Reverse proxies options

dostoievsky

dostoievsky

I am looking for a very simple reverse proxie approach.
I did already used nginx and caddy, but for my use case I think is just too much.

I have some personal services running into a zerotier interface, and I just want to point that ip on my registrar to use things like git, nextcloud and etc without writing my ip address.

I had looked on relayd and found it interesting, but when I try to
pkg install relayd or net/relayd
it says it not found.

I have found it on my ports controlled with portsnap and I think I will try to build and use that, but I would also like to know other possibilities that people find interesant.

EDIT:
I just tried to build relayd and got the following error:
C: 
ca.c:549:26: error: incompatible integer to pointer conversion assigning to 'const RSA_METHOD *' (aka 'const struct rsa_meth_st *') from 'int' [-Wint-conversion]
        } else if ((rsa_default = ENGINE_get_RSA(e)) == NULL) {

I am not seeking exact support as it seens that relayd is not a popular choice here, but find odd the miss pkg and the broken port. Could It maybe be the current version of my ports snapshots?


EDIT 2:
I digged a little and found about net/haproxy it seens nice. And also, caddy is a really "just works" tool for me, and if you guys use it and just recommend it, maybe its a go.

Also, how did I throught of my workflow:

zerotier if will be rdr with pf to my webserver jail ip, then this jail will redirect every dns to other jails and so on. There is, maybe a beter workflow?
 
I've used relayd on OpenBSD and it's nice & simple.

I think your build issue will be down to OpenSSL?

Are your ports up-to-date? Are you building with ports OpenSSL? If so, what version? What version of FreeBSD?

I started a build of relayd on a FreeBSD 14.0 machine but it wanted to pull in LibreSSL so I don't want to mix up OpenSSL and LibreSSL on this machine.
 
Hello. Yeah, i found the relayd.conf setup very simple and that why I wanted to try it.

I am using 14.0-Release on my host.
In the jail, its also a 14.0-Release that I just created today with bastille:
~ > sudo bastille create webserver 14.0-RELEASE 10.0.0.10/24 bastille0

After the setup, I did a pkg update/upgrade.
Then I did try to pkg install relayd and also pkg install net/relayd
both commands, on both jail and host produce the same output:

~ > sudo pkg install net/relayd
Password:
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
pkg: No packages available to install matching 'net/relayd' have been found in the repositories




~ > sudo pkg install relayd
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
pkg: No packages available to install matching 'relayd' have been found in the repositories


Also, when I search for relayd, it produces no results:



~ > pkg search relayd



For my ports being updated, I installed portsnap, then I just did a portsnap fetch, then protsnap extract.

Is this the minimmium to just have a updated version of ports?


For questions about OpenSSL:


root@webserver:~ # openssl version
OpenSSL 3.0.12 24 Oct 2023 (Library: OpenSSL 3.0.12 24 Oct 2023)
root@webserver:~ #


While I did the build of relayd, I just pressed space and selected everything without thinkering to much.

Now, how can I reselect the install options?

I did a make clean but it didnt asked me again about compile options. How could I reset that to check the given options?


EDIT:

I did a make install again, and I think it is building with libreSSL because of the given output:

Code: 
/usr/ports/security/libressl/work-default/stage/usr/local/include/openssl/x509.h:446:36: note: passing argument to parameter 'len' here
                unsigned char *md, unsigned int *len);

Then, it really coud be a conflict betwen openssl and libressl?

I'll try reset this port so I can choose options again.
 
Looks like the package is failing to build:


So might have to wait until that is fixed.

Generally it's not recommended to mix packages and ports unless you are very sure about what you are doing.

My question about OpenSSL was about the *ports* version i.e. have you done anything in /etc/make.conf?

Not entirely sure what you mean about "reselect the install options"? You can use make config - that might be what you are after.
 
Thank you for helping me throubleshoot relayd!

How do fetch and find infos like this?
[package - 140amd64-quarterly][net/relayd] Failed for relayd-7.3.2023.05.09.p5_1 in build

I tried read

Bug List

bugs.freebsd.org bugs.freebsd.org

to find relevant info and check if it was buggy, but it seens those mail lists (is it a mail list?) is a good source. I really need start to learn how to follow/fetch those threads.

For about the config I am talk about:

When we do make install, sometimes, in the first instalation, it pronpts some TUI options which we can select features/things to build.

I did try make config and the output was:


root@webserver:/usr/ports/net/relayd # make config
===> No options to configure


and I dont know if this was what I intented.

About mixing ports and packages, yeah, I think i've read once that it will sometimes mess with dependencies versions if it is not carefully checked.

Since I allways try new things inside containers, as well create snapshots before doing things in the working ones, and also try to keep my host with minimium programs possible I dont think this will be a destructive issue for me.

ZFS snapshots was a really life change for me lol.

Anyway, thank you very much for the atention!
 
dostoievsky said:
When we do make install, sometimes, in the first instalation, it pronpts some TUI options which we can select features/things to build.
Click to expand...
Yes, some ports have configuration options but simpler ones like relayd don't.

Think it's probably worth trying relayd if you can get it going - nice and simple. But definitely other options if it doesn't work out (not that I know anything about them, just that they exist!)
 
I use caddy. A bit of a learning curve, but all there is to it is one Caddyfile, and if you get the hang of it it’s great.
 
You must log in or register to reply here.
Back
Top