blob: ff12fe36cb2e631761fa32344eeceef85f3af942 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
# $OpenBSD: relayd.conf,v 1.6 2007/02/26 20:43:32 reyk Exp $
#
# Macros
#
ext_addr="192.168.1.1"
webhost1="10.0.0.1"
webhost2="10.0.0.2"
#
# Global Options
#
# interval 10
# timeout 200
# prefork 5
#
# Each table will be mapped to a pf table.
#
table webhosts {
real port http
check http "/" code 200
host $webhost1
host $webhost2
}
table fallback {
real port http
check icmp
host 127.0.0.1
}
#
# Services will be mapped to a rdr rule.
#
service www {
virtual host $ext_addr port http interface trunk0
# tag every packet that goes thru the rdr rule with HOSTSTATED
tag HOSTSTATED
table webhosts
backup table fallback
}
#
# Relays and protocols are used for Layer 7 loadbalancing
#
protocol httpssl {
protocol http
header append "$REMOTE_ADDR" to "X-Forwarded-For"
header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By"
header change "Connection" to "close"
# Various TCP performance options
tcp { nodelay, sack, socket buffer 65536, backlog 128 }
# ssl { no sslv2, sslv3, tlsv1, ciphers HIGH }
# ssl session cache disable
}
relay wwwssl {
# Run as a SSL accelerator
listen on $ext_addr port 443 ssl
protocol httpssl
# Forward to hosts in the webhosts table using a src/dst hash
table webhosts loadbalance
}
|
