Yesterday I wrote about how I ended up manually converting a FreeBSD 15 server and the eight jails it hosts to packaged base manually. I dashed that post off in a bit of a hurry because I knew that if I put it off until later I would probably never get around to it. 20 or so hours later, here’s a followup with some caveats and some tips on how to ensure the conversion goes well.
Continue reading “pkgbase: what can go wrong?”Tag: tech
pkgbasify
How to easily convert your FreeBSD 15 system to packaged base
I just spent the day catching up on FreeBSD email and events after a week of marshaling, and upgrading various systems to FreeBSD 15.1. Most of my various systems (servers, VMs, and jails) are still running 14.3 or 14.4 because, in my opinion, 15.0 shipped with too many unresolved warts, but now that 15.1 is out (albeit not yet announced) it is high time to not only upgrade everything to 15.1 but also make the switch to packaged base (which I was so far only using on one VM and one jail).
After a brief look at the FreeBSD Foundation’s pkgbasify script I came to the conclusion that I do not trust it to work correctly, so I developed my own method for converting a system from distribution sets to packaged base.
Continue reading “pkgbasify”DNS over TLS in FreeBSD with Quad9
It has come to my attention that Quad9 have a blog post providing incorrect instructions for how to set up a FreeBSD system to use their service. I have attempted to get in touch with the author and get him to correct it but have received no response. So here, for the benefit of the Great Search Engine Gods, is the correct procedure; see my earlier post on the topic for more details on how it works.
# cat >/etc/rc.conf.d/local_unbound <<EOF local_unbound_enable="yes" local_unbound_tls="yes" local_unbound_forwarders="9.9.9.9@853#dns.quad9.net 149.112.112.112@853#dns.quad9.net 2620:fe::fe@853#dns.quad9.net 2620:fe::9@853#dns.quad9.net" EOF # service local_unbound setup # service local_unbound restart
No need to reboot.
Note that if you only have IPv4, you may experience slightly degraded performance unless you leave out the IPv6 addresses from the local_unbound_forwarders line (and vice versa in the unlikely scenario where you only have IPv6).
Automatic Let’s Encrypt certificates in Apache with mod_md
Since 2.4.30, Apache comes with experimental support for ACME certificates (Let’s Encrypt et al.) in the form of mod_md (short for “managed domains”). It’s kind of a pain but it’s still better than what I had before, i.e. a mess of shell and Perl scripts based on Crypt::LE, and if your use case is limited to Apache, it appears to be simpler than Certbot as well. Unfortunately for me, it’s not very well documented and I wasted a considerable amount of time figuring out how to use it. Fortunately for you, I then decided to blog about it so you don’t have to repeat my mistakes.
Edit: the author of mod_md, Stefan Eissing, got in touch and pointed me to his own documentation, which is far superior to the one available from Apache.
Continue reading “Automatic Let’s Encrypt certificates in Apache with mod_md”wtf, zsh
wtf, zsh
wtf, zsh
% uname -sr
FreeBSD 12.1-RELEASE-p10
% for sh in sh csh bash zsh ; do printf "%-8s" $sh ; $sh -c 'echo \\x21' ; done
sh \x21
csh \x21
bash \x21
zsh !
% cowsay wtf, zsh
__________
< wtf, zsh >
----------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
I mean. Bruh. I know it’s intentional & documented & can be turned off, but every other shell defaults to POSIX semantics…
BTW:
% ln -s =zsh /tmp/sh % /tmp/sh -c 'echo \x21' \x21