/etc/relayd.conf

Fichier /etc/relayd.conf :

http protocol "http" {
    include "/etc/relayd.proxy.conf"
}

http protocol "https" {
    include "/etc/relayd.proxy.conf"
    match query hash "sessid"
    tls keypair ybad.name
    tls keypair 3hg.fr
    tls keypair ouaf.xyz
    tls keypair ecolegiens.fr.eu.org
}


relay "www" {
    listen on 127.0.0.1 port 8080
    protocol "http"
    forward to destination
}

relay "tlsforward" {
    listen on 127.0.0.1 port 8443 tls
    protocol "https"
    forward with tls to destination
}

##
# put key in /etc/ssl/private/name.key
# put **fullchain** certificate in /etc/ssl/name.crt

Fichier /etc/relayd.proxy.conf :

block par défaut, puis ouvre cas par cas

return error

apparence de l’erreur

return error style “body { background: silver; color: black; text-align:center } hr {border:0; background-color:silver; color:silver; height:1px; width:30%; margin-top:50px;}”

Pour garder l’IP source

match request header set “X-Forwarded-For”
value “$REMOTE_ADDR” match request header set “X-Forwarded-By”
value “$SERVER_ADDR:$SERVER_PORT”

	# Pour https
	match header set "Keep-Alive" value "$TIMEOUT"

	# anti robots sur wordpress que je n'ai pas
	block quick path "/wp-*" label '<em>Stop scanning for
	wordpress</em>.'

	# Securite
	match request header remove "Proxy"
	match response header set "X-Xss-Protection" value \
	"1; mode=block"
	match response header set "Frame-Options" value "SAMEORIGIN"
	match response header set "X-Frame-Options" value "SAMEORIGIN"
	match response header set "X-Robots-Tag" value "index,nofollow"
	match response header set "X-Permitted-Cross-Domain-Policies" \
		value "none"
	match response header set "X-Download-Options" value "noopen"
	match response header set "X-Content-Type-Options" value \
		"nosniff"
	match response header set "Referrer-Policy" value "no-referrer"
	match response header set "Feature-Policy" value \
	"fullscreen 'self'"
	match response header set "Content-Security-Policy" value \
		"upgrade-insecure-requests"

	# fun
	match response header set "X-Powered-By" value \
		"Powered by OpenBSD"

	# etiquettes pour gestion du cache
	match request path "/*.css" tag "CACHE"
	match request path "/*.js" tag "CACHE"
	match request path "/*.atom" tag "CACHE"
	match request path "/*.rss" tag "CACHE"
	match request path "/*.xml" tag "CACHE"
	match request path "/*.jpg" tag "CACHE"
	match request path "/*.png" tag "CACHE"
	match request path "/*.svg" tag "CACHE"
	match request path "/*.gif" tag "CACHE"
	match request path "/*.ico" tag "CACHE"
	match request path "/*.html" tag "CACHE"
	match request path "*/" tag "CACHE"

	match response tagged "CACHE" header set "Cache-Control" value \
		"public, max-age=86400"

	# etiquette pour utf-8 
	match request path "/*.html" tag "HTML"

	match response tagged "HTML" header set "Content-Type" value \
		"text/html; charset=UTF-8"

	match request path "/*.txt" tag "TXT"
	match request path "/*.md" tag "TXT"
	match response tagged "TXT" header set "Content-Type" value \
		"text/plain; charset=UTF-8"


	pass