can relay to f3s

author: Paul Buetow <paul@buetow.org> 2024-12-01 12:06:51 +0200
committer: Paul Buetow <paul@buetow.org> 2024-12-01 12:06:51 +0200
commit: 3813e86bdf45b551a8bae307e4c1e3663461d5d9 (patch)
tree: b666cf12199e014936cc66de5152b073284ba4b4 /frontends
parent: 0e5271d40db1838e715e5e9e81acaa83b3164b31 (diff)
4 files changed, 33 insertions, 12 deletions
diff --git a/frontends/Rexfile b/frontends/Rexfile
index 0111489..91ac6e8 100644
--- a/frontends/Rexfile
+++ b/frontends/Rexfile
@@ -73,7 +73,9 @@ our $secrets =  sub { read_file './secrets/' . shift };
 
 our @dns_zones = qw/buetow.org dtail.dev foo.zone irregular.ninja snonux.foo paul.cyou/;
 our @dns_zones_remove = qw//;
-our @acme_hosts = qw/buetow.org f3s.buetow.org f3s.snonux.foo git.buetow.org paul.buetow.org dory.buetow.org solarcat.buetow.org fotos.buetow.org znc.buetow.org dtail.dev foo.zone irregular.ninja alt.irregular.ninja snonux.foo/;
+our @f3s_hosts = qw/f3s.buetow.org/; # k3s cluster running on FreeBSD in my LAN
+our @acme_hosts = qw/buetow.org git.buetow.org paul.buetow.org dory.buetow.org solarcat.buetow.org fotos.buetow.org znc.buetow.org dtail.dev foo.zone irregular.ninja alt.irregular.ninja snonux.foo/;
+push @acme_hosts, @f3s_hosts;
 
 # UTILITY TASKS
 
@@ -256,7 +258,7 @@ task 'relayd', group => 'frontends',
 
     file '/etc/relayd.conf',
       content => template('./etc/relayd.conf.tpl',
-       ipv6address => $ipv6address, acme_hosts => \@acme_hosts),
+       ipv6address => $ipv6address, f3s_hosts => \@f3s_hosts, acme_hosts => \@acme_hosts),
       owner => 'root',
       group => 'wheel',
       mode => '600',
diff --git a/frontends/etc/relayd.conf.tpl b/frontends/etc/relayd.conf.tpl
index e75efa3..9c86bad 100644
--- a/frontends/etc/relayd.conf.tpl
+++ b/frontends/etc/relayd.conf.tpl
@@ -4,25 +4,44 @@ log connection
   our @prefixes = ('', 'www.', 'standby.');
 %>
 
-tcp protocol "https" {
+# Wireguard endpoints of the k3s cluster nodes running in FreeBSD bhyve Linux VMs
+table <f3s> {
+  192.168.2.110
+}
+
+# Local OpenBSD httpd
+table <localhost> {
+  127.0.0.1
+  ::1
+}
+
+http protocol "https" {
 <% for my $host (@$acme_hosts) { -%>
 <%   for my $prefix (@prefixes) { -%>
     tls keypair <%= $prefix.$host -%>
 <%   } -%>
 <% } -%>
     tls keypair <%= $hostname.'.'.$domain -%>
+
+<% for my $host (@$f3s_hosts) { -%>
+<%   for my $prefix (@prefixes) { -%>
+    match request header "Host" value "<%= $prefix.$host -%>" forward to <f3s>
+<%   } -%>
+<% } -%>
 }
 
 relay "https4" {
     listen on <%= $vio0_ip %> port 443 tls
     protocol "https"
-    forward to 127.0.0.1 port 8080
+    forward to <localhost> port 8080
+    forward to <f3s> port 80 check tcp
 }
 
 relay "https6" {
     listen on <%= $ipv6address->($hostname) %> port 443 tls
     protocol "https"
-    forward to ::1 port 8080
+    forward to <localhost> port 8080
+    forward to <f3s> port 80 check tcp
 }
 
 tcp protocol "gemini" {
diff --git a/frontends/var/nsd/zones/master/foo.zone.zone.tpl b/frontends/var/nsd/zones/master/foo.zone.zone.tpl
index 1e898b3..a0ce3a8 100644
--- a/frontends/var/nsd/zones/master/foo.zone.zone.tpl
+++ b/frontends/var/nsd/zones/master/foo.zone.zone.tpl
@@ -18,3 +18,10 @@ www     300 IN A <%= $ips->{current_master}{ipv4} %> ; Enable failover
 www     300 IN AAAA <%= $ips->{current_master}{ipv6} %> ; Enable failover
 standby  300 IN A <%= $ips->{current_standby}{ipv4} %> ; Enable failover
 standby  300 IN AAAA <%= $ips->{current_standby}{ipv6} %> ; Enable failover
+
+f3s          300 IN A <%= $ips->{current_master}{ipv4} %> ; Enable failover
+f3s          300 IN AAAA <%= $ips->{current_master}{ipv6} %> ; Enable failover
+www.f3s      300 IN A <%= $ips->{current_master}{ipv4} %> ; Enable failover
+www.f3s      300 IN AAAA <%= $ips->{current_master}{ipv6} %> ; Enable failover
+standby.f3s   300 IN A <%= $ips->{current_standby}{ipv4} %> ; Enable failover
+standby.f3s   300 IN AAAA <%= $ips->{current_standby}{ipv6} %> ; Enable failover
diff --git a/frontends/var/nsd/zones/master/snonux.foo.zone.tpl b/frontends/var/nsd/zones/master/snonux.foo.zone.tpl
index a1d0083..a9d002a 100644
--- a/frontends/var/nsd/zones/master/snonux.foo.zone.tpl
+++ b/frontends/var/nsd/zones/master/snonux.foo.zone.tpl
@@ -18,10 +18,3 @@ www     300 IN A <%= $ips->{current_master}{ipv4} %> ; Enable failover
 www     300 IN AAAA <%= $ips->{current_master}{ipv6} %> ; Enable failover
 standby  300 IN A <%= $ips->{current_standby}{ipv4} %> ; Enable failover
 standby  300 IN AAAA <%= $ips->{current_standby}{ipv6} %> ; Enable failover
-
-f3s          300 IN A <%= $ips->{current_master}{ipv4} %> ; Enable failover
-f3s          300 IN AAAA <%= $ips->{current_master}{ipv6} %> ; Enable failover
-www.f3s      300 IN A <%= $ips->{current_master}{ipv4} %> ; Enable failover
-www.f3s      300 IN AAAA <%= $ips->{current_master}{ipv6} %> ; Enable failover
-standby.f3s   300 IN A <%= $ips->{current_standby}{ipv4} %> ; Enable failover
-standby.f3s   300 IN AAAA <%= $ips->{current_standby}{ipv6} %> ; Enable failover
author	Paul Buetow <paul@buetow.org>	2024-12-01 12:06:51 +0200
committer	Paul Buetow <paul@buetow.org>	2024-12-01 12:06:51 +0200
commit	3813e86bdf45b551a8bae307e4c1e3663461d5d9 (patch)
tree	b666cf12199e014936cc66de5152b073284ba4b4 /frontends
parent	0e5271d40db1838e715e5e9e81acaa83b3164b31 (diff)