Had an interesting conversation with a buddy last night. It started out as a shift-reduce problem with Bison and ended up a ping-pong of useful UNIX API:s. We concluded that despite having worked professionally with UNIX for over a decade, it is still very satisfying finding gems like these.

Most people are completely unaware they exist and end up rolling their own (buggy) implementations.

Update: This post was initially written Nov 14, 2015. It was a Saturday and I remember being extremely inspired when I wrote it. As it happens, I’ve continued adding to it over the years, and still do. So, as of Jul 2, 2017 I’m now bumping the modification date each time I add something new :-)

Reminder to self:

echo "https://ftp.eu.openbsd.org/pub/OpenBSD/" >/etc/installurl
pkg_add git autoconf automake libtool

Select the latest versions, then add the following to ~/.profile:


With your selected versions, of course.

This is a HTTPS proxy HowTo for Merecat httpd using pound and OpenSSL.

Pound is a reverse proxy, load balancer, and HTTPS front-end for Web servers. It is available in Debian/Ubuntu and is very simple to set up:

First install the package, including OpenSSL, or LibreSSL:

sudo apt install pound openssl

Use OpenSSL to create a self-signed certificate:

mkdir ~/certs
cd  ~/certs
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
cat cert.pem key.pem > bundle.pem

Now, we move to the Merecat directory from the previous blog post and start it on port 8080:

cd ~/merecat
./src/merecat -p 8080 www/

Now, edit the default /etc/pound/pound.cfg to include the following:

    Port 443
    AddHeader "X-Forwarded-Proto: https"
    AddHeader "X-Forwarded-Port: 80"
    HeadRemove "X-Forwarded-Proto"
    HeadRemove "X-Forwarded-For"
    Cert "/home/jocke/certs/bundle.pem"

    # This is the address and TCP port where Merecat httpd runs
                    Port 8080

We make sure to remove any existing X-Forwarded-For header to prevent any malicious client from injecting them beforehand. Then enable pound by editing /etc/default/pound


And start the service

sudo /etc/init.d/pound restart

Your service is now available over HTTPS. Try it with curl, which needs to be called with -k to skip certificate validation:

curl -ki https://localhost/~jocke/
HTTP/1.0 200 OK
testing stderr
Content-Type: text/html;charset=utf-8

<p>Hello, HTTP SPOKEN HERE</p>

All done. Good Luck!

This is a HowTo for setting up ikiwiki with Merecat httpd.

First install ikiwiki

sudo apt install ikiwiki libcgi-session-perl libcgi-formbuilder-perl

Follow the steps to setup a new Wiki or Blog. In this example we set up a wiki in our ~/public_html:

ikiwiki --setup /etc/ikiwiki/auto.setup
Successfully set up wiki:
url:         http://localhost/~jocke/wiki
srcdir:      ~/wiki
destdir:     ~/public_html/wiki
repository:  ~/wiki.git

To modify settings, edit ~/home.setup and then run:
    ikiwiki --setup ~/home.setup

By default Merecat has per-user ~/public_html support disabled, this is for safety purposes. To build from source, here from GIT, use:

git clone https://github.com/troglobit/merecat
./configure --enable-public-html
sudo make install

Now, to start playing with Ikiwiki, simply start the httpd as your user on a non-priviliged port:

merecat -n -p 8080

… and open http://localhost:8080/~jocke/wiki/ in your browser :smiley:

NOTE: Although Merecat httpd is a fork of thttpd. Compared to its forefather Mercat is fully capable of running ikiwiki without any patches. Problems with port not being included in HTTP_HOST or missing trailing slash in PATH_INFO, have all been fixed.


Having worked with Linux for the last 20 years, and embedded for more than ten of them, I’ve become quite a fan of virtualization in general and Qemu in particular.

Qemu is a fantastic little tool, created by the Open Source superhero Fabrice Bellard. It can be used to verify an embedded system without having to deal with the problems of actual HW until you really have to. Don’t get me wrong, HW excites me like any other nerd, but if the HW is new and shaky it can be quite a pain to develop higher level functions.

My holy grail is to have a 100% complete and accurate virtualization target per architecture to test my various software projects on. That’s why I created TroglOS.