diff options
| author | Paul Buetow <paul@buetow.org> | 2024-12-01 12:06:51 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2024-12-01 12:06:51 +0200 |
| commit | 3813e86bdf45b551a8bae307e4c1e3663461d5d9 (patch) | |
| tree | b666cf12199e014936cc66de5152b073284ba4b4 | |
| parent | 0e5271d40db1838e715e5e9e81acaa83b3164b31 (diff) | |
can relay to f3s
| -rw-r--r-- | frontends/Rexfile | 6 | ||||
| -rw-r--r-- | frontends/etc/relayd.conf.tpl | 25 | ||||
| -rw-r--r-- | frontends/var/nsd/zones/master/foo.zone.zone.tpl | 7 | ||||
| -rw-r--r-- | frontends/var/nsd/zones/master/snonux.foo.zone.tpl | 7 |
4 files changed, 33 insertions, 12 deletions
diff --git a/frontends/Rexfile b/frontends/Rexfile index 0111489..91ac6e8 100644 --- a/frontends/Rexfile +++ b/frontends/Rexfile @@ -73,7 +73,9 @@ our $secrets = sub { read_file './secrets/' . shift }; our @dns_zones = qw/buetow.org dtail.dev foo.zone irregular.ninja snonux.foo paul.cyou/; our @dns_zones_remove = qw//; -our @acme_hosts = qw/buetow.org f3s.buetow.org f3s.snonux.foo git.buetow.org paul.buetow.org dory.buetow.org solarcat.buetow.org fotos.buetow.org znc.buetow.org dtail.dev foo.zone irregular.ninja alt.irregular.ninja snonux.foo/; +our @f3s_hosts = qw/f3s.buetow.org/; # k3s cluster running on FreeBSD in my LAN +our @acme_hosts = qw/buetow.org git.buetow.org paul.buetow.org dory.buetow.org solarcat.buetow.org fotos.buetow.org znc.buetow.org dtail.dev foo.zone irregular.ninja alt.irregular.ninja snonux.foo/; +push @acme_hosts, @f3s_hosts; # UTILITY TASKS @@ -256,7 +258,7 @@ task 'relayd', group => 'frontends', file '/etc/relayd.conf', content => template('./etc/relayd.conf.tpl', - ipv6address => $ipv6address, acme_hosts => \@acme_hosts), + ipv6address => $ipv6address, f3s_hosts => \@f3s_hosts, acme_hosts => \@acme_hosts), owner => 'root', group => 'wheel', mode => '600', diff --git a/frontends/etc/relayd.conf.tpl b/frontends/etc/relayd.conf.tpl index e75efa3..9c86bad 100644 --- a/frontends/etc/relayd.conf.tpl +++ b/frontends/etc/relayd.conf.tpl @@ -4,25 +4,44 @@ log connection our @prefixes = ('', 'www.', 'standby.'); %> -tcp protocol "https" { +# Wireguard endpoints of the k3s cluster nodes running in FreeBSD bhyve Linux VMs +table <f3s> { + 192.168.2.110 +} + +# Local OpenBSD httpd +table <localhost> { + 127.0.0.1 + ::1 +} + +http protocol "https" { <% for my $host (@$acme_hosts) { -%> <% for my $prefix (@prefixes) { -%> tls keypair <%= $prefix.$host -%> <% } -%> <% } -%> tls keypair <%= $hostname.'.'.$domain -%> + +<% for my $host (@$f3s_hosts) { -%> +<% for my $prefix (@prefixes) { -%> + match request header "Host" value "<%= $prefix.$host -%>" forward to <f3s> +<% } -%> +<% } -%> } relay "https4" { listen on <%= $vio0_ip %> port 443 tls protocol "https" - forward to 127.0.0.1 port 8080 + forward to <localhost> port 8080 + forward to <f3s> port 80 check tcp } relay "https6" { listen on <%= $ipv6address->($hostname) %> port 443 tls protocol "https" - forward to ::1 port 8080 + forward to <localhost> port 8080 + forward to <f3s> port 80 check tcp } tcp protocol "gemini" { diff --git a/frontends/var/nsd/zones/master/foo.zone.zone.tpl b/frontends/var/nsd/zones/master/foo.zone.zone.tpl index 1e898b3..a0ce3a8 100644 --- a/frontends/var/nsd/zones/master/foo.zone.zone.tpl +++ b/frontends/var/nsd/zones/master/foo.zone.zone.tpl @@ -18,3 +18,10 @@ www 300 IN A <%= $ips->{current_master}{ipv4} %> ; Enable failover www 300 IN AAAA <%= $ips->{current_master}{ipv6} %> ; Enable failover standby 300 IN A <%= $ips->{current_standby}{ipv4} %> ; Enable failover standby 300 IN AAAA <%= $ips->{current_standby}{ipv6} %> ; Enable failover + +f3s 300 IN A <%= $ips->{current_master}{ipv4} %> ; Enable failover +f3s 300 IN AAAA <%= $ips->{current_master}{ipv6} %> ; Enable failover +www.f3s 300 IN A <%= $ips->{current_master}{ipv4} %> ; Enable failover +www.f3s 300 IN AAAA <%= $ips->{current_master}{ipv6} %> ; Enable failover +standby.f3s 300 IN A <%= $ips->{current_standby}{ipv4} %> ; Enable failover +standby.f3s 300 IN AAAA <%= $ips->{current_standby}{ipv6} %> ; Enable failover diff --git a/frontends/var/nsd/zones/master/snonux.foo.zone.tpl b/frontends/var/nsd/zones/master/snonux.foo.zone.tpl index a1d0083..a9d002a 100644 --- a/frontends/var/nsd/zones/master/snonux.foo.zone.tpl +++ b/frontends/var/nsd/zones/master/snonux.foo.zone.tpl @@ -18,10 +18,3 @@ www 300 IN A <%= $ips->{current_master}{ipv4} %> ; Enable failover www 300 IN AAAA <%= $ips->{current_master}{ipv6} %> ; Enable failover standby 300 IN A <%= $ips->{current_standby}{ipv4} %> ; Enable failover standby 300 IN AAAA <%= $ips->{current_standby}{ipv6} %> ; Enable failover - -f3s 300 IN A <%= $ips->{current_master}{ipv4} %> ; Enable failover -f3s 300 IN AAAA <%= $ips->{current_master}{ipv6} %> ; Enable failover -www.f3s 300 IN A <%= $ips->{current_master}{ipv4} %> ; Enable failover -www.f3s 300 IN AAAA <%= $ips->{current_master}{ipv6} %> ; Enable failover -standby.f3s 300 IN A <%= $ips->{current_standby}{ipv4} %> ; Enable failover -standby.f3s 300 IN AAAA <%= $ips->{current_standby}{ipv6} %> ; Enable failover |