1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
---
title: "forwarding requests from Relayd to custom webserver"
category:
- bsd
abstract: How to forward requests to a webserver?
date: 2023-07-19T12:27:54+02:00
year:
draft: false
tags:
---
One thing that OpenBSD doesn't provide (yet?) is an HTTP proxy. I use [Plausible](https://plausible.io/)[^nope] for basic visitor analytics [^privacy] here, and one of the cool things you can do is to break all adblockers via serving Plausible from my own domain[^adblock]
[^privacy]: Yes, I want to know what people are reading! For details, refer to my [two sence long privacy policy](https://michal.sapka.me/about/#privacy-policy).
[^nope]: [this is no longer the case](https://michal.sapka.me/site/updates/2023/removed-plausible/)
[^adblock]: yes, it's a dick move. But my reasoning was simple: Plausible gathers so little information that the harm is almost nonexistent, and I really want to know what people are reading.
After two evenings of failed attempts, I reminded myself that I am a programmer, and I wrote one myself. You can find it on my [VCS page](https://vcs.sapka.me/plaprox/). It was a great learning exercise and a chance to touch Golang[^ruby] for the first time.
[^ruby]: I am a Ruby developer by trade and heart, but I will try anything that is not an IDE-driven language. LSP for Java/Scala is still a joke, and I refuse to pollute my system with Intellij. [Go](https://go.dev/), on the other hand, is a modern language designed for humans. I am not good at it, but I am infinitetly[^infinit] better than a week ago.
[^infinit]: Any positive number would be infinite progress compared to zero, or as an old wise man once said: "to have a nickel and to not a nickel is already two nickles".
Assuming you have it running (it works on my machine!), let's adjust our relayd(8). Plaprox listens on port 9090, and we want to relay all requests to `/js/script.js` there.
Let's add it to our relays in `relayd.conf`:
{{<highlight shell "linenos=inline">}}
table <plausibleproxyd> { 127.0.0.1 }
http protocol "https" {
# all our previous content omitted
match request quick path "/js/script.js" forward to <plausibleproxyd>
match request quick path "/api/event" forward to <plausibleproxyd>
}
relay "https" {
listen on 0.0.0.0 port 443 tls
protocol https
forward to <httpd> port 8080
forward to <plausibleproxyd> port 9090
}
relay "https6" {
listen on :: port 443 tls
protocol https
forward to <httpd> port 8080
forward to <plausibleproxyd> port 9090
}
{{</highlight>}}
You can also move the port number to a table.
Remember that in Relayd(8) last one wins. We already have a match for the domain and added another matcher for the path. The request will be forwarded to the last marching matcher - so we put our new matchers at the end of the protocol definition.
## Updates
2023-07-28: remove wrong information abot PF.
2023-07-30: fix invalid cron format
2023-12-12: extracted to a dedicated article
|
