-
Notifications
You must be signed in to change notification settings - Fork 32
Using relayd to add Cache Control headers to httpd traffic
This is an example config to set up relayd to handle incoming http traffic on port 80 and redirect it to httpd on localhost port 8080 on the same machine and add a "Cache-Control:" header.
# /etc/relayd.conf
table <local> { 127.0.0.1 }
ext_ip = "123.456.789.0"
http protocol "http" {
tcp { nodelay, sack, socket buffer 65536, backlog 100 }
match response header set "Cache-Control" value "max-age=1814400"
return error
pass
}
relay "www" {
listen on $ext_ip port 80
protocol "http"
forward to <local> port 8080 check tcp
}
(Note that relayd will add the colon : after your header – in this case Cache-Control.)
And here's what httpd.conf might look like:
# /etc/httpd.conf
server "www.example.com" {
listen on 127.0.0.1 port 8080
block return 301 "http://example.com$DOCUMENT_URI"
}
server "example.com" {
listen on 127.0.0.1 port 8080
root "/htdocs/example.com"
}
(The above httpd.conf assumes you want to redirect www.example.com to example.com. You can do the opposite if you wish.)
Example 2: http traffic on external ip redirected to https on external ip, relayed to http on localhost port 8082 and served with a header set.
This example uses httpd to listen for incoming http traffic on port 80, redirect it to the external port 443 where relayd will relay it - using tls acceleration - to localhost port 8082.
# /etc/relayd.conf
table <local> { 127.0.0.1 }
ext_ip = "123.456.789.0"
http protocol "https" {
tcp { nodelay, sack, socket buffer 65536, backlog 100 }
match response header set "Cache-Control" value "max-age=1814400"
return error
pass
tls { no client-renegotiation, cipher-server-preference }
}
relay "tlsforward" {
listen on $ext_ip port 443 tls
protocol "https"
forward to <local> port 8082 mode loadbalance check tcp
}
And a corresponding httpd.conf might look like:
# /etc/httpd.conf
ext_ip = "123.456.789.0"
server "www.example.com" {
alias "example.com"
listen on $ext_ip port 80
block return 301 "https://www.example.com$DOCUMENT_URI"
}
server "example.com" {
listen on 127.0.0.1 port 8082
block return 301 "https://www.example.com$DOCUMENT_URI"
}
server "www.example.com" {
listen on 127.0.0.1 port 8082
root "/htdocs/example.com"
}
(In this example relayd will look for your tls cert and key at /etc/ssl/123.456.789.0.crt and /etc/ssl/private/123.456.789.0.key, respectively. Note that in this example we redirect example.com to www.example.com, and disallow any insecure traffic.)