From 5ca407f1d8395989271a8bf87b0f778ac3b69e1f Mon Sep 17 00:00:00 2001 From: DTB Date: Tue, 1 Apr 2025 19:01:22 -0600 Subject: [PATCH] 2025-04-01 --- homepage.content | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/homepage.content b/homepage.content index 2517bd5..c7ad485 100755 --- a/homepage.content +++ b/homepage.content @@ -1050,6 +1050,50 @@ pre { /* DRY who? */ } +/blah/2025-04-01.html + +: openbsd server + +i'm using caddy instead of relayd,httpd,acme because i like an easy config for +web shit and i loathe tls stuff + +/etc/caddy/Caddyfile +| +| # lightly modified default +| { +| http_port 8080 +| https_port 8443 +| admin unix//var/caddy/admin.sock|0220 +| } +| +| trinity.moe { +| root * /srv/trinity.moe +| file_server +| } +| +| www.trinity.moe { +| redir https://trinity.moe{uri} +| } + +cool and all, right? except caddy can't bind to low ports on openbsd, because +caddy isn't running as root (which is a security issue) and openbsd can't let +non-root processes bind to low ports like linux can. so we've bound to high +ports. let's fix this in pf(4) + +/etc/pf.conf +| # [ defaults included, but i'm not copying them over here ] +| pass in on any proto tcp from any to any port 80 rdr-to 127.0.0.1 port 8080 +| pass in on any proto tcp from any to any port 443 rdr-to 127.0.0.1 port 8443 + +okay cool + +for a while trinity.moe was hosted on the same machine as feeling.murderu.us, +as of today that is no longer the case (i still own murderu.us and everything, +i just wanted a personal vps for other things too) + +maybe there will be more blah posts but probably not + + /blah/2024-12-01.html : vaporware i looked forward to