On Tue Apr 30, 2024 at 5:09 PM BST, Stuart Henderson wrote:
On 2024-04-30, Souji Thenria wrote:
>
> Could you elaborate on your point that Go ports are a pain?
> I thought a port written in Go would probably be easier to maintain
> because no additional libraries are needed to run the program,
On 2024-04-30, Souji Thenria wrote:
>
> Could you elaborate on your point that Go ports are a pain?
> I thought a port written in Go would probably be easier to maintain
> because no additional libraries are needed to run the program, and
> cross-compilation is relatively easy, too.
With current
On Tue Apr 30, 2024 at 3:23 PM BST, Kirill A. Korinsky wrote:
On Tue, 30 Apr 2024 15:30:25 +0200,
"Souji Thenria" wrote:
>
> Could you elaborate on your point that Go ports are a pain? I thought a
> port written in Go would probably be easier to maintain
> because no additional libraries are n
On Tue, 30 Apr 2024 15:30:25 +0200,
"Souji Thenria" wrote:
>
> Could you elaborate on your point that Go ports are a pain? I thought a
> port written in Go would probably be easier to maintain
> because no additional libraries are needed to run the program, and
> cross-compilation is relatively e
On Tue Apr 30, 2024 at 1:24 PM BST, Stuart Henderson wrote:
On 2024-04-30, Souji Thenria wrote:
> Hi everyone,
>
> In the last couple of days, I played with the webserver Caddy [1] and
> would like to use it for some of my web applications. However, the
> webserver is currently n
On 2024-04-30, Stuart Henderson wrote:
> On 2024-04-30, Souji Thenria wrote:
>> Hi everyone,
>>
>> In the last couple of days, I played with the webserver Caddy [1] and
>> would like to use it for some of my web applications. However, the
>> webserver is currentl
On 2024-04-30, Souji Thenria wrote:
> Hi everyone,
>
> In the last couple of days, I played with the webserver Caddy [1] and
> would like to use it for some of my web applications. However, the
> webserver is currently not in the ports tree. Is there a specific reason
> for t
Hi everyone,
In the last couple of days, I played with the webserver Caddy [1] and
would like to use it for some of my web applications. However, the
webserver is currently not in the ports tree. Is there a specific reason
for that, or has no one wanted to create and maintain
the port yet?
If
ot; the setup for httpd.
> >>
> >> I basically need to run a Go webserver with access to MariaDB,
> >> but would like to chroot the Go webserver.
> >>
> >> I was thinking that since Go by default doesn't run a webserver on
> >> port
On Thu, Mar 17, 2022 at 09:41:13PM +0100, i...@tutanota.com wrote:
> >> I assume go has bindings for setuid() and friends.
>
> > Go software doesn't usually like to do this because of some issue
> > with doing so on Linux that I don't _think_ apply to OpenBSD. And
> > they have the "allow binding
On 2022-03-16, Marc Espie wrote:
> On Tue, Mar 15, 2022 at 11:32:19PM +0100, i...@tutanota.com wrote:
>> Since Go has support for pledge and unveil, I was thinking about
>> "imitating" the setup for httpd.
>>
>> I basically need to run a Go webserver with ac
Am 16.03.22 03:09 schrieb i...@tutanota.com:
> >> I was thinking that since Go by default doesn't run a webserver on
> >> port 80 or 443
>
> > What does it even mean. Go is a programming language. If you want to
> > build and run a webserver with it and h
On Tue, Mar 15, 2022 at 11:32:19PM +0100, i...@tutanota.com wrote:
> Since Go has support for pledge and unveil, I was thinking about
> "imitating" the setup for httpd.
>
> I basically need to run a Go webserver with access to MariaDB,
> but would like to chroot the
On 3/15/22 6:32 PM, i...@tutanota.com wrote:
...
$ doas chroot -u www -g www /var/www /bin/go-server
But that wouldn't keep it running after a reboot.
The "easy" and historic way:
man 8 rc
more specifically, rc.local
The "better" way:
man 8 rc.d
(and read the "see also"s.)
Probably g
On Tue, Mar 15, 2022 at 10:25 PM wrote:
> Is there something to restart it if it crashes?
If that's a concern you could use a shell script that launches and
relaunches the thing,
But ask yourself: why would you want it to restart automatically after
a crash, if you are concerned about security?
Em Tue, 2022-03-15 às 23:32 +0100, i...@tutanota.com escreveu:
> I was thinking that since Go by default doesn't run a webserver on
> port 80 or 443
What does it even mean. Go is a programming language. If you want to
build and run a webserver with it and have it listen on whatev
On 2022-03-10, Tom Smyth wrote:
> Hi,
> Owasp has some cheat sheets for hardening PHP configurations,
>
> https://cheatsheetseries.owasp.org/cheatsheets/PHP_Configuration_Cheat_Sheet.html
>
> you can combine it with httpd which would run the php app and website
> inside a chroot jail,
>
> you can
> serious security is taken in Go. I would suspect a lot better (simpler
> language, daily usage by Google and many other big companies,
> involvement of Ken, Rob, and others), but that is just assumptions. Any
> advice on that?
>
> I know how OpenBSD chroots the webserver and there
Thank you Marcus, and the rest of you :)
--Chad
Sent with ProtonMail Secure Email.
‐‐‐ Original Message ‐‐‐
On Sunday 3. May 2020 kl. 16:53, Marcus MERIGHI wrote:
> chad.hoo...@protonmail.com (Chad Hoolie), 2020.05.03 (Sun) 15:43 (CEST):
>
> > So the folks over at my
On Sun, May 03, 2020 at 04:53:42PM +0200, Marcus MERIGHI wrote:
> chad.hoo...@protonmail.com (Chad Hoolie), 2020.05.03 (Sun) 15:43 (CEST):
> > So the folks over at my webserver is removing its daemonization
> > feature, telling its users to use systemd/upstart/a process supervi
Hi,
So the folks over at my webserver is removing its daemonization feature,
telling its users to use systemd/upstart/a process supervisor instead.
But what does this mean to my webserver's startup script in /etc/rc.d, isn't it
dependent on the webserver's ability to daemonize?
chad.hoo...@protonmail.com (Chad Hoolie), 2020.05.03 (Sun) 15:43 (CEST):
> So the folks over at my webserver is removing its daemonization
> feature, telling its users to use systemd/upstart/a process supervisor
> instead.
Ugly move by upstream!
> But what does this mean to my
without incident of 150+ days. I understand the meltdown patch is
>> available for 6.2. From a security standpoint how urgent is it that I
>> upgrade and apply the patch?
>>
>> Notably the webserver is a VPS not on bare metal. If my VPS provider
>> is not patched aga
m a security standpoint how urgent is it that I
> upgrade and apply the patch?
>
> Notably the webserver is a VPS not on bare metal. If my VPS provider
> is not patched against meltdown what difference would it make?
>
> Are virtual CPUs even susceptible to meltdown? I suspect not.
?
Notably the webserver is a VPS not on bare metal. If my VPS provider
is not patched against meltdown what difference would it make?
Are virtual CPUs even susceptible to meltdown? I suspect not. But the
underlying physical CPU would be.
eap modem/router provided by the ISP. And connected as one
>> of
>> the network nodes is an old laptop running OpenBSD. I want to use that
>> laptop as a webserver, ftp server, etc. I can connect to the laptop
>> internally, from within the local network (192.168.
that laptop as a webserver, ftp server, etc. I
> can connect to the laptop internally, from within the local network
> (192.168.15.11) via http, ssh, ftp, etc, but I can't see it from
> external hosts. I already tried different configurations in the
> router/modem related to port
the general internet.
>
>> On 19 Jan 2018, at 15:55, Michel von Behr wrote:
>>
>> Hi - rookie question: I have ADSL internet at home, distributed to local
>> hosts via a cheap modem/router provided by the ISP. And connected as one of
>> the network nodes is an old
webserver, ftp server, etc. I can connect to the laptop
internally, from within the local network (192.168.15.11) via http,
ssh,
ftp, etc, but I can't see it from external hosts. I already tried
different
configurations in the router/modem related to port forwarding, NAT,
but
without success, s
Hi - rookie question: I have ADSL internet at home, distributed to local
hosts via a cheap modem/router provided by the ISP. And connected as one of
the network nodes is an old laptop running OpenBSD. I want to use that
laptop as a webserver, ftp server, etc. I can connect to the laptop
internally
Thanks for enlightening me.
Have a good day.
On Fri, May 2, 2014 at 8:53 PM, John D. Verne wrote:
> On Fri, May 02, 2014 at 12:53:05PM +0530, Indunil Jayasooriya wrote:
> > Thanks for the support.
> >
> > I changed the port from to 2224. Now it works. This PF box is
> behind
> > a ADSL r
On Fri, May 02, 2014 at 12:53:05PM +0530, Indunil Jayasooriya wrote:
> Thanks for the support.
>
> I changed the port from to 2224. Now it works. This PF box is behind
> a ADSL router. I assume this ADSL router has reserved port . I have no
> access to this ADSL router.
>
is used
\
rdr-to $webserver port 22 synproxy state
pass out log on $int_if inet proto tcp from any to $webserver port 22
modulate state
> sysctl net.inet.ip.forwarding
>
I have already set it to = 1
net.inet.ip.forwarding=1
Thanks for the below rules
>
> Using:
>
> m
On 05/02/14 05:34, Indunil Jayasooriya wrote:
Dear ALL,
I want to do ssh to a internel webserver from the outside world. ssh port
22 is running in that web server.
SSH port 22 is also ruuning my Openbsd 5.4 ( 32 bit ) firewall to which I
do ssh from the outside world.
So I want to add a rule
Dear ALL,
I want to do ssh to a internel webserver from the outside world. ssh port
22 is running in that web server.
SSH port 22 is also ruuning my Openbsd 5.4 ( 32 bit ) firewall to which I
do ssh from the outside world.
So I want to add a rule to access internel webserver
So I decided to
V pohode. Nekteri si to prectou :D
2010/3/26 Peter Huncar :
> Peter Huncar wrote:
>>
>> Nasiel som jeden bug v PHP/Postgres ktory sposoboval padanie webservera,
>> ktory ste mozno badali ze pg.chemnet.sk siel trocha divne, aj ked uz nie
>> pomaly, ale niekedy nedocital celu stranku.
>> Toz som to
Peter Huncar wrote:
Nasiel som jeden bug v PHP/Postgres ktory sposoboval padanie
webservera, ktory ste mozno badali ze pg.chemnet.sk siel trocha divne,
aj ked uz nie pomaly, ale niekedy nedocital celu stranku.
Toz som to fixol a poslal hlasenie vyvojarom.
Uz by to malo ist v pohode.
Prave som d
Nasiel som jeden bug v PHP/Postgres ktory sposoboval padanie webservera,
ktory ste mozno badali ze pg.chemnet.sk siel trocha divne, aj ked uz nie
pomaly, ale niekedy nedocital celu stranku.
Toz som to fixol a poslal hlasenie vyvojarom.
Uz by to malo ist v pohode.
Prave som domigorval sql db na p
Hi,
I had a webserver with mod_perl and mysql on OpenBSD 4.4
Under heavy load or long running load, the box randomly freezes.
The problem was a bug in the uvm.
The fix is a uvm patch from Ariane in 01/2009.
Hope that will help you.
JG
On Wednesday 01 April 2009 11:52:11 Fredrik Hansson wrote:
> Hi all,
>
> We have a web server running apache (on OpenBSD 4.4) with php and mysql
> from packages.
>
> This morning it froze and we don't know why.
>
> The only thing we know is that the load was quite high, see output from
> top below.
Hi all,
We have a web server running apache (on OpenBSD 4.4) with php and mysql
from packages.
This morning it froze and we don't know why.
The only thing we know is that the load was quite high, see output from
top below.
Can't find anything in the logs, except maillog stating it is rejec
found the extra rule that's needed.
set state-policy if-bound
fixed it. thanks list!
On Sat, Oct 25, 2008 at 6:26 PM, Beavis <[EMAIL PROTECTED]> wrote:
> I'm trying out the synproxy feature on my test webserver I have the
> following rule.
>
> ext_if = "
I'm trying out the synproxy feature on my test webserver I have the
following rule.
ext_if = "ne3"
web_server = "192.168.4.7"
pass in on $ext_if inet proto tcp from any to $web_server port www
flags S/SA synproxy state
I can't seem to hit the website at al
ery
interface and only one of them processes them. They get out at the other
side and 'magically' routing is symmetrical, i.e. each firewall accepts
from webserver answers for the packets it sent out. PF is enabled.
And here follows the problem part.
With this described setup i have
Insan Praja SW wrote:
> On Tue, 26 Feb 2008 09:31:29 +0700, Ted Unangst <[EMAIL PROTECTED]>
> wrote:
>
>> On 2/25/08, Insan Praja SW <[EMAIL PROTECTED]> wrote:
>>> Hi Misc@,
>>> While testing my brandnew 4.3-beta AMD64.MP webserver, I apply a
>>
On Tue, 26 Feb 2008 09:31:29 +0700, Ted Unangst <[EMAIL PROTECTED]>
wrote:
On 2/25/08, Insan Praja SW <[EMAIL PROTECTED]> wrote:
Hi Misc@,
While testing my brandnew 4.3-beta AMD64.MP webserver, I apply a simple
pf.conf to let some connection in and all out. But something
inter
On 2/25/08, Insan Praja SW <[EMAIL PROTECTED]> wrote:
> Hi Misc@,
> While testing my brandnew 4.3-beta AMD64.MP webserver, I apply a simple
> pf.conf to let some connection in and all out. But something interesting
> came out, pf actually blocks my webserver googlebot ap
Hi Misc@,
While testing my brandnew 4.3-beta AMD64.MP webserver, I apply a simple
pf.conf to let some connection in and all out. But something interesting
came out, pf actually blocks my webserver googlebot apps originated from
the server, which is strange since I use "pass out all"
Mispunt wrote:
My suggestion would be this:
1 disk - OpenBSD install
raid disks:
1 partition - /var/mysql
1 partition - /var/www
On 3/24/07, Bray Mailloux <[EMAIL PROTECTED]> wrote:
Bray Mailloux wrote:
> Mispunt wrote:
>> I don't think it is a good idea to do that when you want to use PHP
>>
My suggestion would be this:
1 disk - OpenBSD install
raid disks:
1 partition - /var/mysql
1 partition - /var/www
1 partition - /var/www/tmp (this could be small)
Mispunt
On 3/24/07, Bray Mailloux <[EMAIL PROTECTED]> wrote:
Bray Mailloux wrote:
> Mispunt wrote:
>> I don't think it is a good id
Bray Mailloux wrote:
Mispunt wrote:
I don't think it is a good idea to do that when you want to use PHP
and some sort of database.
PHP requires a /tmp and I would put that on a seperate partition.
Beside that I think it is also a good idea to give the database a
partition.
The rest of /var/www
I'm not too knowledgeable in the security arena so this question may
prompt flogging.
My server has three hard drives, one contains the OpenBSD system and the
other two are blank and will be a raid mirror of the /var/www directory.
Is it wise to give over the entire drive for the mount point /
sonjaya a icrit :
> Thx is working, but how to set every i adduser have automatic add in
> /var/www/user/simbloic link .
> thx
I don't add users too often so I do this manually, but you could as well
use a shell script like the following:
#! /bin/sh
#
if test $# -ne 1; then
echo "usage: `base
sonjaya a icrit :
> Dear all
>
> I ussually use public html to allow user have space in out webserver,
> how to set in openbsd 3.9 because default i chroot.
>
> thx for advice
Look at UserDir in httpd.conf
I usually create my web accounts as follow:
1- create /var/www/acco
Thx is working, but how to set every i adduser have automatic add in
/var/www/user/simbloic link .
thx
On 1/16/07, Gilles Chehade <[EMAIL PROTECTED]> wrote:
sonjaya a icrit :
> Dear all
>
> I ussually use public html to allow user have space in out webserver,
> how to set in o
On 2007/01/16 18:58, sonjaya wrote:
> I ussually use public html to allow user have space in out webserver,
> how to set in openbsd 3.9 because default i chroot.
UserDir. Didn't you read the config file?
Dear all
I ussually use public html to allow user have space in out webserver,
how to set in openbsd 3.9 because default i chroot.
thx for advice
Joachim Schipper wrote:
I believe it is possible to set this up using FastCGI, which will
actually be (reasonably?) fast too.
Yes, I am a FastCGI fanboy.
I just spent the whole day setting up FastCGi using www/mod_fastcgi and
www/fcgi. I ended up with a server process, written C, that runs
h are used by several people.
> The Apache is running with $UID 67. Users can access the system by using
> scponly, which is jailed into /var/www. No problem here so far.
> This issue was, that all scripts must be readable or even writeable for
> the Apache Webserver. So one hacked
using
scponly, which is jailed into /var/www. No problem here so far.
This issue was, that all scripts must be readable or even writeable for
the Apache Webserver. So one hacked page could damage other vhosts by
writing some PHP code to access the other vhosts within /var/www.
My solution:
1. I
On Fri, Sep 29, 2006 at 11:16:44AM +0200, Toni Mueller wrote:
> Hello,
>
> On Thu, 28.09.2006 at 09:47:51 -0400, James Strandboge <[EMAIL PROTECTED]>
> wrote:
> > Its extra work, but you could setup completely different chroots for
> > each domain. This way each domain is isolated and you can ta
gt; > able to access the other Webdirectories and could read config.php,
> > > because they are doing it with the permissions of the webserver.
> > > Write access would be possible as well, since some parts need to have
> > > write access.
> > suExec + PHP is not
On 2006/09/29 11:16, Toni Mueller wrote:
> On Thu, 28.09.2006 at 09:47:51 -0400, James Strandboge <[EMAIL PROTECTED]>
> wrote:
> > Its extra work, but you could setup completely different chroots for
> > each domain. This way each domain is isolated and you can tailor each
> > one to the user's n
Hello,
On Thu, 28.09.2006 at 09:47:51 -0400, James Strandboge <[EMAIL PROTECTED]>
wrote:
> Its extra work, but you could setup completely different chroots for
> each domain. This way each domain is isolated and you can tailor each
> one to the user's needs.
with this, you quickly run into the
.php,
> > because they are doing it with the permissions of the webserver.
> > Write access would be possible as well, since some parts need to have
> > write access.
> >
> > I started to patch suExec to make it handle *.php and to make it
> > chroot-ready, but I wasn
well.
> > /htdocs/www.example.net belongs to theuser:www and has the
> > permissions rwxr-x---.
> >
> > The issue: If my users start to install a php-Filebrowser, they are
> > able to access the other Webdirectories and could read config.php,
> > because they are doin
t; permissions rwxr-x---.
>
> The issue: If my users start to install a php-Filebrowser, they are
> able to access the other Webdirectories and could read config.php,
> because they are doing it with the permissions of the webserver.
> Write access would be possible as well, since so
> permissions rwxr-x---.
>
> The issue: If my users start to install a php-Filebrowser, they are
> able to access the other Webdirectories and could read config.php,
> because they are doing it with the permissions of the webserver.
> Write access would be possible as well, s
he
> permissions rwxr-x---.
>
> The issue: If my users start to install a php-Filebrowser, they are
> able to access the other Webdirectories and could read config.php,
> because they are doing it with the permissions of the webserver.
php safe mode and basedir (set per vhost of cour
are
able to access the other Webdirectories and could read config.php,
because they are doing it with the permissions of the webserver.
Write access would be possible as well, since some parts need to have
write access.
I started to patch suExec to make it handle *.php and to make it
chroot-ready
public address?
Could it be because I am using hosts instead of DNS?
Any suggestions on web page tools for non-web devs?
Best regards,
rogern
John 3:16
From: "Roger Neth Jr" <[EMAIL PROTECTED]>
To: misc@openbsd.org
Subject: unable to get into internal webserver from outsi
lags S/SA
pass out on $ext_if proto { udp, icmp } all keep state
The webserver is a Sun Spark64 3.8-beta
with rc.conf.local httpd_flags=""
I am able to open the default "It Works" web page from http://192.168.1.5
internally, which is the web server inet address on hme0.
I have ipc
72 matches
Mail list logo
