matthieu mentioned that this might be useful, so I whipped up a port.
Fortunately volker and I already prepared patches for an xonly issue
in aws-l2c so it should be fine in that regard.

This port builds and passes tests on amd64. I can test this way on
aarch64, but I can't really run test this from where I am right now.

This probably needs a dedicated user and rc setup. I hope someone can
save me some time by telling me what to do here (or where to copy from).

===

layer 7 reverse-proxy with TLS termination

Description:
rpxy [ahr-pik-see] is a simple and lightweight reverse-proxy
implementation
with additional features. The implementation is based on hyper, rustls
and
tokio. rpxy routes multiple hostnames to appropriate backend application
servers while serving TLS connections. Features include:

* HTTP(S) protocols: HTTP/1.1, HTTP/2, and the brand-new HTTP/3
* gRPC
* Serving multiple domain names with TLS termination
* Mutual TLS authentication with client certificates
* Automated certificate issuance and renewal via TLS-ALPN-01 ACME
* protocol
* Post-quantum key exchange for TLS/QUIC
* TLS connection sanitization to avoid domain fronting
* Load balancing with round-robin, random, and sticky sessions

Maintainer: The OpenBSD ports mailing-list <ports@openbsd.org>

WWW: https://github.com/junkurihara/rust-rpxy

• rust-rpxy-0.10.1.tgz (26K)