Re: pppoe (kernel) works but doesn't
Sorry for bothering you, I had to go tcpdump the entire network "conversation" between linux and bsd in order to find out that I had miss type my username... Thank you for your reply Pierre nevertheless :) P.S. This topic can be deleted -- View this message in context: http://openbsd-archive.7691.n7.nabble.com/pppoe-kernel-works-but-doesn-t-tp292491p292510.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
WAPBL?
Hi, Just out of curiosity, what has happend with WAPBL? There were some patches floating around on tech@ in the last months of 2015, but then it became quiet. I'm not complaining just curious. Kind regards, Martijn Rijkeboer
Re: Mail : MRA MDA LDA e-mail processors in OpenBSD
>I don't know what "MRA" means, but for fetching: According to Wikipedia's "Email agent" there are: Mail user agent (MUA) Mail submission agent (MSA) Mail access agent (MAA) Mail transfer agent (MTA) Mail delivery agent (MDA) Mail retrieval agent (MRA)
Re: HTTPS Only 3.1 (Detailed Analysis, Browser Security, Open Source, Python)
> On Thu, 24 Mar 2016, Kevin Chadwickwrote: > > BTW, only allowing Javascript to come from the primary domain over SSL > > would be a far saner idea, but lets see you get that past Google, > > facebook and all the other tracking sites? > > It's possible with content security policy[1][2], but completely > optional and up to the webmaster (custom header sent by the server). > Google etc are actually pushing for it. > > [1]: https://en.wikipedia.org/wiki/Content_Security_Policy > [2]: https://developer.mozilla.org/en-US/docs/Web/Security/CSP Please, you think that says anything about Google, it doesn't even say anything about a few Google developers? Google generally works in teams of four by the way apparently. Yes I have that enabled on my sites as there is NO javascript at all but that is next to useless as my sites aren't problem sites. The noscript extension for firefox appears to increase firefox's startup use of memory by more than the xombrero browser uses on startup! Here's a question or two. Why can you not clear any content on browser shutdown on chrome but can in comodos version called chromodo. Why are the chrome javascript controls next to useless and hitting enable has no effect on video sites that try to ensure adverts have been run? I could throw in why google are adverse to firewalls but that would open up more trolling. I have nothing against Google btw but some of their software design decisions are as bad as Apples engineering. Anyway, non of this has anything to do with OpenBSD as I doubt libressl and it's CA ability would be the chosen solution to any OpenBSD security problems when there is OpenSSH available and many of the developers meet regularly enough. So I assume the developers would agree that it would be good if https everywhere nonsense wasn't brought up on this list again please. -- KISSIS - Keep It Simple So It's Securable
Re: Tcpdump on pflow0 failed, understanding (or not) the pflow0 pseudo device
On 26/03/16 17:02, Eike Lantzsch wrote: Hi: For learning purposes I want to set up collecting NetFlow data from my small office router (5.8 release on a PC-Engines Alix 2D13 device). I'm trying to follow http://bsdly.blogspot.ca/2014/02/yes-you-too-can-be-evil-network.html and I have Peter N. M. Hansteen's fine Book of PF (3) at hand - chapter 9 "Collecting NetFlow Data with pflow(4)". However I seem to have a hard time to understand some details. I set up /etc/pf.conf # options: set state-defaults pflow and /etc/hostname.pflow0 and get this: # ifconfig pflow0 pflow0: flags=41mtu 1448 priority: 0 pflow: sender: 192.168.12.1 receiver: 192.168.12.31:9995 version: 10 groups: pflow 192.168.12 is my internal small network. I plan to set up a collector on 192.168.12.31, which is an OpenBSD-vm on my work station. (Did I get this right? Or should I use the address which I get from my ISP as a souce address?) However # tcpdump -nettti pflow0 tcpdump: Failed to open bpf device for pflow0: Device not configured In /dev/ I got bpf0 up to bpf9 I did not set up a collector right now - just wanted to see if I get any NetFlow data. What did I miss setting up the pflow pseudo-device? Try tcpdump -i vr0 host 192.168.12.31 and port 9995 if vr0 is the interface to 192.168.1.31 G
Re: Mail : MRA MDA LDA e-mail processors in OpenBSD
lampsh...@poczta.fm (Lampshade), 2016.03.26 (Sat) 12:35 (CET): > I am casual OpenBSD user. I use it on laptop. I don't have servers and > do *not* want to create my own mail service. I use what crowd uses: > I have Yahoo, Gmail, Yandex mail accounts. > > I would like to use mutt and shell scripts for mail notification etc. > To accomplish this I want to have local copy of mail in > Maildir format. > What MRA do you use for that? Getmail, fetchmail or something else? I don't know what "MRA" means, but for fetching: fdm is a simple, lightweight replacement for mail fetch, filter and delivery programs such as fetchmail and procmail. It can fetch using POP3 or IMAP (with SSL) or from stdin, and deliver to a pipe, file, maildir, mbox or SMTP server, based on regexps. Maintainer: Nicholas MarriottIf you want to sync: OfflineIMAP is a tool to simplify your e-mail reading. With OfflineIMAP, you can read the same mailbox from multiple computers. You get a current copy of your messages on each computer, and changes you make one place will be visible on all other systems. For instance, you can delete a message on your home computer, and it will appear deleted on your work computer as well. OfflineIMAP is also useful if you want to use a mail reader that does not have IMAP support, has poor IMAP support, or does not provide disconnected operation. Both are in ports/packages, both work for me(tm). > Is there something in OpenBSD's base for that? Don't think so. > I would also like to do some things with mail for example > get rid off attachments for mail in one account and do reverse, > opposite on the other account: just backup attachments saving them > in normal file names with appropriate extensins in file names, > not inside other Maildir messages. > To accomplish this I think, but I am not sure, I need MDA such as > procmail or maildrop or something similar. > What do you use? I want something quite secure and not much > complicated. It does *not* need to be feature rich. > Bonus points for software in OpenBSD's base. I'd be interested to hear how long it has taken you from the current status to "mission accomplished". About 20 years on my part... without "mission accomplished". Bye, Marcus > !DSPAM:56f673f982709906019753!
Tcpdump on pflow0 failed, understanding (or not) the pflow0 pseudo device
Hi: For learning purposes I want to set up collecting NetFlow data from my small office router (5.8 release on a PC-Engines Alix 2D13 device). I'm trying to follow http://bsdly.blogspot.ca/2014/02/yes-you-too-can-be-evil-network.html and I have Peter N. M. Hansteen's fine Book of PF (3) at hand - chapter 9 "Collecting NetFlow Data with pflow(4)". However I seem to have a hard time to understand some details. I set up /etc/pf.conf # options: set state-defaults pflow and /etc/hostname.pflow0 and get this: # ifconfig pflow0 pflow0: flags=41mtu 1448 priority: 0 pflow: sender: 192.168.12.1 receiver: 192.168.12.31:9995 version: 10 groups: pflow 192.168.12 is my internal small network. I plan to set up a collector on 192.168.12.31, which is an OpenBSD-vm on my work station. (Did I get this right? Or should I use the address which I get from my ISP as a souce address?) However # tcpdump -nettti pflow0 tcpdump: Failed to open bpf device for pflow0: Device not configured In /dev/ I got bpf0 up to bpf9 I did not set up a collector right now - just wanted to see if I get any NetFlow data. What did I miss setting up the pflow pseudo-device? The Book of PF states: "With at least one pflow device configured [1] and at least one rule in your pf.conf that generates data for export via the pflow device [2], you’re almost finished setting up the sensor. You may still need to add a rule [3], however, that allows the UDP data to flow from the IP address you specified as the flow data source to the collector’s IP address and target port at the flow destination." [1] "one pflow device configured" did I understand correctly that this is done by /etc/hostname.pflow0 flowsrc 181.40.100.8 flowdst 192.168.12.31:9995 pflowproto 10 ? [2] "and at least one rule in your pf.conf that generates data for export via the pflow device" does this mean that set state-defaults pflow in /etc/pf.conf is enough or do I still need to add one pass rule with "keep state (pflow)"? [3] "add a rule, however, that allows the UDP data to flow from the IP address you specified as the flow data source to the collector’s IP address and target port at the flow destination" I'm not quite getting this. Isn't it done if I allow UDP packets in general to flow out of my internal interface into my network? Thank you for your time. Eike pfctl -sr: block return all block return in quick on vr0 inet from <__automatic_ca3abafe_0> to any block return out quick on vr0 inet from any to <__automatic_ca3abafe_1> block return log (all, to pflog1) quick from to any block return log (all, to pflog1) quick from to any pass inet proto tcp from any to 192.168.12.0/25 port = 53 flags S/SA keep state (source-track rule, max-src-con n 60, max-src-conn-rate 10/10, overload flush global, src.track 10) pass inet proto tcp from any to 192.168.12.0/25 port = 123 flags S/SA keep state (source-track rule, max-src-co nn 60, max-src-conn-rate 10/10, overload flush global, src.track 10) pass inet proto tcp from any to 192.168.12.0/25 port = 113 flags S/SA keep state (source-track rule, max-src-co nn 60, max-src-conn-rate 10/10, overload flush global, src.track 10) pass inet proto tcp from any to 192.168.12.0/25 port = 2244 flags S/SA keep state (source-track rule, max-src-c onn 60, max-src-conn-rate 10/10, overload flush global, src.track 10) pass inet proto tcp from any to 192.168.12.0/25 port = 5198 flags S/SA keep state (source-track rule, max-src-c onn 60, max-src-conn-rate 10/10, overload flush global, src.track 10) pass inet proto tcp from any to 192.168.12.0/25 port = 5199 flags S/SA keep state (source-track rule, max-src-c onn 60, max-src-conn-rate 10/10, overload flush global, src.track 10) block return in on ! lo0 proto tcp from any to any port 6000:6010 anchor "ftp-proxy/*" all pass in quick on vether0 inet proto tcp from any to any port = 21 flags S/SA keep state (pflow) divert-to 127.0 .0.1 port 8021 pass out inet proto tcp from 127.0.0.1 to any port = 21 flags S/SA keep state (pflow) match in all scrub (no-df max-mss 1440) match out on egress inet from ! (egress:network) to any nat-to (egress:0) round-robin block return in log all pass out quick all flags S/SA keep state (pflow) block drop in log quick on ! lo inet6 from ::1 to any block drop in log quick on ! lo inet from 127.0.0.0/8 to any block drop in log quick inet from 127.0.0.1 to any block drop in log quick on ! vether0 inet from 192.168.12.0/25 to any block drop in log quick inet from 192.168.12.1 to any block drop in log quick on lo0 inet6 from fe80::1 to any block drop in log quick inet6 from ::1 to any pass in log on egress inet proto tcp from any to (egress) port = 53 flags S/SA keep state (pflow) pass in log on egress inet proto tcp from any to (egress) port = 123 flags S/SA keep state (pflow) pass in log on egress inet proto tcp from any to (egress) port = 113 flags S/SA keep state (pflow) pass in log on egress inet proto tcp from any to (egress) port =
Re: pppoe (kernel) works but doesn't
Sorry for bothering you, I had to go tcpdump the entire network "conversation" between linux and bsd in order to find out that I had miss type my username... Thank you for your reply Pierre nevertheless :) P.S. This topic can be deleted On Sat, Mar 26, 2016 at 1:34 PM, Pierre Emeriaud < petrus.lt+open...@gmail.com> wrote: > Hi George, > > > pppoe0: flags=8855mtu > 1492 > > priority: 0 > > dev: em0 state: session > > sid: 0x1d1e PADI retries: 0 PADR retries: 0 time: 00:13:01 > > sppp: phase network authproto pap authname "user" > > groups: pppoe egress > > status: active > > inet 10.0.128.0 --> 83.235.1.86 netmask 0x > > > > Despite the fact that everything seems to work OK, I can only ping > > 83.235.1.86 and nothing else. I tried pinging 8.8.8.8 or my ISP's DNS > > servers but for some reason this is not possible. > > Are you sure you're not hitting some kind of walled garden? Or is the > private address from your ESX setup? > > If your ISP is indeed OTE, PAP seems fine as per > http://ipv6.ote.gr/?page_id=74=en, but you could try CHAP just in > case. > > -pierre
[solved] pkg_add broken (current/amd64)
I did it. but I only had _pkduntar (?). After doing again, it works. Thank you very much for fast help. Cheers Heiko Am 26.03.2016 um 13:54 schrieb Andreas Zeilmeier: > Hi Heiko, > > did you run sysmerge(8) after upgrading? > This will add the users/groups _pkgfetch and _pkguntar. > bd09c6fmxoq2...@intermezzo.net > Cheers > > Andi > > On 26.03.2016 13:33, Heiko wrote: >> Hello together, >> >> pkg_add is broken on my current amd64 since snapshot march 24. >> >> I get this: >> >> # pkg_add -ui >> Error from http://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/ >> Can't locate object method "fatal" via package >> "OpenBSD::PackageRepository::HTTP" at >> /usr/libdata/perl5/OpenBSD/PackageRepository.pm line 592. >> >> >> The corresponding code: >> >> -- snip --- >> sub drop_privileges_and_setup_env >> { >> my $state = shift; >> my $user = '_pkgfetch'; >> # we can't cache anything, we happen after the fork,. >> # right before exec >> if (my (undef, undef, $uid, $gid) = getpwnam($user)) { >> $( = $gid; >> $) = "$gid $gid"; >> $< = $uid; >> $> = $uid; >> } else { >> $state->fatal("Couldn't change identity: can't find #1", $user); >> } >> --- snip -- >> >> When I remark the "fatal" in line 592, I can update. But how can I fix >> it correctly? >> >> >> I did not find any change notes in: >> http://www.openbsd.org/faq/current.html >> >> Thank you in advance for your feedback. >> >> /Heiko
pppoe (kernel) authentication works but no internet
Hi, 1) I have set kernel pppoe with the following options (I have only one NIC directly connected to my dsl modem) : # cat /etc/hostname.pppoe0 inet 0.0.0.0 255.255.255.255 NONE \ pppoedev em0 authproto pap \ authname 'user' authkey 'pass' up dest 0.0.0.1 !/sbin/route add default -ifp pppoe0 0.0.0.1 2) authentication and remote/local IP seem to acquired fine (ifconfig output follows) pppoe0: flags=8855mtu 1492 priority: 0 dev: em0 state: session sid: 0x1d1e PADI retries: 0 PADR retries: 0 time: 00:13:01 sppp: phase network authproto pap authname "user" groups: pppoe egress status: active inet 10.0.128.0 --> 83.235.1.86 netmask 0x 3) default route is set correctly Internet: DestinationGatewayFlags Refs Use Mtu Prio Iface default83.235.1.86UGS0 68 - 8 pppoe0 10.0.128.0 10.0.128.0 UHl00 - 1 lo0 83.235.1.8610.0.128.0 UH 00 - 8 pppoe0 127/8 127.0.0.1 UGRS 00 32768 8 lo0 127.0.0.1 127.0.0.1 UHl10 32768 1 lo0 192.168.1/24 192.168.1.2UC 20 - 8 em0 192.168.1.200:50:56:bd:6e:be UHLl 00 - 1 lo0 192.168.1.4d8:cb:8a:3c:25:60 UHLc 215928 - 8 em0 192.168.1.100 00:0c:29:61:90:5c UHLc 0 10 - 8 em0 192.168.1.255 192.168.1.2UHb00 - 1 em0 224/4 127.0.0.1 URS00 32768 8 lo0 4) LCP communication seems to be OK: pppoe0: lcp output pppoe0 (8864) state=3, session=0x1d1e output -> 00:90:1a:41:fa:4b, len=16 pppoe0: lcp input(opened): Despite the fact that everything seems to work OK, I can only ping 83.235.1.86 and nothing else. I tried pinging 8.8.8.8 or my ISP's DNS servers but for some reason this is not possible. I am on OpenBSD 5.8 running under esxi 6. Any ideas? Thank you for your time, George -- View this message in context: http://openbsd-archive.7691.n7.nabble.com/pppoe-kernel-authentication-works-but-no-internet-tp292480.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: pkg_add broken (current/amd64)
On Sat, 26 Mar 2016 13:33:46 +0100, Heikowrote: > When I remark the "fatal" in line 592, I can update. But how can I fix > it correctly? It looks like you didn't run sysmerge(8). Did you? Cheers, Daniel
Re: pkg_add broken (current/amd64)
Hi Heiko, did you run sysmerge(8) after upgrading? This will add the users/groups _pkgfetch and _pkguntar. Cheers Andi On 26.03.2016 13:33, Heiko wrote: Hello together, pkg_add is broken on my current amd64 since snapshot march 24. I get this: # pkg_add -ui Error from http://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/ Can't locate object method "fatal" via package "OpenBSD::PackageRepository::HTTP" at /usr/libdata/perl5/OpenBSD/PackageRepository.pm line 592. The corresponding code: -- snip --- sub drop_privileges_and_setup_env { my $state = shift; my $user = '_pkgfetch'; # we can't cache anything, we happen after the fork,. # right before exec if (my (undef, undef, $uid, $gid) = getpwnam($user)) { $( = $gid; $) = "$gid $gid"; $< = $uid; $> = $uid; } else { $state->fatal("Couldn't change identity: can't find #1", $user); } --- snip -- When I remark the "fatal" in line 592, I can update. But how can I fix it correctly? I did not find any change notes in: http://www.openbsd.org/faq/current.html Thank you in advance for your feedback. /Heiko
pkg_add broken (current/amd64)
Hello together, pkg_add is broken on my current amd64 since snapshot march 24. I get this: # pkg_add -ui Error from http://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/ Can't locate object method "fatal" via package "OpenBSD::PackageRepository::HTTP" at /usr/libdata/perl5/OpenBSD/PackageRepository.pm line 592. The corresponding code: -- snip --- sub drop_privileges_and_setup_env { my $state = shift; my $user = '_pkgfetch'; # we can't cache anything, we happen after the fork,. # right before exec if (my (undef, undef, $uid, $gid) = getpwnam($user)) { $( = $gid; $) = "$gid $gid"; $< = $uid; $> = $uid; } else { $state->fatal("Couldn't change identity: can't find #1", $user); } --- snip -- When I remark the "fatal" in line 592, I can update. But how can I fix it correctly? I did not find any change notes in: http://www.openbsd.org/faq/current.html Thank you in advance for your feedback. /Heiko
Mail : MRA MDA LDA e-mail processors in OpenBSD
Hello, I am casual OpenBSD user. I use it on laptop. I don't have servers and do *not* want to create my own mail service. I use what crowd uses: I have Yahoo, Gmail, Yandex mail accounts. I would like to use mutt and shell scripts for mail notification etc. To accomplish this I want to have local copy of mail in Maildir format. What MRA do you use for that? Getmail, fetchmail or something else? Is there something in OpenBSD's base for that? I would also like to do some things with mail for example get rid off attachments for mail in one account and do reverse, opposite on the other account: just backup attachments saving them in normal file names with appropriate extensins in file names, not inside other Maildir messages. To accomplish this I think, but I am not sure, I need MDA such as procmail or maildrop or something similar. What do you use? I want something quite secure and not much complicated. It does *not* need to be feature rich. Bonus points for software in OpenBSD's base.
Re: pppoe (kernel) works but doesn't
Hi George, > pppoe0: flags=8855mtu 1492 > priority: 0 > dev: em0 state: session > sid: 0x1d1e PADI retries: 0 PADR retries: 0 time: 00:13:01 > sppp: phase network authproto pap authname "user" > groups: pppoe egress > status: active > inet 10.0.128.0 --> 83.235.1.86 netmask 0x > Despite the fact that everything seems to work OK, I can only ping > 83.235.1.86 and nothing else. I tried pinging 8.8.8.8 or my ISP's DNS > servers but for some reason this is not possible. Are you sure you're not hitting some kind of walled garden? Or is the private address from your ESX setup? If your ISP is indeed OTE, PAP seems fine as per http://ipv6.ote.gr/?page_id=74=en, but you could try CHAP just in case. -pierre
Re: Relayd TLS client mode CA verification
I have reported problem to bugs mailing list. Thanks for checking that and response.
Re: RS232 Mini PCI Express Serial Card
On 2016-03-25,wrote: > Hello, > > Can anyone confirm this device works with OpenBSD 5.8 or higher: > > https://www.startech.com/Cards-Adapters/Serial-Cards-Adapters/2-Port-RS232-Mini-PCI-Express-Serial-Card-16950-UART~MPEX2S952 > > I do not have one to test, so before purchasing I thought I would ask about > it or experience with something like it. There is a device entry in puc(4) for it, but I'm not sure if we got the uart speeds working right with the Oxford Semi native PCIE uart that this device uses, the clocking is based on PCIE and is at a frequency that is very different to other puc(4) devices and doesn't fit well with the way we encode them. That said, I was able to get a similar chip working, just the serial ports ran at the wrong speed (iirc it was halved or doubled compared to the speed requested).. > Would utilize it for the main console. This is fiddly with puc(4) devices in general - you need to identify the base address with pcidump and feed it to 'machine comaddr' in boot.conf and hope it doesn't change (which it may do especially if you add/remove other devices).
pppoe (kernel) works but doesn't
Hi, 1) I have set kernel pppoe with the following options (I have only one NIC directly connected to my dsl modem) : # cat /etc/hostname.pppoe0 inet 0.0.0.0 255.255.255.255 NONE \ pppoedev em0 authproto pap \ authname 'user' authkey 'pass' up dest 0.0.0.1 !/sbin/route add default -ifp pppoe0 0.0.0.1 2) authentication and remote/local IP seem to acquired fine (ifconfig output follows) pppoe0: flags=8855mtu 1492 priority: 0 dev: em0 state: session sid: 0x1d1e PADI retries: 0 PADR retries: 0 time: 00:13:01 sppp: phase network authproto pap authname "user" groups: pppoe egress status: active inet 10.0.128.0 --> 83.235.1.86 netmask 0x 3) default route is set correctly Internet: DestinationGatewayFlags Refs Use Mtu Prio Iface default83.235.1.86UGS0 68 - 8 pppoe0 10.0.128.0 10.0.128.0 UHl00 - 1 lo0 83.235.1.8610.0.128.0 UH 00 - 8 pppoe0 127/8 127.0.0.1 UGRS 00 32768 8 lo0 127.0.0.1 127.0.0.1 UHl10 32768 1 lo0 192.168.1/24 192.168.1.2UC 20 - 8 em0 192.168.1.200:50:56:bd:6e:be UHLl 00 - 1 lo0 192.168.1.4d8:cb:8a:3c:25:60 UHLc 215928 - 8 em0 192.168.1.100 00:0c:29:61:90:5c UHLc 0 10 - 8 em0 192.168.1.255 192.168.1.2UHb00 - 1 em0 224/4 127.0.0.1 URS00 32768 8 lo0 4) LCP communication seems to be OK: pppoe0: lcp output pppoe0 (8864) state=3, session=0x1d1e output -> 00:90:1a:41:fa:4b, len=16 pppoe0: lcp input(opened): 5) my pf.conf set skip on lo match on pppoe0 scrub (max-mss 1440) pass all Despite the fact that everything seems to work OK, I can only ping 83.235.1.86 and nothing else. I tried pinging 8.8.8.8 or my ISP's DNS servers but for some reason this is not possible. I am on OpenBSD 5.8 running under esxi 6. Any ideas? Thank you for your time, George
Re: Gogs PostgreSQL
I had everything in /var/git owned by the ‘git’ user, then the following rc.d file was sufficient: #!/bin/sh daemon="/var/git/go/src/github.com/gogits/gogs/gogs web &" daemon_user="git" . /etc/rc.d/rc.subr pexp="/var/git/go/src/github.com/gogits/gogs/gogs web" rc_reload=NO rc_cmd $1 > On 2016-03-25, at 20:18, Markus Henneckewrote: > > Am 25.03.2016 um 02:45 schrieb Predrag Punosevac: >> Hi Misc, >> >> Is anybody running Gogs >> >> https://gogs.io/ >> >> in production on OpenBSD using PostgreSQL as a backend. Any chance to >> share the installation/configuration notes with me? >> >> Predrag >> > Just compile it using the documentation. You don't have to set $GOROOT. OpenBSD has the go files in the path already under /usr/local/bin > > I mimiced the binary tar balls and copied all the files in there to my installation location. > The directories public, scripts and templates and the README and LICENSE files plus the gogs binary. > > You want to setup up a git user account if that is not already available. Set it up with a valid shell so that only public key authentication is allowed and let gogs handle all the SSH keys. In that way no user will get a login shell when connecting via SSH. > > Setup a user and database in postgresql, I did that with user and database name gogs. > Make the gogs user the owner of the gogs database and set a password. > Then on the installation page enter the username, password and database name and you should be set. Gogs will create all tables in the database during install. > > Gogs listens on 0.0.0.0 by default, so I added the entry HTTP_ADDR= 127.0.0.1 in the server section of the app.ini file and setup nginx to be a reverse proxy -> location /gogs/ { proxy_pass http://127.0.0.1:3000/; }, remember to adjust the ROOT_URL entry to match the nginx configuration. > > I wrote a litte rc.d script to start it using nohup, it has to be run as the git user account: > #! /bin/sh > > user="git" > daemon="/home/${user}/gogs/gogs" > daemon_flags="web" > > . /etc/rc.d/rc.subr > > rc_reload=NO > > rc_check() { >pkill -0 -f "${daemon} ${daemon_flags}" > } > > rc_stop() { >pkill -f "${daemon} ${daemon_flags}" > } > > rc_start() { >nohup su -l -c daemon ${user} -c "${daemon} ${daemon_flags}" >/dev/null 2>&1 & > } > > rc_cmd $1 > > > HTH > Markus