table <httpd> { 127.0.0.1 }
table <jellyfin> { 192.168.1.173 }

log connection

http protocol "http" {
	match response header set "Cache-Control" value "max-age=1814400"
	return error
	pass
}

# Lo unico que hace esto es redirigir a https... (lo hace el httpd(8)
#  en el puerto 8080)

relay "www" {
	listen on 192.168.1.143 port 80
	listen on 10.100.0.132 port 80
	listen on :: port 80
	protocol "http"
	forward to <httpd> port 8080 check tcp
}


# Los headers que establecemos son para poder ver la IP del visitante
en el header X-Forwarded-For. Para loggearla o lo que sea
http protocol "other" {
        tcp { nodelay, sack, socket buffer 65536, backlog 100 }	
	return error
	match request header set "X-Forwarded-For" value "$REMOTE_ADDR"
	match request header set "X-Forwarded-Port" value "$REMOTE_PORT"
	pass
}

http protocol "https" {
     tcp { nodelay, sack, socket buffer 65536, backlog 100 }	
	return error
	match request header set "X-Forwarded-For" value "$REMOTE_ADDR"
	match request header set "X-Forwarded-Port" value "$REMOTE_PORT"
	pass
	# Las buscará en /etc/ssl/suragu.net.pem y /etc/ssl/private/suruagu.net.key
	tls keypair "suragu.net"
	tls { no client-renegotiation, cipher-server-preference }
	# Dominio principal
	# Lo que hace es ver si el header "Host" coincide con lo dado, en
        tal caso mandarlo a la IP dada en la tabla <httpd> (ver arriba)
	pass request quick header "Host" value "mi.suragu.net" forward to <httpd>
	pass request quick header "Host" value "jellyfin.suragu.net" forward to <jellyfin>
}

relay "tlsforward" {
	listen on 192.168.1.143 port 443 tls
	listen on 10.100.0.132 port 443 tls
	listen on :: port 443 tls
	protocol "https"
	forward to <httpd> port 8082
	forward to <jellyfin> port 8080
}