/dst hash
|
|
|
table webhosts loadbalance
|
|
|
}
|