Re: syspatch question

After reading this thread I wondered why haven't I gotten an update in a while. So I checked and syspatch -c show no output but found it had a 1 return code. It turns out my URL in /etc/installurl was no longer a valid mirror for some reason (didn't investigate, just fixed). I suppose it's a

Re: sftp chroot

On Linux I have mounted another fs inside the user's home folder (it is mounted twice). I don't know if OpenBSD has that feature. On Wed, Jun 14, 2017 at 6:38 AM, Ville Valkonen wrote: > Hi, > > one option is to use local nfs mounts. That's what I've done. > > -- >

Re: OpenBSD's HTTPD troubles AGAIN - Can't find any man page that explains how to properly set up directory authentication.

I got curious so I looked at the man page. It seems to me one could authenticate a location i.e. folder/directory based on this part. > A location section may include most of the server configuration rules except > alias, connection,hsts, listen on, location, tcp and tls. V/r, Bryan

Re: relayd https relay

I don't think you can know the host header unless you decrypt the https using a certificate. It seems that idea would require SNI but I don't know if they have SNI in relayd/httpd. (I could be wrong about that.) In mine I have listen on $ext_addr port 443 tls. Then exists

Re: Security question / idea

Re: physical access, it seems not a technical problem. I.e. keep laptop with you, hire a guard, etc. I'm not very technical, but could the hash be stored in usb stick or online? Maybe construct yourself a "computer safe" to make it harder for people to get access while you're away? I.e.

Re: relayd TLS load balancer for multiple websites

Here is what I did, which I learned from the httpd & relayd book by Michael W Lucas (I recommend). I cannot remember why I set the top header options, I must have been trying to learn about them. The host ones are to figure out the site and send the connection to the table above. ext_addr="..."

vio(4) tap(4) question

Hi folks, I am in the learning process about vmd. When I read the vmctl(8) man page I have incorrectly got the idea that I can have a VM that has a vio interface but without a mapping to a host tap interface, simply by omitting the -i option from the "vmctl start vmX" command. However, if I

Re: vio(4) tap(4) question

On Mon, Aug 28, 2017 at 6:18 PM, Mike Larkin <mlar...@azathoth.net> wrote: > On Mon, Aug 28, 2017 at 06:03:16PM -0400, Bryan Harris wrote: >> If the vio is connected to the virtual switch, and the switch is > > But the vio(4) interface isn't visible to the host. So what you

Re: vio(4) tap(4) question

called tap, but I never connected the dots. V/r, Bryan On Mon, Aug 28, 2017 at 6:52 PM, Mike Larkin <mlar...@azathoth.net> wrote: > On Mon, Aug 28, 2017 at 06:48:20PM -0400, Bryan Harris wrote: >> On Mon, Aug 28, 2017 at 6:18 PM, Mike Larkin <mlar...@azathoth.net> wrote: >

Re: vio(4) tap(4) question

Hi Trond, We must have been typing at the same time, yes that ended up working. I tried a * character first but that didn't work (and wasn't in the man page anyway). V/r, Bryan On Mon, Aug 28, 2017 at 9:32 PM, trondd <tro...@kagu-tsuchi.com> wrote: > On Mon, August 28, 2017 6:03

Re: vmm workflow

I had the same issue with boot option in vm.conf and never solved my difficulty using the vm.conf file itself (I assumed I must have misunderstood the doc). Instead I used the command line option for vmctl starting the machine. After I installed the O/S using bsd.rd I did not need that option

Re: Need help setting http headers using relayd (and httpd)

There is a book called relayd and httpd. I think it has what you need. V/r, Bryan > On Oct 12, 2017, at 1:33 PM, Andreas Thulin wrote: > > Hi! > > Before anything, thanks for yet another awesome OpenBSD release! I’ll > extend my gratitude into the pockets of the

Re: The "like" factor

Re: question: > How did you solve the "like" factor? I don't know how true, but I like these passages. "My mother had a favorite saying (origin unknown): "You can get used to anything if you do it long enough. Even hanging." She trotted out that saying whenever my siblings or I complained about

Re: acme-client new cert error

Did you already have a cert for datagenic.com but which didn’t include the new name? I think the -A argument only makes a new cert when old one doesn’t exist. Otherwise tries to use found cert and failed because old cert doesn’t have new name. At least that’s my understanding. Or maybe I

Re: acme-client new cert error

Ah okay. In my different situation I did mv /etc/ssl/cert /tmp Then ran command again. I will try -D next time instead. V/r, Bryan > On May 25, 2018, at 5:51 PM, Scott Vanderbilt <li...@datagenic.com> wrote: > >> On 5/25/2018 2:41 PM, Bryan Harris wrote: >> Did

Re: Partitioning recommendations for 6.3?

The webserver is called httpd (not the apache one). I like this book but some people don't need the extra help of a book (I do). https://www.michaelwlucas.com/tools/relayd On Mon, Jun 25, 2018 at 11:49 AM John Long wrote: > On Mon, 2018-06-25 at 10:15 -0500, Vijay Sankar wrote: > > Here is my

Re: Backup of OpenBSD under VMware

Last resort shut down VM then backup. I like the tool called tarsnap. It backs up to a remote service and you keep a private key. Everything is encrypted before it “exits” your VM for the remote side. Also very cheap. I only backup a few files and spent barely a penny. > Your current account

Re: a pf question maybe asked a 1000 times

I don't know the answer but I'm curious. What does "pfctl -sr" command show? Can you do dns lookups? PS - my rules have the "pass out all" rule at the bottom. V/r, Bryan On Fri, Oct 20, 2017 at 6:59 AM, Markus Rosjat wrote: > Hi there, > > I was wondering, after reading mr

Re: Community-driven OpenBSD tutorials wiki?

My preference is to purchase a book. I have had a good experience with Absolute OpenBSD, Httpd & Relayd, the tarsnap book, and the Book of PF. I would buy a book about OpenSMTPD and also ikev2 but I didn't see any. Just my $0.02, I like books better than online tutorials. V/r, Bryan On Thu,

Re: NSA encryption algorithms in Linux kernel, OpenBSD too?

> On Aug 7, 2018, at 7:15 AM, Kevin Chadwick wrote: > > On Mon, 6 Aug 2018 15:52:11 -0500 > It may be more likely that some zealous chrome devs > decided https everywhere was utterly important and so misleading > messages were the order of the day. For some reason I thought https

Re: Strange message from syspatch

I once had incorrect VM time causing OCSP response like it was out of date, and syspatch refused in a similar way. But different than your situation I think. V/r, Bryan On Fri, Jan 12, 2018 at 7:19 AM, Stuart Henderson wrote: > On 2018-01-12, dmitry.sensei

Re: httpd howto redirect port 80 to 443 in vm

Alternate?: go back to original config and change server "default" to server "example.com" And maybe an alias for "www.example.com." Just a thought. V/r, Bryan

Re: httpd - serving index.html & index.php at the same time

I'll ask a dumb question. Why do you need extra root directives? Can't you do this? location "^/phpapp/*" { directory index "index.php" } location "*.php" { fastcgi socket "/run/php-fmp.sock } Bryan On Wed, Apr 11, 2018 at 10:32 AM, Mischa wrote: > > On 11 Apr 2018, at

Re: Cloud-Storage & OpenBSD

Tarsnap? Sent from my iPhone > On Sep 2, 2018, at 10:43 AM, Kurtis wrote: > > Hey all, > > I'm just wondering if anyone has any suggestions with any Online File Backup > / Synchronization services? > > I used Dropbox for a long time but decided to drop it in favor of pCloud. > It's about

OpenIKED traffic question

Hello, I have a semi-working vpn from Windows 10 client to OpenBSD 6.4 running iked using machine certificates authentication method. When I connect to the VPN, I can ping from Win 10 to the ip address of enc0 on the other side (10.1.0.2). Unbound is listening on that ip address, and DNS

Re: Purpose of primary and secondary user groups

On 12/30/2018 12:33 AM, Philip Guenther wrote: On Sat, Dec 29, 2018 at 11:29 AM Ipsen S Ripsbusker < ip...@ripsbusker.no.eu.org> wrote: Aside from compatibility, what is the purpose of primary groups, compared to secondary groups? Said otherwise, why do we have both primary and secondary