2020

No IPv6 routes on AWS EC2 FreeBSD 12.2 instance

Leave a Comment / AWS / By /

I’m trying and failing to get IPv6 routing working on my AWS EC2 FreeBSD 12.2 instance. My current status: The host has an IPv6 address rtsol is running ping6 google.ca gives ping6: UDP connect: No route to host no issues with IP4 traffic In this post, I will work through Migrating to IPv6 with the goal of simultaneously solving the problem and documenting the current configuration for all who can help. Some of […]

No IPv6 routes on AWS EC2 FreeBSD 12.2 instance Read More »

Today I faced the first consequences of my TXT & Let’s Encrypt strict policy

Leave a Comment / DNS, Let's Encrypt, named, Open Source, Security / By /

Today I faced the first implications of deciding to tightly restrict the use of nsupdate keys for modifying TXT records for dns-01 challenges with Let’s Encrypt. Context This section should be on news.freshports.org and you can skip it to get to the real stuff. Today I’m working on a mostly automated FreshPorts node deployment. A FreshPorts node consists of: host server – A FreeBSD host which contains the other nodes database – holds

Today I faced the first consequences of my TXT & Let’s Encrypt strict policy Read More »

Creating a very specific TXT only nsupdate connection for Let’s Encrypt

Leave a Comment / DNS, Let's Encrypt, named, Security / By /

In the interests of maintaining Michael W Lucas in the lifestyle to which he has become accustomed, I am creating this blog post. Although Mr Lucas was the first to post, he is not solely to blame for my burdensome workload. Jan-Piet Mens and Evan Hunt also have much to answer for. Their misdeeds include mentioning newer BIND tools which necessitated an update to an older blog post. The worst of them all,

Creating a very specific TXT only nsupdate connection for Let’s Encrypt Read More »

writing random data via geli

Leave a Comment / Disks / By /

You might recall that suspect drive from the zpool replace on the weekend. Thomas Hurst suggested: Might be worth overwriting the drive, try to encourage it to actually reallocate the sectors now the data on them is no longer needed. I, being one to take advice from people on the internet, and Michael W Lucas, decided to try his suggestion. The drive in question. [dan@knew:~] $ tail /var/log/messages Dec 14 00:00:00 knew newsyslog[88570]:

writing random data via geli Read More »

The replacement – a followup

Leave a Comment / FreeBSD, ZFS / By /

Yesterday, I started a zpool replace. It finished overnight, and dropped the suspect drive out of the vdev. The resilver finished in the middle of the night: As you can see, da22p1 has taken the place of da17p1. The resilver took As the new drive is being resilvered, I started looking at metrics. Here is gstat. Look at how da22, the replacement drive is getting all the writes, compared to the others. LibreNMS

The replacement – a followup Read More »

Replacing a failing drive in a ZFS zpool

Leave a Comment / Disks, hardware, ZFS / By /

In this post I will replace a working, but suspect, drive with another drive. No down time. The server is knew. In this post: FreeBSD 12.2 ZFS TOSHIBA MD04ACA500 5TB drive – the suspect drive: da17 TOSHIBA HDWE150 5TB drive – the replacement: da22 None of these drives are under warranty What drives are in this server? I have had good luck with Toshiba DT01ACA300 3TB drives (presenting as Hitachi HDS723030BLE640), starting a

Replacing a failing drive in a ZFS zpool Read More »

smartctl output TOSHIBA MD04ACA500 653AK2MXFS9A

Leave a Comment / FreeBSD, Open Source, ZFS / By /

It is time to replace /dev/da17 in knew. The replacement drive is also documented. The replacement procedure has also been documented. An upcoming blog post will document the replacement. I’m seeing these messages: Dec 12 09:23:03 knew smartd[2124]: Device: /dev/da17 [SAT], 40 Currently unreadable (pending) sectors Dec 12 09:53:04 knew syslogd: last message repeated 1 times Dec 12 10:23:03 knew syslogd: last message repeated 1 times Dec 12 10:53:04 knew syslogd: last message

smartctl output TOSHIBA MD04ACA500 653AK2MXFS9A Read More »

Missing dependencies from mail/mailman3

Leave a Comment / Mail, Mailman / By /

This started off as a migration. It went down a rabbit hole of incorrect and undeclared dependencies. I’m going to post this as documentation for the required ports update. I’m migrating from Mailman 2.1 to Mailman 3 not because I want to but because Python 2.7 is deprecated. I’m sick of seeing these monitoring messages: In this post: FreeBSD 12.1 mailman-2.1.34 (source) py37-mailman-3.3.1 (destination) Snapshots I’m taking a snapshot of this FreeBSD iocage

Missing dependencies from mail/mailman3 Read More »

Hosting multiple web servers behind a single IP address

Leave a Comment / FreeBSD, nginx, Open Source / By /

Virtual hosts for a website are a thing. One webserver can host multiple websites. They can all be on the same IP address, different IP addresses, different ports, etc. This post is about using a proxy service. Before I started with this solution, at home I hosted every website on the same server. My firewall would redirect incoming ports 80 and 443 to my webserver, and Nginx/Apache would take care of the rest.

Hosting multiple web servers behind a single IP address Read More »

Scroll to Top