About

The relayd project provides a FREE implementation of a secure web engine that consists of relayd and httpd.

History

relayd first appeared in OpenBSD 4.1 to provide a service that helps Server Load Balancing (SLB) with OpenBSD's Packet Filter (pf). It was written by Pierre-Yves Ritschard and Reyk Floeter. The HTTP server, httpd, first appeared in OpenBSD 5.6 and was based on the code of relayd. The development is an an ongoing effort by Reyk Floeter, Sebastian Benoit, Florian Obser and various contributing OpenBSD hackers. The software is used by some large sites and has also been ported to other operating systems.

Features

An overview of the basic features of the load balancer and HTTP server.

relayd

  • Redirections: Translated to pf(4) rdr-to rules for stateful forwarding to a target host from a health-checked table on layer 3.
  • Relays: Relays allow application layer load balancing, TLS acceleration, and general purpose TCP proxying on layer 7.
  • Secure: Non-optional security by running chroot'ed and with privilege separation by default.
  • Protocols: Protocols are predefined settings and filter rules for relays.
  • Routers: Routers are used to insert routes with health-checked gateways for (WAN) link balancing.
  • Health checks: Supports multi-protocol health checking for dynamic load balancing and routing.

httpd

  • Static files: Serves static files and directories via optional auto-indexing.
  • FastCGI: Supports asynchronous and direct FastCGI via UNIX socket or TCP/IP.
  • Secure: Non-optional security by running chroot'ed and with privilege separation by default.
  • SSL/TLS: Support secure connections via TLS powered by LibreSSL.
  • Virtual servers: Flexible configuration with support for name- and IP-based virtual servers on IPv4 and IPv6.
  • Reconfiguration: Reload the running configuration without interruption.
  • Logging: Supports per-server logging via local access and error files or via syslog.

Project Goals

The efforts emphasize portability, standardization, correctness, proactive security and integrated cryptography.

Users & Testimonials

Are you using relayd or httpd in an interesting environment and you want to get listed on this page? For reasons of security, you can ask us to withhold your name, or those of your clients and it would appear as "Undisclosed Company".

  • Premiere Video on Demand - One of the first e-commerce platforms that used relayd as a load balancer for its online store. For some time, it provided exclusive access to live streams for the German Bundesliga. Premiere has been acquired by Sky.
  • The OpenBSD Project - OpenBSD started to migrate its infrastructure to httpd. Additionally, httpd and relayd are widely used among developers "eating our own dogfood".
  • ...

Papers & Presentations