The httpd server is a web server with FastCGI and TLS support. The relayd is a free and open source load-balancer and web-proxy server. One can use httpd and relayd to run a static website, blog, a PHP base application and so on using OpenBSD, FreeBSD, TrueOS, and HardenedBSD operating system. The book “Relayd and Httpd Mastery” talks about web server, distribute traffic between backends, running dynamic web sites, php based web apps, securing and optimizing web server, LibreSSL based modern cryptography library, TLS/SSL support and load-balancing your web traffic across multiple servers.
The relayd project provides a FREE implementation of a secure web engine that consists of relayd and httpd. relayd first appeared in OpenBSD 4.1 to provide a service that helps Server Load Balancing (SLB) with OpenBSD’s Packet Filter (pf). It was written by Pierre-Yves Ritschard and Reyk Floeter. The HTTP server, httpd, first appeared in OpenBSD 5.6 and was based on the code of relayd. The development is an an ongoing effort by Reyk Floeter, Sebastian Benoit, Florian Obser and various contributing OpenBSD hackers. The software is used by some large sites and has also been ported to other operating systems.
The book starts with the basic concepts about HTTP protocol. The book is divided into 16 chapters. The first chapter talks about configuring a basic web server, virtual hosting, password protecting directories and more. The second chapter is all about blocking unwanted traffic or redirecting traffic with HTTP status codes. It is useful for SEO purposes. The third chapter talks about creating pretty URLs and matching domain names. Again, it is helpful to the site powered by WordPress blogging engine where one might need to use pretty URLs. The fourth chapter talks about web server log management. The sixth chapter talks about jailing httpd using chroot feature and running dynamic CGI application written in Perl, PHP or any other language including info on setting up a WordPress based site. The sixth chapter is all about TLS especially Let’s Encrypt SSL/TLS setup, TLS security, SSL stapling and optimization. Of course, any web server needs tuning at firewall and TCP/IP level. It is discussed in the seventh chapter. The eight chapter is all about building redundant web servers using CARP protocol. Building failover web server is useful, and one need to use CARP for IP failover.
Chapter nine to sixteen talks about building advanced setups for enterprise or startup companies such as setting up a reverse proxy server, application level proxies, TLS accelerator & offloaded TLS session and more using relayd. I did not even know many of config option possible on OpenBSD. One such example is an outbound proxy server. A chapter or additional note about distributed file system and clustering MariaDB database would have been a nice addition.
Overall an excellent book which is typical Michael W Lucas writing style. Easy to follow, clear cut instructions, and tons of new stuff to learn. If one must use OpenBSD or FreeBSD, then the chances are high that one will stick with the defaults that come with OpenBSD. No need to use fat Apache, or Nginx/Lighttpd web server especially when httpd and relayd audited for security by OpenBSD core team.
- Title: Relayd and Httpd Mastery
- Author: Michael W. Lucas.
- Publisher: Tilted Windmill Press.
- Length: 233 pages.
- Target: Professional system administrators or hobbyist is interested in setting up the website or running a farm of web servers securely using OpenBSD or FreeBSD and friends.
- Rating: 4.5/5
- Purchase online at Amazon (Kindle Edition).
- Disclaimer: Tilted Windmill Press sent us a review copy.
|Category||List of Unix and Linux commands|
|Firewall||Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04|
|Network Utilities||dig • host • ip • nmap|
|OpenVPN||CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04|
|Package Manager||apk • apt|
|Processes Management||bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time|
|Searching||grep • whereis • which|
|User Information||groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w|
|WireGuard VPN||Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04|