The R720 is showing a message like this from time to time: Jan 1 07:42:20 r720-01 kernel: sonewconn: pcb 0xfffff835e785d5b8: Listen queue overflow: 8 already in queue awaiting acceptance (1 occurrences) Jan 1 08:02:21 r720-01 syslogd: last message repeated 1 times Jan 1 08:27:22 r720-01 kernel: sonewconn: pcb 0xfffff835e785d5b8: Listen queue overflow: 8 already in […]
Listen queue overflow Read More »
This post is all about moving poudriere from the host into a jail, but you could probably use it for creating a new jail and running poudriere in it. NOTE: If you’re looking for a jail configuration for poudriere, please refer to Configuration for running poudriere in a jail on FreeBSD 14 – it contains
Moving poudriere from the host into a jail Read More »
Today the drive caddies arrived for the R720. I refer to the services provided by the R710, not the server itself. I will list those services later and outline how I want to move them. I could do all this over this coming weekend but I have already allocated that time to some errands I
My plan for moving the R710 into the R720 Read More »
We know the routine. You have a desktop, and a laptop, or perhaps two laptops. You want your files in both places. A shared, remotely mounted directory is not ideal. Instead, let’s have the systems synchronize themselves. That’s where syncthing comes in: Syncthing replaces proprietary sync and cloud services with something open, trustworthy and decentralized.
using syncthing between my OSX laptop and my FreeBSD server Read More »
I noticed some double timestamps in my logs recently. They started just after I upgraded the host to FreeBSD 12, but I am not convinced they are related. This is from /var/log/messsages: Jan 22 21:41:40 knew 1 2019-01-22T21:41:40.760533+00:00 knew.int.unixathome.org pkg 89351 – – py36-iocage-devel upgraded: 1.0.0.20181219,1 -> 1.0.0.20190122,1 They started late yesterday, this is from
Double timestamps in logs Read More »
Today I gave up on my attempt to allow relay via SSL certificate fingerprints. Instead, I will use sasl auth. Yesterday I wrote about my SMTP deliver test which broke when an SSL certificate was updated. Later that day, I finished writing scripts which delivered that fingerprint file to all hosts which needed it. Today,
No more certificate fingerprints – only sasl auth instead Read More »
Let’s Encrypt is an easy way to get free SSL certificates in an automated manner. You may never have to manually do another cert renewal again. Last night, I received this email: From: Cron Daemon To: dan@langille.org Subject: Cron /usr/local/bin/cert-puller Date: Fri, 23 Feb 2018 23:57:00 +0000 (UTC) /etc/rc.conf: 3: not found /etc/rc.conf: yr: not
Postfix suddenly starts rejecting email it had been accepting Read More »
In the past, I’ve written about using acme.sh to automatically generate SSL certificates and distribute them to the required locations. I do this in a single central location, and the websites and mail servers grab their new certs from a webserver. At the time of writing, I was using FreeBSD 11.1 and acme.sh 2.7.4, supplied
Getting acme.sh to renew certs via cronjob on FreeBSD Read More »
In general, passphrase-less ssh keys are a security nightmare. It is similar to leaving the key to your front door in the lock. Anyone stumbling across it has access to your house. Similarly, if someone gets your ssh key, and there is no passphrase on it, they can use that key for anything which grants
subversion via ssh passphrase-less key Read More »
I have already described how I use acme.sh to obtain SSL certificates from Let’s Encrypt. Today, I’m going to show you how I use anvil to copy those certificates from the original location to another directory, which is then used for rsync by another jail. Throughout this blog post, it is assumed that the cert-shifter
cert-shifter: copying certificates from acme.sh to a fresh directory Read More »