This is an old revision of the document!
Suppose you want to have relayd act as a reverse proxy for two different domains served on separate ports. In this case, suppose both git.ircnow.org and bnc3.ircnow.org need relayd to provide TLS acceleration, but run on separate ports (6698 and 8080).
ext_addr="192.168.1.1" webhost="127.0.0.1" table <git> { $webhost } table <bnc3> { $webhost } http protocol https { match request header append "X-Forwarded-For" value "$REMOTE_ADDR" match request header append "X-Forwarded-By" \ value "$SERVER_ADDR:$SERVER_PORT" match request header set "Connection" value "close" # Various TCP options tcp { sack, backlog 128 } # tls { no tlsv1.0, ciphers HIGH } # tls no session tickets match request header "Host" value "bnc3.ircnow.org" forward to <bnc3> match request header "Host" value "git.ircnow.org" forward to <git> } relay wwwtls { # Run as a SSL/TLS accelerator listen on $ext_addr port 443 tls protocol https # Forward to hosts in the table forward to <bnc3> port 6669 mode loadbalance check icmp forward to <git> port 8080 mode loadbalance check icmp }
You'll need corresponding TLS certs:
# ln -s /etc/ssl/bnc3.ircnow.org.fullchain.pem /etc/ssl/192.168.1.1:443.crt # ln -s /etc/ssl/private/bnc3.ircnow.org.key /etc/ssl/private/192.168.1.1:443.key # rcctl enable relayd # rcctl start relayd