--- Log opened Sat Oct 26 00:00:37 2024 00:03 < dfdx> If I own a domain and have set up a bunch of subdomains, is it best practice to have SSL certificates for each of the subdomains? Is there a way (and is it advised) to have one certificate for the domain and all subdomains? 00:03 -!- lucas [~Lucas@moon.lgv5.net] has quit [Quit: bye] 00:03 < thrig> wildcard certs exist 00:03 -!- m3a [~m3a@170.52.78.7] has joined #openbsd 00:07 < vortexx> you can get a wildcard cert from letsencrypt, but acme-client can't do it last time I checked. I use certbot for that 00:12 < dfdx> okay, so maybe i'll just keep doing what i'm doing now if its not terrible (which is separate certs for each of my subdomains). 00:13 < dfdx> ever since integrating relayd into my stack (i used to just use httpd before), getting SSL to work has been a nightmare. 00:13 -!- lucas [~Lucas@moon.lgv5.net] has joined #openbsd 00:13 < thrig> do you need relayd? 00:17 < dfdx> that is a very good question. I thought I did, to host calibre. 00:21 -!- adip [~adip@c159-63.icpnet.pl] has quit [Ping timeout: 252 seconds] 00:30 -!- finkfox [~finkfox@user/finkfox] has quit [Ping timeout: 246 seconds] 00:33 < puffybuf> smol-hors: I keep all my passwords in a .txt on encrypted drive. I memorized a password that I XOR with the passwords in my txt file to get the actual password. 00:34 < puffybuf> even if someone somehow got my password file it wouldn't be usable 00:38 < ssm_> puffybuf: you just published your secrets on a public channel!!! 00:39 < SOLARIS_s> lol 00:39 -!- Xenguy [~Xenguy@user/xenguy] has joined #openbsd 00:41 < vortexx> dfdx: you're not alone in not being able to get relayd to do what you'd like. Maybe nginx could be of help here as a reverse proxy? 00:42 < SOLARIS_s> acme-client can do wildcards 00:42 -!- nmdw [~nmdw@user/nmdw] has quit [Ping timeout: 255 seconds] 00:43 < sibiria> i thought all CAs require dns-01 challenge for wildcard certs 00:43 < sibiria> acme-client only supports http-01 challenge 00:46 < SOLARIS_s> right i was referring too him using relayd with it 00:56 < dfdx> yeah, for some reason... navigating to http://127.0.0.1:8086 brings up my calibre webserver. But when I try to set it up using httpd I get a 500 internal server error :| 00:57 < dfdx> In httpd, i'm using fastcgi socket to 127.0.0.1 8086n. 00:57 < dfdx> 8086* 00:59 < SOLARIS_s> how is your httpd.conf look like 00:59 < dfdx> i will post it. 01:00 < dfdx> here is my entire httpd.conf: https://bpa.st/4BJQ 01:00 -!- habib [~habib@146.70.119.186] has joined #openbsd 01:01 < dfdx> I just now tried changing location to "/" from "/*" on line 34. It didn't help. 01:02 < dfdx> But on my server, I can pull up a browser and go to http://127.0.0.1:8086 and it works. (https://127.0.0.1:8086 does not work; but i'm not sure if that is normal.) 01:02 -!- nmdw [~nmdw@user/nmdw] has joined #openbsd 01:06 -!- accelerat0r [~user@user/accelerat0r] has joined #openbsd 01:10 < tommyrot> if you (client) don't send the server name on which you match in the config, httpd will pick the first one in the file 01:10 < tommyrot> don't know if that's what is going on here but something to keep in mind 01:10 -!- accelerat0r [~user@user/accelerat0r] has quit [Remote host closed the connection] 01:11 < dfdx> tommyrot: sorry, not sure I follow. If I don't send the server name on which I match in the config? 01:11 < tommyrot> you use 127.0.0.1 and not lit.domain.io 01:13 < dfdx> yes. should I use lit.domain.io instead? 01:13 < dfdx> i'm not sure that's right... 01:16 < dfdx> I am struggling to make calibre-server work even without TLS, like so: https://bpa.st/I7NQ 01:17 < dfdx> Calibre doesn't have much in terms of help. It provides only this: https://manual.calibre-ebook.com/server.html 01:22 < dfdx> what's weird is, when I use relayd, I can get the calibre-server working. but then using relayd mucks up all my SSL certificates. 01:22 * dfdx sighs 01:23 -!- UDENIX [~UDENIX@user/udenix] has quit [Read error: Connection reset by peer] 01:23 < SOLARIS_s> wth 01:25 < SOLARIS_s> your not using that modem doing your nat are you? 01:29 < dfdx> huh? 01:30 < SOLARIS_s> when you run acme-client -v yourdomain what do you get? 01:30 < tommyrot> can you even use the tcp socket construct in httpd for this i wonder? unfamiliar with it 01:31 < tommyrot> it seems to me they are talking about either a request rewrite or straight up proxy 01:31 < SOLARIS_s> yah but he is only doing localhost atm 01:32 < dfdx> SOLARIS_s: certificate valid: 89 days left 01:32 < dfdx> however, my point is, even when I remove SSL entirely and just try to access calibre-server unsecured, it won't work. I get a 500 internal server error. 01:33 < dfdx> tommyrot: that is what I suspected, and which is why I decided to add relayd to my stack. but then I've got weird ssl problems there. it's like I have to choose which problem is worse to have lol. 01:33 < mischief> stop it and run httpd -dvvv by hand in a root shell. might be more enlightening than just guessing what's wrong. 01:34 < dfdx> mischief: whoa. 01:34 < dfdx> 192.168.1.1:53244 -> 192.168.1.78, malformed or no headers (500 Internal Server Error) 01:34 -!- xzdx [~xzdx@user/XZDX] has quit [Remote host closed the connection] 01:35 < dfdx> I know in my relayd.conf I have all this random stuff I copied regarding headers. I wonder if that's why it works. 01:35 < dfdx> match request header set "X-Forwarded-For" value "$REMOTE_ADDR" 01:35 < dfdx> match request header set "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT" 01:35 < dfdx> etc. 01:37 -!- benl [~benl@184.22.113.146] has joined #openbsd 01:42 -!- dgoerger [dgoerger@user/dgoerger] has quit [Quit: WeeChat 4.4.2] 01:43 < dfdx> i love how there are literally zero results when I google this: "openbsd" "httpd" "malformed or no headers" 01:43 < dfdx> o_0 01:45 -!- Aedil [~adrian@146.52.104.238] has joined #openbsd 01:48 < SOLARIS_s> it's all in the manpages 01:48 -!- UDENIX [~UDENIX@user/udenix] has joined #openbsd 01:48 -!- SiFuh_ [~SiFuh@user/sifuh] has quit [Remote host closed the connection] 01:48 -!- SiFuh_ [~SiFuh@user/sifuh] has joined #openbsd 01:50 < mischief> dfdx: just read the source dude. 01:51 * ssm_ hands dfdx a /usr/src/usr.sbin/httpd/server_fcgi.c 01:52 < dfdx> thanks guy. appreciate it. lol. 01:54 < SOLARIS_s> your httpd.conf is not matching relayd.conf via certs 01:55 < SOLARIS_s> anyways how many vms ppl running on there boxes these days 01:55 < ssm_> I have a void linux and an alpine linux vmd vms 01:56 < SOLARIS_s> how is the perf? 01:57 < SOLARIS_s> no rocky? 01:58 < ssm_> I don't touch corpo-linux or derivatives 01:58 < SOLARIS_s> lol 01:58 < ssm_> performance is fine 01:59 < ssm_> wish I could have more vcores but that's about my only complaint 01:59 < SOLARIS_s> ah what you running? 02:00 < ssm_> nothing, just portability testing for personal projects, and for tech supporting linux issues for other users 02:01 -!- nmdw [~nmdw@user/nmdw] has quit [Ping timeout: 260 seconds] 02:05 < SOLARIS_s> fair enough but where you see project leading too ? 02:05 -!- fat_rat [~u0_a617@82-132-237-40.dab.02.net] has quit [Ping timeout: 252 seconds] 02:06 < ssm_> which project? vmm/vmd or my own? 02:06 < SOLARIS_s> both 02:08 < ssm_> I don't know anything about the progress of vmm, I'm just a pleb that maintains 2 ports. for my own usage I'll get freebsd and netbsd vms online when/if support for those are added. 02:08 -!- fat_rat [~u0_a617@82-132-238-245.dab.02.net] has joined #openbsd 02:08 < SOLARIS_s> just a reminder we talking about secure programming 02:12 < ssm_> Well I did read Theo's opinion on x86 vm's for security some months back, and it wasn't a glowing review. That's all I know about that though. 02:15 < SOLARIS_s> crazy right 02:18 < SOLARIS_s> think about it you had obsd openssh swap encrypted default back then. 02:18 < oldlaptop> dfdx: Seriously - one of the major advantages of relatively simple software like openbsd's httpd is that it's a lot more reasonable to read the source to see what might provoke a particular error message. 02:18 -!- kroovy [~libera@62.27.246.206] has quit [Ping timeout: 246 seconds] 02:20 < SOLARIS_s> i really don't trust that tap 02:23 < oldlaptop> reading your backlog, are you sure this calibre-server is doing fastcgi in the first place? 02:24 < oldlaptop> that's about the wrong behavior I would expect when trying to speak fastcgi with an http server 02:25 -!- kroovy [~libera@62.27.246.206] has joined #openbsd 02:25 < oldlaptop> if you can "open up your web browser" on that same address and port number, fastcgi is not what you want and is not going to work 02:27 < SOLARIS_s> ssm 02:27 < SOLARIS_s> that's just me. 02:30 -!- spew [~spew@155.133.15.67] has quit [Quit: spew] 02:31 < SOLARIS_s> ssm my bad your right enc is the way to go 02:33 -!- comradeCrow [~comradeCr@99-110-128-132.lightspeed.irvnca.sbcglobal.net] has quit [Quit: Goodbye...] 02:35 -!- accelerat0r [~user@user/accelerat0r] has joined #openbsd 02:37 < ssm_> <_> 02:40 -!- comradeCrow [~comradeCr@99-110-128-132.lightspeed.irvnca.sbcglobal.net] has joined #openbsd 02:40 < mischief> oldlaptop: good call, looks like this calibre thing expects reverse proxying, not cgi 02:40 < mischief> dfdx: httpd cannot do reverse proxy, so back to relayd with ya. 02:41 < SOLARIS_s> right 02:47 -!- UDENIX [~UDENIX@user/udenix] has quit [Read error: Connection reset by peer] 02:53 -!- _zip100 [~zip100@193.32.248.177] has quit [Ping timeout: 252 seconds] 02:53 -!- zip100 [~zip100@185.209.196.212] has joined #openbsd 02:58 -!- pr-asadi [pra@pra.user.planetofnix.com] has quit [Quit: IRCNow and Forever!] 02:58 -!- izzyb [izzyb@izzyb.planetofnix.com] has quit [Quit: IRCNow and Forever!] 02:58 -!- Menchers [Menchers@user/menchers] has quit [Quit: Into the Void…] 03:00 -!- mover [~hischild@user/mover] has quit [Quit: leaving] 03:00 -!- UDENIX [~UDENIX@user/udenix] has joined #openbsd 03:02 < dfdx> but why is reverse proxy required here? for example, when I host gitea, I don't need to use relayd; I can use httpd just fine with fastcgi socket tcp 127.0.0.1 8001 03:02 < dfdx> why does it fail with calibre? (i'm not expecting anyone here to know exactly, i'm just musing) 03:02 -!- kikadf [~quassel@20014C4E2BC9AC00DEA632FFFE5AD709.dsl.pool.telekom.hu] has quit [Ping timeout: 246 seconds] 03:03 -!- kikadf [~quassel@20014C4E2BCD3400DEA632FFFE5AD709.dsl.pool.telekom.hu] has joined #openbsd 03:08 -!- mbuhl [~mbuhl@user/mbuhl] has quit [Remote host closed the connection] 03:09 -!- dut [~dut@95.139.82.6] has joined #openbsd 03:09 -!- dut is now known as Guest4123 03:10 < mischief> dfdx: because http and fastcgi are not the same protocol. 03:11 < mischief> httpd does not speak http, it speaks fastcgi and thats it. relayd doesn't speak fastcgi, but does speak http. 03:11 < dfdx> ahhh... 03:11 -!- xzdx [~xzdx@user/XZDX] has joined #openbsd 03:12 < oldlaptop> calibre is (as far as I can tell?) an HTTP server all by itself. It expects to do httpd's entire job. 03:13 -!- seninha [~seninha@user/seninha] has quit [Quit: Leaving] 03:13 < oldlaptop> gitea is (presumably) a fastcgi application. It expects to (basically) be fed some information by a real HTTP server, like httpd, and spit HTML back out to the HTTP server. 03:13 -!- mbuhl [~mbuhl@user/mbuhl] has joined #openbsd 03:14 -!- krl_ [~krl@h-155-4-221-200.NA.cust.bahnhof.se] has joined #openbsd 03:16 -!- xzdx [~xzdx@user/XZDX] has quit [Ping timeout: 245 seconds] 03:16 -!- krl [~krl@h-155-4-221-200.NA.cust.bahnhof.se] has quit [Ping timeout: 252 seconds] 03:18 < dfdx> 23:11 < mischief> httpd does not speak http, it speaks fastcgi and thats it. relayd doesn't speak fastcgi, but does speak http. 03:18 < dfdx> this is why, when I use relayd, I still need an httpd entry for gitea, but I don't need an httpd entry for calibre. 03:18 < dfdx> relayd -> httpd -> gitea. but relayd -> calibre. 03:19 < oldlaptop> Yes. 03:24 -!- drathir_tor [~drathir@wireguard/tunneler/drathir] has quit [Ping timeout: 260 seconds] 03:25 -!- halcon [~halcon@S01065c76956084d6.vc.shawcable.net] has joined #openbsd 03:27 -!- Guest4123 [~dut@95.139.82.6] has quit [Ping timeout: 248 seconds] 03:28 -!- halcon [~halcon@S01065c76956084d6.vc.shawcable.net] has quit [Client Quit] 03:28 -!- chaky [~chaky@93-143-116-142.adsl.net.t-com.hr] has quit [Ping timeout: 252 seconds] 03:29 -!- halcon [~halcon@S01065c76956084d6.vc.shawcable.net] has joined #openbsd 03:31 -!- drathir_tor [~drathir@wireguard/tunneler/drathir] has joined #openbsd 03:31 -!- chaky [~chaky@93-143-116-44.adsl.net.t-com.hr] has joined #openbsd 03:33 -!- halcon [~halcon@S01065c76956084d6.vc.shawcable.net] has quit [Client Quit] 03:33 -!- mxz__ [~mxz@user/mxz] has joined #openbsd 03:33 -!- halcon [~halcon@S01065c76956084d6.vc.shawcable.net] has joined #openbsd 03:34 -!- mxz_ [~mxz@user/mxz] has quit [Ping timeout: 245 seconds] 03:34 -!- mxz [~mxz@user/mxz] has quit [Ping timeout: 248 seconds] 03:34 -!- mxz__ is now known as mxz 03:36 -!- pew-pew [~pew-pew@user/pew-pew] has joined #openbsd 03:41 -!- pew-pew [~pew-pew@user/pew-pew] has quit [Ping timeout: 264 seconds] 03:41 -!- benl [~benl@184.22.113.146] has quit [Remote host closed the connection] 03:42 -!- benl [~benl@184.22.113.146] has joined #openbsd 03:42 -!- benl [~benl@184.22.113.146] has quit [Remote host closed the connection] 03:42 -!- benl [~benl@184.22.113.146] has joined #openbsd 03:54 -!- halcon [~halcon@S01065c76956084d6.vc.shawcable.net] has quit [Quit: Leaving] 03:54 -!- halcon [~halcon@S01065c76956084d6.vc.shawcable.net] has joined #openbsd 03:58 -!- halcon [~halcon@S01065c76956084d6.vc.shawcable.net] has quit [Client Quit] 04:03 -!- pew-pew [~pew-pew@user/pew-pew] has joined #openbsd 04:12 -!- gatlinggoat [~Thunderbi@2600:4040:ad65:b400:4912:d935:c90b:9dcf] has joined #openbsd 04:17 -!- SiFuh [~SiFuh@user/sifuh] has quit [Quit: leaving] 04:27 -!- halcon [~halcon@S01065c76956084d6.vc.shawcable.net] has joined #openbsd 04:28 -!- Paul [~Paul@user/paul] has quit [Remote host closed the connection] 04:29 -!- halcon [~halcon@S01065c76956084d6.vc.shawcable.net] has quit [Client Quit] 04:30 -!- halcon [~halcon@S01065c76956084d6.vc.shawcable.net] has joined #openbsd 04:52 -!- luna_beerbuntu is now known as luna___ 04:53 -!- zimmer [~zimmer@user/zimmer] has quit [Ping timeout: 252 seconds] 04:55 -!- mxz_ [~mxz@user/mxz] has joined #openbsd 04:55 -!- mxz [~mxz@user/mxz] has quit [Ping timeout: 248 seconds] 04:56 -!- mxz_ is now known as mxz 04:57 -!- SirJitsu1 [~SirJitsu@162-231-111-175.lightspeed.livnmi.sbcglobal.net] has quit [Quit: Konversation terminated!] 04:57 -!- SirJitsu1 [~SirJitsu@162-231-111-175.lightspeed.livnmi.sbcglobal.net] has joined #openbsd 05:14 -!- dastain [~dastain@2a00:d880:6:262::45a3] has quit [Ping timeout: 260 seconds] 05:18 -!- dastain [~dastain@2a00:d880:6:262::45a3] has joined #openbsd 05:32 -!- halcon [~halcon@S01065c76956084d6.vc.shawcable.net] has quit [Quit: Leaving] 05:33 -!- halcon [~halcon@24.80.177.18] has joined #openbsd 05:41 -!- mxz_ [~mxz@user/mxz] has joined #openbsd 05:42 -!- luna___ is now known as luna_UbuntuS_ 05:43 -!- halcon [~halcon@24.80.177.18] has quit [Quit: Leaving] 05:44 -!- halcon [~halcon@S01065c76956084d6.vc.shawcable.net] has joined #openbsd 05:53 -!- tercal [~tercal@user/tercal] has quit [Quit: Going offline, see ya! (www.adiirc.com)] 06:01 -!- mijndert [~mijndert@user/mijndert] has joined #openbsd 06:04 -!- eniac___ [~eniac@user/eniac] has joined #openbsd 06:05 -!- tercal [~tercal@user/tercal] has joined #openbsd 06:06 -!- eniac [~eniac@user/eniac] has quit [Ping timeout: 260 seconds] 06:13 -!- eniac [~eniac@user/eniac] has joined #openbsd 06:14 -!- macabro [~user@user/monkey/x-0691028] has quit [Ping timeout: 252 seconds] 06:16 -!- eniac___ [~eniac@user/eniac] has quit [Ping timeout: 260 seconds] 06:17 -!- vysn [~vysn@user/vysn] has joined #openbsd 06:17 -!- vdamewood [~vdamewood@fedora/vdamewood] has joined #openbsd 06:20 -!- vampiredamewood [~vdamewood@fedora/vdamewood] has quit [Ping timeout: 248 seconds] 06:23 -!- eniac [~eniac@user/eniac] has quit [Ping timeout: 260 seconds] 06:26 -!- Menchers [~menche@user/menchers] has joined #openbsd 06:28 -!- eniac [~eniac@user/eniac] has joined #openbsd 06:32 -!- krl [~krl@h-155-4-221-200.NA.cust.bahnhof.se] has joined #openbsd 06:33 -!- tmp_ [~tmp@2607:f2f8:ada0:4:0:18:ae1b:9975] has joined #openbsd 06:35 -!- krl_ [~krl@h-155-4-221-200.NA.cust.bahnhof.se] has quit [Ping timeout: 265 seconds] 06:42 -!- izzyb [~izzyb@izzyb.planetofnix.com] has joined #openbsd 06:45 -!- eki [~eki@159-255-247-158.bb.dnainternet.fi] has quit [Quit: leaving] 06:48 -!- halcon [~halcon@S01065c76956084d6.vc.shawcable.net] has quit [Quit: Leaving] 06:50 -!- pra [~pra@pra.user.planetofnix.com] has joined #openbsd 06:59 -!- pew-pew [~pew-pew@user/pew-pew] has quit [Read error: Connection reset by peer] 07:00 -!- pew-pew [~pew-pew@user/pew-pew] has joined #openbsd 07:00 < lts> Do you really need httpd with gitea? I run it just fine via relayd only, reverse proxying to port 3000 where gitea is listening 07:01 -!- mijndert [~mijndert@user/mijndert] has quit [Quit: kbye] 07:01 -!- mijndert [~mijndert@user/mijndert] has joined #openbsd 07:06 -!- eki [~eki@159-255-247-158.bb.dnainternet.fi] has joined #openbsd 07:10 -!- memset [~memset@gateway/tor-sasl/memset] has quit [Ping timeout: 260 seconds] 07:18 -!- fat_rat [~u0_a617@82-132-238-245.dab.02.net] has quit [Ping timeout: 264 seconds] 07:19 -!- fat_rat [~u0_a617@82-132-238-245.dab.02.net] has joined #openbsd 07:21 -!- memset [~memset@gateway/tor-sasl/memset] has joined #openbsd 07:29 -!- ivdsangen [~ivo@86-95-161-96.fixed.kpn.net] has joined #openbsd 07:30 -!- UDENIX [~UDENIX@user/udenix] has quit [Read error: Connection reset by peer] 07:30 -!- shiranaihito_ [~shiranaih@2001:fb1:75:279f:1582:927:7af2:79e] has joined #openbsd 07:36 -!- euphores [~SASL_euph@user/euphores] has quit [Read error: Connection reset by peer] 07:37 -!- euphores [~SASL_euph@user/euphores] has joined #openbsd 07:44 -!- adip [~adip@c159-63.icpnet.pl] has joined #openbsd 07:46 -!- UDENIX [~UDENIX@user/udenix] has joined #openbsd 07:47 -!- byteskeptical [~amnesia@user/byteskeptical] has quit [Remote host closed the connection] 07:47 -!- cgnarne_ [~pk@cgn-213-196-210-156.nc.de] has joined #openbsd 07:50 -!- cgnarne [~pk@user/cgnarne] has quit [Ping timeout: 252 seconds] 07:52 -!- byteskeptical [~amnesia@user/byteskeptical] has joined #openbsd 07:59 -!- toshywoshy [~toshywosh@ptr-377wf33o3bnthuddmycb.18120a2.ip6.access.telenet.be] has quit [Ping timeout: 276 seconds] 08:01 -!- pew-pew [~pew-pew@user/pew-pew] has quit [Remote host closed the connection] 08:02 -!- Pixi` is now known as Pixi 08:25 -!- kfv [~kfv@2.188.208.178] has quit [Quit: Textual IRC Client: www.textualapp.com] 08:28 < sir-photch> can relayd forward connections to unix sockets? 08:28 -!- gaussianblue [~gaussianb@user/gaussianblue] has joined #openbsd 08:32 -!- kfv [~kfv@2.188.208.178] has joined #openbsd 08:33 -!- \subline [~join_subl@24-246-63-252.cable.teksavvy.com] has quit [Quit: Lost terminal] 08:33 -!- x_x [~xx@user/xx] has joined #openbsd 08:34 -!- fat_rat [~u0_a617@82-132-238-245.dab.02.net] has quit [Ping timeout: 252 seconds] 08:35 -!- Siva [Siva@lecturify.net] has quit [Ping timeout: 272 seconds] 08:38 -!- lavaball [~Melissa@31.204.155.215] has joined #openbsd 08:39 -!- fat_rat [~u0_a617@82-132-239-76.dab.02.net] has joined #openbsd 08:41 -!- billchenchina- [~billchenc@p54090-ipngnfx01osakakita.osaka.ocn.ne.jp] has joined #openbsd 08:41 -!- billchenchina- [~billchenc@p54090-ipngnfx01osakakita.osaka.ocn.ne.jp] has quit [Remote host closed the connection] 08:42 -!- shiranaihito_ [~shiranaih@2001:fb1:75:279f:1582:927:7af2:79e] has quit [Quit: My Mac has gone to sleep. ZZZzzz…] 08:52 -!- billchenchina- [~billchenc@p54090-ipngnfx01osakakita.osaka.ocn.ne.jp] has joined #openbsd 08:52 -!- shiranaihito_ [~shiranaih@2405:9800:b660:bebf:c919:fe9c:d195:2d49] has joined #openbsd 09:02 -!- DinoWilliam [~dino@user/DINOWILLIAM] has quit [Ping timeout: 260 seconds] 09:05 -!- DinoWilliam [~dino@user/DINOWILLIAM] has joined #openbsd 09:06 -!- cgnarne_ is now known as cgnarne 09:06 -!- cgnarne [~pk@cgn-213-196-210-156.nc.de] has quit [Changing host] 09:06 -!- cgnarne [~pk@user/cgnarne] has joined #openbsd 09:11 < mischief> sir-photch: don't think so but might be useful 09:27 -!- kfv [~kfv@2.188.208.178] has quit [Quit: My MacBook has gone to sleep. ZZZzzz…] 09:33 -!- finkfox [~finkfox@user/finkfox] has joined #openbsd 09:43 -!- niftily [~niftily@user/niftily] has quit [Quit: leaving] 09:55 -!- kfv [~kfv@ip89.ip-188-165-135.eu] has joined #openbsd 10:00 -!- noone [~six@user/six] has quit [Quit: nyaa~] 10:09 -!- fat_rat [~u0_a617@82-132-239-76.dab.02.net] has quit [Ping timeout: 252 seconds] 10:11 -!- accelerat0r [~user@user/accelerat0r] has quit [Remote host closed the connection] 10:13 -!- fat_rat [~u0_a617@82-132-239-76.dab.02.net] has joined #openbsd 10:13 -!- cgnarne_ [~pk@2a0a-a540-582b-0-220-91ff-feff-ee02.ipv6dyn.netcologne.de] has joined #openbsd 10:16 -!- cgnarne [~pk@user/cgnarne] has quit [Ping timeout: 252 seconds] 10:19 -!- cgnarne [~pk@cgn-213-196-211-56.nc.de] has joined #openbsd 10:19 -!- cgnarne [~pk@cgn-213-196-211-56.nc.de] has quit [Changing host] 10:19 -!- cgnarne [~pk@user/cgnarne] has joined #openbsd 10:21 -!- cgnarne_ [~pk@2a0a-a540-582b-0-220-91ff-feff-ee02.ipv6dyn.netcologne.de] has quit [Ping timeout: 265 seconds] 10:21 -!- kfv [~kfv@ip89.ip-188-165-135.eu] has quit [Remote host closed the connection] 10:26 -!- kfv [~kfv@ip89.ip-188-165-135.eu] has joined #openbsd 10:36 -!- zwr [~zwr@191-45-63-105.user3p.vtal.net.br] has quit [Read error: Connection reset by peer] 10:37 -!- Ltning [~ltning@anduin.net] has quit [Quit: ZNC 1.9.0 - https://znc.in] 10:37 -!- Ltning [~ltning@anduin.net] has joined #openbsd 10:37 -!- midnight_ [~midnight@user/midnight] has joined #openbsd 10:38 -!- midnight [~midnight@user/midnight] has quit [Ping timeout: 244 seconds] 10:42 -!- zwr [~zwr@191-45-63-105.user3p.vtal.net.br] has joined #openbsd 10:43 -!- jedesa [~Thunderbi@user/jedesa] has quit [Remote host closed the connection] 10:45 -!- kfv [~kfv@ip89.ip-188-165-135.eu] has quit [Quit: My MacBook has gone to sleep. ZZZzzz…] 10:58 -!- kfv [~kfv@ip89.ip-188-165-135.eu] has joined #openbsd 11:09 -!- UDENIX [~UDENIX@user/udenix] has quit [Read error: Connection reset by peer] 11:12 -!- OG_MagiC [~bigserver@user/OG-MagiC:07773] has quit [Read error: Connection reset by peer] 11:12 -!- break19 [~break19@user/break19] has quit [Quit: https://quassel-irc.org - Chat comfortably. Anywhere.] 11:14 -!- break19 [~break19@user/break19] has joined #openbsd 11:16 -!- UDENIX [~UDENIX@user/udenix] has joined #openbsd 11:16 -!- pra is now known as pr-asadi 11:18 -!- OG_MagiC [~bigserver@user/OG-MagiC:07773] has joined #openbsd 11:18 -!- ficonni [~ficonni@109-92-123-228.dynamic.isp.telekom.rs] has joined #openbsd 11:19 -!- kfv [~kfv@ip89.ip-188-165-135.eu] has quit [Remote host closed the connection] 11:20 -!- adig [~default@79.112.173.50] has joined #openbsd 11:23 -!- emmanuelux [~emmanuelu@user/emmanuelux] has quit [Read error: Connection reset by peer] 11:23 -!- emmanuelux [~emmanuelu@user/emmanuelux] has joined #openbsd 11:24 -!- kfv [~kfv@ip89.ip-188-165-135.eu] has joined #openbsd 11:25 -!- adig [~default@79.112.173.50] has quit [Read error: Connection reset by peer] 11:28 -!- emmanuelux [~emmanuelu@user/emmanuelux] has quit [Ping timeout: 246 seconds] 11:33 -!- d5k [~d5k@p57af9fb1.dip0.t-ipconnect.de] has joined #openbsd 11:35 -!- shiranaihito_ [~shiranaih@2405:9800:b660:bebf:c919:fe9c:d195:2d49] has quit [Quit: My Mac has gone to sleep. ZZZzzz…] 11:36 -!- absc [~absc@2a04:ee41:8:6055:2cc7:d641:24f5:3218] has joined #openbsd 11:39 -!- niftily [~niftily@user/niftily] has joined #openbsd 11:43 -!- finkfox [~finkfox@user/finkfox] has quit [Ping timeout: 246 seconds] 11:44 -!- kfv [~kfv@ip89.ip-188-165-135.eu] has quit [Remote host closed the connection] 11:47 -!- seninha [~seninha@user/seninha] has joined #openbsd 11:50 -!- eniac [~eniac@user/eniac] has left #openbsd [] 11:50 -!- cgnarne_ [~pk@cgn-213-196-210-235.nc.de] has joined #openbsd 11:52 -!- cgnarne- [~pk@2a0a-a540-6027-0-220-91ff-feff-ee02.ipv6dyn.netcologne.de] has joined #openbsd 11:53 -!- cgnarne [~pk@user/cgnarne] has quit [Ping timeout: 246 seconds] 11:55 -!- cgnarne_ [~pk@cgn-213-196-210-235.nc.de] has quit [Ping timeout: 260 seconds] 11:56 -!- ecbrown [~user@user/ecbrown] has joined #openbsd 12:02 -!- xzdx [~xzdx@user/XZDX] has joined #openbsd 12:03 -!- haddock [~haddock@user/haddock] has joined #openbsd 12:04 -!- haddock [~haddock@user/haddock] has quit [Read error: Connection reset by peer] 12:07 -!- xzdx [~xzdx@user/XZDX] has quit [Ping timeout: 276 seconds] 12:08 -!- haddock [~haddock@user/haddock] has joined #openbsd 12:08 -!- UDENIX [~UDENIX@user/udenix] has quit [Read error: Connection reset by peer] 12:08 -!- UDENIX [~UDENIX@user/udenix] has joined #openbsd 12:11 -!- benl [~benl@184.22.113.146] has quit [Ping timeout: 272 seconds] 12:12 -!- UDENIX [~UDENIX@user/udenix] has quit [Read error: Connection reset by peer] 12:13 -!- UDENIX [~UDENIX@user/udenix] has joined #openbsd 12:17 -!- benl [~benl@184.22.113.146] has joined #openbsd 12:17 -!- d5k [~d5k@p57af9fb1.dip0.t-ipconnect.de] has quit [Ping timeout: 252 seconds] 12:22 -!- Everything [~Everythin@178-133-157-238.mobile.vf-ua.net] has joined #openbsd 12:27 -!- kikadf [~quassel@20014C4E2BCD3400DEA632FFFE5AD709.dsl.pool.telekom.hu] has quit [Quit: https://quassel-irc.org - Chat comfortably. Anywhere.] 12:31 -!- kikadf [~quassel@20014C4E2BCD3400DEA632FFFE5AD709.dsl.pool.telekom.hu] has joined #openbsd 12:36 -!- toshywoshy [~toshywosh@ptr-377wf33o3bnthuddmycb.18120a2.ip6.access.telenet.be] has joined #openbsd 12:37 -!- DinoWilliam [~dino@user/DINOWILLIAM] has quit [Ping timeout: 252 seconds] 12:39 -!- jfsimon1981_b [~jfsimon19@atoulouse-257-1-58-108.w90-5.abo.wanadoo.fr] has joined #openbsd 12:40 -!- sibiria [~sibiria@user/sibiria] has quit [Remote host closed the connection] 12:44 -!- pyu [~pyu@cm222-166-4-59.hkcable.com.hk] has quit [Quit: nyaa~] 12:44 -!- housemate [~housemate@pa49-183-118-90.pa.vic.optusnet.com.au] has joined #openbsd 12:45 -!- pyu [~pyu@cm222-166-4-59.hkcable.com.hk] has joined #openbsd 12:49 -!- d-ra [~d-ra@user/d-ra] has joined #openbsd 12:51 -!- Siva [Siva@lecturify.net] has joined #openbsd 12:51 -!- benl [~benl@184.22.113.146] has quit [Ping timeout: 252 seconds] 12:57 -!- viq|w [~viq@user/viq] has quit [Quit: WeeChat 4.4.2] 12:59 -!- cgnarne [~pk@2a0a-a540-63b8-0-220-91ff-feff-ee02.ipv6dyn.netcologne.de] has joined #openbsd 12:59 -!- cgnarne [~pk@2a0a-a540-63b8-0-220-91ff-feff-ee02.ipv6dyn.netcologne.de] has quit [Changing host] 12:59 -!- cgnarne [~pk@user/cgnarne] has joined #openbsd 13:00 -!- cgnarne- [~pk@2a0a-a540-6027-0-220-91ff-feff-ee02.ipv6dyn.netcologne.de] has quit [Ping timeout: 244 seconds] 13:05 -!- viq|w [~viq@user/viq] has joined #openbsd 13:05 -!- octofish [~octofish@user/octofish] has joined #openbsd 13:09 -!- fflam [~mdt@2600:4040:10f9:be00::1c19] has quit [Read error: Connection reset by peer] 13:09 -!- fflam [~mdt@2600:4040:10f9:be00::1c19] has joined #openbsd 13:17 -!- _0bitcount [~BigByte@110.pool95-21-144.static.orange.es] has joined #openbsd 13:22 -!- donofrio_ [~donofrio@c-68-51-145-118.hsd1.mi.comcast.net] has joined #openbsd 13:25 -!- psydroid [~psydroid@user/psydroid] has joined #openbsd 13:26 -!- Everything [~Everythin@178-133-157-238.mobile.vf-ua.net] has quit [Ping timeout: 246 seconds] 13:28 -!- Everything [~Everythin@195.138.86.118] has joined #openbsd 13:29 -!- yclept [~yclept@user/yclept] has joined #openbsd 13:30 -!- cgnarne_ [~pk@cgn-213-196-211-144.nc.de] has joined #openbsd 13:31 -!- cgnarne [~pk@user/cgnarne] has quit [Ping timeout: 265 seconds] 13:32 -!- setient [~setient@li92-193.members.linode.com] has quit [Ping timeout: 244 seconds] 13:34 -!- setient [~setient@li92-193.members.linode.com] has joined #openbsd 13:34 -!- donofrio_ [~donofrio@c-68-51-145-118.hsd1.mi.comcast.net] has quit [Ping timeout: 252 seconds] 13:34 -!- gaussianblue [~gaussianb@user/gaussianblue] has quit [Quit: leaving] 13:37 -!- critter [~critter@200.90.104.39] has joined #openbsd 13:38 -!- critter [~critter@200.90.104.39] has quit [Remote host closed the connection] 13:39 -!- critter [~critter@200.90.104.39] has joined #openbsd 13:42 -!- critter [~critter@200.90.104.39] has quit [Remote host closed the connection] 13:42 -!- critter [~critter@200.90.104.39] has joined #openbsd 13:43 -!- critter [~critter@200.90.104.39] has quit [Changing host] 13:43 -!- critter [~critter@user/critter] has joined #openbsd 13:50 -!- sibiria [~sibiria@user/sibiria] has joined #openbsd 13:51 -!- hedy [bb9d16d177@gelim/dev/hedy] has quit [Remote host closed the connection] 13:52 -!- sir-photch [~m-hy5poy@static.93.70.235.167.clients.your-server.de] has quit [Remote host closed the connection] 13:54 -!- sir-photch [~m-hy5poy@static.93.70.235.167.clients.your-server.de] has joined #openbsd 14:01 -!- housemate [~housemate@pa49-183-118-90.pa.vic.optusnet.com.au] has quit [Ping timeout: 252 seconds] 14:03 -!- _zip100 [~zip100@193.32.248.174] has joined #openbsd 14:03 -!- zip100 [~zip100@185.209.196.212] has quit [Ping timeout: 252 seconds] 14:04 -!- adig [~default@109.166.137.231] has joined #openbsd 14:06 -!- adig [~default@109.166.137.231] has quit [Remote host closed the connection] 14:06 -!- adig [~default@109.166.137.231] has joined #openbsd 14:13 -!- octofish [~octofish@user/octofish] has quit [Quit: leaving] 14:17 -!- absc [~absc@2a04:ee41:8:6055:2cc7:d641:24f5:3218] has quit [Ping timeout: 276 seconds] 14:17 -!- jfsimon1981_b [~jfsimon19@atoulouse-257-1-58-108.w90-5.abo.wanadoo.fr] has quit [Ping timeout: 252 seconds] 14:22 -!- jfsimon1981 [~jfsimon19@atoulouse-257-1-58-108.w90-5.abo.wanadoo.fr] has joined #openbsd 14:23 -!- ublx [~ublx@user/ublx] has joined #openbsd 14:43 -!- hwpplayer1 [~user@user/hwpplayer1] has joined #openbsd 14:43 -!- macabro [~user@user/monkey/x-0691028] has joined #openbsd 14:45 -!- Everything [~Everythin@195.138.86.118] has quit [Ping timeout: 252 seconds] 14:45 -!- memset [~memset@gateway/tor-sasl/memset] has quit [Remote host closed the connection] 14:46 -!- memset [~memset@gateway/tor-sasl/memset] has joined #openbsd 15:03 -!- benl [~benl@184.22.113.146] has joined #openbsd 15:03 -!- megawatt [~megawatt@user/megawatt] has joined #openbsd 15:06 -!- fat_rat [~u0_a617@82-132-239-76.dab.02.net] has quit [Ping timeout: 265 seconds] 15:08 -!- fat_rat [~u0_a617@82-132-237-247.dab.02.net] has joined #openbsd 15:09 -!- sfyatee [~sfyatee@47.150.242.75] has joined #openbsd 15:09 -!- sfyatee [~sfyatee@47.150.242.75] has quit [Client Quit] 15:10 -!- sfyatee [~sfyatee@47.150.242.75] has joined #openbsd 15:11 -!- benl [~benl@184.22.113.146] has quit [Remote host closed the connection] 15:11 -!- benl [~benl@184.22.113.146] has joined #openbsd 15:11 -!- ublx [~ublx@user/ublx] has quit [Read error: Connection reset by peer] 15:11 -!- PaulFertser [paul@paulfertser.info] has joined #openbsd 15:12 -!- ublx [~ublx@user/ublx] has joined #openbsd 15:12 -!- SirJitsu1 [~SirJitsu@162-231-111-175.lightspeed.livnmi.sbcglobal.net] has quit [Quit: Konversation terminated!] 15:13 -!- SirJitsu1 [~SirJitsu@162-231-111-175.lightspeed.livnmi.sbcglobal.net] has joined #openbsd 15:15 -!- benl [~benl@184.22.113.146] has quit [Remote host closed the connection] 15:15 -!- benl [~benl@184.22.113.146] has joined #openbsd 15:18 -!- user71 [~user71@2001:1530:1002:4647:b2c3:d3f6:a2f7:ab71] has joined #openbsd 15:19 -!- desnudopenguino [~Thunderbi@c-24-16-0-66.hsd1.wa.comcast.net] has quit [Ping timeout: 246 seconds] 15:19 -!- cgnarne [~pk@cgn-213-196-210-34.nc.de] has joined #openbsd 15:19 -!- cgnarne [~pk@cgn-213-196-210-34.nc.de] has quit [Changing host] 15:19 -!- cgnarne [~pk@user/cgnarne] has joined #openbsd 15:22 -!- cgnarne_ [~pk@cgn-213-196-211-144.nc.de] has quit [Ping timeout: 252 seconds] 15:23 -!- cgnarne_ [~pk@2a0a-a540-6c74-0-220-91ff-feff-ee02.ipv6dyn.netcologne.de] has joined #openbsd 15:25 -!- memset [~memset@gateway/tor-sasl/memset] has quit [Remote host closed the connection] 15:26 -!- memset [~memset@gateway/tor-sasl/memset] has joined #openbsd 15:26 -!- cgnarne [~pk@user/cgnarne] has quit [Ping timeout: 244 seconds] 15:29 -!- x_x [~xx@user/xx] has quit [Remote host closed the connection] 15:30 -!- x_x [~xx@user/xx] has joined #openbsd 15:30 -!- benl [~benl@184.22.113.146] has quit [Remote host closed the connection] 15:30 -!- drathir_tor [~drathir@wireguard/tunneler/drathir] has quit [Remote host closed the connection] 15:31 -!- drathir_tor [~drathir@wireguard/tunneler/drathir] has joined #openbsd 15:34 -!- psydroid [~psydroid@user/psydroid] has quit [Remote host closed the connection] 15:37 -!- psydroid [~psydroid@user/psydroid] has joined #openbsd 15:38 -!- dayid [~dayid@user/dayid] has quit [Remote host closed the connection] 15:39 -!- msi [~msi@user/msi] has joined #openbsd 15:40 -!- chilledfrogs [~chilledfr@176-133-210-176.abo.bbox.fr] has quit [Quit: connection reset by purr] 15:41 -!- cmc [~methos@gateway/tor-sasl/cmc] has quit [Remote host closed the connection] 15:42 -!- cmc [~methos@gateway/tor-sasl/cmc] has joined #openbsd 15:42 -!- x_x [~xx@user/xx] has quit [Remote host closed the connection] 15:42 -!- x_x [~xx@user/xx] has joined #openbsd 15:43 -!- psydroid [~psydroid@user/psydroid] has quit [Ping timeout: 248 seconds] 15:46 -!- desnudopenguino [~Thunderbi@c-24-16-0-66.hsd1.wa.comcast.net] has joined #openbsd 15:46 -!- desnudopenguino [~Thunderbi@c-24-16-0-66.hsd1.wa.comcast.net] has quit [Client Quit] 15:52 -!- hwpplayer1 [~user@user/hwpplayer1] has quit [Remote host closed the connection] 15:54 -!- chilledfrogs [~chilledfr@rsa59-h05-176-133-210-176.dsl.sta.abo.bbox.fr] has joined #openbsd 15:54 -!- zoraj [~ubuntu@102.113.107.90] has quit [Ping timeout: 265 seconds] 15:55 -!- psydroid [~psydroid@user/psydroid] has joined #openbsd 15:56 -!- zoraj [~ubuntu@102.113.29.165] has joined #openbsd 16:01 -!- tarxvfz [~tarxvfz@gateway/tor-sasl/tarxvfz] has joined #openbsd 16:02 -!- OG_MagiC [~bigserver@user/OG-MagiC:07773] has quit [Read error: Connection reset by peer] 16:03 -!- OG_MagiC [~bigserver@210.54.38.134] has joined #openbsd 16:03 -!- OG_MagiC [~bigserver@210.54.38.134] has quit [Changing host] 16:03 -!- OG_MagiC [~bigserver@user/OG-MagiC:07773] has joined #openbsd 16:06 -!- xzdx [~xzdx@user/XZDX] has joined #openbsd 16:07 -!- msi [~msi@user/msi] has quit [Quit: Lost terminal] 16:08 < dfdx> sir-photch: i don't think relayd can forward connections to unix sockets, but it can forward to httpd, which can forward to unix sockets. For example, in my httpd.conf I have a line "fastcgi socket /run/php-fpm.sock" 16:08 < dfdx> 03:00 < lts> Do you really need httpd with gitea? I run it just fine via relayd only, reverse proxying to port 3000 where gitea is listening 16:08 < dfdx> Thanks, I will try it out. 16:09 -!- mlarkin [~mlarkin@syn-047-036-115-056.res.spectrum.com] has quit [Ping timeout: 248 seconds] 16:09 < sibiria> gitea is its own web server 16:09 < sibiria> and ssh server 16:09 < sir-photch> dfdx: yes I know about fastcgi, but other webapps allow to listen on unix sockets which would then be http 16:10 < systemdsucks> sibiria: it's own ssh server? 16:10 -!- xzdx [~xzdx@user/XZDX] has quit [Ping timeout: 252 seconds] 16:11 < sibiria> systemdsucks: gitea incorporates an ssh server 16:12 -!- mlarkin [~mlarkin@syn-047-036-115-056.res.spectrum.com] has joined #openbsd 16:12 < systemdsucks> sibiria: heh, interesting 16:12 -!- ym [~ym@217.107.106.249] has joined #openbsd 16:12 < sibiria> which is good, so you don't have to risk jumbling up your own sshd setup to play ball with gitea 16:13 < systemdsucks> i take it's openssh based anyway 16:14 < sibiria> not sure, but i think it's likelier it uses something like dropbear 16:15 < sibiria> or perhaps libssh 16:15 < thrig> those git wrappers always trend towards "too much complexity, too many CVE" for me 16:15 < sibiria> gitea really is quite something else :) 16:16 < sibiria> it's github, in a single executable, complete with everything 16:16 < sibiria> not quite a "git wrapper", but it really is complex and a huge project 16:16 < sibiria> all in all i think it's a fantastic product for internal use 16:22 -!- Everything [~Everythin@static.208.206.21.65.clients.your-server.de] has joined #openbsd 16:24 -!- Echoz [~chris@user/echoz] has quit [Quit: WeeChat 4.3.1] 16:30 -!- Echoz [~chris@user/echoz] has joined #openbsd 16:32 -!- zimmer [~zimmer@user/zimmer] has joined #openbsd 16:37 -!- adig [~default@109.166.137.231] has quit [Ping timeout: 252 seconds] 16:41 -!- dooder2 [~dooder@75.164.76.41] has joined #openbsd 16:42 -!- cow321 [~deflated8@user/meow/deflated8837] has quit [Remote host closed the connection] 16:44 -!- dooder [~dooder@user/dooder] has quit [Ping timeout: 252 seconds] 16:48 -!- cow321 [~deflated8@user/meow/deflated8837] has joined #openbsd 16:50 -!- dooder2 is now known as dooder 16:50 -!- dooder [~dooder@75.164.76.41] has quit [Changing host] 16:50 -!- dooder [~dooder@user/dooder] has joined #openbsd 16:53 -!- nmdw [~nmdw@user/nmdw] has joined #openbsd 16:55 -!- kroovy [~libera@62.27.246.206] has quit [Ping timeout: 246 seconds] 16:57 -!- bba [~bba@user/bba] has joined #openbsd 16:58 -!- hwpplayer1 [~user@user/hwpplayer1] has joined #openbsd 16:58 -!- nmdw [~nmdw@user/nmdw] has quit [Ping timeout: 260 seconds] 17:01 -!- d-ra [~d-ra@user/d-ra] has quit [Remote host closed the connection] 17:01 -!- kroovy [~libera@62.27.246.206] has joined #openbsd 17:04 -!- Blunt2531322 [~Blunt2531@2600:8803:7c80:f90:554e:79be:1b98:7da0] has joined #openbsd 17:06 -!- Blunt2531322 [~Blunt2531@2600:8803:7c80:f90:554e:79be:1b98:7da0] has quit [Quit: Client closed] 17:06 -!- Blunt2531322 [~Blunt2531@2600:8803:7c80:f90:554e:79be:1b98:7da0] has joined #openbsd 17:07 -!- Blunt9 [~Blunt2531@2600:8803:7c80:f90:554e:79be:1b98:7da0] has joined #openbsd 17:07 -!- Blunt2531322 [~Blunt2531@2600:8803:7c80:f90:554e:79be:1b98:7da0] has quit [Client Quit] 17:07 -!- Blunt2531322 [~Blunt2531@2600:8803:7c80:f90:554e:79be:1b98:7da0] has joined #openbsd 17:08 -!- Blunt2531322 [~Blunt2531@2600:8803:7c80:f90:554e:79be:1b98:7da0] has quit [Client Quit] 17:10 -!- Blunt9 [~Blunt2531@2600:8803:7c80:f90:554e:79be:1b98:7da0] has quit [Client Quit] 17:11 -!- Blunt2531322 [~Blunt2531@2600:8803:7c80:f90:554e:79be:1b98:7da0] has joined #openbsd 17:11 -!- Blunt84 [~Blunt2531@2600:8803:7c80:f90:554e:79be:1b98:7da0] has joined #openbsd 17:12 -!- Blunt84 [~Blunt2531@2600:8803:7c80:f90:554e:79be:1b98:7da0] has quit [Client Quit] 17:13 -!- fedaykin [~rusty@user/fedaykin] has quit [Quit: leaving] 17:15 -!- adig [~default@109.166.137.231] has joined #openbsd 17:17 -!- fedaykin [~rusty@user/fedaykin] has joined #openbsd 17:20 -!- seninha [~seninha@user/seninha] has quit [Ping timeout: 265 seconds] 17:26 -!- ficonni [~ficonni@109-92-123-228.dynamic.isp.telekom.rs] has quit [Ping timeout: 252 seconds] 17:28 -!- ficonni [~ficonni@109-92-123-228.dynamic.isp.telekom.rs] has joined #openbsd 17:28 -!- billchenchina- [~billchenc@p54090-ipngnfx01osakakita.osaka.ocn.ne.jp] has quit [Remote host closed the connection] 17:29 -!- billchenchina- [~billchenc@p54090-ipngnfx01osakakita.osaka.ocn.ne.jp] has joined #openbsd 17:31 -!- DinoWilliam [~dino@user/DINOWILLIAM] has joined #openbsd 17:32 -!- Blunt76 [~Blunt2531@2600:8803:7c80:f90:554e:79be:1b98:7da0] has joined #openbsd 17:33 < dfdx> yes, I love gitea, as well. 17:34 -!- Blunt2531322 [~Blunt2531@2600:8803:7c80:f90:554e:79be:1b98:7da0] has quit [Quit: Client closed] 17:35 -!- Blunt76 [~Blunt2531@2600:8803:7c80:f90:554e:79be:1b98:7da0] has quit [Client Quit] 17:41 -!- oneeyedalien [~oneeyedal@user/oneeyedalien] has joined #openbsd 17:43 -!- feriman [~feriman@user/feriman] has joined #openbsd 17:46 -!- OG_MagiC [~bigserver@user/OG-MagiC:07773] has quit [Read error: Connection reset by peer] 17:46 -!- OG_MagiC [~bigserver@user/OG-MagiC:07773] has joined #openbsd 17:47 -!- Blunt31 [~Blunt2531@2600:8803:7c80:f90:554e:79be:1b98:7da0] has joined #openbsd 17:48 -!- Blunt31 [~Blunt2531@2600:8803:7c80:f90:554e:79be:1b98:7da0] has quit [Client Quit] 17:48 -!- hwpplayer1 [~user@user/hwpplayer1] has quit [Quit: I'll be back] 17:50 -!- billchenchina- [~billchenc@p54090-ipngnfx01osakakita.osaka.ocn.ne.jp] has quit [Remote host closed the connection] 17:51 -!- billchenchina- [~billchenc@p54090-ipngnfx01osakakita.osaka.ocn.ne.jp] has joined #openbsd 17:54 -!- ChubaDuba [~ChubaDuba@176.212.45.201] has joined #openbsd 17:56 -!- euroimmorale [euroimmora@user/euroimmorale] has joined #openbsd 18:00 -!- oneeyedalien [~oneeyedal@user/oneeyedalien] has quit [Ping timeout: 260 seconds] 18:01 -!- maylay_ [~gren@104-0-22-170.lightspeed.miamfl.sbcglobal.net] has quit [Ping timeout: 260 seconds] 18:02 -!- euroimmorale [euroimmora@user/euroimmorale] has quit [Remote host closed the connection] 18:06 -!- maylay [~gren@104-0-22-170.lightspeed.miamfl.sbcglobal.net] has joined #openbsd 18:10 -!- billchenchina- [~billchenc@p54090-ipngnfx01osakakita.osaka.ocn.ne.jp] has quit [Quit: Leaving] 18:10 -!- militantorc [~pikapika_@pika.powered.by.lunarbnc.net] has quit [Quit: Free ZNC ~ Powered by LunarBNC: https://LunarBNC.net] 18:11 -!- pikapika_lunar [~pikapika_@pika.powered.by.lunarbnc.net] has joined #openbsd 18:11 -!- pikapika_lunar [~pikapika_@pika.powered.by.lunarbnc.net] has quit [Remote host closed the connection] 18:13 -!- pikapika_lunar [~pikapika_@pika.powered.by.lunarbnc.net] has joined #openbsd 18:17 -!- jedesa [~Thunderbi@user/jedesa] has joined #openbsd 18:19 -!- gatlingg1at [~njd@128.6.147.90] has joined #openbsd 18:20 -!- \subline [~join_subl@24-246-63-252.cable.teksavvy.com] has joined #openbsd 18:25 -!- gatlingg1at [~njd@128.6.147.90] has quit [Ping timeout: 248 seconds] 18:27 -!- rawgreaze [~rawgreaze@user/rawgreaze] has quit [Quit: ZNC 1.8.2 - https://znc.in] 18:33 -!- Paul [~Paul@user/paul] has joined #openbsd 18:38 -!- dayid [~dayid@user/dayid] has joined #openbsd 18:42 -!- Aedil [~adrian@146.52.104.238] has quit [Ping timeout: 252 seconds] 18:46 -!- topcat001 [~topcat001@user/topcat001] has joined #openbsd 18:48 -!- niftily [~niftily@user/niftily] has left #openbsd [] 18:49 -!- niftily [~niftily@user/niftily] has joined #openbsd 18:53 -!- UDENIX [~UDENIX@user/udenix] has quit [Read error: Connection reset by peer] 18:53 -!- pikapika_lunar [~pikapika_@pika.powered.by.lunarbnc.net] has quit [Quit: Free ZNC ~ Powered by LunarBNC: https://LunarBNC.net] 18:54 -!- pikapika_lunar [~pikapika_@pika.powered.by.lunarbnc.net] has joined #openbsd 18:54 < klsrqm> anyone know how to mount an s3 bucket as a directory in OpenBSD? anything like FreeBSD's s3fs? I know we have Fuse but how does one mount s3 in fuse? 18:54 -!- pikapika_lunar [~pikapika_@pika.powered.by.lunarbnc.net] has quit [Remote host closed the connection] 18:55 < mischief> try rclone 18:56 -!- pikapika_lunar [~pikapika_@pika.powered.by.lunarbnc.net] has joined #openbsd 18:56 < klsrqm> would rclone actually cache the files on hdd? 18:57 < klsrqm> (i don't want that -- tryna save space) 18:57 -!- UDENIX [~UDENIX@user/udenix] has joined #openbsd 18:57 -!- BillyZane [~BillyZane@user/BillyZane] has quit [Ping timeout: 252 seconds] 18:58 -!- pikapika_lunar [~pikapika_@pika.powered.by.lunarbnc.net] has quit [Remote host closed the connection] 18:58 -!- pikapika_lunar [~pikapika_@pika.powered.by.lunarbnc.net] has joined #openbsd 19:03 -!- seninha [~seninha@user/seninha] has joined #openbsd 19:07 -!- pikapika_lunar [~pikapika_@pika.powered.by.lunarbnc.net] has quit [Quit: Free ZNC ~ Powered by LunarBNC: https://LunarBNC.net] 19:07 -!- pikapika_lunar [~pikapika_@pika.powered.by.lunarbnc.net] has joined #openbsd 19:11 < mischief> klsrqm: it's optional 19:12 -!- gman999 [~GMan999@user/gman999] has quit [Quit: WeeChat 4.4.2] 19:12 -!- niftily [~niftily@user/niftily] has quit [Quit: leaving] 19:13 -!- DinoWilliam [~dino@user/DINOWILLIAM] has quit [Remote host closed the connection] 19:13 -!- emmanuelux [~emmanuelu@user/emmanuelux] has joined #openbsd 19:18 -!- jab [~user@user/jab] has joined #openbsd 19:18 -!- fat_rat [~u0_a617@82-132-237-247.dab.02.net] has quit [Remote host closed the connection] 19:27 -!- ChubaDuba [~ChubaDuba@176.212.45.201] has quit [Quit: WeeChat 4.4.2] 19:27 -!- seninha [~seninha@user/seninha] has quit [Ping timeout: 252 seconds] 19:28 -!- feriman [~feriman@user/feriman] has quit [Ping timeout: 260 seconds] 19:37 -!- niftily [~niftily@user/niftily] has joined #openbsd 19:38 -!- absc [~absc@2a04:ee41:8:6055:9364:e469:a6c5:996] has joined #openbsd 19:41 -!- vdamewood [~vdamewood@fedora/vdamewood] has quit [Quit: My Mac has gone to sleep. ZZZzzz…] 19:42 -!- theruran [uid11305@id-11305.hampstead.irccloud.com] has quit [Quit: Connection closed for inactivity] 19:43 -!- vdamewood [~vdamewood@fedora/vdamewood] has joined #openbsd 19:44 -!- vdamewood is now known as vampiredamewood 19:44 < rahl> Is there a way to test e.g. weekly.local? 19:46 < ssm_> sh /etc/weekly.local :3 19:46 -!- noone [~six@user/six] has joined #openbsd 19:46 < rahl> :/ 19:46 < rahl> cheers 19:46 < ssm_> if you want to see if weekly runs it, you could sh /etc/weekly I guess 19:46 < rahl> ack 19:47 < rahl> I tried running it directly; didn't realise I could just use sh 19:47 < rahl> (obviously) 19:48 < rahl> weekly definitely runs it. Just noticed that a command was failing. Think it's because I didn't use an absolute filepath 19:49 < thrig> sh might have different env (and working directory) set than what cron runs it as, would not recommend 19:50 < thrig> I instead have a script that can generate a crontab line that will run "soon" in the future 19:50 < rahl> thrig: fair, but not even reasonable for quick testing? 19:51 < rahl> I suppose it depends 19:51 < thrig> if you're okay with the quick test going horribly awry due to different env and cwd 19:52 < rahl> hmm 19:54 -!- _0bitcount [~BigByte@110.pool95-21-144.static.orange.es] has quit [Quit: Leaving] 19:55 < rahl> So rather temporarily edit a user's crontab to run the same commands as present in weekly.local, set e.g. to run every minute 19:55 < rahl> something like that? 19:55 < ssm_> thrig: default root crontab just runs /bin/sh /etc/{daily,weekly,monthly} with a restricted PATH and HOME set to /var/log. shouldn't be too hard just to copy the env over 19:55 < thrig> 57 19 26 10 * sh /etc/weekly 19:55 -!- zimmer [~zimmer@user/zimmer] has quit [Remote host closed the connection] 19:56 < rahl> ack, cheers 19:58 < rahl> I presume you have another script to then remove the line 19:59 -!- Everything [~Everythin@static.208.206.21.65.clients.your-server.de] has quit [Quit: leaving] 19:59 -!- gatlingg1at [~njd@128.6.147.44] has joined #openbsd 19:59 -!- zimmer [~zimmer@user/zimmer] has joined #openbsd 19:59 < thrig> nope, I delete the line after the test run runs 19:59 < thrig> with more work that could be automated, but never felt the need for that 20:00 < rahl> fair enough 20:01 -!- megawatt [~megawatt@user/megawatt] has quit [Ping timeout: 246 seconds] 20:03 -!- euphores [~SASL_euph@user/euphores] has quit [Ping timeout: 252 seconds] 20:05 -!- niftily [~niftily@user/niftily] has quit [Remote host closed the connection] 20:05 -!- sinvet [sinvet@user/sinvet] has joined #openbsd 20:08 -!- megawatt [~megawatt@user/megawatt] has joined #openbsd 20:09 -!- euphores [~SASL_euph@user/euphores] has joined #openbsd 20:10 -!- ublx [~ublx@user/ublx] has quit [Ping timeout: 246 seconds] 20:10 -!- xzdx [~xzdx@user/XZDX] has joined #openbsd 20:10 -!- sinvet [sinvet@user/sinvet] has quit [Ping timeout: 276 seconds] 20:11 -!- jab [~user@user/jab] has quit [Ping timeout: 246 seconds] 20:14 -!- cow321 [~deflated8@user/meow/deflated8837] has quit [Remote host closed the connection] 20:15 -!- xzdx [~xzdx@user/XZDX] has quit [Ping timeout: 248 seconds] 20:15 -!- ublx [~ublx@user/ublx] has joined #openbsd 20:16 -!- cow321 [~deflated8@user/meow/deflated8837] has joined #openbsd 20:16 -!- rawgreaze [~rawgreaze@user/rawgreaze] has joined #openbsd 20:17 < dfdx> Hi #openbsd. I am having some relayd problems. We spoke about gitea above. I have successfully hosted gitea using *just* openbsd's base httpd. But when I try to incorporate relayd into my stack, I get SSL certificate problems. My httpd.conf and relayd.conf are here: https://bpa.st/K43A 20:17 < dfdx> Is there anything obvious I'm doing wrong? I can't seem to figure it out. 20:19 < dfdx> is this a gitea problem? in gitea's app.ini config file, I am using PROTOCOL=http -- but changing that to https, fcgi, http+unix, or fcgi+unix doesn't seem to help. 20:19 < sibiria> as was mentioned, you don't need to run an httpd to get web access to gitea. it has a built-in web server 20:20 < dfdx> sibiria: right. that's what I'm trying to do. Just use relayd. but i need httpd in part because of TLS, no? 20:20 < dfdx> the thing is, i can access gitea in the browser jsut fine with relayd. 20:20 < dfdx> pointing my browser to https://src.domain.com works. 20:20 < dfdx> but when I run "git clone https://src.domain.com/user/aoc.git 20:20 < sibiria> no. gitea has https support, too 20:20 < dfdx> I get an error: SSL certificate problem: unable to get local issuer certificate 20:20 < dfdx> same thing with curl: curl: (60) SSL certificate problem: unable to get local issuer certificate 20:20 < dfdx> these errors don't appear when I just use httpd (and not relayd). 20:21 < sibiria> just enable https support in gitea's config, and point it to a full-chain certificate and private key 20:22 -!- niftily [~niftily@user/niftily] has joined #openbsd 20:23 < dfdx> okay, so I set PROTOCOL=https in gitea's config. what do you mean "point *it* to a full-chain certificate and private key"? How do I do that? isn't that what i've done in the relayd.conf i provided, or do you mean somewhere else? 20:23 < dfdx> when I set PROTOCOL=https; gitea won't load in the browser. 20:23 < dfdx> nor does it fix the git clone SSL error. 20:23 < sibiria> i mean in gitea. you need to let it know what certificate and private key to use. https depends on it 20:23 < sibiria> CERT_FILE and KEY_FILE are the options 20:24 -!- Boohumbug is now known as `awex 20:25 < dfdx> I see, so CERT_FILE=/etc/ssl/src.domain.com.crt and KEY_FILE=/etc/ssl/private/src.domain.com.key ? 20:25 -!- Poster [~poster@syn-024-210-086-224.res.spectrum.com] has quit [Ping timeout: 252 seconds] 20:25 -!- gatlingg1at [~njd@128.6.147.44] has quit [Ping timeout: 276 seconds] 20:25 -!- ivdsangen [~ivo@86-95-161-96.fixed.kpn.net] has quit [Quit: https://github.com/ivdsangen] 20:26 -!- Poster [~poster@2603:6010:1302:974c:116f:c233:797f:4fdd] has joined #openbsd 20:26 < sibiria> yes, presuming those are it 20:27 < dfdx> hmm... that doesn't seem to work. 20:27 < sibiria> gitea may not have permissions to read that path 20:27 -!- rawgreaze [~rawgreaze@user/rawgreaze] has quit [Quit: ZNC 1.8.2 - https://znc.in] 20:27 < dfdx> I ran "# duas -u _gitea ls /etc/ssl/private" and indeed it does not. 20:28 -!- user71 [~user71@2001:1530:1002:4647:b2c3:d3f6:a2f7:ab71] has quit [Quit: Leaving] 20:28 < sibiria> you need to give that user/group permissions, or make a copy of the cert/key and place it where gitea can read 20:28 < sibiria> or 20:28 < dfdx> do I add user _gitea to wheel? that doesn't seem right. 20:28 < sibiria> you config gitea to drop its permission, and start it as root so it can read these things first 20:30 < dfdx> hmm... i copied /etc/ssl/private/src.domain.io.key to /etc/ssl/, where _gitea can access, and gitea still won't work in the browser. how come this all works without doing this stuff when I don't use relayd? 20:31 < dfdx> when I use httpd, i don't get any SSL local issuer certificate errors. 20:32 < sibiria> i think you're seeing a simple permission error 20:32 < sibiria> verify that the path and file is readable by the user or group gitea starts as 20:33 < dfdx> doing "# doas -u _gitea less /etc/ssl/src.domain.io.crt" and "# doas -u _gitea less /etc/ssl/src.domain.io.fullchain.pem" both work. 20:36 < sibiria> but are you sure gitea starts as that when you launch it? 20:37 < dfdx> my /etc/rc.d/gitea shows: daemon_user="_gitea" 20:37 < sibiria> i suppose that doesn't go into gitea's RUN_USER 20:37 < sibiria> but 20:37 < sibiria> copy the files to gitea's config dir, in case it chroots as first thing on launch (i can't recall if it does) 20:37 -!- gatlingg1at [~njd@128.6.147.44] has joined #openbsd 20:38 -!- `awex is now known as Boohumbug 20:39 -!- izder456 [~user@167.sub-174-194-96.myvzw.com] has joined #openbsd 20:40 < sibiria> it should have a directory of its just for that 20:40 < sibiria> certs/ or httpcerts/ or something like that 20:40 < sibiria> of its own* 20:43 < dfdx> i just created /var/gitea/custom/https 20:45 -!- andrew2 [~andrew@88.252.3.60] has joined #openbsd 20:45 < dfdx> i'm not sure if i'm putting the right files in. I don't know what CERT_FILE and KEY_FILE are supposed to point to. I have four files in /etc/ssl: (1) src.domain.io.crt, (2) src.domain.io.fullchain.pem, (3) src.domain.io.ocsp.pem, and (4) src.domain.io.key 20:45 < sibiria> fullchain is the cert, key is the private key 20:45 < sibiria> KEY_FILE = private key 20:46 < dfdx> okay, then i have it right. 20:46 < dfdx> still not working :| 20:46 -!- topcat001 [~topcat001@user/topcat001] has quit [Quit: Client closed] 20:46 -!- andrew2 [~andrew@88.252.3.60] has quit [Client Quit] 20:46 < dfdx> permissions for both files are _gitea:_gitea. 20:46 < sibiria> access gitea directly to check. leave relayd etc. out of it 20:46 -!- rawgreaze [~rawgreaze@user/rawgreaze] has joined #openbsd 20:47 < sibiria> the path is relative if i recall correctly 20:47 -!- graslander [~graslande@user/graslander] has quit [Remote host closed the connection] 20:47 < dfdx> gitea docs say it can also handle absolute paths. 20:47 < sibiria> gitea has a "base/root" dir, and most paths should be relative 20:48 < sibiria> so /var/gitea is probably the base dir 20:48 -!- gatlingg1at [~njd@128.6.147.44] has quit [Ping timeout: 260 seconds] 20:48 < sibiria> and you can set the cert/key file as custom/https/blah.pem and custom/https/blah.key 20:49 < dfdx> when I rcctl stop httpd relayd 20:49 < dfdx> gitea won't work because in the gitea conf I specify src.domain.io 20:49 < sibiria> chown -R _gitea:_gitea /var/gitea/custom 20:49 < dfdx> so the site can't be reached when I try to point my browser to 127.0.0.1:3000 20:49 < dfdx> sibiria: yup, i set those permissions. 20:50 -!- andrew2 [~andrew@88.252.3.60] has joined #openbsd 20:50 < sibiria> stop using httpd/relayd. you don't need them, at least not at this point. start with getting a functional setup of gitea 20:50 < sibiria> gitea has its own web server - another httpd or http relay is not necessary for it to function 20:51 < dfdx> so should I just comment out the DOMAIN and all the other associated options in gitea's config? 20:51 < dfdx> e.g., ROOT_URL 20:51 -!- andrew2 [~andrew@88.252.3.60] has left #openbsd [] 20:51 < sibiria> you should set DOMAIN and ROOT_URL 20:52 < dfdx> so src.domain.io? 20:52 < dfdx> I am so confused. 20:52 < sibiria> if that's the fqdn of your cert, yes... 20:53 < dfdx> it is, okay, so i'll keep those. 20:53 * oldlaptop would think that if relayd is going to be involved at all, it probably ought to be what's doing TLS termination(?) 20:53 -!- rawgreaze [~rawgreaze@user/rawgreaze] has quit [Quit: ZNC 1.8.2 - https://znc.in] 20:54 < oldlaptop> and if it's not going to be doing TLS termination, and it's not needed for load-balancing to multiple giteas or something, then it's not needed 20:54 < dfdx> 127.0.0.1:3000 -> "This site can't provide a secure connection. 127.0.0.1 sent an invalid response. ERR_SSL_PROTOCOL_ERROR."> 20:55 < oldlaptop> That sounds like whatever's running on port 3000 isn't a TLS (HTTPS or otherwise) server. 20:55 < sibiria> is PROTOCOL set to https? 20:55 < sibiria> is it gitea, or something else, listening on localhost:3000? 20:55 -!- kenny1337 [~andrew@88.252.3.60] has joined #openbsd 20:55 < dfdx> nothing else is listening on 3000. PROTOCOL is set to https 20:55 < sibiria> have you confirmed in gitea's log that it really does manage to read the cert and the private key 20:56 < sibiria> DOMAIN should be the fqdn of your cert 20:56 -!- kenny1337 [~andrew@88.252.3.60] has left #openbsd [] 20:57 < klsrqm> mischief: thank you! 20:58 < sibiria> and keep in mind if you surf to https://127.0.0.1:3000/, the server name indication is going to be 127.0.0.1, not src.domain.io 20:58 < sibiria> gitea will respond to what you set in DOMAIN 20:58 < dfdx> yes, I confirmed that it can read the certs. I did get an error before, but I fixed it. here is what I get my logs: https://bpa.st/DA7A 20:59 -!- rawgreaze [~rawgreaze@user/rawgreaze] has joined #openbsd 20:59 < dfdx> my domain is src.domain.io, which should be correct. its what I use when I run acme-config. 20:59 -!- rawgreaze [~rawgreaze@user/rawgreaze] has quit [Remote host closed the connection] 21:00 < sibiria> then you need to surf there and not to 127.0.0.1 to send the correct SNI 21:00 < sibiria> you can test locally with curl 21:00 -!- mijndert [~mijndert@user/mijndert] has quit [Quit: kbye] 21:00 < sibiria> curl https://src.domain.io:3000/ --resolve src.domain.io:443:127.0.0.1 21:00 < sibiria> sorry: src.domain.io:3000:127.0.0.1 21:00 -!- d5k [~d5k@p57af9fb1.dip0.t-ipconnect.de] has joined #openbsd 21:00 < dfdx> wait. I should be using src.domain.io in my browser? 21:01 -!- rawgreaze [~rawgreaze@user/rawgreaze] has joined #openbsd 21:01 < sibiria> if you use 127.0.0.1 you're telling the web server on the other end "let me browser the website with "domain" 127.0.0.1" 21:01 -!- rawgreaze [~rawgreaze@user/rawgreaze] has quit [Remote host closed the connection] 21:01 < sibiria> and that's not what gitea is configured for, and it's not what's in your TLS certificate 21:02 -!- Everything [~Everythin@178.133.12.70] has joined #openbsd 21:02 < avemestr> You'll want to check what src.domain.io resolves to... 21:02 < dfdx> the web server on the other end is just my machine that i'm on right now. 21:02 < sibiria> yes so test with curl 21:02 < dfdx> src.domain.io worked perfectly when I just use gitea with httpd. 21:02 < dfdx> let me test with curl. 21:02 < dfdx> curl: (7) getsockname() failed with errno 22: Invalid argument 21:02 < dfdx> that is from: $ curl src.domain.io and $ curl https://src.domain.io 21:03 < dfdx> from the machine that is running gitea. 21:03 < sibiria> ve src.domain.io:443:127.0.0.1 21:03 < sibiria> (23:00) < sibiria> sorry: src.domain.io:3000:127.0.0.1 21:03 < sibiria> bad copy/paste 21:03 < sibiria> this: curl https://src.domain.io:3000/ --resolve src.domain.io:3000:127.0.0.1 21:03 < dfdx> ah, in that case, i get this: curl: (35) LibreSSL/3.9.0: error:1400442E:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert protocol version 21:04 < dfdx> whoops 21:04 < dfdx> sorry 21:04 < dfdx> this is my bad. 21:04 < sibiria> it *should* spit out just a bunch of html, and no complaints 21:04 < dfdx> I had accidentially literally typed in "src.domain.io" instead of my real domain. changing it to the real one gives me the same error. 21:04 < dfdx> nope. no html 21:04 < dfdx> i get that error. 21:05 < sibiria> do this: curl -v https://your.real.domain:3000/ --resolve your.real.domain:3000:127.0.0.1 21:05 < dfdx> in my gitea log, from a few minutes ago, i get this error: 00: bind: address already in use 21:05 -!- rawgreaze [~rawgreaze@user/rawgreaze] has joined #openbsd 21:05 < sibiria> ok i wonder if it's running at all :p 21:06 < sibiria> iirc gitea has no option for "REUSEADDR/REUSEPORT", so you may need to stop gitea for a brief moment then start it again 21:06 < sibiria> make sure there really isn't anything running that's listening on port 3000 21:06 < dfdx> ps certainly shows that it is. i get more output from that curl -v. let me show you. 21:06 < thrig> and to level up with netstat 21:06 < sibiria> yes: netstat -an 21:06 < dfdx> https://bpa.st/673A 21:06 < sibiria> when gitea is off, and on 21:07 < dfdx> this is my netstat: https://bpa.st/B3SA 21:08 < sibiria> the error you're getting looks like when trying to speak tls to something that isn't tls 21:09 < sibiria> ok, the part about it listening to connections on localhost port 3000 looks fine. so far so good. but the errors curl are throwing makes me think gitea is not at all configured for https 21:09 -!- pikapika_lunar [~pikapika_@pika.powered.by.lunarbnc.net] has quit [Quit: Free ZNC ~ Powered by LunarBNC: https://LunarBNC.net] 21:09 -!- pikapika_lunar [~pikapika_@pika.powered.by.lunarbnc.net] has joined #openbsd 21:10 < dfdx> let me show you my gitea config. 21:12 -!- nosurprises [~root@88.252.3.60] has joined #openbsd 21:12 -!- d5k [~d5k@p57af9fb1.dip0.t-ipconnect.de] has quit [Ping timeout: 248 seconds] 21:13 -!- ublx [~ublx@user/ublx] has quit [Quit: ublx] 21:13 -!- nosurprises [~root@88.252.3.60] has left #openbsd [] 21:13 < dfdx> here is my gitea's app.ini: https://bpa.st/RPOQ 21:14 < dfdx> I don't see anything out of the ordinary except for two DOMAIN options in the same section. but when I inspect the fully-commented app.ini file it seems normal? 21:15 -!- ficonni [~ficonni@109-92-123-228.dynamic.isp.telekom.rs] has quit [Quit: Lost terminal] 21:15 < sibiria> unset REDIRECT_OTHER_PORT. set it to false 21:15 < sibiria> you cannot do both http and https on the same port 21:16 < dfdx> okay, i'll comment that and the subsequent line out. 21:16 -!- rawgreaze [~rawgreaze@user/rawgreaze] has quit [Ping timeout: 265 seconds] 21:16 < dfdx> that seemed to do the trick! 21:16 < dfdx> curl throws HTML at me 21:18 < dfdx> similarly, when I go to my browser on the gitea machine and type in: "https://127.0.0.1:3000" I get an SSL warning but at least if I "proceed anyways" I get to my gitea server. 21:18 < sibiria> that's good. then it's not locking itself on a per-SNI basis 21:18 < sibiria> so there will be the obvious cert host mismatch, but that's fine 21:18 < dfdx> weirdly, on another machine on my LAN, going to "https://192.168.1.78:3000" fails. 21:19 < sibiria> because you're listening to localhost 21:19 -!- ikarso [uid475540@id-475540.tinside.irccloud.com] has joined #openbsd 21:19 < sibiria> you can listen to 0.0.0.0 instead 21:19 < sibiria> localhost (127.0.0.1) exists only locally on the computer in question, as the name suggests 21:19 < dfdx> is that advisable? ultimately I want to setup relayd, not sure if keeping localhost is better. 21:19 < sibiria> the machine is in a LAN, no? 21:19 < dfdx> yes. 21:20 < sibiria> and port 3000 isn't being forwarded in from the WAN? 21:20 < dfdx> no. 21:20 < sibiria> then you're fine 21:20 < dfdx> fair enough. 21:20 < dfdx> relayd should work now, right? let me try turning that back on. 21:21 < sibiria> if your only goal is to have gitea run on non-standard port(s), but still be able to access it on standard ports (e.g. 80 and 443), then you will not need relayd. you can redirect this with pf alone 21:21 < sibiria> and, really, i would recommend solving just that with pf instead 21:22 < dfdx> Unfortunatley, I simply do not have the intelligence or the mental capacity to start with pf right now. I need to do one thing at a time :|. Right now i'm just learning about httpd and relayd. :( PF is on my list of TODOs later this month. 21:22 -!- dustinm`_ [~dustinm@static.38.6.217.95.clients.your-server.de] has quit [Ping timeout: 252 seconds] 21:22 < sibiria> ok. then relayd can be used to solve that redirection problem 21:23 -!- taleon [~cr@user/taleon] has quit [Ping timeout: 252 seconds] 21:23 -!- taleon [~cr@user/taleon] has joined #openbsd 21:23 < dfdx> when I restart relayd, I get a curious error: Client sent an HTTP request to an HTTPS server. 21:23 -!- rawgreaze [~rawgreaze@user/rawgreaze] has joined #openbsd 21:23 < dfdx> this is the same error I get when i go to my gitea machine and type in: "http://127.0.0.1:3000" 21:24 < sibiria> we know gitea is functioning normally now. if you still want to use relayd, then it should be handling TLS and speak only plain http with gitea 21:24 -!- megawatt [~megawatt@user/megawatt] has left #openbsd [] 21:24 < sibiria> meaning you should "unconfigure" the https/cert stuff on gitea, and move that stuff to relayd 21:24 < sibiria> leave httpd out of the picture entirely. it doesn't apply to any of this 21:25 < dfdx> yes, here is my relayd.conf: https://bpa.st/UOOA 21:25 < dfdx> sibiria: ah, so move PROTOCOL back to http? 21:25 -!- ym [~ym@217.107.106.249] has quit [Ping timeout: 276 seconds] 21:26 < sibiria> yes, and not set the cert/key file settings etc. 21:26 -!- ghane [~ghane@user/ghane] has quit [Killed (Stx (Godnatt!))] 21:26 < sibiria> gitea should in that setup only speak plain http, and relayd should do all the TLS stuff and stand in front of gitea 21:27 -!- pikapika_lunar [~pikapika_@pika.powered.by.lunarbnc.net] has quit [Quit: Free ZNC ~ Powered by LunarBNC: https://LunarBNC.net] 21:27 < dfdx> okay great. we are now back to square one. 21:27 < dfdx> src.domain.io works in the browser 21:27 < dfdx> but when I try to git clone or curl I get the following error: SSL certificate problem: unable to get local issuer certificate 21:27 < sibiria> no, you now know for certain that gitea does run correctly 21:27 < dfdx> right, we know that now. 21:28 < dfdx> but ultimately, who cares? i can't git clone. 21:29 < sibiria> unfortunately i can't help you configure relayd, because i've only toyed around with it very briefly. i don't mind taking a stab at it a bit later 21:29 -!- pikapika_lunar [~pikapika_@pika.powered.by.lunarbnc.net] has joined #openbsd 21:29 < dfdx> what is bizarre is that, when I don't use relayd -- when I just use httpd -- I can git clone just fine. 21:30 < sibiria> if gitea is running fine, on whatever port, https or not, you should be able to git-clone directly to it as well 21:30 -!- pikapika_lunar [~pikapika_@pika.powered.by.lunarbnc.net] has quit [Remote host closed the connection] 21:30 -!- pikapika_lunar [~pikapika_@pika.powered.by.lunarbnc.net] has joined #openbsd 21:30 < sibiria> everything points to relayd config not being ok 21:31 -!- vampiredamewood [~vdamewood@fedora/vdamewood] has quit [Quit: My Mac has gone to sleep. ZZZzzz…] 21:31 < mischief> relayd -dvvv 21:32 < mischief> :-) 21:32 < oldlaptop> (Kind of odd for an openbsd daemon, would expect it to be just -d, or possibly more ds) 21:33 -!- ghane [~ghane@user/ghane] has joined #openbsd 21:33 < mischief> httpd is exactly the same 21:33 < oldlaptop> not a surprise given its heritage 21:33 < mischief> blame reyk i suppose 21:33 < dfdx> mischief: literally nothing is logged when I try to git clone :| 21:33 * oldlaptop notes vmd is the same too :P 21:33 -!- niftily [~niftily@user/niftily] has quit [Quit: leaving] 21:34 < oldlaptop> Maybe it's more a new-openbsd-daemon versus old-openbsd-daemon thing 21:35 < oldlaptop> (or I'm biased by exactly what daemons I've played with) 21:37 -!- rawgreaze [~rawgreaze@user/rawgreaze] has quit [Quit: ZNC 1.8.2 - https://znc.in] 21:37 -!- psydroid [~psydroid@user/psydroid] has quit [Read error: Connection reset by peer] 21:37 -!- dustinm` [~dustinm@static.38.6.217.95.clients.your-server.de] has joined #openbsd 21:37 * vortexx chalks relayd as the second most problematic issue on OpenBSD after wifi firmware not being included in bsd.rd by default (for good reasons that new comers don't fathom) 21:37 < vortexx> s/chalks/chalks up 21:38 < vortexx> at least in this channel 21:39 -!- ecbrown [~user@user/ecbrown] has quit [Quit: ERC 5.5.0.29.1 (IRC client for GNU Emacs 29.1)] 21:41 -!- kroovy [~libera@62.27.246.206] has quit [Ping timeout: 246 seconds] 21:47 -!- kroovy [~libera@62.27.246.206] has joined #openbsd 21:48 -!- yclept [~yclept@user/yclept] has quit [Quit: nyaa~] 21:50 -!- nosurprises [~root@88.252.3.60] has joined #openbsd 21:51 -!- nosurprises [~root@88.252.3.60] has left #openbsd [] 21:51 -!- CrashOverride [~strcat@p54855b70.dip0.t-ipconnect.de] has quit [Ping timeout: 276 seconds] 21:55 -!- hwpplayer1 [~user@user/hwpplayer1] has joined #openbsd 22:00 < vortexx> quick question for wireguard road warrior setup users who don't run bgpd, if you ajust the "acl setting" aka wgaip to allow 0.0.0.0/0 does it relay properly? Been trying to get my ubuntu laptop to connect, which it does, but nothing routes 22:01 < vortexx> (I run bgpd and suspect it might be getting in the way, but my phone connects just fine and can access stuff) 22:01 -!- rawgreaze [~rawgreaze@user/rawgreaze] has joined #openbsd 22:01 < oldlaptop> I'm not quite sure what you're asking. 22:02 < oldlaptop> The "road warrior" laptop should generally have one peer with wgaip 0/0, so far as I'm aware, which causes all VPN traffic to go to that peer 22:03 < oldlaptop> actual IP routing on top of that should be completely separate 22:03 < vortexx> ok 22:04 < vortexx> I just noticed I didn't even have wgaip 0/0 in there but the phone worked, so... something weird 22:04 -!- runelind [~runelind@user/runelind] has quit [Ping timeout: 252 seconds] 22:05 < oldlaptop> What's the definition of "the phone worked"? 22:05 < oldlaptop> (and what's its actual configuration?) 22:07 < oldlaptop> If it doesn't have something in wgaip (or whatever the formal term for the corresponding cellphone-app-slider-switch is) covering 0/0, it would (AIUI) not be able to route its general internet traffic over the VPN (because it will reject at least some return traffic as disallowed) 22:08 < oldlaptop> by that token if the only goal is to route stuff within the VPN, not to route internet-bound traffic through the VPN, $whole_vpn_ip_range would be an acceptable substitute for 0/0 22:09 -!- bba [~bba@user/bba] has quit [Quit: Leaving] 22:14 -!- runelind [~runelind@user/runelind] has joined #openbsd 22:17 -!- znedw08 [~znedw@2400:a846:4040::f61] has quit [Read error: Connection reset by peer] 22:19 -!- znedw08 [~znedw@2400:a846:4040::f61] has joined #openbsd 22:23 < vortexx> (sorry not being very explicit here, I use an app called wireguard for android, and I could see that plenty of traffic was coming back on the phone interface, so I presumed it was working normally. On the laptop nothing was coming back despite being connected so the wgaip was an issue 22:23 -!- lavaball [~Melissa@31.204.155.215] has quit [Remote host closed the connection] 22:25 -!- absc [~absc@2a04:ee41:8:6055:9364:e469:a6c5:996] has quit [Quit: Got to go. irctk 1.1.0-beta] 22:26 -!- Everything [~Everythin@178.133.12.70] has quit [Quit: leaving] 22:26 < vortexx> anyway not going to dig further on this issue tonight 22:30 -!- tarxvfz [~tarxvfz@gateway/tor-sasl/tarxvfz] has quit [Remote host closed the connection] 22:35 -!- polarian [~polarian@znc.polarian.dev] has quit [Quit: Polarian has disappeared] 22:37 -!- polarian [~polarian@znc.polarian.dev] has joined #openbsd 22:40 -!- gotohello [~gotohello@user/gotohello] has quit [Ping timeout: 256 seconds] 22:41 -!- zimmer [~zimmer@user/zimmer] has quit [Ping timeout: 272 seconds] 22:41 -!- xzdx [~xzdx@user/XZDX] has joined #openbsd 22:45 -!- hwpplayer1 [~user@user/hwpplayer1] has quit [Quit: I'll be back] 22:46 -!- xzdx [~xzdx@user/XZDX] has quit [Ping timeout: 252 seconds] 22:54 -!- vysn [~vysn@user/vysn] has quit [Remote host closed the connection] 22:56 -!- \subline [~join_subl@24-246-63-252.cable.teksavvy.com] has quit [Ping timeout: 248 seconds] 22:57 -!- izder456 [~user@167.sub-174-194-96.myvzw.com] has quit [Remote host closed the connection] 23:04 -!- \subline [~join_subl@24-246-63-252.cable.teksavvy.com] has joined #openbsd 23:07 -!- blotter [~mpatton@user/mpatton] has quit [Ping timeout: 260 seconds] 23:08 < sibiria> dfdx: try using the non-fullchain cert for relayd 23:09 < sibiria> i just spent 3 minutes testing a https-to-http thing in relayd and it seems it doesn't do well with a full chain incl. CA/intermediates for the cert 23:11 < sibiria> dfdx: i used this as test config: https://dpaste.org/xjygQ/raw 23:11 < sibiria> and it works just fine 23:14 -!- x_x [~xx@user/xx] has quit [Ping timeout: 260 seconds] 23:19 -!- adip [~adip@c159-63.icpnet.pl] has quit [Ping timeout: 265 seconds] 23:21 < dfdx> sibiria: curl and git clone work with that? 23:21 < dfdx> also, I too use "poop" frequently when debugging. glad i'm not the only one. 23:21 -!- gotohello [~gotohello@user/gotohello] has joined #openbsd 23:22 < dfdx> just fyi, I posted on openbsd-misc: https://marc.info/?l=openbsd-misc&m=172998295931254&w=2 23:25 < sibiria> dfdx: curl works fine and the request looks normal. i don't have gitea running here, i run it at work, so i can't test that specific scenario with git-clone 23:25 -!- adip [~adip@c159-63.icpnet.pl] has joined #openbsd 23:27 -!- drathir_tor [~drathir@wireguard/tunneler/drathir] has quit [Remote host closed the connection] 23:34 -!- drathir_tor [~drathir@wireguard/tunneler/drathir] has joined #openbsd 23:38 -!- ikarso [uid475540@id-475540.tinside.irccloud.com] has quit [Quit: Connection closed for inactivity] 23:40 -!- GOrshkOFF [~user@89.151.171.56] has joined #openbsd 23:51 -!- GOrshkOFF [~user@89.151.171.56] has quit [Remote host closed the connection] 23:54 -!- drathir_tor [~drathir@wireguard/tunneler/drathir] has quit [Ping timeout: 260 seconds] 23:55 -!- drathir_tor [~drathir@wireguard/tunneler/drathir] has joined #openbsd --- Log closed Sun Oct 27 00:00:39 2024