Search Results for: anvil

mosquitto: upgrade from 1.x to 2.x requires configuration changes to keep working

I updated net/mosquitto from 1.6.7_1 to 2.0.8 on March 14, 2021. It did not get restarted at that time. It wasn’t until sysutils/anvil brought in a new certificate and attempted to restart mosquitto did the monitoring start detecting the problem: mosquitto wasn’t running. It’s the pid file Looking into it, nothing was logged when starting via rc.d: $ sudo service mosquitto start Starting mosquitto. Starting it from the command line gave useful information: […]

mosquitto: upgrade from 1.x to 2.x requires configuration changes to keep working Read More »

Listen queue overflow

The R720 is showing a message like this from time to time: Jan 1 07:42:20 r720-01 kernel: sonewconn: pcb 0xfffff835e785d5b8: Listen queue overflow: 8 already in queue awaiting acceptance (1 occurrences) Jan 1 08:02:21 r720-01 syslogd: last message repeated 1 times Jan 1 08:27:22 r720-01 kernel: sonewconn: pcb 0xfffff835e785d5b8: Listen queue overflow: 8 already in queue awaiting acceptance (2 occurrences) Jan 1 16:07:04 r720-01 kernel: sonewconn: pcb 0xfffff835e785d5b8: Listen queue overflow: 8 already

Listen queue overflow Read More »

Moving poudriere from the host into a jail

This post is all about moving poudriere from the host into a jail, but you could probably use it for creating a new jail and running poudriere in it. NOTE: If you’re looking for a jail configuration for poudriere, please refer to Configuration for running poudriere in a jail on FreeBSD 14 – it contains new stuff, like mlock (thanks to feld for pointing this out). This also assumes use of iocage, but

Moving poudriere from the host into a jail Read More »

My plan for moving the R710 into the R720

Today the drive caddies arrived for the R720. I refer to the services provided by the R710, not the server itself. I will list those services later and outline how I want to move them. I could do all this over this coming weekend but I have already allocated that time to some errands I have to catch up on. Physical things This section discusses the physical things which must move. Drives There

My plan for moving the R710 into the R720 Read More »

using syncthing between my OSX laptop and my FreeBSD server

We know the routine. You have a desktop, and a laptop, or perhaps two laptops. You want your files in both places. A shared, remotely mounted directory is not ideal. Instead, let’s have the systems synchronize themselves. That’s where syncthing comes in: Syncthing replaces proprietary sync and cloud services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is

using syncthing between my OSX laptop and my FreeBSD server Read More »

Double timestamps in logs

I noticed some double timestamps in my logs recently. They started just after I upgraded the host to FreeBSD 12, but I am not convinced they are related. This is from /var/log/messsages: Jan 22 21:41:40 knew 1 2019-01-22T21:41:40.760533+00:00 knew.int.unixathome.org pkg 89351 – – py36-iocage-devel upgraded: 1.0.0.20181219,1 -> 1.0.0.20190122,1 They started late yesterday, this is from /var/log/maillog: Jan 21 22:28:58 knew 1 2019-01-21T22:28:58.677083+00:00 knew.int.unixathome.org postfix/anvil 42521 – – statistics: max connection rate 1/60s for

Double timestamps in logs Read More »

No more certificate fingerprints – only sasl auth instead

Today I gave up on my attempt to allow relay via SSL certificate fingerprints. Instead, I will use sasl auth. Yesterday I wrote about my SMTP deliver test which broke when an SSL certificate was updated. Later that day, I finished writing scripts which delivered that fingerprint file to all hosts which needed it. Today, I abandoned that approach in favor of sasl. From the time I decided to use sasl to my

No more certificate fingerprints – only sasl auth instead Read More »

Postfix suddenly starts rejecting email it had been accepting

Let’s Encrypt is an easy way to get free SSL certificates in an automated manner. You may never have to manually do another cert renewal again. Last night, I received this email: From: Cron Daemon To: dan@langille.org Subject: Cron /usr/local/bin/cert-puller Date: Fri, 23 Feb 2018 23:57:00 +0000 (UTC) /etc/rc.conf: 3: not found /etc/rc.conf: yr: not found /etc/rc.conf: 3: not found /etc/rc.conf: yr: not found Little did I know when I tweeted about it,

Postfix suddenly starts rejecting email it had been accepting Read More »

Getting acme.sh to renew certs via cronjob on FreeBSD

In the past, I’ve written about using acme.sh to automatically generate SSL certificates and distribute them to the required locations. I do this in a single central location, and the websites and mail servers grab their new certs from a webserver. At the time of writing, I was using FreeBSD 11.1 and acme.sh 2.7.4, supplied by the FreeBSD port, in a jail. Nagios warned me that one of my Let’s Encrypt certificates was

Getting acme.sh to renew certs via cronjob on FreeBSD Read More »

subversion via ssh passphrase-less key

In general, passphrase-less ssh keys are a security nightmare. It is similar to leaving the key to your front door in the lock. Anyone stumbling across it has access to your house. Similarly, if someone gets your ssh key, and there is no passphrase on it, they can use that key for anything which grants access to that key. Side note: How can you tell if a given ssh key has a passphrase?

subversion via ssh passphrase-less key Read More »

Scroll to Top