Go Back   DaemonForums > DaemonForums.org > Feedback and Suggestions

Feedback and Suggestions We want to hear your thoughts and ideas!

Thread Tools Display Modes
Old 9th August 2022
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
Join Date: May 2008
Location: USA
Posts: 7,993

There's no rewrite for users of http:// URLs. For all of them, this site appears to be down. (I was a victim of this issue, and saw a complaint posted about daemonforums.org at linuxquestions.org, where I learned about ths switch to https.)
Reply With Quote
Old 10th August 2022
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,134

There is a 301 permanent redirect :
     42 server  "daemonforums.org" {
     43         listen on egress  port 80
     44         log { style forwarded
     45                access http80_access.log
     46                error  http80_error.log
     47         }
     48         root "/htdocs"
     49         block return 301 "https://daemonforums.org$REQUEST_URI"
     50 }
But guess what was in my pf.conf:
block in quick on egress inet proto tcp from !  $ME  to port http
I found that out by checklng the httpd error log and only saw redirects from my IP .....

I put that in place to allow me to test the relayd setup TLS proxying , while still allowing direct httpd access to the original daemonforums site.
I just forgot to comment that out
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Old 10th August 2022
hitest's Avatar
hitest hitest is offline
Real Name: George Nielsen
VPN Cryptographer
Join Date: Sep 2008
Location: B.C., Canada
Posts: 377

Thanks for the big change!
Reply With Quote
Old 11th August 2022
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin Tournoij
Tcpdump Spy
Join Date: Apr 2008
Location: Ireland
Posts: 2,245

Originally Posted by J65nko View Post
But it is through a dirty hack. I put a HTTPS proxy/relay in front of the original site
Doesn't sound like such a dirty hack to me; it's how I run most services (usually with hitch). This way you just have one process dealing with https, and everything else can remain using plain HTTP. "Do one thing and do it well" and all of that.

With something like Caddy running as a proxy you can get Let's Encrypt certificates for free, too.
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
DaemonForums and https? hitest Off-Topic 11 24th August 2017 04:34 AM
Relayd as a HTTPS client e1-531g OpenBSD Security 4 11th January 2016 07:11 PM
snownews to support https daemonfowl OpenBSD Packages and Ports 9 26th October 2013 06:13 PM
https ports on PF mug23 OpenBSD Security 5 4th March 2011 10:11 PM

All times are GMT. The time now is 05:46 PM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick