summaryrefslogtreecommitdiff
path: root/content/bsd/relayd-custom-webserver.md
blob: 0a5de64a332553939d667ed9cf2e61aa68253f06 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
+++
title = "OpenBSD: Forwarding requests from Relayd to a custom webserver"
author = ["Michał Sapka"]
date = 2023-07-19T19:30:00+02:00
categories = ["bsd"]
draft = false
weight = 2003
abstract = "How to forward request to webserver?"
[menu]
  [menu.bsd-openbsd]
    weight = 2003
    identifier = "openbsd-forwarding-requests-from-relayd-to-a-custom-webserver"
    parent = "obsdweb"
    name = "Forwarding requests from Relayd to a custom webserver"
+++

One thing that OpenBSD doesn't provide (yet?) is an HTTP proxy.
I use [[Plausible](https://plausible.io/)[^fn:1] for basic visitor analytics [^fn:2] here, and one of the cool things you can do is to break all adblockers via serving Plausible from my own domain[^fn:3]

After two evenings of failed attempts, I reminded myself that I am a programmer, and I wrote one myself.
You can find it on my [no longer available].
It was a great learning exercise and  a chance to touch Golang[^fn:4] for the first time.

Assuming you have it running (it works on my machine!), let's adjust our relayd(8).
Plaprox listens on port 9090, and we want to relay all requests to `/js/script.js` there.

Let's add it to our relays in `relayd.conf`:

```shell { linenos=true, linenostart=1 }
table <plausibleproxyd> { 127.0.0.1 }

http protocol "https" {
   # all our previous content omitted
    match request quick path "/js/script.js"  forward to <plausibleproxyd>
    match request quick path "/api/event"  forward to <plausibleproxyd>
}

relay "https" {
    listen on 0.0.0.0 port 443 tls
    protocol https
    forward to <httpd> port 8080
    forward to <plausibleproxyd> port 9090
}
relay "https6" {
    listen on :: port 443 tls
    protocol https
    forward to <httpd> port 8080
    forward to <plausibleproxyd> port 9090
}
```

You can also move the port number to a table.

Remember that in Relayd(8) last one wins.
We already have a match for the domain and added another matcher for the path.
The request will be forwarded to the last marching matcher - so we put our new matchers at the end of the protocol definition.


## Updates {#updates}

2023-07-28: remove wrong information abot PF.
2023-07-30: fix invalid cron format
2023-12-12: extracted to a dedicated article

[^fn:1]: [this is no longer the case](https://michal.sapka.me/site/updates/2023/removed-plausible/)
[^fn:2]: Yes, I want to know what people are reading!
    For details, refer to my [two sence long privacy policy](https://michal.sapka.me/about/#privacy-policy).
[^fn:3]: yes, it's a dick move.
    But my reasoning was simple: Plausible gathers so little information that the harm is almost nonexistent, and I really want to know what people are reading.
[^fn:4]: I am a Ruby developer by trade and heart, but I will try anything that is not an IDE-driven language.
    LSP for Java/Scala is still a joke, and I refuse to pollute my system with Intellij.
    [[<https://go.dev/>][Go][, on the other hand, is a modern language designed for humans. I am not good at it, but I am infinitetly[^fn:5] better than a week ago.
[^fn:5]: Any positive number would be infinite progress compared to zero, or as an old wise man once said: "to have a nickel and to not a nickel is already two nickles".