Had an interesting conversation with a buddy last night. It started out as a shift-reduce problem with Bison and ended up a ping-pong of useful UNIX API:s. We concluded that despite having worked professionally with UNIX for over a decade, it is still very satisfying finding gems like these.
Most people are completely unaware they exist and end up rolling their own (buggy) implementations.
Update: This post was initially written Nov 14, 2015. It was a Saturday and I remember being extremely inspired when I wrote it. As it happens, I’ve continued adding to it over the years, and still do. So, as of Jul 2, 2017 I’m now bumping the modification date each time I add something new :-)
Reminder to self:
echo "https://ftp.eu.openbsd.org/pub/OpenBSD/" >/etc/installurl pkg_add git autoconf automake libtool
Select the latest versions, then add the following to
AUTOCONF_VERSION=2.69 AUTOMAKE_VERSION=1.15 export AUTOCONF_VERSION AUTOMAKE_VERSION
With your selected versions, of course.
Pound is a reverse proxy, load balancer, and HTTPS front-end for Web servers. It is available in Debian/Ubuntu and is very simple to set up:
First install the package, including OpenSSL, or LibreSSL:
sudo apt install pound openssl
Use OpenSSL to create a self-signed certificate:
mkdir ~/certs cd ~/certs openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes cat cert.pem key.pem > bundle.pem
Now, we move to the Merecat directory from the previous blog post and start it on port 8080:
cd ~/merecat ./src/merecat -p 8080 www/
Now, edit the default
/etc/pound/pound.cfg to include the following:
ListenHTTPS Address 0.0.0.0 Port 443 AddHeader "X-Forwarded-Proto: https" AddHeader "X-Forwarded-Port: 80" HeadRemove "X-Forwarded-Proto" HeadRemove "X-Forwarded-For" Cert "/home/jocke/certs/bundle.pem" # This is the address and TCP port where Merecat httpd runs Service BackEnd Address 127.0.0.1 Port 8080 End End End
We make sure to remove any existing
X-Forwarded-For header to prevent
any malicious client from injecting them beforehand. Then enable pound
And start the service
sudo /etc/init.d/pound restart
Your service is now available over HTTPS. Try it with curl, which needs
to be called with
-k to skip certificate validation:
curl -ki https://localhost/~jocke/ HTTP/1.0 200 OK testing stderr Content-Type: text/html;charset=utf-8 <html> <head><title>Hej</title></head> <body> <p>Hello, HTTP SPOKEN HERE</p> </body></html>
All done. Good Luck!
First install ikiwiki
sudo apt install ikiwiki libcgi-session-perl libcgi-formbuilder-perl
Follow the steps to setup a new Wiki or Blog. In this example we set up a
wiki in our
ikiwiki --setup /etc/ikiwiki/auto.setup ... Successfully set up wiki: url: http://localhost/~jocke/wiki srcdir: ~/wiki destdir: ~/public_html/wiki repository: ~/wiki.git To modify settings, edit ~/home.setup and then run: ikiwiki --setup ~/home.setup
By default Merecat has per-user
~/public_html support disabled, this
is for safety purposes. To build from source, here from GIT, use:
git clone https://github.com/troglobit/merecat ./autogen.sh ./configure --enable-public-html make sudo make install
Now, to start playing with Ikiwiki, simply start the httpd as your user on a non-priviliged port:
merecat -n -p 8080
… and open http://localhost:8080/~jocke/wiki/ in your browser
NOTE: Although Merecat httpd is a fork of thttpd. Compared to
its forefather Mercat is fully capable of running ikiwiki without any
patches. Problems with port not being included in
missing trailing slash in
PATH_INFO, have all been fixed.
Having worked with Linux for the last 20 years, and embedded for more than ten of them, I’ve become quite a fan of virtualization in general and Qemu in particular.
Qemu is a fantastic little tool, created by the Open Source superhero Fabrice Bellard. It can be used to verify an embedded system without having to deal with the problems of actual HW until you really have to. Don’t get me wrong, HW excites me like any other nerd, but if the HW is new and shaky it can be quite a pain to develop higher level functions.
My holy grail is to have a 100% complete and accurate virtualization target per architecture to test my various software projects on. That’s why I created TroglOS.