httpd rewrite and REQUEST_URI value
I was very eager to implement the new rewrite functionality in httpd. However, I've run into an issue, and I am uncertain whether the new behavior is CGI-compliant or not. The app I am attempting to convert to httpd is currently built on nginx, and the rewrite functionality it offers satisfies all of my app's needs. But for a variety of reasons, I would prefer to use httpd. My goal is to implement a RESTful API, which involves rewriting all requests for "virtual" resources to target an index.php page, which uses the SlimPHP micro framework to handle routing and all other tasks related to servicing requests. That routing relies on the value of the REQUEST_URI parameter to perform its work. In httpd.conf, I have this rewrite rule: location match "/hello/.*" { request rewrite "/index.php" } while in nginx, I have this one: try_files $uri /index.php; location /index.php { fastcgi_pass unix:run/php-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } For the URL: http://example.com/hello/fred, here are the differing values of REQUEST_URI: nginx: /hello/fred httpd: /index.php Based on the definition in the httpd.conf(5) man page, which says $REQUEST_URI contains "the request path and optional query string", I would have expected that the original value of REQUEST_URI would have been preserved even after the rewrite. Otherwise, there is no way for the target resource to know the original (pre-rewrite) URI. Unless, of course, it was embedded within the rewritten URI as a query string by the rewrite directive in the .conf file. But that's not very practical if the original URI already has a query string. Am I correct in assuming the REQUEST_URI's value should not be altered by the rewrite operation? If the post-rewrite URI is meant to be borne by DOCUMENT_URI, why also change the value of REQUEST_URI? This makes no sense to me. Many thanks in advance for any enlightenment you can provide.
Re: How to build with VMM_DEBUG
On Sat, Jun 23, 2018 at 6:10 AM, Stefan Sperling wrote: > See https://marc.info/?l=openbsd-bugs=152960299009667=2 for > a patch you could test. > (raw patch: https://marc.info/?l=openbsd-bugs=152960299009667=raw) > FWIW, that patch didn't apply cleanly to a fresh pull of the tree from GitHub. I know it's not OFFICIALLY -CURRENT for realsies but it's what I have been using on this laptop for months. It sounds like it was probably patched against -STABLE? I didn't read the entire thread on bugs@. I have tried with 3 daily snapshots in a row and I'm having the same problem. I haven't actually fired up vmm in a few weeks, so I'm not sure exactly when it quit working. I'm re-building with VMM_DEBUG first. Mike, I'll send all relevant info (dmesg, vmd -dvvv, vm.conf) to bugs@ once I have it, unless this sounds like an ongoing thing you probably have on your radar already. I'm not in a huge rush, so I can wait a bit if you think you have something that'll make it into -CURRENT in a while.
Re: How to build with VMM_DEBUG
On Fri, Jun 22, 2018 at 11:41:22PM -0500, Ax0n wrote: > I'm trying to hunt down a recent breakage with my VMM virtual machines > refusing to start, and I'm getting errors like this: > > vcpu_run_loop: vm 5 / vcpu 0 run ioctl failed: Invalid argument > > It looks like previous requests for help with this error have resulted in > being asked to build with the VMM_DEBUG macro, but I don't know how to do > that. I do not see VMM_DEBUG in the GENERIC config, and just a few ifdefs > in the code. > > I'd like to gather more info to provide a more complete bug report. Ideas? > > --ax0n uncomment the #define VMM_DEBUG line at the top part of vmm.c -ml
WHere to put certificates for IKEDv2?
Hi all, I am using Easy-RSA to manage my home's CA (using elliptic curve certificates). I have created a certificate for my OpenBSD gw for IKEv2 connections (using strongswan mainly). My question is where do I need to put OpenBSD certs under /etc/iked? I have installed myhost.crt in /etc/iked/pubkeys/fqdn/myhost.crt and myhost.key in /etc/iked/private/myhost.key, but running "iked -dvv" returns me the following error: ikev2_msg_auth: initiator auth data length 960 ikev2_msg_authverify: method SIG keylen 962 type X509_CERT _dsa_verify_init: signature scheme 4 selected ikev2_msg_authverify: authentication successful sa_state: AUTH_REQUEST -> AUTH_SUCCESS sa_stateflags: 0x0024 -> 0x0034 certreq,authvalid,sa (required 0x003b cert,certvalid,auth,authvalid,sa) ikev2_sa_negotiate: score 0 ikev2_sa_negotiate: score 10 ikev2_sa_negotiate: score 0 ikev2_sa_negotiate: score 4 sa_stateflags: 0x0034 -> 0x0034 certreq,authvalid,sa (required 0x003b cert,certvalid,auth,authvalid,sa) sa_stateok: VALID flags 0x0030, require 0x003b cert,certvalid,auth,authvalid,sa sa_state: cannot switch: AUTH_SUCCESS -> VALID config_free_proposals: free 0xb9bb7e8a80 config_free_proposals: free 0xb9bb7e8700 config_free_proposals: free 0xb965e22400 config_free_proposals: free 0xba238e1e80 ca_getreq: found CA /C=ES/ST=Barcelona.. ca_getreq: no valid local certificate found ca_setauth: auth length 256 ca_validate_pubkey: unsupported public key type ASN1_DN ca_validate_cert: /C=ES/... ok Do i need to install user certificates also in OpenBSD gw? thanks -- Greetings, C. L. Martinez
Re: How to build with VMM_DEBUG
On Sat, Jun 23, 2018 at 5:56 AM, Christian Barthel wrote: > I am having the same problem after installing "010_intelfpu" on OpenBSD > 6.3 stable. If you revert back, does it work for you again? > The only vmm(4) capable machine I have is running -CURRENT, so no reverting syspatches. > I think you have to uncomment the following line in vmm.c (for amd64, > this is /usr/src/sys/arch/amd64/amd64/vmm.c): > > /* #define VMM_DEBUG */ > > Then, recompile as usually (release(8)). > > Thanks! I'll give that a shot if the patch posted up-thread by stsp@ doesn't fix it.
why is this pf rule logging?
OpenBSD 6.3, amd64 I am seeing this record being logged by pf. The rule specified in the record does not have logging enabled. I must be missing something simple as to why it is logging, but I can't see it. 20180623T112712.952EDT sentry pf: rule 12/(match) pass in on em0: fe80::1a8b:9dff:fed4:7822 > ff02::1: HBH icmp6: multicast listener query v2 [|icmp6] [class 0xe0] [hlim 1] # pfctl -s rules -R 12 pass in quick inet6 proto ipv6-icmp all keep state (max 16, adaptive.start 6, adaptive.end 12) Actual pf.conf text for the rule: pass in quick inet6 proto icmp6 from any to any keep state (max 16) Why is it logging? thx.
Re: Restoring MIPS32 support as a private project
Hello, I have always thought about running obsd on my ci20 https://en.wikipedia.org/wiki/Imagination_Creator#Creator_Ci20 the v2 is the one I have. I am not that great of a coder but could try running some builds or something. I'd like to get more involved with the project. I learn a lot just reading the list. Have a good day all :) On Fri, Jun 22, 2018 at 02:37:46PM -0500, r...@rvx86.net wrote: > So, I have a mipsel-none-elf32 bare-metal Clang/LLVM cross-compiler (and the > corresponding bare-metal GNU cross-binutils), and the platform-specific code > ('sys/mips/mips' and 'sys/mips/broadcom') from the FreeBSD source tree as a > starting point. > > Are there any other specific considerations to bootstrapping OpenBSD using > the cross-compiler? The target is a router (128MB flash, 128MB RAM), so a > native build is probably impractical, I plan to attach urndis(4) devices to > its lone USB port primarily. > > (Yes, I plan to do the porting myself, just wanted to ask about any build > system specifics. There isn't much in the way of documentation re: porting > OpenBSD to a "new" architecture.) > > Thanks > R > > >
Re: New laptop recommendations
I looked into all of your comments, and I thank you for it. The coreboot/libreboot way was very tempting, but not competitive pricewise. I no longer have a desktop since the past century, spoiled by three MBPs, and need something robust, light, and performing. I spotted an offer for a new Lenovo T480, i5 series 8, 8GB RAM with an empty slot for easy upgrade, dual storage (!!!) with SSD on m.2 and conventional SATA, dual lithium battery for up to 4 days of work without need to plug the power cord, a 14" display, fingerprint and smartcard reader, and a videocamera. Not happy about the clitmouse, and the meccanical mouse buttons. The best part is the cost: 999€ plus VAT. An MBP with similar specs costs north of 3000€, all soldered in. So long Apple, and hello Lenovo! :-))) On Tue, Jun 19, 2018 at 12:37, Rupert Gallagher wrote: > I'm done with my 10 years old 1200EUR MacBookPro. It served me well, every > day, but is now falling apart, finally. I would buy a new one if only Steve > Jobs would be alive and keeping Apple inspired. The new models are > meticulously designed to make you suffer: expensive, slow cpu, soldered ram, > soldered disk, small disk, bad keyboard keys, wifi only, must pay extra for > standard connectors. I have 1500EUR for a new laptop. What would you buy with > it?
Re: OpenSMTPD and tls no-verify
On Sat, 23 Jun 2018 13:11:37 +0200 "Peter J. Philipp" wrote: > This is more a question to the OpenSMTPD community. There's another mailing list Peter: http://www.OpenSMTPd.Org/list.html Cheers, -- Craig Skinner | http://linkd.in/yGqkv7
Re: OpenSMTPD and tls no-verify
On Sat, Jun 23, 2018 at 01:33:59PM +0200, Sebastien Marie wrote: > Hi Peter, > > The short response is: no. > > The long one is that currently `tls no-verify' applies only for > smarthost configuration (`relay' with `host url', when tls is implied). > > smtpd(8) should complains if you try the syntax you mentioned with: > > tls no-verify may not be specified without host on a dispatcher > > Thanks Thank you! -peter > -- > Sebastien Marie
Re: OpenSMTPD and tls no-verify
On Sat, Jun 23, 2018 at 01:11:37PM +0200, Peter J. Philipp wrote: > Hi, > > This is more a question to the OpenSMTPD community. In OpenBSD 6.4 and > already > in -current there is a new config file syntax. I did the work and converted > my config: > > http://www.centroid.eu/blog/c?article=1529689653 > > That is from my blog. I have a question though whether my config is indeed > correct. In another config I had to add "tls no-verify" in the action "relay" > for it to deliver to my self-signed opensmtpd. In order to enjoy wide > coverage > to people who I mail to, do I need to add/replace the following statement? > > action "relay" relay > > to > > action "relay" relay tls no-verify > > Any helping feedback would be appreciated. Thanks. > Hi Peter, The short response is: no. The long one is that currently `tls no-verify' applies only for smarthost configuration (`relay' with `host url', when tls is implied). smtpd(8) should complains if you try the syntax you mentioned with: tls no-verify may not be specified without host on a dispatcher Thanks -- Sebastien Marie
OpenSMTPD and tls no-verify
Hi, This is more a question to the OpenSMTPD community. In OpenBSD 6.4 and already in -current there is a new config file syntax. I did the work and converted my config: http://www.centroid.eu/blog/c?article=1529689653 That is from my blog. I have a question though whether my config is indeed correct. In another config I had to add "tls no-verify" in the action "relay" for it to deliver to my self-signed opensmtpd. In order to enjoy wide coverage to people who I mail to, do I need to add/replace the following statement? action "relay" relay to action "relay" relay tls no-verify Any helping feedback would be appreciated. Thanks. -peter
Re: How to build with VMM_DEBUG
On Fri, Jun 22, 2018 at 11:41:22PM -0500, Ax0n wrote: > I'm trying to hunt down a recent breakage with my VMM virtual machines > refusing to start, and I'm getting errors like this: > > vcpu_run_loop: vm 5 / vcpu 0 run ioctl failed: Invalid argument See https://marc.info/?l=openbsd-bugs=152960299009667=2 for a patch you could test. (raw patch: https://marc.info/?l=openbsd-bugs=152960299009667=raw)
Re: How to build with VMM_DEBUG
> I'm trying to hunt down a recent breakage with my VMM virtual machines > refusing to start, and I'm getting errors like this: > > vcpu_run_loop: vm 5 / vcpu 0 run ioctl failed: Invalid argument I am having the same problem after installing "010_intelfpu" on OpenBSD 6.3 stable. If you revert back, does it work for you again? > It looks like previous requests for help with this error have resulted in > being asked to build with the VMM_DEBUG macro, but I don't know how to do > that. I do not see VMM_DEBUG in the GENERIC config, and just a few ifdefs > in the code. I think you have to uncomment the following line in vmm.c (for amd64, this is /usr/src/sys/arch/amd64/amd64/vmm.c): /* #define VMM_DEBUG */ Then, recompile as usually (release(8)). > > I'd like to gather more info to provide a more complete bug report. Ideas? > > --ax0n >