Re: Relayd SSL Configuration with Cerbot Certs
In relayd.conf you use something like this for each domain you are reverse
proxying:
# load certs
tls keypair www.example.com
tls keypair www.another_example.net
tls keypair www.third_example.com
Put your certs in
/etc/ssl/
and keys in
/etc/ssl/private/
they have to be named so they match the domains in relayd.conf so for above:
/etc/ssl/www.example.com.crt
/etc/ssl/private/www.example.com.key
and permissions on the /etc/ssl/private dir need to be restrictive.
On Sun, 20 Sep 2020 at 08:15, Benjamin Raskin
wrote:
> Hello, Misc;
>
> I'm attempting to configure relayd to work as a reverse proxy, such that
> all
> web traffic goes through relayd prior to reaching some web server. I'm
> confused as to how I am to configure the ssl cert and key options in the
> relayd configuration. The manual configures the protocol as follows:
>
> http protocol httpfilter {
> tls ca key "/etc/ssl/private/ca.key" password "password123"
> tls ca cert "/etc/ssl/ca.crt"
> }
>
> Where do I get the password for the key? I'm using certbot to generate the
> certs, and at no time was I prompted to enter, or given a password. Am I
> missing something in terms of configuration or cert generation, or have I
> gotten everything all wrong? Thank you in advance.
>
>
> Ben Raskin
>
>
Re: obsd 6.7 - TOR relay (non-exit) & /var folder
What do you have set for Log notice in /etc/tor/torrc? I run a tor relay without problems on 6.7 and use: Log notice syslog On Sun, 28 Jun 2020 at 13:59, Salvatore Cuzzilla wrote: > the issue is temporary “solved": > > 03:42:36 -ksh ToTo@APU2c4 ~ $ doas cat /etc/tor/torrc | egrep "^Log " > Log debug file /dev/null > Log info file /dev/null > Log notice file /dev/null > > it’s confirmed that something is not going well with the logs handling ... > > > > On 25 Jun 2020, at 15:39, Stuart Henderson wrote: > > On 2020/06/25 14:59, Salvatore Cuzzilla wrote: > > > > Unfortunately the only think i know for sure is that the /var folder is > > constantly loosing free space & When i restart tor it gets back to > > normal. I can't (I don't know how to) figure out the involved files ... > > > > "du" is not really helping nor "fstat" ... Is there anything else > > i could test? > > du won't show size of an unlinked file. > > fstat won't show filenames but will show inode numbes. If it is from a > file that existed at startup and was then moved away, you could capture > inode numbers of all files on the filesystem when starting (find /var > -ls, the first number is the inode number), then compare with the INUM > column in fstat. > > Or, if you change logs to syslog, and that fixes the problem, you have > your answer... > > > > On 25.06.2020 09:29, Stuart Henderson wrote: > >> On 2020-06-24, Salvatore Cuzzilla wrote: > >>> After few attempts, I can't still don't understand what's going on > >>> it seems that the only way to free up the /var folder is to restart the > >>> tor's daemon. > >>> > >>> "pkill -HUP -u _tor -U _tor -x tor" didn't help ... > >>> > >>> Other ideas? > >> > >> Did you figure out what files are involved? > >> > >> If it's logs, use syslog instead. > >> > > > > --- > > :wq, > > Salvatore. > > >
Re: SSH VPN without root login?
Pretty sure if you change the owner / group of the tap or tun device you are using to the user you want to bring up the tunnel you can avoid root. G On Fri, Aug 12, 2011 at 5:40 AM, Michael W. Lucas wrote: > Hi, > > I'm trying to get a SSH VPN working between a 4.9 i386 and a recent > 5.0 amd64 snapshot (with the MP#49 kernel). > > The tunnel works fine if I SSH in as root. My guts really protest at > enabling remote root logins, however. Yes, I can limit the access with > a Match statement. > > Surely I can change some device permissions, or use sudo, to permit a > particular otherwise-unprivileged user to bring up this VPN? Any > suggestions on where to look for that? I've tried several Internet > searches, but found nothing. > > Thanks, > ==ml > > -- > Michael W. Lucas > http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ > Latest book: Network Flow Analysis http://www.networkflowanalysis.com/ > mwlu...@blackhelicopters.org, Twitter @mwlauthor
Re: expansion of FAQ# 1.10 re OpenBSD as a desktop system
I use OpenBSD as a desktop everyday and I have an 'entertainment center' that delivers music, movies and arcade games which also runs OpenBSD. OpenBSD is very well suited to being a media center due to the lean default install and excellent package system. On 10/12/07, Douglas A. Tutty <[EMAIL PROTECTED]> wrote: > > I've been evaluating OpenBSD as a desktop system while learning about it > on my lesser (older) hardware. I've learned a lot and will continue to > learn about OpenBSD but I don't think it will work as my primary > desktop. > > Based on what I've learned here on Misc, I'd like to start a discussion > about extending the answer to the OpenBSD FAQ # 1.10: "Can I use OpenBSD > as a Desktop System?" While of course every potential new user has to > evaluate OpenBSD for themselves, we could and I believe we should point > out some of the more common tripping points found by people who end up > not choosing OpenBSD for their desktop. > > As it exists right now it reads: > > # >8-- > > This question is often asked in exactly this manner -- with no > explanation of what the asker means by "desktop". The only person who > can answer that question is you, as it depends on what your needs and > expectations are. > > While OpenBSD has a great reputation as a "server" operating system, > it can be and is used on the desktop. Many "desktop" applications are > available through packages and ports. As with all operating systems > decisions, the question is: can it do the job you desire in the way > you wish? You must answer this question for yourself. > > It might be worth noting that a large amount of OpenBSD development is > done on laptops. > > # >8-- > > > I think the following paragraphs would enhance the FAQ to provide > the person new to the OpenBSD focus a heads up on some of the > difficulties. > > # >8-- > However, it is also worth noting that some desktop needs and uses are > incompatible with the focus of OBSD. There are currently no video cards > that provide full specs to create open drivers for all hardware > function, most notibly 3D accelleration. While more than adequate for > most uses of the X-Window system, performance while watching movies, > playing games, or graphic design, may be suboptimal or not possible > depending on your hardware and expectations. The use of binary "blob" > drivers would introduce the potential for unknown security breaches and > is not going to be supported on OpenBSD. The work is ongoing in the > larger open-source community to both create open-source drivers that can > access the full hardware potential of the video cards that are > available, and there is some work to create new video cards that will be > fully open and high performance. It just doesn't exist yet. > > Similarily, flash plugins in browsers cause untested code to run on the > computer and introduce the potential for unknown security breaches, and > are therefore not supported, other than as it already exists for the Opera > browser. > > It depends therefor on what is meant by "desktop". System > administrators will likely be thrilled with OpenBSD on their desktop. > However, a home user wanting an entertainment centre, a movie editor, a > graphic designer, or a user requiring a multi-headed Computer Aided > Drafting and Design system may find the tradeoffs made for security are > too steep to use OpenBSD as their operating system on such computers and > may choose to use a less secure operating system. > > > # >8-- > > Does this seem like a fair addition? > > Doug.
Re: Thank you developers... 4.2 arrived in the mail today
I pre-ordered using the web form for international orders http://www.openbsd.org/orders.html with my new fangled credit card...;) On 10/8/07, Josh <[EMAIL PROTECTED]> wrote: > > How did you order yours? > > I am in NZ too... Is there a way to just transfer money via internet > banking or something? > > Graeme Neilson wrote: > > Pre-order has made it all the way to New Zealand already - thanks to > all. > > On 10/7/07, Peter N. M. Hansteen <[EMAIL PROTECTED]> wrote: > > One other data point - My preordered 4.2 set arrived here in Bergen, > Norway today. Excellent artwork as usual, and great song :) > > Cheers, > -- > Peter N. M. Hansteen, member of the first RFC 1149 implementation > teamhttp://bsdly.blogspot.com/ http://www.datadok.no/ > http://www.nuug.no/"Remember to set the evil bit on all malicious > network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 > seconds.
Re: Thank you developers... 4.2 arrived in the mail today
Pre-order has made it all the way to New Zealand already - thanks to all. On 10/7/07, Peter N. M. Hansteen <[EMAIL PROTECTED]> wrote: > > One other data point - My preordered 4.2 set arrived here in Bergen, > Norway today. Excellent artwork as usual, and great song :) > > Cheers, > -- > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
OpenBSD on a Dell PowerEdge SC1430 Server ?
Hi, I was wondering if anyone had any experience of OpenBSD on a Dell PowerEdge SC1430 Server? Specifically I am wondering if the SATA controller is supported. It doesn't seem to tell me what it is on the Dell site. I am considering putting two of these in it as well: Intel Pro/1000 PTx1 PCIe Single Port Copper Gigabit NIC (V9.0) These do not seem to be specifically mentioned on http://www.openbsd.org/i386.html but many other gigabit intel pro cards are supported. TIA Graeme
Re: Show your appreciation and get your 4.2 DVD
One ordered for NZ :) The wireframe puffy sticker from last time went on my Kawasaki. Maybe I'll have to buy a new bike for a new sticker...(dreaming of a ducati) On 9/7/07, Theo de Raadt <[EMAIL PROTECTED]> wrote: > > > There's a wireframe puffy sticker with the audio cd? Gotta buy one now > :P > > You've been missing out. > > What surprised me about the audio cd is that my non-geeky friends like > it. OK, that didn't surprise me. It shocked me.
Re: Boot by USB thumb for installation
This is related and may be of interest to some ppl. I have posted some modifications to the excellent LiveCD instructions by Andreas Bihlmaier to create a Live USB (if you have a USB key thingie and you want to save space) http://openbsd-wiki.org/index.php?title=LiveUSB G On 6/24/07, Alex Kwan <[EMAIL PROTECTED]> wrote: > > Hi! > > Because the laptop doesn't have a CD-ROM. > can the OpenBSD boot by the USB thumb for installation? > (the BIOS supported boot by USB hard disk). > > thanks!
Re: Install OSSIM in OpenBSD
Dimitri, You have to build the server from source and then configure all the separate parts of the system - web interface, client agents, etc. Its pretty involved but to compile the server all I had to do was make two changes to the source: - defined sb_addr16b in sim-inet.c - edited out debug struct in sim-container.c The included documentation on installing from source for Debian should be enough for you to set up the rest of the system. You probably find it simpler to set it up without a chrooted apache (man httpd) first and then try it with a chrooted apache. Graeme On 3/31/07, Dimitri <[EMAIL PROTECTED]> wrote: > > Today and discovered OSSIM and I wanted to install it in my openbsd, but > port does not exist. > Some way exists to install it in openbsd 3.9. > > > Regards. > > > > > > Dimitri.- > Anti-Linux, I live BSD life > http://deoxy.spaces.live.com/ > http://deoxyt2.blogspot.com/ > > > - > > LLama Gratis a cualquier PC del Mundo. > Llamadas a fijos y msviles desde 1 cintimo por minuto. > http://es.voice.yahoo.com
Re: OpenBSD 4.0 arrived in The Netherlands!
They have now made it all the way to New Zealand - pre ordering is the best. On 10/26/06, Chris Smith <[EMAIL PROTECTED]> wrote: > > On 10/25/06, Frank <[EMAIL PROTECTED]> wrote: > > Hello everyone, > > > > Five minutes ago my OpenBSD 4.0 cds, the three disks of freedom, have > > arrived here in The Netherlands! > > > > Many thanks to Wim Vandeputte and off course the OpenBSD team. > > > > Frank > > > > > Got mine yesterday. Great system, great "Asterix" styling. > Chris
Re: OpenBSD as TV media center
I am using mediabox from https://www.umaxx.net/mediacat/. It is written in python and I customised the code to add xmame and it was very straightforward. Recommended On 10/1/06, Sam Fourman Jr. <[EMAIL PROTECTED]> wrote: > > Thank you Very Much I didn't see those > I am going to give xawtv a try > > I was told to look for MythTV > > > Thanks for your help > > Sam Fourman Jr. > > On 9/30/06, Josh Grosse <[EMAIL PROTECTED]> wrote: > > On Sat, Sep 30, 2006 at 09:12:22PM -0500, Sam Fourman Jr. wrote: > > > > > I am reasonably new to OpenBSD, I searched the ports tree but I am > > > unsure if there is a application that would somehow allow me to setup > > > a PVR to record TV > > > > > > I was looking for something like MythTV > > > > Both fxtv and xawtv are in the ports tree.
Re: Laptop recommendations
dell inspiron 8100 On 6/14/06, Christopher Snell <[EMAIL PROTECTED]> wrote: > > I'm still looking for a laptop. Does anybody know of a laptop that > will do at least 1600x___ resolution and have rudimentary power > management (ie., I can pull the AC plug and the laptop does not lock > up)? > > Chris > > On 5/29/06, Theo de Raadt <[EMAIL PROTECTED]> wrote: > > > On 5/26/06, Christopher Snell <[EMAIL PROTECTED]> wrote: > > > > It seems like every major laptop manufacturer is locked into Intel > > > > CPU, graphics, WiFi, and sound and that there's no chance in hell > that > > > > Intel will release specs on these. What is the future of laptop > > > > support for free Unicies? Will SpeedStep ever be reverse > engineered? > > > > Are we forever doomed to barely-working laptops? > > > > > > umm, the graphics and sound for intel chipsets are completely > > > documented. the "correct" way to use speedstep (est) is through acpi, > > > which is also documented, even though we should now pretty much > > > support every est cpu at least basically. the situation with wifi > > > could be better, but if you download the firmware it works. > > > > > > you have either misappraised the situation, or your defintion of > > > barely working is very different than most people's. > > > > Intel is changing their ways. They got seriously hurt by NVidia and > > ATI taking over the video market, while simultaneously AMD hurt > > them on the processor side. > > > > The real enemy today is Nvidia (and ATI). > > > > Intel is trying to release documentation and open up as fast as they > > can to stay in the market. It's almost pathetic, but yes, it is > > benefiting us (as it should, and thus, us running on their machines > > benefits them, as it should).
Re: Laptop recommendations
I have had no problems from my 8100 and it has been going for years (touch wood!) On 5/12/06, Sam Chill <[EMAIL PROTECTED]> wrote: On 5/11/06, Chris Cappuccio <[EMAIL PROTECTED]> wrote: > Pretty much any older dell that I try is very well supported, for what > it's worth. I have noticed the same thing. I have a Dell Latitude c600 which goes for only a few hundred on ebay and works very well. Everything works but the winmodem.
