Fichier /etc/relayd.conf
:
http protocol "http" { include "/etc/relayd.proxy.conf" } http protocol "https" { include "/etc/relayd.proxy.conf" match query hash "sessid" tls keypair ybad.name tls keypair 3hg.fr tls keypair ouaf.xyz tls keypair ecolegiens.fr.eu.org } relay "www" { listen on 127.0.0.1 port 8080 protocol "http" forward to destination } relay "tlsforward" { listen on 127.0.0.1 port 8443 tls protocol "https" forward with tls to destination } ## # put key in /etc/ssl/private/name.key # put **fullchain** certificate in /etc/ssl/name.crt
Fichier /etc/relayd.proxy.conf
:
# block par défaut, puis ouvre cas par cas return error # Pour garder l'IP source match request header append "X-Forwarded-For" \ value "$REMOTE_ADDR" match request header append "X-Forwarded-By" \ value "$SERVER_ADDR:$SERVER_PORT" # Pour https match header set "Keep-Alive" value "$TIMEOUT" # Securite match request header remove "Proxy" match response header set "X-Xss-Protection" value "1; mode=block" match response header set "Frame-Options" value "SAMEORIGIN" match response header set "X-Frame-Options" value "SAMEORIGIN" match response header set "X-Robots-Tag" value "index,nofollow" match response header set "X-Permitted-Cross-Domain-Policies" value "none" match response header set "X-Download-Options" value "noopen" match response header set "X-Content-Type-Options" value "nosniff" match response header set "Referrer-Policy" value "no-referrer" match response header set "Feature-Policy" value "fullscreen 'self'" # fun match response header set "X-Powered-By" value "Powered by OpenBSD" # etiquette pour utf-8 et gain de temps match request path "/*.html" tag "HTML" # etiquettes pour gestion du cache match request path "/*.css" tag "CACHE" match request path "/*.js" tag "CACHE" match request path "/*.atom" tag "CACHE" match request path "/*.rss" tag "CACHE" match request path "/*.xml" tag "CACHE" match request path "/*.jpg" tag "CACHE" match request path "/*.png" tag "CACHE" match request path "/*.svg" tag "CACHE" match request path "/*.gif" tag "CACHE" match request path "/*.ico" tag "CACHE" match response tagged "CACHE" header set "Cache-Control" value \ "public, max-age=86400" match response tagged "HTML" header set "Content-Type" value "text/html; charset=UTF-8" # anti robots sur wordpress que je n'ai pas block quick path "/wp-*" label '<em>Stop scanning for wordpress</em>.' # apparence de l'erreur return error style "body { background: silver; color: black; text-align:center } hr {border:0; background-color:silver; color:silver; height:1px; width:30%; margin-top:50px;}" pass