Host Only Relayd

OpenBSD's relayd is probably intended to be used with at least three systems: a backend, the relay host, and a client interacting with a backend by way of the relay host. This is at least two systems too many. However, running relayd and a backend and client code all on a single system can be a bit tricky to setup.

httpd.conf

Nothing exciting here.

    server "default" {
        listen on * port 8080
        directory auto index
    }

I usually put a single line of plain text into /var/www/htdocs/index.html because who wants their terminal spammed with too much HTML?

    $ cat /var/www/htdocs/index.html
    this, is a test website

relayd.conf

Also nothing much interesting, though there is a listen on an IP address specific to some interface, real or otherwise, here that of a wireguard tunnel connected with the OpenBSD virt somewhere in the cloud.

    table <webhosts> { 127.0.0.1 }
    redirect www {
            listen on 192.168.10.2 port 80
            forward to <webhosts> port 8080 check http "/" code 200
    }

On a somewhat related note, the output of ifconfig(8) is verbose to pick addresses out of but it just so happens that someone wrote a little localaddr tool.

    $ localaddr -4
    lo0 127.0.0.1
    iwx0 192.168.0.18
    wg0 192.168.10.2

I am informed by reputable sources that on Linux `ip ... | jq ...` is another way to do this. I guess you could do that. localaddr, meanwhile, is about 100 lines of C.

test test 1 2 3

Nope, does not work. Expectation is that relayd gets to the :8080 web thing.

    $ ftp -o - http://192.168.10.2:8080 2>/dev/null
    this, is a test website
    $ ftp -o - http://192.168.10.2:80 2>/dev/null
    $

pf.conf

Here are the tricky bits; we need "lo" not skipped and some anchor stuff for relayd. This is perhaps not kosher or very good at all, but hey it works for me ship it.

    #set skip on lo
    ...
    pass in on wg0 proto tcp to any port { 80, 8080 }
    pass on lo
    anchor "relayd/*"

Mostly I was trying to make some needlessly complicated web thing to practice my debugging skills.

    $ ftp -o - http://192.168.10.2:80 2>/dev/null
    this, is a test website
    $ ftp -o - http://192.168.10.2/cipher/caesar 2>/dev/null
    pnrfne
    $ echo caesar | /usr/games/rot13
    pnrfne

The second request goes to relayd, which forwards to httpd, which calls a fastcgi process, which passes a portion of PATH_INFO over to caesar(6), and then the response from that gets passed back the long chain of crazy.

I hear that any modern web thing is very much more complicated than this.

tags #openbsd #legacyweb #debug