Felix Palmen :freebsd: :c64:<p>Earlier today, I added a "ProxyList" component to <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>swad</span></a> to get a list of proxies and, ideally, the "real" remote address for requests. It supports the custom (de-facto standard) X-Forwarded-For <a href="https://mastodon.bsd.cafe/tags/header" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>header</span></a> as well as the <a href="https://mastodon.bsd.cafe/tags/Forwarded" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Forwarded</span></a> header specified in <a href="https://mastodon.bsd.cafe/tags/RFC7239" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RFC7239</span></a>.</p><p>Well, I just learned I'll have to revisit this implementation with these horrible issues with the standardized(!) flavor in mind:</p><p><a href="https://adam-p.ca/blog/2022/03/forwarded-header-sabotage/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">adam-p.ca/blog/2022/03/forward</span><span class="invisible">ed-header-sabotage/</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
toot.wales is one of the many independent Mastodon servers you can use to participate in the fediverse.
We are the Mastodon social network for Wales and the Welsh, at home and abroad! Y rhwydwaith cymdeithasol annibynnol i Gymru, wedi'i bweru gan Mastodon!
Administered by:
Server stats:
719active users
toot.wales: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#swad
0 posts · 0 participants · 0 posts today
Felix Palmen :freebsd: :c64:<p>DId lots of smaller improvements to <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>swad</span></a> ... but first, I had to hunt down a crash 🤯. Finally found it was caused by my <a href="https://mastodon.bsd.cafe/tags/poser" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>poser</span></a> lib (to be fixed later): A connection there can resolve the hostname of a remote end and does so in a thread job to avoid blocking. If the connection dies meanwhile, the job is canceled. Seems my canceling mechanism relying on a signal to the thread is, well, not reliable (the signal can arrive delayed). Ok, for now just disabled name resolution to sidestep that.</p><p>Now, integration with <a href="https://mastodon.bsd.cafe/tags/nginx" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nginx</span></a> is much better. I intrdoduced (optional) custom headers to transport the authentication realm and the redirect URI, plus state management in the session, so these can be passed to the "auth" endpoint. This requires to make sure nginx always passes the session <a href="https://mastodon.bsd.cafe/tags/cookie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cookie</span></a>, Unfortunately, I still need a "hacky" redirect configuration for login in nginx. If auth_request could just pass the response body, this would be unnecessary .... 🙄 </p><p>The nginx configuration shows <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>swad</span></a> running on "files" and another nginx running on "wwwint" serving <a href="https://mastodon.bsd.cafe/tags/poudriere" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>poudriere</span></a> output there. This nginx instance helpfully adds cache hints, which I have to override, so a redirect works as expected when for example the swad session times out.</p><p><a href="https://mastodon.bsd.cafe/tags/C" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>C</span></a> <a href="https://mastodon.bsd.cafe/tags/coding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>coding</span></a></p>
Felix Palmen :freebsd: :c64:<p>First "production test" successful 💪 ... after band-aid "deployment" (IOW, scp binaries to the prod jail).</p><p><a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>swad</span></a> integrates with <a href="https://mastodon.bsd.cafe/tags/nginx" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nginx</span></a> exactly as I planned it. And <a href="https://mastodon.bsd.cafe/tags/PAM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PAM</span></a> authentication using a child process running as root also just works (while the main process dropped privileges). 🥳 </p><p>So, I guess I can say goodbye to <a href="https://mastodon.bsd.cafe/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> <a href="https://mastodon.bsd.cafe/tags/bots" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bots</span></a> hammering my poor DSL connection just to download poudriere build logs.</p><p>Still a lot to do for <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>swad</span></a>: Make it nicer. So many ideas. Best start would probably be to implement more credentials checking modules besides PAM.</p><p><a href="https://mastodon.bsd.cafe/tags/C" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>C</span></a> <a href="https://mastodon.bsd.cafe/tags/coding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>coding</span></a></p>
Just Krissy<p>I now live less than 10 minutes walk from these nice cows <a href="https://mastodonapp.uk/tags/cows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cows</span></a> <a href="https://mastodonapp.uk/tags/walk" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>walk</span></a> <a href="https://mastodonapp.uk/tags/swad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>swad</span></a> <a href="https://mastodonapp.uk/tags/swadlincote" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>swadlincote</span></a> <a href="https://mastodonapp.uk/tags/Derbyshire" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Derbyshire</span></a></p>
30YrdScreamer<p>I want the lad from <a href="https://mastodon.me.uk/tags/swad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>swad</span></a> to win</p><p><a href="https://mastodon.me.uk/tags/zhang" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>zhang</span></a> <a href="https://mastodon.me.uk/tags/joyce" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>joyce</span></a> <a href="https://mastodon.me.uk/tags/swadlincote" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>swadlincote</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload