Re: Question regarding Apache 2.0 license
Hi Stuart, On Mon, 2022-11-07 at 23:20 +, Stuart Henderson wrote: > Hi Jeroen, > > On 2022-11-07, Jeroen Koekkoek wrote: > > Hi All, > > > > I'm working on some patches/features for NSD. One of the new > > features > > uses some Apache 2.0 licensed code (for now). > > > > Sorry to ask this question, but just to verify: > > > > * OpenBSD-base cannot include any software licensed under Apache > > 2.0. > > * Software in the ports collection is allowed to be licensed under > > Apache 2.0. > > Right. > > > If my assumptions are correct, and since NSD is in base, the > > dependency > > on the Apache 2.0 licensed code is therefore better removed or, > > alternatively, relicensed under a BSD-compatible license, right? > > If this will add Apache-licensed code to NSD itself we can't take it. > (It may be an issue for other users too - in some cases they will > then > have to think more about patent law when they decide whether to use > the software). > > If it's in an external dependency (say, some NSD feature uses some > external Apache-licensed library, but that feature is optional, > and the NSD code which makes use of it follows the standard LICENSE > from the NSD distribution) then we can just disable the option. > Thanks, exactly what I needed to know. - Jeroen
Re: Question regarding Apache 2.0 license
Hi Jeroen, Thank you for considering the license and venturing to improve OpenBSD base, NSD in this case. The preferred license template is modeled after the ISC license, and 2-clause BSD close behind. License policy: ISC or BSD only https://www.openbsd.org/policy.html ISC license template: https://www.openbsd.org/policy.htmlhttps://cvsweb.openbsd.org/src/share/misc/license.template?rev=HEAD Some of the tools I depend on are licensed Apache/GPL, etc, but not in OpenBSD base. Hope that helps. https://cvsweb.openbsd.org/src/share/misc/license.template?rev=HEAD On Mon, Nov 7, 2022 at 3:20 PM, Stuart Henderson wrote: > Hi Jeroen, > > On 2022-11-07, Jeroen Koekkoek wrote: >> Hi All, >> >> I'm working on some patches/features for NSD. One of the new features >> uses some Apache 2.0 licensed code (for now). >> >> Sorry to ask this question, but just to verify: >> >> * OpenBSD-base cannot include any software licensed under Apache 2.0. >> * Software in the ports collection is allowed to be licensed under >> Apache 2.0. > > Right. > >> If my assumptions are correct, and since NSD is in base, the dependency >> on the Apache 2.0 licensed code is therefore better removed or, >> alternatively, relicensed under a BSD-compatible license, right? > > If this will add Apache-licensed code to NSD itself we can't take it. > (It may be an issue for other users too - in some cases they will then > have to think more about patent law when they decide whether to use > the software). > > If it's in an external dependency (say, some NSD feature uses some > external Apache-licensed library, but that feature is optional, > and the NSD code which makes use of it follows the standard LICENSE > from the NSD distribution) then we can just disable the option. > > -- > Please keep replies on the mailing list.
Re: Question regarding Apache 2.0 license
Hi Jeroen, On 2022-11-07, Jeroen Koekkoek wrote: > Hi All, > > I'm working on some patches/features for NSD. One of the new features > uses some Apache 2.0 licensed code (for now). > > Sorry to ask this question, but just to verify: > > * OpenBSD-base cannot include any software licensed under Apache 2.0. > * Software in the ports collection is allowed to be licensed under > Apache 2.0. Right. > If my assumptions are correct, and since NSD is in base, the dependency > on the Apache 2.0 licensed code is therefore better removed or, > alternatively, relicensed under a BSD-compatible license, right? If this will add Apache-licensed code to NSD itself we can't take it. (It may be an issue for other users too - in some cases they will then have to think more about patent law when they decide whether to use the software). If it's in an external dependency (say, some NSD feature uses some external Apache-licensed library, but that feature is optional, and the NSD code which makes use of it follows the standard LICENSE from the NSD distribution) then we can just disable the option. -- Please keep replies on the mailing list.
Question regarding Apache 2.0 license
Hi All, I'm working on some patches/features for NSD. One of the new features uses some Apache 2.0 licensed code (for now). Sorry to ask this question, but just to verify: * OpenBSD-base cannot include any software licensed under Apache 2.0. * Software in the ports collection is allowed to be licensed under Apache 2.0. If my assumptions are correct, and since NSD is in base, the dependency on the Apache 2.0 licensed code is therefore better removed or, alternatively, relicensed under a BSD-compatible license, right? Thanks in advance. Cheers, Jeroen
Re: pthread_mutexattr_setpshared and Apache Guacamole remote desktop gateway
On 05/03/2020 10:53 a.m., Edgar Pettijohn wrote: On Mar 5, 2020 10:15 AM, Steve Williams wrote: Hi, Should this be on ports@? I'm not working on a port... TL;DR: Does anyone have any recommendations on how to work around not having pthread_mutexattr_setpshared in the OpenBSD pthreads library? Have you tried searching the ports tree patch files for mention of the function. You may find a real world example of a workaround. Edgar DETAILS: I wanted to see if Apache Guacamole would compile on OpenBSD to server as a remote desktop gateway. It hasn't been too hard to get it to the final linking step. I am getting an "undefined reference to `pthread_mutexattr_setpshared'": ../../src/libguac/.libs/libguac.so.17.0: undefined reference to `pthread_mutexattr_setpshared' collect2: ld returned 1 exit status *** Error 1 in src/guacenc (Makefile:565 'guacenc': @echo " CCLD " guacenc;/bin/sh ../../libtool --silent --tag=CC --mode=link gcc -s...) *** Error 1 in . (Makefile:556 'all-recursive') *** Error 1 in /home/steve/src/guacamole-server-1.1.0 (Makefile:453 'all') When I look at some of the code using pthread_mutexattr_setpshared, it's not #ifdef'd or anything, so I think it's pretty much mandatory code. pool.c: guac_pool* guac_pool_alloc(int size) { pthread_mutexattr_t lock_attributes; guac_pool* pool = malloc(sizeof(guac_pool)); /* If unable to allocate, just return NULL. */ if (pool == NULL) return NULL; /* Initialize empty pool */ pool->min_size = size; pool->active = 0; pool->__next_value = 0; pool->__head = NULL; pool->__tail = NULL; /* Init lock */ pthread_mutexattr_init(_attributes); pthread_mutexattr_setpshared(_attributes, PTHREAD_PROCESS_SHARED); //^ pthread_mutex_init(&(pool->__lock), _attributes); It looks like this is a posix (of some version) function: https://pubs.opengroup.org/onlinepubs/009695399/functions/pthread_mutexattr_setpshared.html An "appropos" search in the OpenBSD man pages for "pthread_mutexattr" returned: https://man.openbsd.org/man3/pthread_mutexattr.3 This function is definitely missing... I tried to see if there was a way to use pthread_mutexattr_settype to accomplish the same thing, but got lost in the maze of documentation. Does anyone have any recommendations on how to work around not having pthread_mutexattr_setpshared in the OpenBSD pthreads library? Thanks, Steve Williams Hi, Great idea to check the ports tree patch files! I will start to look through these and see how they are handling things. I have deleted all the lines returned for posixtestsuite port. $ find . -type f -print0 | xargs -0 grep pthread_mutexattr_setpshared | tee /tmp/shared.out ./databases/virtuoso/patches/patch-libsrc_Thread_sched_pthread_c: rc = pthread_mutexattr_setpshared (&_mutex_attr, PTHREAD_PROCESS_PRIVATE); ./databases/virtuoso/patches/patch-libsrc_Thread_sched_pthread_c: rc = pthread_mutexattr_setpshared (&_mutex_attr, PTHREAD_PROCESS_PRIVATE); ./databases/virtuoso/patches/patch-libsrc_Thread_sched_pthread_c: rc = pthread_mutexattr_setpshared (&_attr, PTHREAD_PROCESS_PRIVATE); ./devel/lam/patches/patch-config_lam_mutex_pshared_m4: if (pthread_mutexattr_setpshared(, PTHREAD_PROCESS_SHARED)) return(1); ./textproc/sphinx/patches/patch-src_sphinxstd_cpp:- iRes = pthread_mutexattr_setpshared ( , PTHREAD_PROCESS_SHARED ); ./textproc/sphinx/patches/patch-src_sphinxstd_cpp:- m_sError.SetSprintf ( "pthread_mutexattr_setpshared, errno = %d", iRes ); ./x11/kde4/libs/files/ConfigureChecks.cmake: if (pthread_mutexattr_setpshared(, PTHREAD_PROCESS_SHARED) == -1) { ./x11/kde4/libs/files/ConfigureChecks.cmake: printf(\"pthread_mutexattr_setpshared failed: %s\", strerror(errno)); ./x11/kde4/libs/patches/patch-kdecore_util_kshareddatacache_p_h: if (pthread_mutexattr_setpshared(, PTHREAD_PROCESS_SHARED) == 0 && Cheers, Steve Williams
Re: pthread_mutexattr_setpshared and Apache Guacamole remote desktop gateway
On Mar 5, 2020 10:15 AM, Steve Williams wrote: > > Hi, > > Should this be on ports@? I'm not working on a port... > > TL;DR: > Does anyone have any recommendations on how to work around not having > pthread_mutexattr_setpshared in the OpenBSD pthreads library? > Have you tried searching the ports tree patch files for mention of the function. You may find a real world example of a workaround. Edgar > DETAILS: > I wanted to see if Apache Guacamole would compile on OpenBSD to server > as a remote desktop gateway. > > It hasn't been too hard to get it to the final linking step. > > I am getting an "undefined reference to `pthread_mutexattr_setpshared'": > > ../../src/libguac/.libs/libguac.so.17.0: undefined reference to > `pthread_mutexattr_setpshared' > collect2: ld returned 1 exit status > *** Error 1 in src/guacenc (Makefile:565 'guacenc': @echo " CCLD > " guacenc;/bin/sh ../../libtool --silent --tag=CC --mode=link gcc -s...) > *** Error 1 in . (Makefile:556 'all-recursive') > *** Error 1 in /home/steve/src/guacamole-server-1.1.0 (Makefile:453 > 'all') > > > When I look at some of the code using pthread_mutexattr_setpshared, it's > not #ifdef'd or anything, so I think it's pretty much mandatory code. > > pool.c: > > guac_pool* guac_pool_alloc(int size) { > > pthread_mutexattr_t lock_attributes; > guac_pool* pool = malloc(sizeof(guac_pool)); > > /* If unable to allocate, just return NULL. */ > if (pool == NULL) > return NULL; > > /* Initialize empty pool */ > pool->min_size = size; > pool->active = 0; > pool->__next_value = 0; > pool->__head = NULL; > pool->__tail = NULL; > > /* Init lock */ > pthread_mutexattr_init(_attributes); > > pthread_mutexattr_setpshared(_attributes, > PTHREAD_PROCESS_SHARED); > //^ > pthread_mutex_init(&(pool->__lock), _attributes); > > > It looks like this is a posix (of some version) function: > https://pubs.opengroup.org/onlinepubs/009695399/functions/pthread_mutexattr_setpshared.html > > An "appropos" search in the OpenBSD man pages for "pthread_mutexattr" > returned: > https://man.openbsd.org/man3/pthread_mutexattr.3 > > This function is definitely missing... > > I tried to see if there was a way to use pthread_mutexattr_settype to > accomplish the same thing, but got lost in the maze of documentation. > > Does anyone have any recommendations on how to work around not having > pthread_mutexattr_setpshared in the OpenBSD pthreads library? > > Thanks, > Steve Williams >
pthread_mutexattr_setpshared and Apache Guacamole remote desktop gateway
Hi, Should this be on ports@? I'm not working on a port... TL;DR: Does anyone have any recommendations on how to work around not having pthread_mutexattr_setpshared in the OpenBSD pthreads library? DETAILS: I wanted to see if Apache Guacamole would compile on OpenBSD to server as a remote desktop gateway. It hasn't been too hard to get it to the final linking step. I am getting an "undefined reference to `pthread_mutexattr_setpshared'": ../../src/libguac/.libs/libguac.so.17.0: undefined reference to `pthread_mutexattr_setpshared' collect2: ld returned 1 exit status *** Error 1 in src/guacenc (Makefile:565 'guacenc': @echo " CCLD " guacenc;/bin/sh ../../libtool --silent --tag=CC --mode=link gcc -s...) *** Error 1 in . (Makefile:556 'all-recursive') *** Error 1 in /home/steve/src/guacamole-server-1.1.0 (Makefile:453 'all') When I look at some of the code using pthread_mutexattr_setpshared, it's not #ifdef'd or anything, so I think it's pretty much mandatory code. pool.c: guac_pool* guac_pool_alloc(int size) { pthread_mutexattr_t lock_attributes; guac_pool* pool = malloc(sizeof(guac_pool)); /* If unable to allocate, just return NULL. */ if (pool == NULL) return NULL; /* Initialize empty pool */ pool->min_size = size; pool->active = 0; pool->__next_value = 0; pool->__head = NULL; pool->__tail = NULL; /* Init lock */ pthread_mutexattr_init(_attributes); pthread_mutexattr_setpshared(_attributes, PTHREAD_PROCESS_SHARED); //^ pthread_mutex_init(&(pool->__lock), _attributes); It looks like this is a posix (of some version) function: https://pubs.opengroup.org/onlinepubs/009695399/functions/pthread_mutexattr_setpshared.html An "appropos" search in the OpenBSD man pages for "pthread_mutexattr" returned: https://man.openbsd.org/man3/pthread_mutexattr.3 This function is definitely missing... I tried to see if there was a way to use pthread_mutexattr_settype to accomplish the same thing, but got lost in the maze of documentation. Does anyone have any recommendations on how to work around not having pthread_mutexattr_setpshared in the OpenBSD pthreads library? Thanks, Steve Williams
Re: Apache 2.4 not running php OpenBSD 6.4
Hi, Seems like Apache is not using the module, i.e. it treats as text, it needs to run you php code. I think if you share some relevant parts of your configuration and prove that you have the necessary tools installed and working you will get better feedback. Regards, George On July 11, 2019 2:40:42 AM EDT, mansoor wrote: >Hi, >I hope you guys are doing great. > >I am using OpenBSD 6.4, apache-httpd-2.4.35, php version 5.6. >I have disabled default httpd of OpenBSD, now apache2 is showing plain >php >code in browser it doesn't process php at all. > >I couldn't find solution to this problem on stackOverflow (or any other >site >on internet). >Please help me if anyone know about this problem. >Thanks. > > > > >-- >Sent from: >http://openbsd-archive.7691.n7.nabble.com/openbsd-user-misc-f3.html -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: Apache 2.4 not running php OpenBSD 6.4
On Wed, Jul 10, 2019 at 11:40:42PM -0700, mansoor wrote: > Hi, > I hope you guys are doing great. > > I am using OpenBSD 6.4, apache-httpd-2.4.35, php version 5.6. > I have disabled default httpd of OpenBSD, now apache2 is showing plain php > code in browser it doesn't process php at all. > > I couldn't find solution to this problem on stackOverflow (or any other site > on internet). > Please help me if anyone know about this problem. > Thanks. > You need to install the php apache module. It should be explained in the php README file in /usr/local/share/doc/pkg-readmes/
Re: Apache 2.4 not running php OpenBSD 6.4
IT is not about going to sites like stackoverflow or asking for solutions on mailing lists especially THIS topic doesn’t have anything to do with openbsd. You should learn the basics and your “issue” is very basic. I bet the logs you’ll get from either application tell you what the problem is but you don’t seem to even know that this would be the first start to solving problems.. -- Tony GPG-FP: 49CC8250 CDCF2183 6209C1AE 625677C1 F7783D5F Threema: DN8PJX4Z > On 11. Jul 2019, at 08:40, mansoor wrote: > > Hi, > I hope you guys are doing great. > > I am using OpenBSD 6.4, apache-httpd-2.4.35, php version 5.6. > I have disabled default httpd of OpenBSD, now apache2 is showing plain php > code in browser it doesn't process php at all. > > I couldn't find solution to this problem on stackOverflow (or any other site > on internet). > Please help me if anyone know about this problem. > Thanks. > > > > > -- > Sent from: http://openbsd-archive.7691.n7.nabble.com/openbsd-user-misc-f3.html >
Apache 2.4 not running php OpenBSD 6.4
Hi, I hope you guys are doing great. I am using OpenBSD 6.4, apache-httpd-2.4.35, php version 5.6. I have disabled default httpd of OpenBSD, now apache2 is showing plain php code in browser it doesn't process php at all. I couldn't find solution to this problem on stackOverflow (or any other site on internet). Please help me if anyone know about this problem. Thanks. -- Sent from: http://openbsd-archive.7691.n7.nabble.com/openbsd-user-misc-f3.html
Re: httpd rewiterules like apache
Hi, Am 01.11.2018 um 11:40 schrieb Tony Boston: You should definitely try the relayd(8) route here. that would be forwarding it to the ip like match request quick header "Host" value "*some.tld" forward to but that wouldnt solve something like RewriteRule ^(.*)http://some.tld/someotherdir/$1 [L,P] so a http://www.my.tld would go to http:/some.tld/something.http but woudnt http://some.tld/someotherdir/something.http or do I get it wrong? -- Markus Rosjatfon: +49 351 8107224mail: ros...@ghweb.de G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227 Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
Re: httpd rewiterules like apache
You should definitely try the relayd(8) route here. > On 1. Nov 2018, at 11:32, Markus Rosjat wrote: > > Hi all, > > I was wondering if it is possible to do like a proxy rewrite like with Apache > rewrite mod? > > RewriteRule ^(.*) http://some.tld/$1 [L,P] > > So here the P Flag should preserver the original domain in the url and just > proxy the request to the other location (not on the same machine!) > > Since there is redirection I can do this but then the url gets of course > replaced in a block directive > > block return 301 "http://dome.tld$REQUEST_URI; > > I read that there is rewrite support but as far as I figured it's just for > location on the filesystem ? > > regards > > -- > Markus Rosjatfon: +49 351 8107224mail: ros...@ghweb.de > > G+H Webservice GbR Gorzolla, Herrmann > Königsbrücker Str. 70, 01099 Dresden > > http://www.ghweb.de > fon: +49 351 8107220 fax: +49 351 8107227 > > Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you > print it, think about your responsibility and commitment to the ENVIRONMENT > -- Tony GPG-FP: 49CC8250 CDCF2183 6209C1AE 625677C1 F7783D5F Threema: DN8PJX4Z signature.asc Description: Message signed with OpenPGP
httpd rewiterules like apache
Hi all, I was wondering if it is possible to do like a proxy rewrite like with Apache rewrite mod? RewriteRule ^(.*) http://some.tld/$1 [L,P] So here the P Flag should preserver the original domain in the url and just proxy the request to the other location (not on the same machine!) Since there is redirection I can do this but then the url gets of course replaced in a block directive block return 301 "http://dome.tld$REQUEST_URI; I read that there is rewrite support but as far as I figured it's just for location on the filesystem ? regards -- Markus Rosjatfon: +49 351 8107224mail: ros...@ghweb.de G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227 Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
Re: relayd: incomplete response from a TLS-accelerated apache
Compiling relayd with -DDEBUG=3 and watching the output gave me nothing. No errors what so ever about out of buffers or something else. However, removing 'socket buffer 65536’ solved my problem. Br > 8 maj 2017 kl. 13:27 skrev Maxim Bourmistrov <m...@alumni.chalmers.se>: > > Hey, > I investigate a problem were TLS-asselerated machine response is incomplete. > I was able to reproduce this on OpenBSD 5.9, 6.0 and 6.1. Test on 5.8 is > about to be. > > Following env I have: > > relay1: relayd machine > web1: apache 2.2.31 serving the request > client1: requester > > relay1 is configured following way (relevant lines): > > http protocol http_relay { >tcp { nodelay, sack, socket buffer 65536, backlog 1024 } >match header append "X-Forwarded-For" value "$REMOTE_ADDR" >match header set "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT" >match header set "Keep-Alive" value "$TIMEOUT" >match request header remove "Proxy" > } > > http protocol tls_accel { >tcp { nodelay, sack, socket buffer 65536, backlog 1024 } >match header append "X-Forwarded-For" value "$REMOTE_ADDR" >match header set "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT" >match header set "X-Forwarded-Proto" value "https" >match header set "X-Forwarded-Port" value "443" >match header set "Keep-Alive" value "$TIMEOUT" >match request header remove "Proxy" > >tls { tlsv1, \ >ciphers "AES:!AES256:!aNULL" \ > } > } > > table { 172.16.1.111 } > > relay int_test_tls { >listen on 172.16.1.99 port 443 tls >protocol tls_accel >forward to port 80 mode roundrobin check http "/" code 200 > } > > relay int_test_http { >listen on 172.16.1.99 port 80 >protocol http_relay >forward to port 80 mode roundrobin check http "/" code 200 > } > > web1 is a std Apache 2.2.31 with enabled deflate for the following > > AddOutputFilterByType DEFLATE application/json > AddOutputFilterByType DEFLATE text/html > AddOutputFilterByType DEFLATE text/plain > AddOutputFilterByType DEFLATE text/xml > AddOutputFilterByType DEFLATE text/css > AddOutputFilterByType DEFLATE application/x-javascript > AddOutputFilterByType DEFLATE application/javascript > > and serving a JS file. > > client1 is running PHP code from CLI to reproduce this problem. > > > Following is observed: > > 1. Client1 requests web1 directly on port 80 and gets full response > > shell$ php client3.php > Expected length: 547204 > Received length: 547204 > > [Response Headers] > HTTP/1.1 200 OK > Date: Mon, 08 May 2017 11:08:27 GMT > Server: Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips > Last-Modified: Mon, 08 May 2017 07:22:43 GMT > ETag: "60319-85984-54efe1ae42be3" > Accept-Ranges: bytes > Content-Length: 547204 > Vary: Accept-Encoding > Connection: close > Content-Type: application/javascript > > 2. Client1 requests web1 directly on port 80 WITH GZIP enabled and gets full > response back > I see gzipped stream on the screen and then it gets decoded to a complete > file. File I get is not cut. > > Expected length: Content-Length not recieved > Received length: 165454 > > [Response Headers] > HTTP/1.1 200 OK > Date: Mon, 08 May 2017 11:10:18 GMT > Server: Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips > Last-Modified: Mon, 08 May 2017 07:22:43 GMT > ETag: "60319-85984-54efe1ae42be3" > Accept-Ranges: bytes > Vary: Accept-Encoding > Content-Encoding: gzip > Connection: close > Content-Type: application/javascript > > 3. and 4. Clien1 requests relay1 on port 80 (with and without GZIP) and gets > complete response > > 5. Client1 requests relay1 on port 443 without GZIP - response is incomplete > > Expected length: 547204 > Received length: 396424 > > [Response Headers] > HTTP/1.1 200 OK > Accept-Ranges: bytes > Connection: close > Content-Length: 547204 > Content-Type: application/javascript > Date: Mon, 08 May 2017 11:14:59 GMT > ETag: "60319-85984-54efe1ae42be3" > Last-Modified: Mon, 08 May 2017 07:22:43 GMT > Server: Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips > Vary: Accept-Encoding > > 6. Client1 requests relay1 on port 443 with GZIP - response is complete. > > > So non-gzipped response from behind the relay1 is incomplete while doing TLS > termination. > Files server.js and client.php can be provided upon request. > > Any ideas? > > Br > > >
relayd: incomplete response from a TLS-accelerated apache
Hey, I investigate a problem were TLS-asselerated machine response is incomplete. I was able to reproduce this on OpenBSD 5.9, 6.0 and 6.1. Test on 5.8 is about to be. Following env I have: relay1: relayd machine web1: apache 2.2.31 serving the request client1: requester relay1 is configured following way (relevant lines): http protocol http_relay { tcp { nodelay, sack, socket buffer 65536, backlog 1024 } match header append "X-Forwarded-For" value "$REMOTE_ADDR" match header set "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT" match header set "Keep-Alive" value "$TIMEOUT" match request header remove "Proxy" } http protocol tls_accel { tcp { nodelay, sack, socket buffer 65536, backlog 1024 } match header append "X-Forwarded-For" value "$REMOTE_ADDR" match header set "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT" match header set "X-Forwarded-Proto" value "https" match header set "X-Forwarded-Port" value "443" match header set "Keep-Alive" value "$TIMEOUT" match request header remove "Proxy" tls { tlsv1, \ ciphers "AES:!AES256:!aNULL" \ } } table { 172.16.1.111 } relay int_test_tls { listen on 172.16.1.99 port 443 tls protocol tls_accel forward to port 80 mode roundrobin check http "/" code 200 } relay int_test_http { listen on 172.16.1.99 port 80 protocol http_relay forward to port 80 mode roundrobin check http "/" code 200 } web1 is a std Apache 2.2.31 with enabled deflate for the following AddOutputFilterByType DEFLATE application/json AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/xml AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE application/x-javascript AddOutputFilterByType DEFLATE application/javascript and serving a JS file. client1 is running PHP code from CLI to reproduce this problem. Following is observed: 1. Client1 requests web1 directly on port 80 and gets full response shell$ php client3.php Expected length: 547204 Received length: 547204 [Response Headers] HTTP/1.1 200 OK Date: Mon, 08 May 2017 11:08:27 GMT Server: Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Last-Modified: Mon, 08 May 2017 07:22:43 GMT ETag: "60319-85984-54efe1ae42be3" Accept-Ranges: bytes Content-Length: 547204 Vary: Accept-Encoding Connection: close Content-Type: application/javascript 2. Client1 requests web1 directly on port 80 WITH GZIP enabled and gets full response back I see gzipped stream on the screen and then it gets decoded to a complete file. File I get is not cut. Expected length: Content-Length not recieved Received length: 165454 [Response Headers] HTTP/1.1 200 OK Date: Mon, 08 May 2017 11:10:18 GMT Server: Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Last-Modified: Mon, 08 May 2017 07:22:43 GMT ETag: "60319-85984-54efe1ae42be3" Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Connection: close Content-Type: application/javascript 3. and 4. Clien1 requests relay1 on port 80 (with and without GZIP) and gets complete response 5. Client1 requests relay1 on port 443 without GZIP - response is incomplete Expected length: 547204 Received length: 396424 [Response Headers] HTTP/1.1 200 OK Accept-Ranges: bytes Connection: close Content-Length: 547204 Content-Type: application/javascript Date: Mon, 08 May 2017 11:14:59 GMT ETag: "60319-85984-54efe1ae42be3" Last-Modified: Mon, 08 May 2017 07:22:43 GMT Server: Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips Vary: Accept-Encoding 6. Client1 requests relay1 on port 443 with GZIP - response is complete. So non-gzipped response from behind the relay1 is incomplete while doing TLS termination. Files server.js and client.php can be provided upon request. Any ideas? Br
Re: apache-httpd-openbsd?
my 2 cents here... May be not what u want but have u considered Task::Plack ? or even better, u can easily modify your Perl scrips to use slowcgi + built-in httpd demon if u can make use of OpenBSD machine, otherwise Task::Plack is a wondefull solution. I would take this chance to get rid of Apache. hope this helps, Bogdan On Sunday, May 15, 2016 7:15 PM, Chris Bennett <chrisbenn...@bennettconstruction.us> wrote: I've had to think about it, but since everything I've written is in mod_perl, I'm going to have to switch over to Apache 2. Very little perl is written or tested for Apache 1 now, so I'm going to change over to Apache 2. Thanks for the heads up a while back. It gave me a chance to think things over carefully. Chris Bennett
Re: apache-httpd-openbsd?
I've had to think about it, but since everything I've written is in mod_perl, I'm going to have to switch over to Apache 2. Very little perl is written or tested for Apache 1 now, so I'm going to change over to Apache 2. Thanks for the heads up a while back. It gave me a chance to think things over carefully. Chris Bennett
Re: apache-httpd-openbsd?
On 5/9/16 4:26 PM, Daniel Jakots wrote: On Mon, 9 May 2016 15:03:30 -0600, Jeff Ross <jr...@openvistas.net> wrote: Trying to install apache-httpd-openbsd in -current https://marc.info/?l=openbsd-ports-cvs=146186762111571=2 Hmm--I went through all of the ports@ messages looking for a removal announcement but didn't find one. Thank you, Daniel! Jeff
Re: apache-httpd-openbsd?
On 5/9/16 4:25 PM, Fred wrote: On 05/09/16 22:58, Jeff Ross wrote: On 5/9/16 3:21 PM, arrowscr...@mail.com wrote: try pkg_add http://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/apache-httpd-2.4.20p1.tgz That's apache 2.4, I want the 1.3.9 version that is, as my subject line says, apache-httpd-openbsd. Jeff It was removed 11 days ago: http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/www/apache-httpd-openbsd/Attic/Makefile You'll need a cvs version before 28 Apr 16 if you want to build it yourself. Cheers Fred Thanks, Fred! That explains the missing package! Jeff
Re: apache-httpd-openbsd?
On 5/9/16 4:30 PM, Stuart Henderson wrote: On 2016-05-09, Jeff Ross <jr...@openvistas.net> wrote: Trying to install apache-httpd-openbsd in -current and it seems the package is no longer available. Correct. Options: - (preferred) migrate your configuration to a maintained http server version. I need mod_rewrite so I guess I'm headed for apache2. - install 5.9 release. - checkout an old version of the port (mkdir -p /usr/ports/mystuff/www; cd /usr/ports/mystuff/www; cvs get -D \ 2016/04/01 -d apache-httpd-openbsd ports/www/apache-httpd-openbsd) and build it yourself; things will break again at some point though. I cvs uped my src and ports and built the system from source but when I try to install apache-httpd-openbsd from ports I'm getting the "reading plist|Error: unknown fragment SHARED at /usr/libdata/perl5/OpenBSD/Subst.pm line 109, <$fh> line 2." error. that's not unexpected; the PFRAG.shared complexity has been removed from ports now that vax is no longer a supported arch. Okay--I think this must be above my pay grade because I can't see how vax is related, nor do I think I need to know ;-) Thank you, Stuart, as always! Jeff
Re: apache-httpd-openbsd?
On 2016-05-09, Jeff Ross <jr...@openvistas.net> wrote: > Trying to install apache-httpd-openbsd in -current and it seems the > package is no longer available. Correct. Options: - (preferred) migrate your configuration to a maintained http server version. - install 5.9 release. - checkout an old version of the port (mkdir -p /usr/ports/mystuff/www; cd /usr/ports/mystuff/www; cvs get -D \ 2016/04/01 -d apache-httpd-openbsd ports/www/apache-httpd-openbsd) and build it yourself; things will break again at some point though. > I cvs uped my src and ports and built > the system from source but when I try to install apache-httpd-openbsd > from ports I'm getting the "reading plist|Error: unknown fragment SHARED > at /usr/libdata/perl5/OpenBSD/Subst.pm line 109, <$fh> line 2." error. that's not unexpected; the PFRAG.shared complexity has been removed from ports now that vax is no longer a supported arch.
Re: apache-httpd-openbsd?
On 05/09/16 22:58, Jeff Ross wrote: On 5/9/16 3:21 PM, arrowscr...@mail.com wrote: try pkg_add http://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/apache-httpd-2.4.20p1.tgz That's apache 2.4, I want the 1.3.9 version that is, as my subject line says, apache-httpd-openbsd. Jeff It was removed 11 days ago: http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/www/apache-httpd-openbsd/Attic/Makefile You'll need a cvs version before 28 Apr 16 if you want to build it yourself. Cheers Fred
Re: apache-httpd-openbsd?
On Mon, 9 May 2016 15:03:30 -0600, Jeff Ross <jr...@openvistas.net> wrote: > Trying to install apache-httpd-openbsd in -current https://marc.info/?l=openbsd-ports-cvs=146186762111571=2
Re: apache-httpd-openbsd?
On 5/9/16 3:21 PM, arrowscr...@mail.com wrote: try pkg_add http://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/apache-httpd-2.4.20p1.tgz That's apache 2.4, I want the 1.3.9 version that is, as my subject line says, apache-httpd-openbsd. Jeff
apache-httpd-openbsd?
try pkg_add http://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/apache-httpd-2.4.20p1.tgz
apache-httpd-openbsd?
Hi all, Trying to install apache-httpd-openbsd in -current and it seems the package is no longer available. I cvs uped my src and ports and built the system from source but when I try to install apache-httpd-openbsd from ports I'm getting the "reading plist|Error: unknown fragment SHARED at /usr/libdata/perl5/OpenBSD/Subst.pm line 109, <$fh> line 2." error. As I saw suggested in a recent message to ports@ (1) I rebuilt pkg_add from /usr/src/usr.sbin/pkg_add/ but that made no difference. dmesg below Thanks, Jeff Ross (1) http://marc.info/?l=openbsd-ports=146213655323699=2 OpenBSD 5.9-current (GENERIC.MP) #1: Mon May 9 13:08:53 MDT 2016 r...@fw.openvistas.net:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz ("GenuineIntel" 686-class) 1.84 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,LAHF,PERF,SENSOR real mem = 1040486400 (992MB) avail mem = 1007853568 (961MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: date 07/29/05, SMBIOS rev. 2.4 @ 0xe (38 entries) bios0: vendor Apple Inc. version "MM21.88Z.009A.B00.0706281359" date 06/28/07 bios0: Apple Inc. Macmini2,1 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP HPET APIC MCFG ASF! SBST ECDT SSDT SSDT SSDT acpi0: wakeup devices PXS1(S4) PXS2(S4) USB1(S3) USB2(S3) USB3(S3) USB4(S3) USB7(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 166MHz cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz ("GenuineIntel" 686-class) 1.84 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,LAHF,PERF,SENSOR ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpiec0 at acpi0 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (RP01) acpiprt2 at acpi0: bus 2 (RP02) acpiprt3 at acpi0: bus 3 (PCIB) acpicpu0 at acpi0: !C2(500@1 mwait@0x10), C1(1000@1 mwait), PSS acpicpu1 at acpi0: !C2(500@1 mwait@0x10), C1(1000@1 mwait), PSS acpibtn0 at acpi0: PWRB "APP0001" at acpi0 not configured acpivideo0 at acpi0: GFX0 bios0: ROM list: 0xc/0xe600! cpu0: Enhanced SpeedStep 1834 MHz: speeds: 1833, 1667, 1500, 1333, 1000 MHz memory map conflict 0xe00f8000/0x1000 memory map conflict 0xfed1c000/0x4000 memory map conflict 0xfffb/0x3 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 "Intel 82945GM Host" rev 0x03 inteldrm0 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03 drm0 at inteldrm0 intagp0 at inteldrm0 agp0 at intagp0: aperture at 0x4000, size 0x1000 inteldrm0: apic 1 int 16 error: [drm:pid0:drm_edid_block_valid] *ERROR* EDID checksum is invalid, remainder is 30 Raw EDID: 00 ff ff ff ff ff ff 00 4c 2d 15 15 39 31 53 53 11 0f 01 03 6c 26 1e 78 2a 6f 86 a2 5a 4d 94 24 1a 4f 54 bf ef 80 81 81 71 4f 01 01 01 01 01 01 01 01 01 01 01 01 30 30 00 98 51 51 2a 40 30 30 13 00 78 2d 11 00 00 00 00 00 00 00 00 38 4b 4b 51 0e 00 0a 20 20 20 20 20 20 00 00 00 fc 00 53 79 6e 63 4d 61 73 74 74 72 0a 20 20 00 00 00 00 00 48 39 39 59 34 33 33 38 33 39 39 20 20 00 00 error: [drm:pid0:drm_edid_block_valid] *ERROR* EDID checksum is invalid, remainder is 30 Raw EDID: 00 ff ff ff ff ff ff 00 4c 2d 15 15 39 31 53 53 11 0f 01 03 6c 26 1e 78 2a 6f 86 a2 5a 4d 94 24 1a 4f 54 bf ef 80 81 81 71 4f 01 01 01 01 01 01 01 01 01 01 01 01 30 30 00 98 51 51 2a 40 30 30 13 00 78 2d 11 00 00 00 00 00 00 00 00 38 4b 4b 51 0e 00 0a 20 20 20 20 20 20 00 00 00 fc 00 53 79 6e 63 4d 61 73 74 74 72 0a 20 20 00 00 00 00 00 48 39 39 59 34 33 33 38 33 39 39 20 20 00 00 error: [drm:pid0:drm_edid_block_valid] *ERROR* EDID checksum is invalid, remainder is 30 Raw EDID: 00 ff ff ff ff ff ff 00 4c 2d 15 15 39 31 53 53 11 0f 01 03 6c 26 1e 78 2a 6f 86 a2 5a 4d 94 24 1a 4f 54 bf ef 80 81 81 71 4f 01 01 01 01 01 01 01 01 01 01 01 01 30 30 00 98 51 51 2a 40 30 30 13 00 78 2d 11 00 00 00 00 00 00 00 00 38 4b 4b 51 0e 00 0a 20 20 20 20 20 20 00 00 00 fc 00 53 79 6e 63 4d 61 73 74 74 72 0a 20 20 00 00 00 00 00 48 39 39 59 34 33 33 38 33 39 39 20 20 00 00 error: [drm:pid0:drm_edid_block_valid] *ERROR* EDID checksum is invalid, remainder is 30 Raw EDID: 00 ff ff ff ff ff ff 00 4c 2d 15 15 39 31 53 53 11 0f 01 03 6c 26 1e 78 2a 6f 86 a2 5a 4d 94 24 1a 4f 54 bf ef 80 81 81 71 4f 01 01 01 01 01 01 01 01 01 01 01 01
Re: Lanp equivalent web server working on OpenBSD no Apache
I did and haven't had any problems. Sent from my iPhone > On Feb 1, 2016, at 11:40 PM, Dan Farrellwrote: > > Except that you state it as something people should include as part of > their proper configuration. > > Really? They should give Ted Unangst's account access to procmap? > > > Dan > >> On Mon, Feb 1, 2016 at 7:19 PM, bruce wrote: >> >> I didn't, that's direct from the man page for doas.conf >> >>> On February 1, 2016 at 12:16 AM Bernd Schoeller wrote: >>> >>> On 30/01/16 21:10, bruce wrote: I've been working on this for several weeks now. Results with instructions can be seen here: http://tonyevil.zapto.org/serendipity/ Any feedback welcome. httpd is too new for this to be well documented, so here is my small contribution. >>> >>> Beyond the usual problems of posting HowTos (search the list archives), >>> I find it remarkable that you give tedu access to your procmap command >> ... >>> >>> Bernd
Re: Lanp equivalent web server working on OpenBSD no Apache
I didn't, that's direct from the man page for doas.conf > On February 1, 2016 at 12:16 AM Bernd Schoellerwrote: > > > On 30/01/16 21:10, bruce wrote: > > I've been working on this for several weeks now. > > Results with instructions can be seen here: > > http://tonyevil.zapto.org/serendipity/ > > Any feedback welcome. > > httpd is too new for this to be well documented, so here is my small > > contribution. > > Beyond the usual problems of posting HowTos (search the list archives), > I find it remarkable that you give tedu access to your procmap command ... > > Bernd
Re: Lanp equivalent web server working on OpenBSD no Apache
On 30/01/16 21:10, bruce wrote: I've been working on this for several weeks now. Results with instructions can be seen here: http://tonyevil.zapto.org/serendipity/ Any feedback welcome. httpd is too new for this to be well documented, so here is my small contribution. Beyond the usual problems of posting HowTos (search the list archives), I find it remarkable that you give tedu access to your procmap command ... Bernd
Re: Lanp equivalent web server working on OpenBSD no Apache
Except that you state it as something people should include as part of their proper configuration. Really? They should give Ted Unangst's account access to procmap? Dan On Mon, Feb 1, 2016 at 7:19 PM, brucewrote: > I didn't, that's direct from the man page for doas.conf > > > On February 1, 2016 at 12:16 AM Bernd Schoeller wrote: > > > > > > On 30/01/16 21:10, bruce wrote: > > > I've been working on this for several weeks now. > > > Results with instructions can be seen here: > > > http://tonyevil.zapto.org/serendipity/ > > > Any feedback welcome. > > > httpd is too new for this to be well documented, so here is my small > > > contribution. > > > > Beyond the usual problems of posting HowTos (search the list archives), > > I find it remarkable that you give tedu access to your procmap command > ... > > > > Bernd
Lanp equivalent web server working on OpenBSD no Apache
I've been working on this for several weeks now. Results with instructions can be seen here: http://tonyevil.zapto.org/serendipity/ Any feedback welcome. httpd is too new for this to be well documented, so here is my small contribution.
Re: apache 2.4 - Missing mod_cgid.so?
On 2016-01-03, Lawrence Wieserwrote: > Claudio Jeker diehard.n-r-g.com> writes: > >> You may try to build your own version with adding --enable-cgi in the >> Makefile configure flags. It seems that even configure tells that >> --enable-cgi is the default it seems it is not. Go figure... >> >> Also mod_cgid.so should be built but seems to be missing. mod_cgid.so is >> the module that should be used with the worker or event MPM. >> >> So maybe try something like this diff. > > Claudio, > > Is there a corrected package available? Or is the diff to the port the best > option? I've always relied on packages and never actually built from ports. Snapshot packages have this, but if you're on 5.8, the diff to the port is the best option.
Re: apache 2.4 - Missing mod_cgid.so?
Stuart Henderson spacehopper.org> writes: > > On 2016-01-03, Lawrence Wieser gmail.com> wrote: > > Claudio Jeker diehard.n-r-g.com> writes: > > > >> You may try to build your own version with adding --enable-cgi in the > >> Makefile configure flags. It seems that even configure tells that > >> --enable-cgi is the default it seems it is not. Go figure... > >> > >> Also mod_cgid.so should be built but seems to be missing. mod_cgid.so is > >> the module that should be used with the worker or event MPM. > >> > >> So maybe try something like this diff. > > > > Claudio, > > > > Is there a corrected package available? Or is the diff to the port the best > > option? I've always relied on packages and never actually built from ports. > > Snapshot packages have this, but if you're on 5.8, the diff to the port is > the best option. > > Thanks Stuart. I am on the 5.8 release. Just pulled down the ports tree from -stable and did a `make update` in `ports/www/apache2-httpd`. (The diff seems to have been applied in -stable.) Apache is now running fine with mod_cgid. I appreciate the quick help.
Re: apache 2.4 - Missing mod_cgid.so?
Claudio Jeker diehard.n-r-g.com> writes: > You may try to build your own version with adding --enable-cgi in the > Makefile configure flags. It seems that even configure tells that > --enable-cgi is the default it seems it is not. Go figure... > > Also mod_cgid.so should be built but seems to be missing. mod_cgid.so is > the module that should be used with the worker or event MPM. > > So maybe try something like this diff. Claudio, Is there a corrected package available? Or is the diff to the port the best option? I've always relied on packages and never actually built from ports. Thanks, Lawrence
Re: apache 2.4 - Missing mod_cgid.so?
Hi Claudio, On Fri 23/10/2015 22:47, Claudio Jeker wrote: [...] > You may try to build your own version with adding --enable-cgi in the > Makefile configure flags. It seems that even configure tells that > --enable-cgi is the default it seems it is not. Go figure... > > Also mod_cgid.so should be built but seems to be missing. mod_cgid.so is > the module that should be used with the worker or event MPM. [...] That did the trick! We should update both current and 5.8-STABLE port, I think. Thank you very much for your prompt feedback. Cheers -- Alessandro DE LAURENZIS [mailto:just22@gmail.com] LinkedIn: http://it.linkedin.com/in/delaurenzis
Re: apache 2.4 - Missing mod_cgid.so?
On Fri, Oct 23, 2015 at 07:20:43PM +0200, Alessandro DE LAURENZIS wrote: > Dear misc@ reader, > > I've just upgraded my home server to 5.8, so I switched to apache 2.4 > (from 2.2); the problem is that my git server no longer works and the > root cause seems to be that httpd2 with my current configuration (see [0]) > isn't able to run any cgi scripts. > > I noticed that the module mod_cgid.so (which, in my very limited > understanding, should supersede the old mod_cgi.so when threaded MPM is > used) is missing in /usr/local/lib/apache2 - Could it be the culprit? > > Any hints? Am I doing something very stupid? > > I would be glad to give further details, but please point me in the > right direction, because I'm a bit lost. > You may try to build your own version with adding --enable-cgi in the Makefile configure flags. It seems that even configure tells that --enable-cgi is the default it seems it is not. Go figure... Also mod_cgid.so should be built but seems to be missing. mod_cgid.so is the module that should be used with the worker or event MPM. So maybe try something like this diff. -- :wq Claudio Index: Makefile === RCS file: /cvs/ports/www/apache-httpd/Makefile,v retrieving revision 1.67 diff -u -p -r1.67 Makefile --- Makefile13 Sep 2015 12:37:49 - 1.67 +++ Makefile23 Oct 2015 20:15:37 - @@ -65,6 +65,7 @@ CONFIGURE_ARGS= --enable-layout=OpenBSD --enable-disk-cache \ --enable-proxy=shared \ --enable-mods-shared=all \ + --enable-cgi \ --enable-suexec \ --with-suexec-caller=www \ --with-suexec-bin=${TRUEPREFIX}/sbin/suexec2 \ Index: pkg/PLIST-main === RCS file: /cvs/ports/www/apache-httpd/pkg/PLIST-main,v retrieving revision 1.6 diff -u -p -r1.6 PLIST-main --- pkg/PLIST-main 13 Sep 2015 12:37:49 - 1.6 +++ pkg/PLIST-main 23 Oct 2015 20:33:37 - @@ -98,7 +98,8 @@ lib/apache2/mod_buffer.so lib/apache2/mod_cache.so lib/apache2/mod_cache_disk.so lib/apache2/mod_cache_socache.so -@comment lib/apache2/mod_cgid.so +lib/apache2/mod_cgi.so +lib/apache2/mod_cgid.so lib/apache2/mod_charset_lite.so lib/apache2/mod_data.so lib/apache2/mod_dav.so
Emulate apache mod_rewrite feature with new httpd
I've managed to configure the new httpd server to use as a replacement for apache. (With is really great. Thanks to Reyk !) I'm strugling to make my drupal site work, because of the clean url module. I used to have the following apache mod_rewrite configuration : RewriteEngine on RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ /index.php?q=$1 [L,QSA] Basically the rule means that if the file or folder is not found then the request is rewrited to /index.php?q=request For exemple if/user doesn't exist modify url to /index.php?q=user I've looked into man page for httpd and I've seen that the block return statement might be of use to emulate this need. but I haven't found many info on the subject. Has someone found a way to make that with the new httpd server ? PS : I'm running from snapshot (5.7 GENERIC#716 i386) Romain
Re: Emulate apache mod_rewrite feature with new httpd
On Sun, Feb 22, 2015 at 5:23 AM, Romain FABBRI romain.fab...@alienconsulting.net wrote: I've managed to configure the new httpd server to use as a replacement for apache. (With is really great. Thanks to Reyk !) I'm strugling to make my drupal site work, because of the clean url module. I used to have the following apache mod_rewrite configuration : RewriteEngine on RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ /index.php?q=$1 [L,QSA] Basically the rule means that if the file or folder is not found then the request is rewrited to /index.php?q=request For exemple if/user doesn't exist modify url to /index.php?q=user I've looked into man page for httpd and I've seen that the block return statement might be of use to emulate this need. but I haven't found many info on the subject. Has someone found a way to make that with the new httpd server ? PS : I'm running from snapshot (5.7 GENERIC#716 i386) Romain You should go to the nginx pages : http://nginx.org/en/docs/http/ngx_http_core_module.html#try_files -- - () ascii ribbon campaign - against html e-mail /\
Re: Emulate apache mod_rewrite feature with new httpd
On Sun, Feb 22, 2015 at 3:22 PM, Romain FABBRI romain.fab...@alienconsulting.net wrote: I donât see how nginx is related to the new httpd⦠If it is, please explain Your are not force to solve all the problem in one process. Maybe a hack could be done inside the canonicalize_path function in https://github.com/reyk/httpd/blob/master/httpd.c ? But not really sure when looking at the sources it would be the right way to do that⦠*De :* sven falempin [mailto:sven.falem...@gmail.com] *Envoyé :* dimanche 22 février 2015 19:08 *à :* Romain FABBRI *Cc :* misc *Objet :* Re: Emulate apache mod_rewrite feature with new httpd On Sun, Feb 22, 2015 at 5:23 AM, Romain FABBRI romain.fab...@alienconsulting.net wrote: I've managed to configure the new httpd server to use as a replacement for apache. (With is really great. Thanks to Reyk !) I'm strugling to make my drupal site work, because of the clean url module. I used to have the following apache mod_rewrite configuration : RewriteEngine on RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ /index.php?q=$1 [L,QSA] Basically the rule means that if the file or folder is not found then the request is rewrited to /index.php?q=request For exemple if/user doesn't exist modify url to /index.php?q=user I've looked into man page for httpd and I've seen that the block return statement might be of use to emulate this need. but I haven't found many info on the subject. Has someone found a way to make that with the new httpd server ? PS : I'm running from snapshot (5.7 GENERIC#716 i386) Romain You should go to the nginx pages : http://nginx.org/en/docs/http/ngx_http_core_module.html#try_files -- () ascii ribbon campaign - against html e-mail /\ -- () ascii ribbon campaign - against html e-mail /\
Re: Emulate apache mod_rewrite feature with new httpd
I donât see how nginx is related to the new httpd⦠If it is, please explain Maybe a hack could be done inside the canonicalize_path function in https://github.com/reyk/httpd/blob/master/httpd.c ? But not really sure when looking at the sources it would be the right way to do that⦠De : sven falempin [mailto:sven.falem...@gmail.com] Envoyé : dimanche 22 février 2015 19:08 à : Romain FABBRI Cc : misc Objet : Re: Emulate apache mod_rewrite feature with new httpd On Sun, Feb 22, 2015 at 5:23 AM, Romain FABBRI romain.fab...@alienconsulting.netmailto:romain.fab...@alienconsulting.net wrote: I've managed to configure the new httpd server to use as a replacement for apache. (With is really great. Thanks to Reyk !) I'm strugling to make my drupal site work, because of the clean url module. I used to have the following apache mod_rewrite configuration : RewriteEngine on RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ /index.php?q=$1 [L,QSA] Basically the rule means that if the file or folder is not found then the request is rewrited to /index.php?q=request For exemple if/user doesn't exist modify url to /index.php?q=user I've looked into man page for httpd and I've seen that the block return statement might be of use to emulate this need. but I haven't found many info on the subject. Has someone found a way to make that with the new httpd server ? PS : I'm running from snapshot (5.7 GENERIC#716 i386) Romain You should go to the nginx pages : http://nginx.org/en/docs/http/ngx_http_core_module.html#try_files -- - () ascii ribbon campaign - against html e-mail /\
Re: Emulate apache mod_rewrite feature with new httpd
On 22 Feb 2015, at 20:23, Romain FABBRI romain.fab...@alienconsulting.net wrote: I've managed to configure the new httpd server to use as a replacement for apache. (With is really great. Thanks to Reyk !) I'm strugling to make my drupal site work, because of the clean url module. I used to have the following apache mod_rewrite configuration : RewriteEngine on RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ /index.php?q=$1 [L,QSA] Basically the rule means that if the file or folder is not found then the request is rewrited to /index.php?q=request For exemple if/user doesn't exist modify url to /index.php?q=user I've looked into man page for httpd and I've seen that the block return statement might be of use to emulate this need. but I haven't found many info on the subject. Has someone found a way to make that with the new httpd server ? PS : I'm running from snapshot (5.7 GENERIC#716 i386) Romain i havent tried drupal behind httpd yet, but if i did i would unconditionally route requests into the drupal controller (index.php), and use a cdn module to have drupal generate urls to static assets (ie, the css/js/image files on disk) against a separate domain or url prefix. or you could write a simple module that takes advantage of hook_file_url_alter. that has greatly simplified our configs in the frontend web servers in front of our drupal poop.
Re: Best way forward w.r.t. apache/nginx/httpd?
On Mon, Dec 29, 2014 at 10:41:26PM +, Stuart Henderson wrote: b) Migrate to nginx This seems to be the least interesting option - not only do I have to migrate now, but once more in the future, as nginx is also on the way out (so, the same developer attention caveat applies as with apache) This might be a reasonable choice, especially if the CMS you're looking at already documents how to use it with nginx. We already got some of the most common CMS / web things working. But I'm interested in examples from users who created such configurations with httpd (and please make sure to mention httpd in the subject to let me find them in my inbox). c) Migrate to httpd From what I've gathered so far from this list, this would basically require me to switch to -current, as the 5.6 version is too fresh and too many changes have happened since - or am I being pessimistic here? I've never run -current before, hence, I'm a bit hesitant... Personally I don't think httpd is quite ready for use with a typical PHP-based CMS yet (including -current). Two big issues for this type of use: clean urls functionality in most CMS needs rewrite support which httpd doesn't have. httpd's fastcgi support passes every url matching a location block to the handler meaning there's no mitigation for the issue described in http://wiki.nginx.org/Pitfalls#Passing_Uncontrolled_Requests_to_PHP (which also affects naive nginx configurations). And I personally disagree with the conclusion that httpd is not ready. It is not finished but it is ready for many common things. - People are using it with different CMS, including Wordpress, CVSWeb, different Wikis, etc. I even tested it with node-fastcgi (I know, it's weird, but I had to satisfy my inner web hipster). I'm looking forward to hear about more examples (hint: send me your testimonials). - Some features are missing, and will be implemented, but there are ways to deal with them: 1. redirects / return 301 etc.: This can be done without regex by using a few built-in variables. Current workaround is to either do it in the fastcgi backend or with, ahem, html refresh. btw., nginx' return 444; is such an ugly workaround... 2. basic auth: We don't have a satisfying implementation for authentication yet. But it is needed and will be done. 3. deny: We cannot deny access to specific locations but the current workaround is to set a non-accessible root: location */.* { # mkdir -m 0 /var/www/forbidden root /forbidden } 4. Server aliases and a few restrictions of the grammar: Individual server blocks can currently only have one name and listen statement. This will be fixed in the parser later. To avoid too much repeating configuration, I currently use includes: server www.example.com { listen on $ip4_addr port 80 include /etc/httpd/example.com.inc } server www.example.com { listen on $ip6_addr port 80 include /etc/httpd/example.com.inc } server www.example.com { listen on $ip4_addr tls port 443 include /etc/httpd/example.com.ssl include /etc/httpd/example.com.inc } server www.example.com { listen on $ip6_addr tls port 443 include /etc/httpd/example.com.ssl include /etc/httpd/example.com.inc } 5. Some minor things, eg. charsets (for auto index), fixes, ... 6. The web server needs some more FAQ-style documentation in addition to our excellent man pages and examples. Examples for each CMS would go beyond the scope of them, and probably don't fit into the OpenBSD FAQ. So I'm thinking about putting something on http://bsd.plumbing/. - Like nginx describes, there are also various ways to safely handle #Passing_Uncontrolled_Requests_to_PHP in httpd: 1. It's a non-issue for OpenBSD because php-fpm rejects execution of non-php files by default. See php-fpm.conf: ; Limits the extensions of the main script FPM will allow to parse. This can ; prevent configuration mistakes on the web server side. You should only limit ; FPM to .php extensions to prevent malicious users to use other extensions to ; exectute php code. ; Note: set an empty value to allow all extensions. ; Default Value: .php ;security.limit_extensions = .php .php3 .php4 .php5 2. You can write locations as a ruleset in first-matching order, eg. location */.* { root /forbidden } location /cms/*.jpg { no fastcgi } location /cms/uploads/* { no fastcgi } location /cms/* { fastcgi socket run/php-fpm.sock } 3. Don't use PATH_INFO and only match PHP files (fnmatch has an implicit $). location /cms/*.php { fastcgi socket run/php-fpm.sock } - I
Re: Best way forward w.r.t. apache/nginx/httpd?
On Mon, Dec 29, 2014 at 10:41:26PM +, Stuart Henderson wrote: On 2014-12-29, T. Ribbrock emga...@gmx.net wrote: Given the current state of development in OpenBSD, I'm now wondering what the best way forward is for me: a) Install apache-httpd-openbsd from ports and keep my configuration basically as is Advantage: Less work to get everything running - I've done OpenBSD re-installs like that several times over the past years Disadvantage: I guess that the new httpd will get a lot more developer attention, so this does not seem the ideal option longterm, but I could always migrate to httpd later, e.g. when upgrading to 5.7 or (more likely) 5.8 apache-httpd-openbsd is a dead-end, it's not actively developed, ssl support is poor, third-party documentation relating to use of webapps with Apache has long since moved to Apache 2. It's mainly there to provide a quick migration path for existing OpenBSD users and to ease the pain in ports. b) Migrate to nginx This seems to be the least interesting option - not only do I have to migrate now, but once more in the future, as nginx is also on the way out (so, the same developer attention caveat applies as with apache) This might be a reasonable choice, especially if the CMS you're looking at already documents how to use it with nginx. c) Migrate to httpd From what I've gathered so far from this list, this would basically require me to switch to -current, as the 5.6 version is too fresh and too many changes have happened since - or am I being pessimistic here? I've never run -current before, hence, I'm a bit hesitant... Personally I don't think httpd is quite ready for use with a typical PHP-based CMS yet (including -current). Two big issues for this type of use: clean urls functionality in most CMS needs rewrite support which httpd doesn't have. httpd's fastcgi support passes every url matching a location block to the handler meaning there's no mitigation for the issue described in http://wiki.nginx.org/Pitfalls#Passing_Uncontrolled_Requests_to_PHP (which also affects naive nginx configurations). Yep. Lack of a mod_rewrite functionality in httpd is the only thing at this point keeping me from using it in production. MVC frameworks usually rely on some sort of rewrite to force URLs to a signle front controller file. I went with the OP's option a) and installed the apache 1 port just to get through the 5.6 upgrade. I'll likely switch to nginx long term unless httpd gets a rewrite functionality. Big thanks for the apache-httpd-openbsd option to make these migrations easier to phase in over time on busy sites. -Clint
Re: Best way forward w.r.t. apache/nginx/httpd?
I'll answer to this one, but I'll start with a big thanks to all who responded - some interesting points were made! On Mon, Dec 29, 2014 at 10:41:26PM +, Stuart Henderson wrote: apache-httpd-openbsd is a dead-end, it's not actively developed, ssl support is poor, third-party documentation relating to use of webapps with Apache has long since moved to Apache 2. It's mainly there to provide a quick migration path for existing OpenBSD users and to ease the pain in ports. In fact, the Apache 1 vs. 2 problem has already hit me in the past and forced me not to use a photogallery application I wanted to use. You make a very valid point here: Contrary to nginx, there is indeed nobody developing Apache 1 anymore (not even the OpenBSD developers who kept it running for so long). b) Migrate to nginx [...] This might be a reasonable choice, especially if the CMS you're looking at already documents how to use it with nginx. I had a quick look - CMS Made Simple (which is what I'm using) has aparently been used with nginx by some people, so there is some documentation around. phpGedView (which is another application I use) is no longer developed anymore and I was thinking about replacing it anyway, so this might be a good time. Same goes for the gallery I'm currently using. There will be some work involved, but this has been coming a long time now... Time for some clean-up work. c) Migrate to httpd [...] Personally I don't think httpd is quite ready for use with a typical PHP-based CMS yet (including -current). Two big issues for this type of use: clean urls functionality in most CMS needs rewrite support which httpd doesn't have. httpd's fastcgi support passes every url matching a location block to the handler meaning there's no mitigation for the issue described in http://wiki.nginx.org/Pitfalls#Passing_Uncontrolled_Requests_to_PHP (which also affects naive nginx configurations). Thanks for those two insights. Based on what I've read so far, I will give nginx a try - that will at least place me on a server that is a) well known on OpenBSD and b) still under active development - that should buy me enough time to wait for the day that httpd can take over this job - given the track record of OpenBSD, I very much like to stay within base where possible. Thanks again! And now off to read up on how to use nginx with PHP etc.pp ;-) Cheerio, Thomas -- - Thomas Ribbrockhttp://www.ribbrock.org/ You have to live on the edge of reality - to make your dreams come true!
Best way forward w.r.t. apache/nginx/httpd?
Hi all, I'm finally getting round to updating my home server (gets a fresh 5.6 install). Of course, there were a lot of changes over the past versions, one of them being the whole apache - nginx - httpd migration. My webserver has a CMS running which requires PHP and MySQL, plus a few more PHP-applications. Also, I have two or three virtual sites running and I'm currently considering having a look at something like Owncloud and/or Citadel. Given the current state of development in OpenBSD, I'm now wondering what the best way forward is for me: a) Install apache-httpd-openbsd from ports and keep my configuration basically as is Advantage: Less work to get everything running - I've done OpenBSD re-installs like that several times over the past years Disadvantage: I guess that the new httpd will get a lot more developer attention, so this does not seem the ideal option longterm, but I could always migrate to httpd later, e.g. when upgrading to 5.7 or (more likely) 5.8 b) Migrate to nginx This seems to be the least interesting option - not only do I have to migrate now, but once more in the future, as nginx is also on the way out (so, the same developer attention caveat applies as with apache) c) Migrate to httpd From what I've gathered so far from this list, this would basically require me to switch to -current, as the 5.6 version is too fresh and too many changes have happened since - or am I being pessimistic here? I've never run -current before, hence, I'm a bit hesitant... I tend to go for a) because I do not want to migrate twice - but maybe somebody else has some interesting points that I have not considered yet? I'd appreciate the input! Regards, Thomas -- - Thomas Ribbrockhttp://www.ribbrock.org/ You have to live on the edge of reality - to make your dreams come true!
Re: Best way forward w.r.t. apache/nginx/httpd?
In more or less the same boat, without php as our virtual sites are simple display only. However for future business developement we have wondered the same. I am inn agreement with your choice of (1) as that would be ours pending feedback here from those who know. On Mon, Dec 29, 2014 at 7:30 AM, T. Ribbrock emga...@gmx.net wrote: Hi all, I'm finally getting round to updating my home server (gets a fresh 5.6 install). Of course, there were a lot of changes over the past versions, one of them being the whole apache - nginx - httpd migration. My webserver has a CMS running which requires PHP and MySQL, plus a few more PHP-applications. Also, I have two or three virtual sites running and I'm currently considering having a look at something like Owncloud and/or Citadel. Given the current state of development in OpenBSD, I'm now wondering what the best way forward is for me: a) Install apache-httpd-openbsd from ports and keep my configuration basically as is Advantage: Less work to get everything running - I've done OpenBSD re-installs like that several times over the past years Disadvantage: I guess that the new httpd will get a lot more developer attention, so this does not seem the ideal option longterm, but I could always migrate to httpd later, e.g. when upgrading to 5.7 or (more likely) 5.8 b) Migrate to nginx This seems to be the least interesting option - not only do I have to migrate now, but once more in the future, as nginx is also on the way out (so, the same developer attention caveat applies as with apache) c) Migrate to httpd From what I've gathered so far from this list, this would basically require me to switch to -current, as the 5.6 version is too fresh and too many changes have happened since - or am I being pessimistic here? I've never run -current before, hence, I'm a bit hesitant... I tend to go for a) because I do not want to migrate twice - but maybe somebody else has some interesting points that I have not considered yet? I'd appreciate the input! Regards, Thomas -- - Thomas Ribbrockhttp://www.ribbrock.org/ You have to live on the edge of reality - to make your dreams come true!
Re: Best way forward w.r.t. apache/nginx/httpd?
Hi Thomas, On 29 December 2014 at 05:30, T. Ribbrock emga...@gmx.net wrote: Hi all, I'm finally getting round to updating my home server (gets a fresh 5.6 install). Of course, there were a lot of changes over the past versions, one of them being the whole apache - nginx - httpd migration. My webserver has a CMS running which requires PHP and MySQL, plus a few more PHP-applications. Also, I have two or three virtual sites running and I'm currently considering having a look at something like Owncloud and/or Citadel. c) Migrate to httpd From what I've gathered so far from this list, this would basically require me to switch to -current, as the 5.6 version is too fresh and too many changes have happened since - or am I being pessimistic here? I've never run -current before, hence, I'm a bit hesitant... Well you could try 5.6 with this patch: http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/009_httpd.patch.sig Of course, visualize everything and test it out before going live! But you are right, httpd is very fast moving: https://secure.freshbsd.org/search?project=openbsdq=httpd Regards, Thomas -- Best, jungle - Thomas Ribbrockhttp://www.ribbrock.org/ You have to live on the edge of reality - to make your dreams come true! --- inum: 883510009027723 sip: jungleboo...@sip2sip.info xmpp: jungle-boo...@jit.si
Re: Best way forward w.r.t. apache/nginx/httpd?
On Mon, Dec 29, 2014 at 14:30, T. Ribbrock wrote: b) Migrate to nginx This seems to be the least interesting option - not only do I have to migrate now, but once more in the future, as nginx is also on the way out (so, the same developer attention caveat applies as with apache) nginx hasn't disappeared entirely. It's still in ports. If you're running PHP, you're obviously not afraid of installing a few packages. nginx at least receives attention from its own team of developers. Their priorities are not always in alignment with OpenBSD (hence the new httpd), but it has a lot more of a future than apache1 does.
Re: Best way forward w.r.t. apache/nginx/httpd?
emga...@gmx.net (T. Ribbrock), 2015.12.29 (Mon) 14:30 (CET): Hi all, I'm finally getting round to updating my home server (gets a fresh 5.6 install). Of course, there were a lot of changes over the past versions, one of them being the whole apache - nginx - httpd migration. My webserver has a CMS running which requires PHP and MySQL, plus a few more PHP-applications. Also, I have two or three virtual sites running and I'm currently considering having a look at something like Owncloud and/or Citadel. Given the current state of development in OpenBSD, I'm now wondering what the best way forward is for me: a) Install apache-httpd-openbsd from ports and keep my configuration basically as is Advantage: Less work to get everything running - I've done OpenBSD re-installs like that several times over the past years Disadvantage: I guess that the new httpd will get a lot more developer attention, so this does not seem the ideal option longterm, but I could always migrate to httpd later, e.g. when upgrading to 5.7 or (more likely) 5.8 b) Migrate to nginx This seems to be the least interesting option - not only do I have to migrate now, but once more in the future, as nginx is also on the way out (so, the same developer attention caveat applies as with apache) c) Migrate to httpd From what I've gathered so far from this list, this would basically require me to switch to -current, as the 5.6 version is too fresh and too many changes have happened since - or am I being pessimistic here? I've never run -current before, hence, I'm a bit hesitant... As I've understood it, there's no need to run -current to get a (fairly?) recent httpd(8): http://www.openbsd.org/errata56.html 009: RELIABILITY FIX: November 18, 2014 All architectures httpd was developed very rapidly in the weeks before 5.6 release, and it has a few flaws. It would be nice to get these flaws fully remediated before the next release, and that requires the community to want to use it. Therefore here is a jumbo patch that brings in the most important fixes. A source code patch exists which remedies this problem. http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/009_httpd.patch.sig Do you know of http://stable.mtier.org/ , especially openup: http://www.mtier.org/index.php/solutions/apps/openup/ ? I tend to go for a) because I do not want to migrate twice - but maybe somebody else has some interesting points that I have not considered yet? I'd appreciate the input! For just your own business, I'd do a) and deal with httpd(8) later. For our all benefit, please run httpd(8) now, reyk@ will love your reports and you'd raise our chances for httpd(8) in 5.7. Bye, Marcus !DSPAM:54a157c8270671055614085!
Re: Best way forward w.r.t. apache/nginx/httpd?
I'm not experiencing any problems with httpd and php, but I don't have a need for any of the extras you can get with the other two. It actually seems to be performing better than nginx from what I can tell. On 12/29/14 10:07, Ted Unangst wrote: On Mon, Dec 29, 2014 at 14:30, T. Ribbrock wrote: b) Migrate to nginx This seems to be the least interesting option - not only do I have to migrate now, but once more in the future, as nginx is also on the way out (so, the same developer attention caveat applies as with apache) nginx hasn't disappeared entirely. It's still in ports. If you're running PHP, you're obviously not afraid of installing a few packages. nginx at least receives attention from its own team of developers. Their priorities are not always in alignment with OpenBSD (hence the new httpd), but it has a lot more of a future than apache1 does.
Re: Best way forward w.r.t. apache/nginx/httpd?
On 2014-12-29, T. Ribbrock emga...@gmx.net wrote: Given the current state of development in OpenBSD, I'm now wondering what the best way forward is for me: a) Install apache-httpd-openbsd from ports and keep my configuration basically as is Advantage: Less work to get everything running - I've done OpenBSD re-installs like that several times over the past years Disadvantage: I guess that the new httpd will get a lot more developer attention, so this does not seem the ideal option longterm, but I could always migrate to httpd later, e.g. when upgrading to 5.7 or (more likely) 5.8 apache-httpd-openbsd is a dead-end, it's not actively developed, ssl support is poor, third-party documentation relating to use of webapps with Apache has long since moved to Apache 2. It's mainly there to provide a quick migration path for existing OpenBSD users and to ease the pain in ports. b) Migrate to nginx This seems to be the least interesting option - not only do I have to migrate now, but once more in the future, as nginx is also on the way out (so, the same developer attention caveat applies as with apache) This might be a reasonable choice, especially if the CMS you're looking at already documents how to use it with nginx. c) Migrate to httpd From what I've gathered so far from this list, this would basically require me to switch to -current, as the 5.6 version is too fresh and too many changes have happened since - or am I being pessimistic here? I've never run -current before, hence, I'm a bit hesitant... Personally I don't think httpd is quite ready for use with a typical PHP-based CMS yet (including -current). Two big issues for this type of use: clean urls functionality in most CMS needs rewrite support which httpd doesn't have. httpd's fastcgi support passes every url matching a location block to the handler meaning there's no mitigation for the issue described in http://wiki.nginx.org/Pitfalls#Passing_Uncontrolled_Requests_to_PHP (which also affects naive nginx configurations). I tend to go for a) because I do not want to migrate twice - but maybe somebody else has some interesting points that I have not considered yet? I'd appreciate the input! Another option is to migrate to apache 2, this tends to be quite well supported by webapp authors, though it's not very widely used in OpenBSD land. Or other servers like lighttpd are available. What would I choose? Depends on the particular webapp...
Re: Apache 1.3 vs. nginx vs. base httpd
Hi, Thank you for insights, I see that scripts written in Perl need a special Perl that supports FastCGI (see FastCGI Programmer's Guide - Chapter 3, Developing FastCGI Applications in Perl) ..snip.. The FastCGI-savvy binaries are extensions of standard Perl, and are intended to replace your existing Perl installation...snip.. This is not something I want. I want to use OS's Perl distribution with tools that work directly with standard distribution. May be it is time to consider the possibility to convert Perl/Apache/mod_perl scripts to Erlang Yaws/Mochiweb/WebMachine/Cowboy or even Nitrogen framework. Another question because I use Erlang on OpenBSD ... I applied patches from R15B02 to OTP 17.3 and it seems to work as expected (stress tests, etc). Do you think it is safe this for production environment as I want to migrate the R14B04 applications to OTP 17.3 ? It is scheduled for near future to upgrade OTP from R15B02 to 17.3 ? Bogdan | Â | | Â | Â | Â | Â | Â | | FastCGI Programmer's Guide - Chapter 3, Developing FastCGI Applications in Perl[Top] [Prev] [Next] [Bottom] 3 Developing FastCGI Applications in Perl This chapter explains how to code FastCGI applications in Perl. | | | | View on www.fastcgi.com | Preview by Yahoo | | | | Â | Â On Thursday, November 13, 2014 9:36 PM, Stuart Henderson s...@spacehopper.org wrote: On 2014-11-13, Bogdan Andu bo...@yahoo.com wrote: Are Perl scripts in FastCGI evaluated in same manner like in mod_perl, or everytime a script is invoked by the server the Perl interpreter is invoked also ? If you run them via slowcgi, the interpreter+script will be started from scratch each time. To have a persistent Perl process, convert your script to talk FastCGI directly (see ports/www/fcgi) or via PSGI and a fastcgi adapter, or use some framework that supports it (in Perl-land you might want to look at frameworks like Mojolicious, Dancer etc). I want to setup a 5.6 machine and test all these cool stuff but for the moment I don't have access to such machine and I would like to see what other poeple experienced with this httpd(8) daemon . httpd was *very* new in 5.6, you want something newer (-current, or keep your eye out for patches). If you want to play with fcgi before updating, nginx and lighttpd support it natively, and apache via a module - it isn't something new, it has been around for years, it's pretty much the only standard way to handle cgi-like scripting in a non-forking webserver. Config methods differ, but scripts should be portable between all the various http servers.
Re: Apache 1.3 vs. nginx vs. base httpd
Hi, thanks for input. is the new httpd daemon ready for production? For example is it safe to migrate Perl scripts from Apache 1.3/mod_perl1.3 to httpd/FastCGI? Are Perl scripts in FastCGI evaluated in same manner like in mod_perl, or everytime a script is invoked by the server the Perl interpreter is invoked also ? From manual pages: http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-5.6/man5/httpd.conf.5?query=ht tpd.confsec=5arch=amd64manpath=OpenBSD-5.6 looks very impressive and I see that httpd(8) uses slowcgi(8) - an implementation of FastCGI protocol - to execute cgi scripts, Perl or otherwise. I want to setup a 5.6 machine and test all these cool stuff but for the moment I don't have access to such machine and I would like to see what other poeple experienced with this httpd(8) daemon . For me these new stuff looks very exciting and I can't wait to try it. Thanks for any thoughts, Bogdan On Thursday, November 6, 2014 6:48 PM, li...@ggp2.com li...@ggp2.com wrote: On Thu, Nov 06, 2014 at 09:24:24AM +, Bogdan Andu wrote: 4) will httpd be able to support Perl script processing without the need to talk to an external (FasCGI) daemon? Just my 2c about the new httpd daemon. It's brand new in 5.6, and is shaping up to be an awesome and simple server. I fully intend on replacing nginx with it in production when 5.7 is released. That being said, the 5.6 implementation has some issues that you may want to research further if you'd like to use it. They've already been fixed in -current.
Re: Apache 1.3 vs. nginx vs. base httpd
On 2014-11-13, Bogdan Andu bo...@yahoo.com wrote: Are Perl scripts in FastCGI evaluated in same manner like in mod_perl, or everytime a script is invoked by the server the Perl interpreter is invoked also ? If you run them via slowcgi, the interpreter+script will be started from scratch each time. To have a persistent Perl process, convert your script to talk FastCGI directly (see ports/www/fcgi) or via PSGI and a fastcgi adapter, or use some framework that supports it (in Perl-land you might want to look at frameworks like Mojolicious, Dancer etc). I want to setup a 5.6 machine and test all these cool stuff but for the moment I don't have access to such machine and I would like to see what other poeple experienced with this httpd(8) daemon . httpd was *very* new in 5.6, you want something newer (-current, or keep your eye out for patches). If you want to play with fcgi before updating, nginx and lighttpd support it natively, and apache via a module - it isn't something new, it has been around for years, it's pretty much the only standard way to handle cgi-like scripting in a non-forking webserver. Config methods differ, but scripts should be portable between all the various http servers.
Apache 1.3 vs. nginx vs. base httpd
Hi, There are some confusing info about which won the base-webserver in OpenBSD: In 5.6 it seems to be nginx 1.6.0 (http://www.openbsd.org/plus56.html) : Unhooked httpd(8) from build: use of nginx(8) is encouraged now. Removed Apache from base (replaced by nginx(8)). and In current (http://www.openbsd.org/plus.html):Removed nginx from the base system in favour of OpenBSD's homegrown httpd(8). and now I am confused. I was planning to migrate some Perl scripts from mod_perl 1.3/Apache 1.3 to Nginx styleusing the Perl Module Nginx having direct access to Nginx internals which is almost like doing cgi programming in C. It would made a wonderful combination between speed and security (running on OpenBSD). My questions... 1) why Apache 1.3 (OpenBSD patched version) was also considered to be no more a viable options as base web server? 2) why nginx has been considered a good candidate for base web server in 5.6   and, in -current, lost this place? 3) what would be the performance of running Perl scripts through FastCGI+httpd, compared to Apache1.3/mod_perl1.3 compared to nginx/Nginx perl module? 4) will httpd be able to support Perl script processing without the need to talk to an external (FasCGI) daemon? 5) what would be the best option to run Perl scripts in OpenBSD 5.6 + ? Thank you, Bogdan
Re: Apache 1.3 vs. nginx vs. base httpd
On Thu, Nov 06, 2014 at 09:24:24AM +, Bogdan Andu wrote: Hi, There are some confusing info about which won the base-webserver in OpenBSD: In 5.6 it seems to be nginx 1.6.0 (http://www.openbsd.org/plus56.html) : Unhooked httpd(8) from build: use of nginx(8) is encouraged now. Removed Apache from base (replaced by nginx(8)).?? There's no confusion. Search archives and/or check undeadly.org. j.
Re: Apache 1.3 vs. nginx vs. base httpd
On 2014-11-06 09.24.24 +, Bogdan Andu wrote: 3) what would be the performance of running Perl scripts through FastCGI+httpd, compared to Apache1.3/mod_perl1.3 compared to nginx/Nginx perl module? You need to run these benchmarks yourself, on your scripts and data. -Mike [demime 1.01d removed an attachment of type application/pgp-signature]
Re: Apache 1.3 vs. nginx vs. base httpd
On Thu, Nov 06, 2014 at 09:24:24AM +, Bogdan Andu wrote: 4) will httpd be able to support Perl script processing without the need to talk to an external (FasCGI) daemon? Just my 2c about the new httpd daemon. It's brand new in 5.6, and is shaping up to be an awesome and simple server. I fully intend on replacing nginx with it in production when 5.7 is released. That being said, the 5.6 implementation has some issues that you may want to research further if you'd like to use it. They've already been fixed in -current.
Re: Apache
On 2014-06-02, consultor consul...@openmailbox.org wrote: Hello list Could somebody please tell me if i should be worry for: 185.4.227.194 - - [01/Jun/2014:08:32:14 -0700] GET http://24x7-allrequestsallowed.com/?PHPSESSID=1rxsxtj500143SVM%5CRH%40%40BZPU HTTP/1.1 200 1723 The answer was 200. Running 5.5 Release. Thanks all. francisco. Looks like someone scanning for open proxies. You'll find all sorts of probe attempts in web server access logs; the most common targets in my logs are open proxies and misconfigured or buggy versions of phpMyAdmin and wordpress, though of course you need to consider the security of anything you run that's open to the world.
Re: Apache
On 06/02/2014 01:10 AM, Stuart Henderson wrote: On 2014-06-02, consultor consul...@openmailbox.org wrote: Hello list Could somebody please tell me if i should be worry for: 185.4.227.194 - - [01/Jun/2014:08:32:14 -0700] GET http://24x7-allrequestsallowed.com/?PHPSESSID=1rxsxtj500143SVM%5CRH%40%40BZPU HTTP/1.1 200 1723 The answer was 200. Running 5.5 Release. Thanks all. francisco. Looks like someone scanning for open proxies. You'll find all sorts of probe attempts in web server access logs; the most common targets in my logs are open proxies and misconfigured or buggy versions of phpMyAdmin and wordpress, though of course you need to consider the security of anything you run that's open to the world. Thanks Stuart. Yes, i have the same things. The OS responded Thanks for using our service. francisco.
Apache
Hello list Could somebody please tell me if i should be worry for: 185.4.227.194 - - [01/Jun/2014:08:32:14 -0700] GET http://24x7-allrequestsallowed.com/?PHPSESSID=1rxsxtj500143SVM%5CRH%40%40BZPU HTTP/1.1 200 1723 The answer was 200. Running 5.5 Release. Thanks all. francisco.
Re: Apache able to open tty
Em 21-01-2014 23:48, David Sticht escreveu: Ted, Thank you so much for responding. I understand all of the words you used. However, this definitely goes beyond what I have done yet. I will need for the apache server to instigate the request. I imagine I would want a vast majority of the scripting to be run via CGI as normal calling out to the daemon when the connection is necessary. The part where I get very fuzzy is having the CGI script call out to a daemon which would be perhaps a “wrapper” for my PERL scripting that manages the process of making connections and retrieving data from my network devices. Would you be able to provide any links or verbiage I could search to head me in the right direction to figuring out this process? On Jan 20, 2014, at 7:38 PM, Ted Unangst t...@tedunangst.com wrote: On Wed, Jan 15, 2014 at 14:25, David Sticht wrote: Understanding the risks I am wanting to either allow the www user right to open tty or change the user running the apache daemon. I am developing a suite of intranet tools with perl to perform some network diagnostics. Does anybody have a suggestion to move me in the right direction? Take a look on the nagios-chroot package. It works exactly like this. There is a chrooted web interface that communicates with a daemon which executes commands in it's behalf. I advise against changing the user of apache or running it as root to be able to open the tty's. Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC
Re: Apache able to open tty
Ted, Thank you so much for responding. I understand all of the words you used. However, this definitely goes beyond what I have done yet. I will need for the apache server to instigate the request. I imagine I would want a vast majority of the scripting to be run via CGI as normal calling out to the daemon when the connection is necessary. The part where I get very fuzzy is having the CGI script call out to a daemon which would be perhaps a “wrapper” for my PERL scripting that manages the process of making connections and retrieving data from my network devices. Would you be able to provide any links or verbiage I could search to head me in the right direction to figuring out this process? On Jan 20, 2014, at 7:38 PM, Ted Unangst t...@tedunangst.com wrote: On Wed, Jan 15, 2014 at 14:25, David Sticht wrote: Understanding the risks I am wanting to either allow the www user right to open tty or change the user running the apache daemon. I am developing a suite of intranet tools with perl to perform some network diagnostics. Does anybody have a suggestion to move me in the right direction? Build a small daemon that does whatever it is needs doing, run it as a user with the correct privileges, then have the www user talk to that via a socket.
Re: Apache able to open tty
Does anybody have a suggestion? I'm nearly ready to present an early peek to my company that will help them to realize the benefits of OpenBSD and PERL. Sent from my iPhone On Jan 15, 2014, at 14:25, David Sticht vdubjun...@vdubjunkie.net wrote: Understanding the risks I am wanting to either allow the www user right to open tty or change the user running the apache daemon. I am developing a suite of intranet tools with perl to perform some network diagnostics. Does anybody have a suggestion to move me in the right direction? Sent from my iPhone
Re: Apache able to open tty
On Wed, Jan 15, 2014 at 14:25, David Sticht wrote: Understanding the risks I am wanting to either allow the www user right to open tty or change the user running the apache daemon. I am developing a suite of intranet tools with perl to perform some network diagnostics. Does anybody have a suggestion to move me in the right direction? Build a small daemon that does whatever it is needs doing, run it as a user with the correct privileges, then have the www user talk to that via a socket.
Apache able to open tty
Understanding the risks I am wanting to either allow the www user right to open tty or change the user running the apache daemon. I am developing a suite of intranet tools with perl to perform some network diagnostics. Does anybody have a suggestion to move me in the right direction? Sent from my iPhone
Re: apache bug?
On 2013-10-15, Nick Holland n...@holland-consulting.net wrote: BTW: I have no idea what your picture is, I'm not clicking on it. It's a screenshot of a directory listing, with some bits blanked out, of Linux ISOs *wink* *wink*. On 10/15/2013 11:43 AM, obsd, cgi wrote: In the directory listing the ISO file looks like ~40 MByte, but the reality is 4 GBytes. What could the problem be? storing file sizes in insufficiently sized data types.. httpd in base was patched to allow larger files to be sent, but that didn't extend to directory listings. Or I should use nginx since apache will be obsolete? :) That might be one way to work-around it.
apache bug?
http://i.imgur.com/9SJOrhq.png In the directory listing the ISO file looks like ~40 MByte, but the reality is 4 GBytes. What could the problem be? Or I should use nginx since apache will be obsolete? :) Thanks!
Re: apache bug?
On 10/15/2013 11:43 AM, obsd, cgi wrote: http://i.imgur.com/9SJOrhq.png In the directory listing the ISO file looks like ~40 MByte, but the reality is 4 GBytes. What could the problem be? Or I should use nginx since apache will be obsolete? :) Thanks! More a known design limitation than a bug. Google for Apache large files for more details, some of which may be applicable. I'd use nginx for any new implementation at this point (when applicable). BTW: I have no idea what your picture is, I'm not clicking on it. Nick.
Upgrade to 5.0 from 4.x broke Apache+PHP's ability to talk to mysql.sock
Whoops; sent this earlier, but I hadn't changed the message subject from the Message Digest default text. I assume that's why it wasn't forwarded previously. Here's what I'd written on this subject previously: Awhile back here, I brought up an issue that occurred when I was upgrading my system from OpenBSD 4.x to 5.0. I'm not sure if it was on this mailing list or not, but this seems like the most appropriate place to bring it up. I had relied on several services via Apache that utilize PHP MySQL in a fairly standard configuration. Unfortunately, when I upgraded (all according to the standard upgrade instructions provided), all of my services broke due to PHP not being able to connect to the sock located in '/var/run/mysql/mysql.sock'. I asked for help and googled like a fiend for awhile, but even when interactively talking to folks in freenet's #openbsd, I was unable to find what might've been wrong with this. Foolishly enough, several times I considered the fact that httpd would be executing everything in the chroot jail of '/var/www', but I didn't research it that deeply or try moving the sock, because I figured that with all of the people I spoke to already, certainly one of the experts would have mentioned if this had been causing an issue or not. Last night, however, when I decided to take another stab at things, googling turned up a result that I hadn't seen previously (I am google-tarded, so I will accept the possibility that I'd not done as straightforward an attempt to look for the answer of this issue as I'd thought). The link was at http://philihp.com/blog/2008/connecting-to-mysql-with-php-in-apache-on-openbsd/ (2008? Certainly I must not have googled as well as I thought!), and referred to a permanent (although kludgy) solution found at http://www.openbsdsupport.org/e107_CMS.html . The solution was, indeed, dealing with creating a hardlink to somewhere within the chroot'ed jail; in this case under /var/www/var/run/mysql/mysql.sock after the appropriate path was created. Anyway I just thought that I'd post that here, since a lot of people in the OpenBSD community didn't seem to know how simple the solution really was or where it might be found at. It might be a good idea to toss this in the 4.x to 5.0 upgrade instructions, as well. It seems like a relatively simple oversight. Best wishes. -Damon
Re: Upgrade to 5.0 from 4.x broke Apache+PHP's ability to talk to mysql.sock
On 12 August 2013, Damon Getsman damo.g...@gmail.com wrote: [...] Last night, however, when I decided to take another stab at things, googling turned up a result that I hadn't seen previously (I am google-tarded, so I will accept the possibility that I'd not done as straightforward an attempt to look for the answer of this issue as I'd thought). The link was at http://philihp.com/blog/2008/connecting-to-mysql-with-php-in-apache-on-openbsd/ (2008? Certainly I must not have googled as well as I thought!), and referred to a permanent (although kludgy) solution found at http://www.openbsdsupport.org/e107_CMS.html . The solution was, indeed, dealing with creating a hardlink to somewhere within the chroot'ed jail; in this case under /var/www/var/run/mysql/mysql.sock after the appropriate path was created. [...] Please, stop repeating this nonsense. This solution works until you restart the server manually, since mysqld removes the socket before re-creating it. The real solution is either to use TCP connections, or move the socket inside the jail and make /etc/my.cnf and /var/www/etc/my.cnf point to it accordingly. Regards, Liviu Daia
Build Apache Cocoon 2.1.12 on OBSD 5.3/i386
Good day, On a recent project, I was trying to build Apache Cocoon 2.1.12 from source. I have already successfully installed JRE and JDK 1.7 and already ran Tomcat 7.x on it, with the objective of building and running Apache Cocoon on it, currently without success. The message I get is as follows: Compiling 605 source files to /home/cocoon-2.1.12/build/cocoon/classes /home/cocoon-2.1.12/src/java/org/apache/cocoon/reading/ImageReader.java:39: error: package com.sun.image.codec.jpeg does not exist import com.sun.image.codec.jpeg.ImageFormatException; ^ /home/cocoon-2.1.12/src/java/org/apache/cocoon/reading/ImageReader.java:40: error: package com.sun.image.codec.jpeg does not exist import com.sun.image.codec.jpeg.JPEGCodec; ^ /home/cocoon-2.1.12/src/java/org/apache/cocoon/reading/ImageReader.java:41: error: package com.sun.image.codec.jpeg does not exist import com.sun.image.codec.jpeg.JPEGEncodeParam; ^ /home/cocoon-2.1.12/src/java/org/apache/cocoon/reading/ImageReader.java:42: error: package com.sun.image.codec.jpeg does not exist import com.sun.image.codec.jpeg.JPEGImageEncoder; ^ /home/cocoon-2.1.12/src/java/org/apache/cocoon/reading/ImageReader.java:326: error: cannot find symbol JPEGImageEncoder encoder = JPEGCodec.createJPEGEncoder(out); ^ symbol: class JPEGImageEncoder location: class ImageReader /home/cocoon-2.1.12/src/java/org/apache/cocoon/reading/ImageReader.java:326: error: cannot find symbol JPEGImageEncoder encoder = JPEGCodec.createJPEGEncoder(out); ^ symbol: variable JPEGCodec location: class ImageReader /home/cocoon-2.1.12/src/java/org/apache/cocoon/reading/ImageReader.java:327: error: cannot find symbol JPEGEncodeParam p = encoder.getDefaultJPEGEncodeParam(currentImage); ^ symbol: class JPEGEncodeParam location: class ImageReader /home/cocoon-2.1.12/src/java/org/apache/cocoon/reading/ImageReader.java:333: error: cannot find symbol JPEGImageEncoder encoder = JPEGCodec.createJPEGEncoder(bstream); ^ symbol: class JPEGImageEncoder location: class ImageReader /home/cocoon-2.1.12/src/java/org/apache/cocoon/reading/ImageReader.java:333: error: cannot find symbol JPEGImageEncoder encoder = JPEGCodec.createJPEGEncoder(bstream); ^ symbol: variable JPEGCodec location: class ImageReader /home/cocoon-2.1.12/src/java/org/apache/cocoon/reading/ImageReader.java:334: error: cannot find symbol JPEGEncodeParam p = encoder.getDefaultJPEGEncodeParam(currentImage); ^ symbol: class JPEGEncodeParam location: class ImageReader /home/cocoon-2.1.12/src/java/org/apache/cocoon/reading/ImageReader.java:342: error: cannot find symbol } catch (ImageFormatException e) { ^ symbol: class ImageFormatException location: class ImageReader 11 errors BUILD FAILED /home/cocoon-2.1.12/tools/targets/compile-build.xml:68: The following error occurred while executing this line: /home/cocoon-2.1.12/tools/targets/compile-build.xml:51: Compile failed; see the compiler error output for details. Total time: 3 seconds The packages installed are: apache-ant-1.8.2p3 build tool for java applications gettext-0.18.2p1GNU gettext javaPathHelper-0.3p1 helper script for launching java applications jdk-1.7.0.11p2v0Java2(TM) SE Dev Kit v1.7.0.11 joe-3.7p1 Joe's Own Editor jre-1.7.0.11p2v0Java2(TM) SE Runtime Environment v1.7.0.11 libiconv-1.14p0 character set conversion library libidn-1.26 internationalized string handling maven-3.0.4 software project management and comprehension tool pcre-8.31 perl-compatible regular expression library tomcat-7.0.35 Java servlet 2.5 and Java server pages 2.1 server tomcat-examples-7.0.35 example applications and full documentation wget-1.14 retrieve files from the web via HTTP, HTTPS and FTP Am I missing something or do I have to install more packages? Maybe you can point me to the right direction. Thanks.
Re: Build Apache Cocoon 2.1.12 on OBSD 5.3/i386
On Fri, Jun 21, 2013 at 8:04 AM, Tito Mari Francis Escaño titomarifran...@gmail.com wrote: Good day, On a recent project, I was trying to build Apache Cocoon 2.1.12 from source. I have already successfully installed JRE and JDK 1.7 and already ran Tomcat 7.x on it, with the objective of building and running Apache Cocoon on it, currently without success. The message I get is as follows: Compiling 605 source files to /home/cocoon-2.1.12/build/cocoon/classes /home/cocoon-2.1.12/src/java/org/apache/cocoon/reading/ImageReader.java:39: error: package com.sun.image.codec.jpeg does not exist import com.sun.image.codec.jpeg.ImageFormatException; ^ http://stackoverflow.com/questions/1906673/import-com-sun-image-codec-jpeg http://stackoverflow.com/questions/4065401/using-internal-sun-classes-with-javac/4070685#4070685
Re: Problems w/apache+php+mysqld since 4.9-5.0 OpenBSD Upgrade
Sorry, had some guests over the weekend, and I was unable to continue with the thread for a bit. I hope you guys are willing to catch up where you left off, I still haven't been able to get apache+php+mysql working again on my server since the 4.9-5.0 upgrade, and I really need my wiki and other associated services here. Managed to get done with my speech without them, at least. *grin* Still really could've used the wiki for the reference gathering, though. Thankfully nobody asked me for references. So, here is the output from php -m: Mon May 27 20:01 contract:/home/ftp$ php -m [PHP Modules] bcmath calendar ctype date dom exif filter ftp gettext hash iconv json libxml mbstring mysql openssl pcre PDO posix Reflection session SimpleXML sockets SPL standard suhosin sysvmsg sysvsem sysvshm tokenizer wddx xml xmlreader xmlwriter zlib [Zend Modules] Suhosin -=-=-=-=- So it looks like at least from the command-line invoked php, things are loading the mysql version just fine. And I checked, yes, and mysqld is running via invocation of mysqld_safe. I'll post the appropriate snippets from all of the php*.ini files scattered about my installation in just a bit here as soon as I can gather them all together. A visitor has stopped by again, so I must take a brief respite. On Wed, May 22, 2013 at 7:18 PM, Richard Toohey richardtoo...@paradise.net.nz wrote: On 05/23/13 12:08, Damon Getsman wrote: Okay, now I've got the phpinfo output. Nothing is jumpin' out at me, if y'all care to take a look at it I've got it available at bismaninfo.hopto.org/debug.php for a limited time here. No mysql in the output. What does php -m give you, etc. It's like the message you are getting - something is up with the mysql extension in your install. Check the ini files, etc. You are using the base Apache and PHP is working - you need to look at the mysql extension and find out why it is not enabled or not loading.
Problems w/apache+php+mysqld since 4.9-5.0 OpenBSD Upgrade
Hello all, and thank you for taking the time to take a look at this issue that I am currently having. I've been a strong advocate of OpenBSD for some time, but have only recently taken steps to start upgrading some of my machines instead of reinstalling. My primary server was a 4.9 installation, and it was running apache, with PHP and MySQL integrated for the purpose of serving a mediawiki, a gallery2 installation, and a few other utilities that I have had up for myself and some friends. Unfortunately, ever since I've made the leap from 4.9 to 5.0, I've been unable to get anything other than plain HTML documents to display via apache. The server tells me that there are either '500' server errors or with a little more detail MediaWiki tells me (Can't contact the database server: MySQL functions missing, have you compiled PHP with the --with-mysql option? ). Now according to the pkg_info listing that I have, I _believe_ that I have all of the proper packages and libraries installed, but I guess I am mistaken as I'm still not able to serve pages up with any sort of MySQL back end handling. Here is the output of 'pkg_info -a -m' for anybody who cares to verify this: BitTorrent-4.4.0p10 cooperative file distribution system implemented in Python ImageMagick-6.6.6.10p0 image processing tools alacarte-0.12.4p7 easy GNOME menu editing tool apache-httpd-2.2.15p0 apache HTTP server apcupsd-3.14.8p2daemon for controlling APC UPSes archie-1.4.1Prospero client for the archie service bash-4.2.10 GNU Bourne Again Shell beav-1.40.15binary editor and viewer bzip2-1.0.6 block-sorting file compressor, unencumbered calc-2.11.7 C-style arbitrary precision calculator camlimages-3.0.2p0 image manipulation functions for Objective Caml check_bioctl-1.9Nagios plugin to check RAID status with bioctl check_email_delivery-0.7.0 Nagios plugin to check full email delivery loop (SMTP /IMAP) check_hw_sensors-1.42 Nagios plugin to monitor sysctl hw.sensors check_mssql_health-1.5.3 Nagios plugin to check Microsoft SQL Server check_openbgpd-1.5 Nagios plugin to monitor OpenBGPd peers cups-1.4.7p0Common Unix Printing System cups-pdf-2.5.1 PDF backend for CUPS curl-7.21.7 get files from FTP, Gopher, HTTP or HTTPS servers dosbox-0.74p0 x86 with DOS emulator targeted at playing games emacs-22.3p10 GNU editor: extensible, customizable, self-documenting fedora_base-4.0p8 Linux compatibility package based on Fedora Core 4 firefox-5.0p3 Mozilla web browser firefox35-3.5.19p2 Mozilla web browser ghostview-1.5p3 X11 front-end for ghostscript git-1.7.6p0 GIT - Tree History Storage Tool git-svn-1.7.6p0 GIT - subversion interoperability tools git-x11-1.7.6p0 GIT - graphical tools gnome-common-2.34.0 common automake macros for GNOME gnome-desktop-2.32.1p4 components for the GNOME desktop gnome-mplayer-1.0.4p1 GTK+/GNOME frontend for MPlayer gnome-panel-2.32.1p5 GNOME panel gnome-screensaver-2.30.2p2 screen saver and locker for GNOME gnome-system-monitor-2.28.2p6 sytem monitor for GNOME gnome-system-tools-2.32.0p6 sytem configuration GUI for desktops gnuchess-5.08 chess program gpgme-1.1.5p1 GnuPG Made Easy gstoraster-1.03p0 filter to convert PostScript or PDF to cups raster format ircII-20081115p0Internet Relay Chat client ispell-3.2.06p6 interactive spelling checker jove-4.16p1 Jonathan's Own Version of Emacs kdebase-3.5.10p13 K Desktop Environment, basic applications kermit-8.0.211 serial and network communications package latex-mk-1.9.1p0set of Makefile fragments to manage LaTeX documents libpurple-2.9.0 multi-protocol instant messaging library libreoffice-3.4.1.3p1v0 multi-platform productivity suite mediawiki-1.15.5p3 web-based collaborative editing environment minicom-2.2p0 MS-DOS Telix-like serial communication program mpg123-1.13.1 fast console MPEG audio player and decoder library mrtg-2.17.1p1 multi-router traffic grapher mutt-1.5.21v0-sasl tty-based e-mail client, development version mysql-server-5.1.54p9 multithreaded SQL database (server) ncftp-3.2.3 ftp replacement with advanced user interface nethack-3.4.3p4-qt dungeon explorin', hackin', game. Piece of cake nmap-5.51p0 scan ports and fingerprint stack of network hosts ntop-1.1network usage, interface similar to top(1) ntp-4.2.6pl2p7 Network Time Protocol reference implementation ocaml-3.12.0p0 ML language based on complete class-based objective system oinkmaster-2.0p0update your Snort rules p7zip-9.20.1file archiver with high compression ratio partial-wordpress-3.0.2 standard compliant weblog pgp-2.6.3 Pretty Good Privacy 2.6.3ia php-5.2.17p5server-side HTML-embedded scripting language php-curl-5.2.17p3 curl URL library extensions for php5 php-gd-5.2.17p4 image manipulation extensions for php5 php-imap-5.2.17p3 imap, pop3 and nntp
Re: Problems w/apache+php+mysqld since 4.9-5.0 OpenBSD Upgrade
On 05/23/13 10:15, Damon Getsman wrote: Hello all, and thank you for taking the time to take a look at this issue that I am currently having. I've been a strong advocate of OpenBSD for some time, but have only recently taken steps to start upgrading some of my machines instead of reinstalling. My primary server was a 4.9 installation, and it was running apache, with PHP and MySQL integrated for the purpose of serving a mediawiki, a gallery2 installation, and a few other utilities that I have had up for myself and some friends. Unfortunately, ever since I've made the leap from 4.9 to 5.0, I've been unable to get anything other than plain HTML documents to display via apache. The server tells me that there are either '500' server errors or with a little more detail MediaWiki tells me (Can't contact the database server: MySQL functions missing, have you compiled PHP with the --with-mysql option? ). Now according to the pkg_info listing that I have, I _believe_ that I have all of the proper packages and libraries installed, but I guess I am mistaken as I'm still not able to serve pages up with any sort of MySQL back end handling. Here is the output of 'pkg_info -a -m' for anybody who cares to verify this: BitTorrent-4.4.0p10 cooperative file distribution system implemented in Python ImageMagick-6.6.6.10p0 image processing tools alacarte-0.12.4p7 easy GNOME menu editing tool apache-httpd-2.2.15p0 apache HTTP server apcupsd-3.14.8p2daemon for controlling APC UPSes archie-1.4.1Prospero client for the archie service bash-4.2.10 GNU Bourne Again Shell beav-1.40.15binary editor and viewer bzip2-1.0.6 block-sorting file compressor, unencumbered calc-2.11.7 C-style arbitrary precision calculator camlimages-3.0.2p0 image manipulation functions for Objective Caml check_bioctl-1.9Nagios plugin to check RAID status with bioctl check_email_delivery-0.7.0 Nagios plugin to check full email delivery loop (SMTP /IMAP) check_hw_sensors-1.42 Nagios plugin to monitor sysctl hw.sensors check_mssql_health-1.5.3 Nagios plugin to check Microsoft SQL Server check_openbgpd-1.5 Nagios plugin to monitor OpenBGPd peers cups-1.4.7p0Common Unix Printing System cups-pdf-2.5.1 PDF backend for CUPS curl-7.21.7 get files from FTP, Gopher, HTTP or HTTPS servers dosbox-0.74p0 x86 with DOS emulator targeted at playing games emacs-22.3p10 GNU editor: extensible, customizable, self-documenting fedora_base-4.0p8 Linux compatibility package based on Fedora Core 4 firefox-5.0p3 Mozilla web browser firefox35-3.5.19p2 Mozilla web browser ghostview-1.5p3 X11 front-end for ghostscript git-1.7.6p0 GIT - Tree History Storage Tool git-svn-1.7.6p0 GIT - subversion interoperability tools git-x11-1.7.6p0 GIT - graphical tools gnome-common-2.34.0 common automake macros for GNOME gnome-desktop-2.32.1p4 components for the GNOME desktop gnome-mplayer-1.0.4p1 GTK+/GNOME frontend for MPlayer gnome-panel-2.32.1p5 GNOME panel gnome-screensaver-2.30.2p2 screen saver and locker for GNOME gnome-system-monitor-2.28.2p6 sytem monitor for GNOME gnome-system-tools-2.32.0p6 sytem configuration GUI for desktops gnuchess-5.08 chess program gpgme-1.1.5p1 GnuPG Made Easy gstoraster-1.03p0 filter to convert PostScript or PDF to cups raster format ircII-20081115p0Internet Relay Chat client ispell-3.2.06p6 interactive spelling checker jove-4.16p1 Jonathan's Own Version of Emacs kdebase-3.5.10p13 K Desktop Environment, basic applications kermit-8.0.211 serial and network communications package latex-mk-1.9.1p0set of Makefile fragments to manage LaTeX documents libpurple-2.9.0 multi-protocol instant messaging library libreoffice-3.4.1.3p1v0 multi-platform productivity suite mediawiki-1.15.5p3 web-based collaborative editing environment minicom-2.2p0 MS-DOS Telix-like serial communication program mpg123-1.13.1 fast console MPEG audio player and decoder library mrtg-2.17.1p1 multi-router traffic grapher mutt-1.5.21v0-sasl tty-based e-mail client, development version mysql-server-5.1.54p9 multithreaded SQL database (server) ncftp-3.2.3 ftp replacement with advanced user interface nethack-3.4.3p4-qt dungeon explorin', hackin', game. Piece of cake nmap-5.51p0 scan ports and fingerprint stack of network hosts ntop-1.1network usage, interface similar to top(1) ntp-4.2.6pl2p7 Network Time Protocol reference implementation ocaml-3.12.0p0 ML language based on complete class-based objective system oinkmaster-2.0p0update your Snort rules p7zip-9.20.1file archiver with high compression ratio partial-wordpress-3.0.2 standard compliant weblog pgp-2.6.3 Pretty Good Privacy 2.6.3ia php-5.2.17p5server-side HTML-embedded scripting language php-curl-5.2.17p3 curl URL library extensions for php5 php-gd-5.2.17p4 image manipulation extensions
Re: Problems w/apache+php+mysqld since 4.9-5.0 OpenBSD Upgrade
Richard: Not sure if I'm using the base apache or 2.2. Here's what httpd -V is showing me: Wed May 22 17:50 contract:~$ httpd -V Server version: Apache/1.3.29 (Unix) Server's Module Magic Number: 19990320:15 Server compiled with -D EAPI -D HAVE_MMAP -D HAVE_SHMGET -D USE_MMAP_SCOREBOARD -D USE_MMAP_FILES -D HAVE_FLOCK_SERIALIZED_ACCEPT -D HAVE_SYSVSEM_SERIALIZED_ACCEPT -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D DYNAMIC_MODULE_LIMIT=64 -D HARD_SERVER_LIMIT=256 -D HTTPD_ROOT=/var/www -D SUEXEC_BIN=/usr/sbin/suexec -D DEFAULT_PIDLOG=logs/httpd.pid -D DEFAULT_SCOREBOARD=logs/httpd.scoreboard -D DEFAULT_LOCKFILE=logs/httpd.lock -D DEFAULT_ERRORLOG=logs/error_log -D TYPES_CONFIG_FILE=conf/mime.types -D SERVER_CONFIG_FILE=conf/httpd.conf -D ACCESS_CONFIG_FILE=conf/access.conf -D RESOURCE_CONFIG_FILE=conf/srm.conf I stopped at 5.0 because I figured that if I was having problems at this point pushing it further might create more until I get them resolved. If I'm wrong about that I'll certainly push it up to 5.3. I've got another machine here that I've installed 5.2 on recently, I'll take that one up to 5.3 just to get used to it (it's not a server machine). I do understand the 'chroot' concept, not sure how exactly it's applicable in this case; despite the fact that I believe httpd is chrooted to /var/www, I do know that php exists under this tree in its /usr/local/bin and the libphp5 file exists there where it should as well, I believe. I have also bumped up the php error reporting but I can't seem to find much about it in the applicable logfiles (/var/log/messages, /var/www/logs/error_log, etc). Truncating the previous discussion as I'm assuming that you've got logs of what's going on here. Thank you for the help!
Re: Problems w/apache+php+mysqld since 4.9-5.0 OpenBSD Upgrade
Bryan, after doing that it appears that it's not even getting executed. I put the script into a web accessible file called debug.php, loaded it in my browser and saw a blank page. Viewing the source is showing the original ? phpinfo(); ?, leading me to believe that it is not even handing it off to the appropriate script engine... Not sure if I'm right but does that help at all?
Re: Problems w/apache+php+mysqld since 4.9-5.0 OpenBSD Upgrade
And, um, wrapping the snippet in the appropriate html head/head body? phpinfo(); ?/body /html didn't seem to help matters at all, either. :(
Re: Problems w/apache+php+mysqld since 4.9-5.0 OpenBSD Upgrade
IIRC 4.9-5.0 was a little ugly, maybe you missed the PHP upgrade instructions here: http://www.openbsd.org/faq/upgrade50.html#Pkgup On Wed, May 22, 2013 at 4:44 PM, Damon Getsman damo.g...@gmail.com wrote: Bryan, after doing that it appears that it's not even getting executed. I put the script into a web accessible file called debug.php, loaded it in my browser and saw a blank page. Viewing the source is showing the original ? phpinfo(); ?, leading me to believe that it is not even handing it off to the appropriate script engine... Not sure if I'm right but does that help at all?
Re: Problems w/apache+php+mysqld since 4.9-5.0 OpenBSD Upgrade
On 05/23/13 11:44, Damon Getsman wrote: Bryan, after doing that it appears that it's not even getting executed. I put the script into a web accessible file called debug.php, loaded it in my browser and saw a blank page. Viewing the source is showing the original ? phpinfo(); ?, leading me to believe that it is not even handing it off to the appropriate script engine... Not sure if I'm right but does that help at all? You can't use shorttags* ... You need to use ... ?php ? * Well, you can if you tweak settings.
Re: Problems w/apache+php+mysqld since 4.9-5.0 OpenBSD Upgrade
Nope, I caught the PHP upgrade instructions and I believe they've been carried out correctly. :(
Re: Problems w/apache+php+mysqld since 4.9-5.0 OpenBSD Upgrade
Okay, now I've got the phpinfo output. Nothing is jumpin' out at me, if y'all care to take a look at it I've got it available at bismaninfo.hopto.org/debug.php for a limited time here.
Re: Problems w/apache+php+mysqld since 4.9-5.0 OpenBSD Upgrade
On 05/23/13 12:08, Damon Getsman wrote: Okay, now I've got the phpinfo output. Nothing is jumpin' out at me, if y'all care to take a look at it I've got it available at bismaninfo.hopto.org/debug.php for a limited time here. No mysql in the output. What does php -m give you, etc. It's like the message you are getting - something is up with the mysql extension in your install. Check the ini files, etc. You are using the base Apache and PHP is working - you need to look at the mysql extension and find out why it is not enabled or not loading.
Re: user websites on apache chroot
good place for start http://www.openbsd.org/faq/faq10.html#httpdchroot On Fri, Apr 19, 2013 at 3:07 AM, fek...@tormail.org wrote: I want to avoid using Apache 2.x for my server and want a chroot but where users can have their own webpages. It doesn't need to be automated I'm happy to edit httpd.conf to add each virtual server. I'd also like php to run as that user, can I run php via cgi on Apache 1.3?
user websites on apache chroot
I want to avoid using Apache 2.x for my server and want a chroot but where users can have their own webpages. It doesn't need to be automated I'm happy to edit httpd.conf to add each virtual server. I'd also like php to run as that user, can I run php via cgi on Apache 1.3?
default apache consumes memory
Hello, I have an OpenBSD box running default apache server that its sole task is to present data, nothing more, nothing less. The logic of the applications is handled by an app. layer that never exceeds 40 Mbytes RAM and handles concurently all the connections (tcp based) from apache children while the apache children tend to allocate continously memory without de-allocating it The apache ver is 1.3, from base install running mod_perl highly optimized through startup.pl mechanism, and perl scripts that communicate with app. layer. The processing amount is minimized on the apache server. It listens on localhost and proxied by relayd for ssl acceleration. In two weeks all apache children totalize aprox. 800 MBytes RAM Is there any tweaking variable to tell apache to deallocate memory when is no more needed in the same way the app. layer does ? Thank you in advanced, Bogdan
Re: default apache consumes memory
Sounds like a memory leak (allocated memory not getting freed), I would think the most likely place for this is in the perl scripts you're running. http://modperlbook.org/html/14-2-6-Memory-Leakage.html has some suggestions for tracking these down. There is also maxrequestsperchild which might hide (but not fix) the problem. On 2013-04-05, Bogdan Andu bo...@yahoo.com wrote: Hello, I have an OpenBSD box running default apache server� that its sole task is to present data, nothing more, nothing less. The logic of the applications is handled by an app. layer that never exceeds 40 Mbytes RAM and handles concurently all the connections (tcp based) from apache children while the apache children tend to allocate continously memory without de-allocating it The apache ver is 1.3, from base install running mod_perl highly optimized through startup.pl mechanism, and perl scripts that communicate with app. layer. The processing amount is minimized on the apache server. It listens on localhost and proxied by relayd for ssl acceleration. In two weeks all apache children totalize aprox. 800 MBytes RAM Is there any tweaking variable to tell apache to deallocate memory when is no more needed in the same way the app. layer does ? Thank you in advanced, Bogdan
Re: default apache consumes memory
The scripts a dead simple, only opening between 1 and 4 tcp connections to app. layer, retrieve response and format it out in html - dead simple. There are precompiled and loaded in memory the few modules I need, so they are not loaded at every request, but I will also follow your suggestions. Thank you for the link, Bogdan From: Stuart Henderson s...@spacehopper.org To: misc@openbsd.org Sent: Friday, April 5, 2013 11:19 AM Subject: Re: default apache consumes memory Sounds like a memory leak (allocated memory not getting freed), I would think the most likely place for this is in the perl scripts you're running. http://modperlbook.org/html/14-2-6-Memory-Leakage.html has some suggestions for tracking these down. There is also maxrequestsperchild which might hide (but not fix) the problem. On 2013-04-05, Bogdan Andu bo...@yahoo.com wrote: Hello, I have an OpenBSD box running default apache server that its sole task is to present data, nothing more, nothing less. The logic of the applications is handled by an app. layer that never exceeds 40 Mbytes RAM and handles concurently all the connections (tcp based) from apache children while the apache children tend to allocate continously memory without de-allocating it The apache ver is 1.3, from base install running mod_perl highly optimized through startup.pl mechanism, and perl scripts that communicate with app. layer. The processing amount is minimized on the apache server. It listens on localhost and proxied by relayd for ssl acceleration. In two weeks all apache children totalize aprox. 800 MBytes RAM Is there any tweaking variable to tell apache to deallocate memory when is no more needed in the same way the app. layer does ? Thank you in advanced, Bogdan
Re: default apache consumes memory
On Fri, Apr 05, 2013 at 01:57:18AM -0700, Bogdan Andu wrote: The scripts a dead simple, only opening between 1 and 4 tcp connections to app. layer, retrieve response and format it out in html - dead simple. There are precompiled and loaded in memory the few modules I need, so they are not loaded at every request, but I will also follow your suggestions. Thank you for the link, Not that some memory as reported by top is *shared* mem. You can't just add it all up. -Otto Bogdan From: Stuart Henderson s...@spacehopper.org To: misc@openbsd.org Sent: Friday, April 5, 2013 11:19 AM Subject: Re: default apache consumes memory Sounds like a memory leak (allocated memory not getting freed), I would think the most likely place for this is in the perl scripts you're running. http://modperlbook.org/html/14-2-6-Memory-Leakage.html has some suggestions for tracking these down. There is also maxrequestsperchild which might hide (but not fix) the problem. On 2013-04-05, Bogdan Andu bo...@yahoo.com wrote: Hello, I have an OpenBSD box running default apache server? that its sole task is to present data, nothing more, nothing less. The logic of the applications is handled by an app. layer that never exceeds 40 Mbytes RAM and handles concurently all the connections (tcp based) from apache children while the apache children tend to allocate continously memory without de-allocating it The apache ver is 1.3, from base install running mod_perl highly optimized through startup.pl mechanism, and perl scripts that communicate with app. layer. The processing amount is minimized on the apache server. It listens on localhost and proxied by relayd for ssl acceleration. In two weeks all apache children totalize aprox. 800 MBytes RAM Is there any tweaking variable to tell apache to deallocate memory when is no more needed in the same way the app. layer does ? Thank you in advanced, Bogdan
Re: pf and apache
I'm doing the rdr-to on both interfaces. But, I have other ports that rdr just fine internally, so that's why I think something else is going on. For example, I have ssh on 6699 and I can access that both internally and externally. On Thu, Feb 28, 2013 at 11:46 PM, Andy Bradford amb-open...@bradfords.orgwrote: Thus said Matt Morrow on Thu, 28 Feb 2013 23:07:30 -0600: Apache is running on a slackware box. I can access apache just fine internally by using the ip address of that server (192.168.1.70), but if I access the ip of the openbsd box (192.168.1.60) I just get an error that the server is not available. It should be forwarding port 80 to the slackware box. I'm going to guess from your description that you are trying to rdr-to on the same interface. The documentation says: Redirections cannot reflect packets back through the interface they arrive on, they can only be redirected to hosts connected to different interfaces or to the firewall itself. The next section discusses using NAT... might be what you're after. Andy -- TAI64 timestamp: 4000513040c3
Re: pf and apache
Andy, We can see the result of running tcpdump -n -e -ttt -i pflog0 host 192.168.1.70 Thanks 2013/3/1 Matt Morrow cmorrow...@gmail.com I'm doing the rdr-to on both interfaces. But, I have other ports that rdr just fine internally, so that's why I think something else is going on. For example, I have ssh on 6699 and I can access that both internally and externally. On Thu, Feb 28, 2013 at 11:46 PM, Andy Bradford amb-open...@bradfords.orgwrote: Thus said Matt Morrow on Thu, 28 Feb 2013 23:07:30 -0600: Apache is running on a slackware box. I can access apache just fine internally by using the ip address of that server (192.168.1.70), but if I access the ip of the openbsd box (192.168.1.60) I just get an error that the server is not available. It should be forwarding port 80 to the slackware box. I'm going to guess from your description that you are trying to rdr-to on the same interface. The documentation says: Redirections cannot reflect packets back through the interface they arrive on, they can only be redirected to hosts connected to different interfaces or to the firewall itself. The next section discusses using NAT... might be what you're after. Andy -- TAI64 timestamp: 4000513040c3
Re: pf and apache
Hello, If You are using only redirections, source host will receive SYN-ACK from 192.168.1.70, but there was not previously SYN to this address, so source host will send TCP Reset. Solution may be: pass in on $int_if proto tcp from $int_if:network to any port 80 rdr-to 192.168.1.70 pass out on $int_if proto tcp from $int_if:network to any port 80 received-on $int_if nat-to $int_if W dniu 01.03.2013 06:07, Matt Morrow pisze: I have pf running on an openbsd box handling port forwarding. All ports seem to forward ok except for port 80. Apache is running on a slackware box. I can access apache just fine internally by using the ip address of that server (192.168.1.70), but if I access the ip of the openbsd box (192.168.1.60) I just get an error that the server is not available. It should be forwarding port 80 to the slackware box. Here is my pf.conf - ext_if = rl0 int_if = em0 icmp_types=echoreq set block-policy return set loginterface egress set skip on lo match out on egress inet from !(egress:network) to any nat-to (egress:0) block in log pass out log quick antispoof quick for { lo $int_if } # # port forwarding # pass in on $ext_if proto tcp from any to any port 80 rdr-to 192.168.1.70 port 80 pass in on $int_if proto tcp from any to any port 80 rdr-to 192.168.1.70 port 80 pass in on $ext_if proto tcp from any to any port 6699 rdr-to 192.168.1.60 port 22 pass in on $ext_if proto tcp from any to any port 51413 rdr-to 192.168.1.105 port 51413 pass in on $ext_if proto udp from any to any port 51413 rdr-to 192.168.1.105 port 51413 pass in on $int_if proto udp from any to any port 58846 rdr-to 192.168.1.101 port 6881 pass in on $ext_if proto tcp from any to any port 9000 rdr-to 192.168.1.105 port 81 #pass in log (all) inet proto icmp all icmp-type $icmp_types pass in log (all) on $int_if
Re: pf and apache
Thanks everyone. Seems to be working from outside, so for now I'll just go with the direct ip of the server when I need to access it internally. On Fri, Mar 1, 2013 at 11:22 AM, Pawel Jurusz mailing.s...@gmail.comwrote: Hello, If You are using only redirections, source host will receive SYN-ACK from 192.168.1.70, but there was not previously SYN to this address, so source host will send TCP Reset. Solution may be: pass in on $int_if proto tcp from $int_if:network to any port 80 rdr-to 192.168.1.70 pass out on $int_if proto tcp from $int_if:network to any port 80 received-on $int_if nat-to $int_if W dniu 01.03.2013 06:07, Matt Morrow pisze: I have pf running on an openbsd box handling port forwarding. All ports seem to forward ok except for port 80. Apache is running on a slackware box. I can access apache just fine internally by using the ip address of that server (192.168.1.70), but if I access the ip of the openbsd box (192.168.1.60) I just get an error that the server is not available. It should be forwarding port 80 to the slackware box. Here is my pf.conf - ext_if = rl0 int_if = em0 icmp_types=echoreq set block-policy return set loginterface egress set skip on lo match out on egress inet from !(egress:network) to any nat-to (egress:0) block in log pass out log quick antispoof quick for { lo $int_if } # # port forwarding # pass in on $ext_if proto tcp from any to any port 80 rdr-to 192.168.1.70 port 80 pass in on $int_if proto tcp from any to any port 80 rdr-to 192.168.1.70 port 80 pass in on $ext_if proto tcp from any to any port 6699 rdr-to 192.168.1.60 port 22 pass in on $ext_if proto tcp from any to any port 51413 rdr-to 192.168.1.105 port 51413 pass in on $ext_if proto udp from any to any port 51413 rdr-to 192.168.1.105 port 51413 pass in on $int_if proto udp from any to any port 58846 rdr-to 192.168.1.101 port 6881 pass in on $ext_if proto tcp from any to any port 9000 rdr-to 192.168.1.105 port 81 #pass in log (all) inet proto icmp all icmp-type $icmp_types pass in log (all) on $int_if
Re: pf and apache
Thus said Matt Morrow on Thu, 28 Feb 2013 23:07:30 -0600: Apache is running on a slackware box. I can access apache just fine internally by using the ip address of that server (192.168.1.70), but if I access the ip of the openbsd box (192.168.1.60) I just get an error that the server is not available. It should be forwarding port 80 to the slackware box. I'm going to guess from your description that you are trying to rdr-to on the same interface. The documentation says: Redirections cannot reflect packets back through the interface they arrive on, they can only be redirected to hosts connected to different interfaces or to the firewall itself. The next section discusses using NAT... might be what you're after. Andy -- TAI64 timestamp: 4000513040c3
Re: 5.2 amd64 php and apache problem
Hi Matthias I dont know if this is any help to you, but I managed to get my php/mysql running by following the guide at: http://www.h-i-r.net/2009/10/oamp-openbsd-46-chroot-apache-mysql-php.html it worked for 5.2 as well. From that information I also made a small startup script: sudo rm /var/www/var/run/mysql/mysql.sock sudo ln /var/run/mysql/mysql.sock /var/www/var/run/mysql/mysql.sock sudo apachectl start Hope this helps /Ole On Mon, 04 Feb 2013 18:40:48 +0100 Matthias Appel appel.matth...@gmail.com wrote: Hi List, I have a problem with apache and php and hope you guys (and gals!) can help me. This is what I did/tried up to now. Activated apache, enabled ssl and changed config, so apache is reachable via IPv4 and v6...no further changes to httpd.conf Installed php-5.3.14p1.tgz and create the syslink as I were told (as far as I can see, there should be no necessity to do further configuration...or am I wrong?) created a php script consisting of: # cd /var/www/cgi-bin/ # cat phpinfo.php ? phpinfo(); ? # When I navigate to the phpinfo.php script, I get an error 500 and the log tells me this: [Mon Feb 4 18:27:01 2013] [error] (8)Exec format error: exec of /var/www/cgi-bin/phpinfo.php failed [Mon Feb 4 18:27:01 2013] [error] [client ] Premature end of script headers: /var/www/cgi-bin/phpinfo.php [Mon Feb 4 18:27:01 2013] [error] [client ] File does not exist: /var/www/htdocs/favicon.ico As far as I can see, the webserver tries to run the script like a binary cause of the missing shebang. Why doesn't he run it like a php script, as supposed? I dont know, how to tell apache to run the php script...IMHO this should be sufficient to tell him so: # cat /var/www/conf/modules/php.conf LoadModule php5_module /usr/local/lib/php-5.3/libphp5.so IfModule mod_php5.c AddType application/x-httpd-php .php .phtml .php3 AddType application/x-httpd-php-source .phps # Most php configs require this DirectoryIndex index.php /IfModule # I even disabled chroot (I expected no difference but I was desperate enough to try) and changed the permissions to the relaxed settings possible (test-cgi runs fine) # ls -lh /var/www/cgi-bin/ total 288 -- 1 root bin 137K Aug 1 2012 bgplg -rwxrwx--- 1 www www17B Feb 3 22:27 phpinfo.php -- 1 root bin 268B Aug 1 2012 printenv -rwxrwx--- 1 www www 757B Aug 1 2012 test-cgi # Can anybody help me to get this php thing working, I dont want to write my web-scripts in C ;-) Regards, Matthias -- ole ole.hellqv...@gmail.com
Re: 5.2 amd64 php and apache problem
On 2013-02-09, ole ole.hellqv...@gmail.com wrote: Hi Matthias I dont know if this is any help to you, but I managed to get my php/mysql running by following the guide at: http://www.h-i-r.net/2009/10/oamp-openbsd-46-chroot-apache-mysql-php.html it worked for 5.2 as well. From that information I also made a small startup script: sudo rm /var/www/var/run/mysql/mysql.sock sudo ln /var/run/mysql/mysql.sock /var/www/var/run/mysql/mysql.sock this only works if /var/www/var/run/mysql and /var/run/mysql are on the same filesystem; it would often be preferable to use a separate filesystem for /var/www to avoid risk of running out of space for other important files in /var (particularly /var/log and /var/db). a cleaner method is given in the pkg-readme for drupal: --snip-- In order to run with standard OpenBSD chroot'ed httpd: - make sure you can connect to your database. Create a directory for the mysql socket. mkdir -p /var/www/var/run/mysql Adjust ${SYSCONFDIR}/my.cnf to put the mysql socket into the chroot. [client] socket = /var/www/var/run/mysql/mysql.sock [mysqld] socket = /var/www/var/run/mysql/mysql.sock --snip-- sudo apachectl start using /etc/rc.d/httpd start is preferred as it ensures that httpd is run with the correct login class. but with the above method you don't need any particular script, the standard rc.conf.local changes (i.e. adding mysqld to pkg_scripts line and setting httpd_flags=) will work.
Re: 5.2 amd64 php and apache problem
On 2013-02-04, Matthias Appel appel.matth...@gmail.com wrote: Activated apache, enabled ssl and changed config, so apache is reachable via IPv4 and v6...no further changes to httpd.conf Installed php-5.3.14p1.tgz and create the syslink as I were told (as far as I can see, there should be no necessity to do further configuration...or am I wrong?) created a php script consisting of: # cd /var/www/cgi-bin/ # cat phpinfo.php ? phpinfo(); ? # Put this in the htdocs dir, not cgi-bin.
Re: 5.2 amd64 php and apache problem
by defeult the /var/www is a directory for chrooted apache and in this directory is dir htdocs try to place Your script in this directory or change this directory on other by changing apache behaviour in conf/httpd.conf On Mon, 04 Feb 2013 19:54:51 +0100, Matthias Appel appel.matth...@gmail.com wrote: Am 04.02.2013 19:10, schrieb James Shupe: Why is that in the cgi-bin directory to begin with? Do you have shorttags enabled in php.ini? As mentioned, it's pretty much vanilla configuration...so i can be sure cgi-bin/ is allowed for script executionbut httpd.conf will be changed, as soon as php is running. Shorttags are enabled, but I also had a phpinfo.php with full tags, which produced the same error.