OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 23.7 Legacy Series »
  • Help with relayd plugin
« previous next »
  • Print
Pages: [1]

Author Topic: Help with relayd plugin  (Read 849 times)

sardaukar

  • Newbie
  • *
  • Posts: 8
  • Karma: 0
    • View Profile
Help with relayd plugin
« on: October 13, 2023, 01:06:54 am »
I want to use relayd to forward requests based on domain to either box1 or box2 in my LAN. I tried using HAProxy in the past, but the configuration UI is confusing, so I was looking for alternatives and found relayd - and OPNSense has a plugin for it too, so I tried using it.

Alas, the UI this time is limiting, because I got relayd to work, but had to edit the /usr/local/etc/relayd.conf file by hand. How can I replicate the following config (that works and suits my use case perfectly) on the plugin's UI?

Code: [Select]
# DO NOT EDIT THIS FILE -- OPNsense auto-generated file
ext_addr = REDACTED

log state changes
log connection

table <apu2> { 192.168.1.96 }
table <syno> { 192.168.1.12 }

http protocol "www" {
    match header log "Host"
    match header log "X-Forwarded-For"
    match header log "User-Agent"
    match header log "Referer"
   
    match url log
   
    match request header set "X-Forwarded-For" value "$REMOTE_ADDR"
    match request header set "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"
   
    tcp { nodelay, socket buffer 65536, backlog 100 }

    http websockets

    pass request quick header "Host" value "*.domain1"  forward to <syno>
    pass request quick header "Host" value "*.domain2" forward to <apu2>
 
    block
}

http protocol "wwwtls" {
  match header log "Host"
  match header log "X-Forwarded-For"
  match header log "User-Agent"
  match header log "Referer"
 
  match url log
 
  match header set "X-Forwarded-For" value "$REMOTE_ADDR"
  match header set "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"
  match header set "Keep-Alive" value "$TIMEOUT"

  http websockets

  tls keypair domain1
  tls keypair domain2

  tcp { nodelay, socket buffer 65536, backlog 100 }

  match request header set "X-Forwarded-Proto" value "http"

  pass request quick header "Host" value "*.domain1"  forward to <syno>
  pass request quick header "Host" value "*.domain2" forward to <apu2>

  block
}

relay "www" {
  listen on $ext_addr port 80
  protocol "www"
  forward to <apu2> port 80 check tcp
  forward to <syno> port 180 check tcp
}

relay "wwwtls" {
  listen on $ext_addr port 443 tls
  protocol "wwwtls"
  forward to <syno> port 180 check tcp
  forward to <apu2> port 80 check tcp
}
« Last Edit: October 13, 2023, 03:30:31 am by sardaukar »
Logged

sardaukar

  • Newbie
  • *
  • Posts: 8
  • Karma: 0
    • View Profile
Re: Help with relayd plugin
« Reply #1 on: October 13, 2023, 03:29:32 am »
I just realized that this config crashes after a while :-\ I think because too many connections stay open. I saw that you can add

Code: [Select]
match response header set "Connection" value "close"

but that kills Websocket connections, so I tag those and then change the header value back. Final (for now :D) version:

Code: [Select]
# DO NOT EDIT THIS FILE -- OPNsense auto-generated file
ext_addr = 0.0.0.0

log state changes
log connection

table <apu2> { 192.168.1.96 }
table <syno> { 192.168.1.12 }

http protocol "www" {
  match header log "Host"
  match header log "X-Forwarded-For"
  match header log "User-Agent"
  match header log "Referer"

  match url log

  match request header set "X-Forwarded-For" value "$REMOTE_ADDR"
  match request header set "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"

  tcp { nodelay, socket buffer 65536, backlog 100 }

  pass request quick header "Host" value "*.domain1" forward to <syno>
  pass request quick header "Host" value "*.domain2" forward to <apu2>

  return error

  block
}

http protocol "wwwtls" {
  match header log "Host"
  match header log "X-Forwarded-For"
  match header log "User-Agent"
  match header log "Referer"
  match url log

  match header set "X-Forwarded-For" value "$REMOTE_ADDR"
  match header set "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"
  match header set "Keep-Alive" value "$TIMEOUT"

  http websockets

  match request header "Connection" value "*Upgrade*" tag "ws"

  tls keypair domain1
  tls keypair domain2

  tcp { nodelay, socket buffer 65536, backlog 100 }

  match request header set "X-Forwarded-Proto" value "http"

  match response header set "Connection" value "close"
  match response tagged "ws" header set "Connection" value "keep-alive, Upgrade"

  pass request quick header "Host" value "*.domain1" forward to <syno>
  pass request quick header "Host" value "*.domain2" forward to <apu2>

  return error
  block
}

relay "www" {
  listen on $ext_addr port 80

  protocol "www"

  forward to <apu2> port 80 check tcp
  forward to <syno> port 180 check tcp
}

relay "wwwtls" {
  listen on $ext_addr port 443 tls

  protocol "wwwtls"

  forward to <apu2> port 80 check tcp
  forward to <syno> port 180 check tcp
}
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 23.7 Legacy Series »
  • Help with relayd plugin
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2