Skip to content

Instantly share code, notes, and snippets.

@horia
Created Sep 27, 2022
Embed
What would you like to do?
honk expects to be fronted by a TLS terminating reverse proxy
httpd(8)
--------
# httpd.conf(5)
server "honk.example.com" {
listen on * port http
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
}
location "*" {
block return 302 "https://$HTTP_HOST$REQUEST_URI"
}
}
honk# rcctl enable httpd
honk# rcctl start httpd
acme-client(1)
--------------
# acme-client.conf(5)
domain honk.example.com {
domain key "/etc/ssl/private/honk.example.com.key"
domain full chain certificate "/etc/ssl/honk.example.com.crt"
sign with letsencrypt
}
honk# acme-client -v honk.example.com
honk# ocspcheck -vNo /etc/ssl/honk.example.com.{ocsp,crt}
relayd(8)
---------
# relayd.conf(5)
ext_ip="203.0.113.4"
ext_ip2="2001:0db8::4"
honk_port="31337"
table <honk> { 127.0.0.1 ::1 }
table <httpd> { 127.0.0.1 ::1 }
http protocol "https" {
match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
match request header append "X-Forwarded-By" \
value "$SERVER_ADDR:$SERVER_PORT"
match request header set "Connection" value "close"
match request header "Host" value "honk.*" forward to <honk>
match request path "/.well-known/acme-challenge/*" forward to <httpd>
tcp { sack, backlog 128 }
tls keypair honk.example.com
}
relay "https" {
listen on $ext_ip port https tls
protocol "https"
forward to <httpd> port http check tcp
forward to <honk> port $honk_port check tcp
}
relay "https2" {
listen on $ext_ip2 port https tls
protocol "https"
forward to <httpd> port http check tcp
forward to <honk> port $honk_port check tcp
}
honk# rcctl enable relayd
honk# rcctl start relayd
pf(4)
-----
# pf.conf(5)
anchor "relayd/*"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment