box.matto.nl
Enjoying Open Source Software

Relayd config to forward traffic for two different FQDNs to two different ports on the same machine

This week had to come up with a relayd config on OpenBSD to forward incoming traffic over port 443 for two different FQDN's to two different ports on the same host.

Two different subdomain names to same host

So let's say that incoming traffic over port 443 for both name1.example.com and name2.example.com has to be forwarded to host 1.2.3.4, and that incoming traffic over port 443 for other.example.com has to be forwarded to host 1.2.4.5.

Two different ports

Let us say that incoming traffic over port 443 for name1.example.com has to be forwarded to port 4040 on host 1.2.3.4, and that incoming traffic over port 443 for name1.example.com has to be forwarded to port 8080 on the same host 1.2.3.4.

And that that incoming traffic over port 443 for other.example.com has to be forwarded to port 80 on the host 1.2.4.5.

Use a macro per FQDN

The solution I came up with, is the use of macros.

table <name1> { 1.2.3.4 }
table <name2> { 1.2.3.4 }
table <other> { 1.2.4.5 }

Forward to macro-names

Now we can set up some rules:

http protocol "twonames" {
    match header set "X-Forwarded-For" value "$REMOTE_ADDR"
    match header set "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"
    ...

    pass request quick header "Host" value "name1.example.com" forward to <name1>
    pass request quick header "Host" value "name2.example.com" forward to <name2>
    pass request quick header "Host" value "other.example.com" forward to <other>
    ...
}

Setup relay config

relay wwwtls {
    listen on $ext_ip port https tls
    protocol twonames
    forward to <name1>  port 4040
    forward to <name2>  port 8080
    forward to <other>  port   80
}

It works

In hindsight this looks easy, but it took my some time to figure out. Also, I don't know if this is the preferred way to do this. But it works :)

Tags: