Back when this article was written, on setting up a relayd load-balancer with two back-end httpd servers, relayd did not have the capability of handling multiple tls relays with unique domain names. This meant that each tls relay required a unique IP per domain. This was in part due to the fact that relayd had no SNI support. I am happy to say that with OpenBSD 6.6, this is no longer the case.
In order to ensure that a website is highly available, OpenBSD has a couple of very functional solutions available that work very well together; relayd and httpd. Until this point, this site has been running on a small VM in the cloud, but recently, we have adopted a more highly available configuration.
I hate spending money on things I don’t absolutely have to. Maybe that’s why I like opensource. I also like encryption. Therefore, I really like acme-client on OpenBSD. They have such an easy setup for generating your own SSL certs for use by a web server. In the article, I will walk through not only the basic configs that I’ve used. I am also writing a follow-up article that will illustrate how to create a quick ansible playbook that will do all the heavy lifting for you.