💾 Archived View for thrig.me › blog › 2023 › 01 › 18 › host-only-relayd.gmi captured on 2023-03-20 at 18:20:35. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-01-29)
-=-=-=-=-=-=-
OpenBSD's relayd is probably intended to be used with at least three systems: a backend, the relay host, and a client interacting with a backend by way of the relay host. This is at least two systems too many. However, running relayd and a backend and client code all on a single system can be a bit tricky to setup.
Nothing exciting here.
server "default" { listen on * port 8080 directory auto index }
I usually put a single line of plain text into /var/www/htdocs/index.html because who wants their terminal spammed with too much HTML?
$ cat /var/www/htdocs/index.html this, is a test website
Also nothing much interesting, though there is a listen on an IP address specific to some interface, real or otherwise, here that of a wireguard tunnel connected with the OpenBSD virt somewhere in the cloud.
table <webhosts> { 127.0.0.1 } redirect www { listen on 192.168.10.2 port 80 forward to <webhosts> port 8080 check http "/" code 200 }
On a somewhat related note, the output of ifconfig(8) is verbose to pick addresses out of but it just so happens that someone wrote a little localaddr tool.
$ localaddr -4 lo0 127.0.0.1 iwx0 192.168.0.18 wg0 192.168.10.2
I am informed by reputable sources that on Linux `ip ... | jq ...` is another way to do this. I guess you could do that. localaddr, meanwhile, is about 100 lines of C.
Nope, does not work. Expectation is that relayd gets to the :8080 web thing.
$ ftp -o - http://192.168.10.2:8080 2>/dev/null this, is a test website $ ftp -o - http://192.168.10.2:80 2>/dev/null $
Here are the tricky bits; we need "lo" not skipped and some anchor stuff for relayd. This is perhaps not kosher or very good at all, but hey it works for me ship it.
#set skip on lo ... pass in on wg0 proto tcp to any port { 80, 8080 } pass on lo anchor "relayd/*"
Mostly I was trying to make some needlessly complicated web thing to practice my debugging skills.
$ ftp -o - http://192.168.10.2:80 2>/dev/null this, is a test website $ ftp -o - http://192.168.10.2/cipher/caesar 2>/dev/null pnrfne $ echo caesar | /usr/games/rot13 pnrfne
The second request goes to relayd, which forwards to httpd, which calls a fastcgi process, which passes a portion of PATH_INFO over to caesar(6), and then the response from that gets passed back the long chain of crazy.
I hear that any modern web thing is very much more complicated than this.