can relay to f3s

author: Paul Buetow <paul@buetow.org> 2024-12-01 12:06:51 +0200
committer: Paul Buetow <paul@buetow.org> 2024-12-01 12:06:51 +0200
commit: 3813e86bdf45b551a8bae307e4c1e3663461d5d9 (patch)
tree: b666cf12199e014936cc66de5152b073284ba4b4 /frontends/etc
parent: 0e5271d40db1838e715e5e9e81acaa83b3164b31 (diff)
1 files changed, 22 insertions, 3 deletions
diff --git a/frontends/etc/relayd.conf.tpl b/frontends/etc/relayd.conf.tpl
index e75efa3..9c86bad 100644
--- a/frontends/etc/relayd.conf.tpl
+++ b/frontends/etc/relayd.conf.tpl
@@ -4,25 +4,44 @@ log connection
   our @prefixes = ('', 'www.', 'standby.');
 %>
 
-tcp protocol "https" {
+# Wireguard endpoints of the k3s cluster nodes running in FreeBSD bhyve Linux VMs
+table <f3s> {
+  192.168.2.110
+}
+
+# Local OpenBSD httpd
+table <localhost> {
+  127.0.0.1
+  ::1
+}
+
+http protocol "https" {
 <% for my $host (@$acme_hosts) { -%>
 <%   for my $prefix (@prefixes) { -%>
     tls keypair <%= $prefix.$host -%>
 <%   } -%>
 <% } -%>
     tls keypair <%= $hostname.'.'.$domain -%>
+
+<% for my $host (@$f3s_hosts) { -%>
+<%   for my $prefix (@prefixes) { -%>
+    match request header "Host" value "<%= $prefix.$host -%>" forward to <f3s>
+<%   } -%>
+<% } -%>
 }
 
 relay "https4" {
     listen on <%= $vio0_ip %> port 443 tls
     protocol "https"
-    forward to 127.0.0.1 port 8080
+    forward to <localhost> port 8080
+    forward to <f3s> port 80 check tcp
 }
 
 relay "https6" {
     listen on <%= $ipv6address->($hostname) %> port 443 tls
     protocol "https"
-    forward to ::1 port 8080
+    forward to <localhost> port 8080
+    forward to <f3s> port 80 check tcp
 }
 
 tcp protocol "gemini" {
author	Paul Buetow <paul@buetow.org>	2024-12-01 12:06:51 +0200
committer	Paul Buetow <paul@buetow.org>	2024-12-01 12:06:51 +0200
commit	3813e86bdf45b551a8bae307e4c1e3663461d5d9 (patch)
tree	b666cf12199e014936cc66de5152b073284ba4b4 /frontends/etc
parent	0e5271d40db1838e715e5e9e81acaa83b3164b31 (diff)