Universal Media Server on OpenBSD

Hello misc! If somebody interested, i've successfully launched UMS on OpenBSD 7.2. Here it is: pkg_add mediainfo mplayer ffmpeg jdk%17 useradd -L daemon -s /sbin/nologin -d /var/ums -m -s /var/empty _ums ftp

Re: permission denied when writing to mounted directory exported by NFS server

> openbsd$ doas rcctl start portmap mountd nfsd > > nfsd(failed) > > nfsd(failed) is bad ... > > > openbsd$ doas /sbin/nfsd -tun 4 > > openbsd$ ps aux | grep nfsd > > root 21178 0.0 0.1 480 1132 ?? S 12:51PM 0:00.01 nfsd: > > master >

Re: permission denied when writing to mounted directory exported by NFS server

sd$ ps aux | grep nfsd > root 21178 0.0 0.1 480 1132 ?? S 12:51PM0:00.01 nfsd: > master > root 95864 0.0 0.0 176 520 ?? S 12:51PM0:00.00 nfsd: > server > root 29237 0.0 0.0 176 520 ?? S 12:51PM0:00.00 nfsd: > server > roo

Re: permission denied when writing to mounted directory exported by NFS server

:51PM0:00.01 nfsd: master root 95864 0.0 0.0 176 520 ?? S 12:51PM0:00.00 nfsd: server root 29237 0.0 0.0 176 520 ?? S 12:51PM0:00.00 nfsd: server root 37092 0.0 0.0 176 520 ?? S 12:51PM0:00.00 nfsd: server root 40371 0.0 0.0

Re: permission denied when writing to mounted directory exported by NFS server

? rcctl enable portmap mountd nfsd what is so cumbersome with that ? What can we do better ? > However, for your testing purposes, I can suggest you there is a specific > tool to test, server and client > status. looking to the man I guess it should be nfsstat pointed to one or the

Re: permission denied when writing to mounted directory exported by NFS server

enable portmap mountd nfsd Create a directory Create a /etc/exports rcctl start portmap mountd nfsd Here we go ... What can we do better ? > However, for your testing purposes, I can suggest you there is a specific > tool to test, server and client > status. looking to the man I gu

Re: permission denied when writing to mounted directory exported by NFS server

the docs I am not able > to find any otherconfig options for access control on the client side. > There is nothing in the logs on the server side as well. Any pointers to > debug/fix would be of great help. Can you check the uid and gid of the user on the client and the server ? The user

Re: permission denied when writing to mounted directory exported by NFS server

On Thu, Feb 09, 2023 at 11:41:12AM +0530, Sandeep Gupta wrote: > Following up on this. I looked into the /var/log/messages/ and > /var/log/daemon. Both are quite after starting the portmap, mountd, and > nfsd services. > > Here is verbose output from the client side when mounting the share: > ```

Re: permission denied when writing to mounted directory exported by NFS server

t; > Can you check the uid and gid of the user on the client and the server ? The uid and/or gid must be the same on both systems as NFS works with the numerical IDs (uid/gid.) This won't work: Server: bamb

Re: permission denied when writing to mounted directory exported by NFS server

he mounted > > directory yields permission denied error. Looking at the docs I am not able > > to find any otherconfig options for access control on the client side. > > There is nothing in the logs on the server side as well. Any pointers to > > debug/fix would be of great help. > >

permission denied when writing to mounted directory exported by NFS server

Unfortunately - personal experience - NFS is not the best offering from OpenBSD: it is enough combersome to setup and easy to lose grip: something unsafe to keep me away from it. However, for your testing purposes, I can suggest you there is a specific tool to test, server and client status

Re: permission denied when writing to mounted directory exported by NFS server

the client side. > There is nothing in the logs on the server side as well. Any pointers to > debug/fix would be of great help. >

Re: permission denied when writing to mounted directory exported by NFS server

t; From the client, I can read the contents. But writing inside the mounted > > directory yields permission denied error. Looking at the docs I am not able > > to find any otherconfig options for access control on the client side. > > There is nothing in the logs on the server side as we

Re: stuck on configuring netboot raspberry pi from an openbsd VM : RPC time for server 192.168.0.255

investigating that error currently. On Thu, Feb 9, 2023 at 1:17 AM wrote: > > I have configured "/etc/dnsmasq", "/etc/ethers", "/etc/hosts", and > > "/etc/exports" and "/etc/bootparams". > > The PXE boot in UEFI boot is a

Re: stuck on configuring netboot raspberry pi from an openbsd VM : RPC time for server 192.168.0.255

I have configured "/etc/dnsmasq", "/etc/ethers", "/etc/hosts", and "/etc/exports" and "/etc/bootparams". The PXE boot in UEFI boot is able to contact the tftp/dhcp server and download the bsd kernel and boot up However, just before (or while) m

permission denied when writing to mounted directory exported by NFS server

ing in the logs on the server side as well. Any pointers to debug/fix would be of great help.

stuck on configuring netboot raspberry pi from an openbsd VM : RPC time for server 192.168.0.255

So, after tons of research and trial and error, I was finally able to netboot the bsd kernel served from a VM running OpenBSD. I have configured "/etc/dnsmasq", "/etc/ethers", "/etc/hosts", and "/etc/exports" and "/etc/bootparams". The PXE boot in

Re: httpd(8) request rewrite - 500 internal server error

Oh. I should add that if all you want is a static redirect, this is a simpler way of making that work. The first example I gave is in case you want to redirect the contents of "/from/" as well. server "localhost" { listen on 127.0.0.1 port 80

Re: httpd(8) request rewrite - 500 internal server error

On 23/01/25 11:20, Lévai, Dániel wrote: > Hi all, > > I was trying to do a basic path rewrite in httpd(8) on 7.2-stable, and I just > can't see what I'm missing: > > httpd.conf: > server "host" { > listen on egress port 12345 > >

httpd(8) request rewrite - 500 internal server error

Hi all, I was trying to do a basic path rewrite in httpd(8) on 7.2-stable, and I just can't see what I'm missing: httpd.conf: server "host" { listen on egress port 12345 root "/htdocs" location "/" { request rewrite &qu

Re: Securely managing TLS certificates on growing server (website, XMPP, soon email)?

On 2022/12/17 18:03:01 +0100, Omar Polo wrote: > On 2022/12/17 16:25:20 +, Lucas wrote: > > > > Then the private keys within would all have 0400 permissions, user and > > > > group > > > > being the same (so _prosody:_prosody for XMPP-related TLS). I noted > > > > that the > > > > default

Re: Securely managing TLS certificates on growing server (website, XMPP, soon email)?

On 2022/12/17 16:25:20 +, Lucas wrote: > > > Then the private keys within would all have 0400 permissions, user and > > > group > > > being the same (so _prosody:_prosody for XMPP-related TLS). I noted that > > > the > > > default is 700 permissions on `/etc/ssl/private` with root:wheel >

Re: Securely managing TLS certificates on growing server (website, XMPP, soon email)?

> > Then the private keys within would all have 0400 permissions, user and group > > being the same (so _prosody:_prosody for XMPP-related TLS). I noted that the > > default is 700 permissions on `/etc/ssl/private` with root:wheel ownership. > > Is > > the approach I've just outlined with adding

Re: DHCP server ignoring PF rules?

where pf runs. > > > > > > > On 17 Dec 2022, at 22:40, Cristian Danila wrote: > > > > > > > > Good day! > > > > I finished setup an DHCP server and for some reason it seems DHCP > > > > server is ignoring PF filter. > > > > I

Re: DHCP server ignoring PF rules?

me >> > off the network interface, but before the IP stack where pf runs. >> > >> > > On 17 Dec 2022, at 22:40, Cristian Danila wrote: >> > > >> > > Good day! >> > > I finished setup an DHCP server and for some reason it seems DHCP >&

Re: DHCP server ignoring PF rules?

ing BPF, which happens as packets > come off the network interface, but before the IP stack where pf runs. > > > > > On 17 Dec 2022, at 22:40, Cristian Danila wrote: > > > > > > Good day! > > > I finished setup an DHCP server and for some reason it seem

Re: DHCP server ignoring PF rules?

e wire using BPF, which happens as packets come off > the network interface, but before the IP stack where pf runs. > > > On 17 Dec 2022, at 22:40, Cristian Danila wrote: > > > > Good day! > > I finished setup an DHCP server and for some reason it seems D

Re: DHCP server ignoring PF rules?

dhcpd reads packets off the wire using BPF, which happens as packets come off the network interface, but before the IP stack where pf runs. > On 17 Dec 2022, at 22:40, Cristian Danila wrote: > > Good day! > I finished setup an DHCP server and for some reason it seems DHCP > ser

DHCP server ignoring PF rules?

Good day! I finished setup an DHCP server and for some reason it seems DHCP server is ignoring PF filter. In short, in PF I have active only one rule: block drop quick all Double checked PF and it is enabled So using a windows machine to test DHCP server: 1) ifconfig /release 2) ifconfig /renew

Re: Securely managing TLS certificates on growing server (website, XMPP, soon email)?

Thank you, this resolves that concern of mine (and in fact, it was an elegant enough solution that I felt silly for not doing it that way before). :) It makes a lot more sense to have acme-client(1) place the exceptional certificates in a different spot, rather than modify `/etc/ssl/private` to

Re: Securely managing TLS certificates on growing server (website, XMPP, soon email)?

ing how to securely deal with TLS certificates on a > server > that's grown to host multiple services (website, XMPP, soon email as well). > Specifically how to handle permissions and to what degree certificates should > be > separated. > > (I recognize this is a long email.

Re: Securely managing TLS certificates on growing server (website, XMPP, soon email)?

On 2022/12/15 13:56:00 -0700, Ashlen wrote: > Hi all, so I'm wondering how to securely deal with TLS certificates on a > server > that's grown to host multiple services (website, XMPP, soon email as well). > Specifically how to handle permissions and to what degree certifi

Securely managing TLS certificates on growing server (website, XMPP, soon email)?

Hi all, so I'm wondering how to securely deal with TLS certificates on a server that's grown to host multiple services (website, XMPP, soon email as well). Specifically how to handle permissions and to what degree certificates should be separated. (I recognize this is a long email. I'm unsure how

Re: *BSD and MariaDB server

On 29.11.2022 16:35, Gustavo Rios wrote: Hi folks! I would like to know what would it be the best bsd (net/free/open) server to run a MariaDB server ? i mean in terms of performance. Thanks a lot. Wrong question as it depends on your usage. At least OBSD has more newer version

*BSD and MariaDB server

Hi folks! I would like to know what would it be the best bsd (net/free/open) server to run a MariaDB server ? i mean in terms of performance. Thanks a lot. -- The lion and the tiger may be more powerful, but the wolves do not perform in the circus

Re: Configure OpenBSD for remote server rarely used

Ah, pretty cool, I'll keep it in mind for my next project ;) On 28.11.2022 10:36, Bodie wrote: And if you really need low consumption, rugged computer and do not mind about the costs you can go eg. this way :-) https://teguar.com/ip67-box-pc-twb-2945 /

Re: Configure OpenBSD for remote server rarely used

Nov 2022, at 21:10, Tomasz Rola wrote: On Sun, Nov 27, 2022 at 09:37:19AM +, James Johnson wrote: Hi all, OpenBSD is amazing. But I need help in configuring it correctly as a remote server, rarely used. The main thing I am trying to do is to make it sleep every now and then to protect

Re: Configure OpenBSD for remote server rarely used

it correctly as a >> remote server, rarely used. >> >> >> The main thing I am trying to do is to make it sleep every now and >> then to protect resources. I am very flexible on how to do this, but >> have been unable to do so. >> Here's what I tried : >

Re: Configure OpenBSD for remote server rarely used

g reboots? Should I do a daily, weekly, >> monthly reboot? >> >> >> > On 27 Nov 2022, at 20:00, Bodie wrote: >> > >> > >> > >> > On 27.11.2022 10:37, James Johnson wrote: >> >> Hi all, >> >> OpenBSD is amazing. But I n

Re: Configure OpenBSD for remote server rarely used

;> Hi all, > >> OpenBSD is amazing. But I need help in configuring it correctly as a > >> remote server, rarely used. > >> The main thing I am trying to do is to make it sleep every now and > >> then to protect resources. I am very flexible on how to do this, but &

Re: Configure OpenBSD for remote server rarely used

:37, James Johnson wrote: Hi all, OpenBSD is amazing. But I need help in configuring it correctly as a remote server, rarely used. The main thing I am trying to do is to make it sleep every now and then to protect resources. I am very flexible on how to do this, but have been unable to do so. Here's

Re: Configure OpenBSD for remote server rarely used

On Sun, Nov 27, 2022 at 09:37:19AM +, James Johnson wrote: > Hi all, > > OpenBSD is amazing. But I need help in configuring it correctly as a > remote server, rarely used. > > > The main thing I am trying to do is to make it sleep every now and > then to prot

Re: Configure OpenBSD for remote server rarely used

reboots? Should I do a daily, weekly, monthly reboot? > On 27 Nov 2022, at 20:00, Bodie wrote: > > > > On 27.11.2022 10:37, James Johnson wrote: >> Hi all, >> OpenBSD is amazing. But I need help in configuring it correctly as a >> remote server, rarely used. &g

Re: Configure OpenBSD for remote server rarely used

On 27.11.2022 10:37, James Johnson wrote: Hi all, OpenBSD is amazing. But I need help in configuring it correctly as a remote server, rarely used. The main thing I am trying to do is to make it sleep every now and then to protect resources. I am very flexible on how to do this, but have

Re: Configure OpenBSD for remote server rarely used

"Does it just need to wake up to run a script and then shut down again" -> yes, that's basically that. Of course, requirements might evolve. "Why does it even have to be a separate machine?" -> There are benefits to this, including data safety (different location). Thank you for your help, have

Re: Configure OpenBSD for remote server rarely used

On 2022-11-27, Jan Stary wrote: > that's why replacing them with SSD might be your best bet. HDD is likely better for medium-term storage (especially if the device would be powered down). https://www.quora.com/How-long-can-SSD-store-data-without-power-Can-data-be-recovered-from-SSD >> Yes, I

Re: Configure OpenBSD for remote server rarely used

On 2022-11-27 12:33:18-0500, Nick Holland wrote: > Steady-state is easiest on hw. Powering up and down is large power > surges, and that's generally not good. This is across the board -- > power supply, hard drives, main board, CPU, memory, etc. The only > part that I think gets a benefit from

Re: Configure OpenBSD for remote server rarely used

> > As for rotating metal disks, they have a lifetime; > > that's why replacing them with SSD might be your best bet. > > In the case of an SDD, is there no consideration of turning them off, > if they are unused for some time? No. > In the case of HDD, are you saying that putting them in "spun

Re: Configure OpenBSD for remote server rarely used

> On 27 Nov 2022, at 17:28, Jan Stary wrote: > > On Nov 27 17:10:11, mytraddr...@gmail.com wrote: >> I am not intending to switch the machine. > > Why? It is just not an option for this specific project. > >> In terms of resources, I am mainly concerned about hard drives >> and cpu being

Re: Configure OpenBSD for remote server rarely used

power when doing something, the difference between an mostly idle CPU running at 1GHz vs. 3GHz is fairly small. And on a rack mount server, fans may draw more power than an idle CPU. "How much resources would that save?" -> My thoughts was that it would be better for hard drive longev

Re: Configure OpenBSD for remote server rarely used

On Nov 27 17:10:11, mytraddr...@gmail.com wrote: > I am not intending to switch the machine. Why? > In terms of resources, I am mainly concerned about hard drives > and cpu being worn down unnecessarily. I am not sure how much > of a concern this should be though. The CPU is not being "worn

Re: Configure OpenBSD for remote server rarely used

:39 użytkownik James Johnson <mailto:mytraddr...@gmail.com>> napisał: > Hi all, > > OpenBSD is amazing. But I need help in configuring it correctly as a remote > server, rarely used. > > > The main thing I am trying to do is to make it sleep every now and the

Re: Configure OpenBSD for remote server rarely used

Thanks for your response. I am not intending to switch the machine. In terms of resources, I am mainly concerned about hard drives and cpu being worn down unnecessarily. I am not sure how much of a concern this should be though. Yes, I do know in advance when the machine needs to run and when

Re: Configure OpenBSD for remote server rarely used

On Nov 27 09:37:19, mytraddr...@gmail.com wrote: > The main thing I am trying to do is to make it sleep > every now and then to protect resources. How much eletricity does the machine eat? (What other "resources" are you concerned about?) > 1) Make it sleep and wake up when woken up remotely > I

Re: Configure OpenBSD for remote server rarely used

ectly as a > remote server, rarely used. > > > The main thing I am trying to do is to make it sleep every now and then to > protect resources. I am very flexible on how to do this, but have been > unable to do so. > Here's what I tried : > > 1) Make it sleep and wake u

Configure OpenBSD for remote server rarely used

Hi all, OpenBSD is amazing. But I need help in configuring it correctly as a remote server, rarely used. The main thing I am trying to do is to make it sleep every now and then to protect resources. I am very flexible on how to do this, but have been unable to do so. Here's what I tried : 1

Re: Problems with LDAP authorization against OpenLDAP server

to the right place. -Original Message- From: Martijn van Duren To: Željko Puškarić , misc@openbsd.org Subject: Re: Problems with LDAP authorization against OpenLDAP server Date: Fri, 14 Oct 2022 14:36:18 +0200 On Fri, 2022-10-14 at 14:14 +0200, Željko Puškarić wrote: > Hi Stu

Re: Problems with LDAP authorization against OpenLDAP server

existing OpenLDAP server (hosted on Linux). > I order to achieve that I followed these instructions: > https://blog.obtusenet.com/openbsd-and-ldap/ > According to the instructions I changed the line in /etc/login.conf to > look like: > > auth-defaults:auth=ldap,passwd,skey: &g

Re: Problems with LDAP authorization against OpenLDAP server

roblems with LDAP authorization against OpenLDAP server > Date: Fri, 14 Oct 2022 11:29:34 - (UTC) > > On 2022-10-14, Željko Puškarić < > zpuska...@hzhm.hr > > wrote: > > I am a seasoned Linux admin and my first forray into the world of > > OpenBSD confro

Re: Problems with LDAP authorization against OpenLDAP server

> Why is bash a bad idea on OpenBSD? Not bash in itself, but having it in /bin. If you installed it from packages/ports it would end up under /usr/local/bin instead, so the users shell would point to the wrong place. -- May the most significant bit of your life be positive.

Re: Problems with LDAP authorization against OpenLDAP server

in to Linux boxes too I just set it as is set on Linux (installed bash on OpenBSD prior to setting LDAP authentication). Why is bash a bad idea on OpenBSD? -Original Message- From: Stuart Henderson To: misc@openbsd.org Subject: Re: Problems with LDAP authorization against OpenLDAP server

Re: Problems with LDAP authorization against OpenLDAP server

On 2022-10-14, Željko Puškarić wrote: > I am a seasoned Linux admin and my first forray into the world of > OpenBSD confronted me with a problem. > What I am trying to achieve is enabling authorization to OpenBSD > machine against existing OpenLDAP server (hosted on Linux). > I o

Problems with LDAP authorization against OpenLDAP server

Hi everyone, I am a seasoned Linux admin and my first forray into the world of OpenBSD confronted me with a problem. What I am trying to achieve is enabling authorization to OpenBSD machine against existing OpenLDAP server (hosted on Linux). I order to achieve that I followed these instructions

Re: Nat64 and OpenBSD: ipv4 client to ipv6 server

On 2022-09-24, Pierre Dupond <76nem...@gmx.ch> wrote: >> You could possibly do it on per-server basis, eg connections to >> 192.0.2.3 are redirected to 2001:db8::dead:beef and connections to >> 192.0.2.4 are redirected to 2001:db8::c0:ffee. >> I don't know if pf i

Re: Nat64 and OpenBSD: ipv4 client to ipv6 server

On Sat, 24 Sep 2022 17:07:33 +0200 Łukasz Moskała wrote: > > NAT64 is easy, because you can fit 32-bit IPv4 address easily in 128-bit > IPv6 address. You cannot fit 128-bit IPv6 address in 32-bit IPv4 address. > > You could possibly do it on per-server basis, eg connections

Re: Nat64 and OpenBSD: ipv4 client to ipv6 server

. It could be useful occasionally to reach an IPv6 server from an IPv4 address. This is the case, for instance, if the Internet provider filters some ports necessary for establishing a VPN connection but authorizes the most common ports like the standard ports for ssh (or http and https

Nat64 and OpenBSD: ipv4 client to ipv6 server

Hi All, All my question is already in the title. I plan to have an IPv6 only network. I know that with DNS64, Nat64 and pf (af-to) it is easy to connect an IPv6 address to an IPv4 address. What I want to do is the opposite direction. It could be useful occasionally to reach an IPv6 server

Re: hw.perfpolicy behavior on desktop/server

This short movie explains everything for the users: https://www.youtube.com/watch?v=2BmhHyyzh9o

Re: hw.perfpolicy behavior on desktop/server

On Thu, May 12, 2022 at 01:16:01AM +0200, f.holop wrote: > Stuart Henderson - Mon, 09 May 2022 at 17:17:57 > > Currently, you can either set it manually to low speed > > (hw.perfpolicy=manual, hw.setperf=0), modify the kernel (e.g. with the > > diff below), or use obsdfreqd from packages. The

Re: hw.perfpolicy behavior on desktop/server

f.holop wrote: > Theo de Raadt - Wed, 11 May 2022 at 18:08:53 > > f.holop wrote: > > > > > Stuart Henderson - Mon, 09 May 2022 at 17:17:57 > > > > Currently, you can either set it manually to low speed > > > > (hw.perfpolicy=manual, hw.setperf=0), modify the kernel (e.g. with the > > > > diff

Re: hw.perfpolicy behavior on desktop/server

Theo de Raadt - Wed, 11 May 2022 at 18:08:53 > f.holop wrote: > > > Stuart Henderson - Mon, 09 May 2022 at 17:17:57 > > > Currently, you can either set it manually to low speed > > > (hw.perfpolicy=manual, hw.setperf=0), modify the kernel (e.g. with the > > > diff below), or use obsdfreqd from

Re: hw.perfpolicy behavior on desktop/server

f.holop wrote: > Stuart Henderson - Mon, 09 May 2022 at 17:17:57 > > Currently, you can either set it manually to low speed > > (hw.perfpolicy=manual, hw.setperf=0), modify the kernel (e.g. with the > > diff below), or use obsdfreqd from packages. The latter is only in > > -current packages not

Re: hw.perfpolicy behavior on desktop/server

Stuart Henderson - Mon, 09 May 2022 at 17:17:57 > Currently, you can either set it manually to low speed > (hw.perfpolicy=manual, hw.setperf=0), modify the kernel (e.g. with the > diff below), or use obsdfreqd from packages. The latter is only in > -current packages not 7.1, but it could be built

Re: hw.perfpolicy behavior on desktop/server

On 2022-05-09 20:17, Stuart Henderson wrote: Currently, you can either set it manually to low speed (hw.perfpolicy=manual, hw.setperf=0), modify the kernel (e.g. with the diff below), or use obsdfreqd from packages. The latter is only in -current packages not 7.1, but it could be built from

Re: hw.perfpolicy behavior on desktop/server

On 2022-05-09, Atanas Vladimirov wrote: > Hi Guys, > > I'm running -current. > Recently I noticed (not sure when it changed) that my CPU is not > throttling anymore. The `hw.perfpolicy` is set to auto and `hw.setperf` > is always at 100%. I red that there was a change in 7.1: > > - Changed the

hw.perfpolicy behavior on desktop/server

Hi Guys, I'm running -current. Recently I noticed (not sure when it changed) that my CPU is not throttling anymore. The `hw.perfpolicy` is set to auto and `hw.setperf` is always at 100%. I red that there was a change in 7.1: - Changed the power management sysctl(8) hw.perfpolicy to "auto" at

Re: OpenBSD 7.1 - hangs after userland upgrade on server hardware

2 bytes/sector, 351651888 sectors, thin ichiic0 at pci0 dev 31 function 3 "Intel 8 Series SMBus" rev 0x05: apic 8 int 18 iic0 at ichiic0 spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM PC3-12800 SO-DIMM spdmem1 at iic0 addr 0x52: 4GB DDR3 SDRAM PC3-12800 SO-DIMM "Intel 8 Series Thermal"

Re: OpenBSD 7.1 - hangs after userland upgrade on server hardware

On 2022-05-01, Andrew Lemin wrote: > Hi all, > > I am totally stumped with issues while upgrading/installing 7.1 and I need > some help! > > Server; Supermicro X10SLV-Q (Intel Q87 Express), Xeon E3-1280 v3, 8G RAM, > Mellanox 10G NIC > > This server has been running O

OpenBSD 7.1 - hangs after userland upgrade on server hardware

Hi all, I am totally stumped with issues while upgrading/installing 7.1 and I need some help! Server; Supermicro X10SLV-Q (Intel Q87 Express), Xeon E3-1280 v3, 8G RAM, Mellanox 10G NIC This server has been running OpenBSD flawlessly for years. I followed the upgrade instructions and was able

Re: OpenBSD Home Server + Workstation on same machine?

? > > Ref: > https://superuser.com/questions/1712101/openbsd-home-server-workstation-on-same-machine > > Thanks, > Eric Secure networking - Consideration: Defense in depth - If your services machine is compromised, what will be exposed? A server machine and a desktop machine

Re: OpenBSD Home Server + Workstation on same machine?

same machine? > Hi, My answer is no and yes. This is based on the laziness factor. No part is that sometimes the services may work locally OK but not work from the network. Also it is much nicer to work from the sofa with a laptop and not listen to the server making its noise. The yes part

Re: OpenBSD Home Server + Workstation on same machine?

using OpenBSD. Can I use OpenBSD services AND have > > it act as a desktop workstation on the same machine? > > Ref: > > https://superuser.com/questions/1712101/openbsd-home-server-workstation-on-same-machine > > You CAN do that, but you shouldn't. > You shou

Re: OpenBSD Home Server + Workstation on same machine?

tation on the same machine? > > Ref: > https://superuser.com/questions/1712101/openbsd-home-server-workstation-on-same-machine > > Thanks, > Eric Hi Eric, You CAN do that, but you shouldn't. First of all, you most likely overestimate how much resources you need. I used to ru

OpenBSD Home Server + Workstation on same machine?

Hello, I'd like to learn about secure networking (PKI, x509 certs, DNS, IPS, etc.) and generally harden my home network using OpenBSD. Can I use OpenBSD services AND have it act as a desktop workstation on the same machine? Ref: https://superuser.com/questions/1712101/openbsd-home-server

Re: httpd.conf: 2 interfaces, 2 listen, IPv6, only one server works

lso >> use HTTPS and SNI. But DNS is secondary and sometimes adds another >> layer of complexity. Also SNI is not available for services not >> secured by SSL/TLS to my knowledge. E.g. in my example for a web >> server on port 80 the hostname comes into play only to resolv

Re: httpd.conf: 2 interfaces, 2 listen, IPv6, only one server works

y SSL/TLS to my knowledge. E.g. in my example for a web > server on port 80 the hostname comes into play only to resolve the > IP. The actual request would be "GET / HTTP/1.1" — no hostname in > sight. FWIW, the assertion about HTTP is incorrect here. HTTP 1.1 defines

Re: httpd.conf: 2 interfaces, 2 listen, IPv6, only one server works

is secondary and sometimes adds another layer of complexity. Also SNI is not available for services not secured by SSL/TLS to my knowledge. E.g. in my example for a web server on port 80 the hostname comes into play only to resolve the IP. The actual request would be "GET / HTTP/1.1" — no hostnam

Re: httpd.conf: 2 interfaces, 2 listen, IPv6, only one server works

complexity. Also SNI is not available for services not secured by SSL/TLS to my knowledge. E.g. in my example for a web server on port 80 the hostname comes into play only to resolve the IP. The actual request would be "GET / HTTP/1.1" — no hostname in sight. > I can see utility in

Re: httpd.conf: 2 interfaces, 2 listen, IPv6, only one server works

> this, I would go multi port), and then use PF rules to forward the (em0) port > 80 as usual and then (em1) port 80 I would forward to rdomain 0, port 81 > (example port). > > All of this is beyond the scope of a normal setup. I would usually just do > as described by others and r

Re: httpd.conf: 2 interfaces, 2 listen, IPv6, only one server works

, port 81 (example port). All of this is beyond the scope of a normal setup. I would usually just do as described by others and rely on hostname rather than IP for httpd to process requests. If for some reason this isn’t feasible, I’d be curious why. > > After restarting httpd it failed wit

Re: httpd.conf: 2 interfaces, 2 listen, IPv6, only one server works

t 192.168.0.255 # ifconfig em1 inet6 autoconf -temporary -soii New state: IPs on em1 are now set as in the original state, em1 is in rdomain 1. So far so good! After restarting httpd it failed with message: "parent: send server: Can't assign requested address“ in /var/log messages Ok,

Re: httpd.conf: 2 interfaces, 2 listen, IPv6, only one server works

example.com >>> 2001:db8::20c:29ff:fd9c:4b7 >>> $ dig +short b.example.com >>> 2001:db8::20c:29ff:fd9c:4c1 >>> $ >>> My httpd.conf looks like this*: >>> ipa = "2001:db8::20c:29ff:fd9c:4b7" >>> ipb = "2001:db8

Re: httpd.conf: 2 interfaces, 2 listen, IPv6, only one server works

have been set up*: $ dig +short a.example.com 2001:db8::20c:29ff:fd9c:4b7 $ dig +short b.example.com 2001:db8::20c:29ff:fd9c:4c1 $ My httpd.conf looks like this*: ipa = "2001:db8::20c:29ff:fd9c:4b7" ipb = "2001:db8::20c:29ff:fd9c:4c1" server "a.example.com" {

Re: httpd.conf: 2 interfaces, 2 listen, IPv6, only one server works

20c:29ff:fd9c:4c1 prefixlen 64 autoconf pltime 1032 >> vltime 7005 >> DNS records have been set up*: >> $ dig +short a.example.com >> 2001:db8::20c:29ff:fd9c:4b7 >> $ dig +short b.example.com >> 2001:db8::20c:29ff:fd9c:4c1 >> $ >>

Re: httpd.conf: 2 interfaces, 2 listen, IPv6, only one server works

2001:db8::20c:29ff:fd9c:4c1 $ My httpd.conf looks like this*: ipa = "2001:db8::20c:29ff:fd9c:4b7" ipb = "2001:db8::20c:29ff:fd9c:4c1" server "a.example.com" { listen on $ipa port 80 directory index index.html location "

httpd.conf: 2 interfaces, 2 listen, IPv6, only one server works

httpd.conf looks like this*: ipa = "2001:db8::20c:29ff:fd9c:4b7" ipb = "2001:db8::20c:29ff:fd9c:4c1" server "a.example.com" { listen on $ipa port 80 directory index index.html location "/*" { root "/htdocs/a"

Re: httpd(8) - Internal Server error (500) on invalid request

interpreted as 1.1. This is what nginx does too. > > > I don't understand why an invalid HTTP version sent by the client > should result in a server error while the problem actually is on > the other side, isn't it? Wouldn't a "400 Bad Request" response > instead of a &qu

Re: httpd(8) - Internal Server error (500) on invalid request

P version sent by the client should result in a server error while the problem actually is on the other side, isn't it? Wouldn't a "400 Bad Request" response instead of a "505 HTTP Version Not Supported" be more appropriate? Second, the latest version correctly detects "HT

Re: httpd(8) - Internal Server error (500) on invalid request

Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.10.21 17:19:02 +0200: > > + version = http_version_num(desc->http_version); > > I woud prefer if this code would store the version not in > desc->http_version until after the strdup(). The way these strdup work is > just wonky.

Re: httpd(8) - Internal Server error (500) on invalid request

Hi, On 21.10.21 13:31, Claudio Jeker wrote: >> >> Hi, >> >> yes. The server should probably answer with a "Bad Request" instead. >> >> Fix below. ok? > > OK claudio@ > Thanks for the quick fix! Another question, to httpd(8). Tried t

<    1   2   3   4   5   6   7   8   9   10   >