From 2717bdaf76aa2edf32267276bbf9b7bbb82dab16 Mon Sep 17 00:00:00 2001 From: hashashini Date: Thu, 28 May 2020 10:21:06 +0000 Subject: [PATCH] Adding relayd.conf example On OpenBSD the best way to realize a reverse proxy is via relayd, which is part of the default installation. --- docs/reverse_proxy.md | 49 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/docs/reverse_proxy.md b/docs/reverse_proxy.md index cbb8269568b3..447e0de14931 100644 --- a/docs/reverse_proxy.md +++ b/docs/reverse_proxy.md @@ -136,6 +136,55 @@ backend matrix server matrix 127.0.0.1:8008 ``` +### relayd (OpenBSD) + +``` +table { 127.0.0.1 } +table { 127.0.0.1 } + +http protocol federation { + tls keypair "matrix.example.com" + match header set "X-Forwarded-For" value "$REMOTE_ADDR" + pass +} + +http protocol https_proxy { + tls keypair "matrix.example.com" + + # This allows automatic certificate renewal: + pass request quick path "/.well-known/acme-challenge/*" \ + forward to + + # Delegation (optional): + pass request quick path "/.well-known/matrix/*" \ + forward to + + match header set "X-Forwarded-For" value "$REMOTE_ADDR" + pass request quick header "Host" value "matrix.example.com" \ + forward to + + # Some clients include the port number in the Host header: + pass request quick header "Host" value "matrix.example.com:443" \ + forward to + + # Pass everything else to : + pass forward to +} + +relay reverse_proxy { + listen on egress port 443 tls + protocol https_proxy + forward to port 80 + forward to port 8008 +} + +relay federation { + listen on egress port 8448 tls + protocol federation + forward to port 8008 +} +``` + ## Homeserver Configuration You will also want to set `bind_addresses: ['127.0.0.1']` and