diff options
| author | Paul Buetow <paul@buetow.org> | 2026-01-31 19:51:07 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2026-01-31 19:51:07 +0200 |
| commit | da96c83f00a257ac6797632e8fa10018df9f4a33 (patch) | |
| tree | 1927a65d060dd4013bcdff6b4619e9f19e08d13f | |
| parent | 691f25e08383ac9cd7b2e9cfcf9f91b5f77f900d (diff) | |
Update content for html
| -rw-r--r-- | about/resources.html | 212 | ||||
| -rw-r--r-- | gemfeed/2025-07-14-f3s-kubernetes-with-freebsd-part-6.html | 12 | ||||
| -rw-r--r-- | gemfeed/DRAFT-ipv6test-deployment.html | 322 | ||||
| -rw-r--r-- | gemfeed/atom.xml | 14 | ||||
| -rw-r--r-- | index.html | 2 | ||||
| -rw-r--r-- | uptime-stats.html | 44 |
6 files changed, 466 insertions, 140 deletions
diff --git a/about/resources.html b/about/resources.html index 210a2fff..27e4197d 100644 --- a/about/resources.html +++ b/about/resources.html @@ -50,67 +50,67 @@ <span>In random order:</span><br /> <br /> <ul> -<li>Data Science at the Command Line; Jeroen Janssens; O'Reilly</li> -<li>Effective Java; Joshua Bloch; Addison-Wesley Professional</li> -<li>Leanring eBPF; Liz Rice; O'Reilly</li> -<li>The Practise of System and Network Administration; Thomas A. Limoncelli, Christina J. Hogan, Strata R. Chalup; Addison-Wesley Professional Pro Git; Scott Chacon, Ben Straub; Apress</li> +<li>DNS and BIND; Cricket Liu; O'Reilly</li> +<li>21st Century C: C Tips from the New School; Ben Klemens; O'Reilly</li> +<li>DevOps And Site Reliability Engineering Handbook; Stephen Fleming; Audible</li> +<li>C++ Programming Language; Bjarne Stroustrup;</li> <li>The DevOps Handbook; Gene Kim, Jez Humble, Patrick Debois, John Willis; Audible</li> -<li>Effective awk programming; Arnold Robbins; O'Reilly</li> -<li>Funktionale Programmierung; Peter Pepper; Springer</li> -<li>Kubernetes Cookbook; Sameer Naik, Sébastien Goasguen, Jonathan Michaux; O'Reilly</li> -<li>100 Go Mistakes and How to Avoid Them; Teiva Harsanyi; Manning Publications</li> +<li>Clusterbau mit Linux-HA; Michael Schwartzkopff; O'Reilly</li> +<li>Chaos Engineering - System Resiliency in Practice; Casey Rosenthal and Nora Jones; eBook</li> +<li>Amazon Web Services in Action; Michael Wittig and Andreas Wittig; Manning Publications</li> +<li>Data Science at the Command Line; Jeroen Janssens; O'Reilly</li> +<li>Raku Recipes; J.J. Merelo; Apress</li> +<li>Programming Ruby 3.3 (5th Edition); Noel Rappin, with Dave Thomas; The Pragmatic Bookshelf</li> <li>Concurrency in Go; Katherine Cox-Buday; O'Reilly</li> <li>Hands-on Infrastructure Monitoring with Prometheus; Joel Bastos, Pedro Araujo; Packt </li> -<li>Go Brain Teasers - Exercise Your Mind; Miki Tebeka; The Pragmatic Programmers</li> -<li>Chaos Engineering - System Resiliency in Practice; Casey Rosenthal and Nora Jones; eBook</li> -<li>Ultimate Go Notebook; Bill Kennedy</li> +<li>Higher Order Perl; Mark Dominus; Morgan Kaufmann</li> <li>Learn You Some Erlang for Great Good; Fred Herbert; No Starch Press</li> +<li>Kubernetes Cookbook; Sameer Naik, Sébastien Goasguen, Jonathan Michaux; O'Reilly</li> +<li>The Pragmatic Programmer; David Thomas; Addison-Wesley</li> +<li>Effective Java; Joshua Bloch; Addison-Wesley Professional</li> <li>Developing Games in Java; David Brackeen and others...; New Riders</li> -<li>Pro Puppet; James Turnbull, Jeffrey McCune; Apress</li> -<li>The KCNA (Kubernetes and Cloud Native Associate) Book; Nigel Poulton</li> -<li>Tmux 2: Productive Mouse-free Development; Brain P. Hogan; The Pragmatic Programmers </li> -<li>The Docker Book; James Turnbull; Kindle</li> -<li>Amazon Web Services in Action; Michael Wittig and Andreas Wittig; Manning Publications</li> -<li>C++ Programming Language; Bjarne Stroustrup;</li> -<li>Raku Fundamentals; Moritz Lenz; Apress</li> -<li>The Go Programming Language; Alan A. A. Donovan; Addison-Wesley Professional</li> +<li>The Practise of System and Network Administration; Thomas A. Limoncelli, Christina J. Hogan, Strata R. Chalup; Addison-Wesley Professional Pro Git; Scott Chacon, Ben Straub; Apress</li> +<li>Effective awk programming; Arnold Robbins; O'Reilly</li> +<li>Seeking SRE: Conversations About Running Production Systems at Scale; David N. Blank-Edelman; eBook</li> <li>Think Raku (aka Think Perl 6); Laurent Rosenfeld, Allen B. Downey; O'Reilly</li> -<li>DevOps And Site Reliability Engineering Handbook; Stephen Fleming; Audible</li> +<li>The Go Programming Language; Alan A. A. Donovan; Addison-Wesley Professional</li> +<li>Object-Oriented Programming with ANSI-C; Axel-Tobias Schreiner</li> +<li>Perl New Features; Joshua McAdams, brian d foy; Perl School</li> +<li>Systemprogrammierung in Go; Frank Müller; dpunkt</li> <li>Programming Perl aka "The Camel Book"; Tom Christiansen, brian d foy, Larry Wall & Jon Orwant; O'Reilly</li> -<li>Raku Recipes; J.J. Merelo; Apress</li> -<li>Clusterbau mit Linux-HA; Michael Schwartzkopff; O'Reilly</li> -<li>21st Century C: C Tips from the New School; Ben Klemens; O'Reilly</li> -<li>Java ist auch eine Insel; Christian Ullenboom; </li> +<li>The Docker Book; James Turnbull; Kindle</li> <li>Terraform Cookbook; Mikael Krief; Packt Publishing</li> -<li>Modern Perl; Chromatic ; Onyx Neon Press</li> -<li>Perl New Features; Joshua McAdams, brian d foy; Perl School</li> -<li>Higher Order Perl; Mark Dominus; Morgan Kaufmann</li> -<li>Learn You a Haskell for Great Good!; Miran Lipovaca; No Starch Press</li> -<li>Object-Oriented Programming with ANSI-C; Axel-Tobias Schreiner</li> -<li>Systems Performance Tuning; Gian-Paolo D. Musumeci and others...; O'Reilly</li> -<li>Site Reliability Engineering; How Google runs production systems; O'Reilly</li> <li>97 things every SRE should know; Emil Stolarsky, Jaime Woo; O'Reilly</li> -<li>DNS and BIND; Cricket Liu; O'Reilly</li> -<li>Systemprogrammierung in Go; Frank Müller; dpunkt</li> +<li>Funktionale Programmierung; Peter Pepper; Springer</li> +<li>The KCNA (Kubernetes and Cloud Native Associate) Book; Nigel Poulton</li> +<li>Leanring eBPF; Liz Rice; O'Reilly</li> +<li>Learn You a Haskell for Great Good!; Miran Lipovaca; No Starch Press</li> +<li>Raku Fundamentals; Moritz Lenz; Apress</li> +<li>Pro Puppet; James Turnbull, Jeffrey McCune; Apress</li> +<li>Go Brain Teasers - Exercise Your Mind; Miki Tebeka; The Pragmatic Programmers</li> <li>Polished Ruby Programming; Jeremy Evans; Packt Publishing</li> -<li>The Pragmatic Programmer; David Thomas; Addison-Wesley</li> -<li>Distributed Systems: Principles and Paradigms; Andrew S. Tanenbaum; Pearson</li> -<li>Seeking SRE: Conversations About Running Production Systems at Scale; David N. Blank-Edelman; eBook</li> -<li>Programming Ruby 3.3 (5th Edition); Noel Rappin, with Dave Thomas; The Pragmatic Bookshelf</li> +<li>Java ist auch eine Insel; Christian Ullenboom; </li> <li>The Kubernetes Book; Nigel Poulton; Unabridged Audiobook</li> +<li>Ultimate Go Notebook; Bill Kennedy</li> +<li>Tmux 2: Productive Mouse-free Development; Brain P. Hogan; The Pragmatic Programmers </li> +<li>Distributed Systems: Principles and Paradigms; Andrew S. Tanenbaum; Pearson</li> +<li>Systems Performance Tuning; Gian-Paolo D. Musumeci and others...; O'Reilly</li> +<li>100 Go Mistakes and How to Avoid Them; Teiva Harsanyi; Manning Publications</li> +<li>Site Reliability Engineering; How Google runs production systems; O'Reilly</li> +<li>Modern Perl; Chromatic ; Onyx Neon Press</li> </ul><br /> <h2 style='display: inline' id='technical-references'>Technical references</h2><br /> <br /> <span>I didn't read them from the beginning to the end, but I am using them to look up things. The books are in random order:</span><br /> <br /> <ul> -<li>Groovy Kurz & Gut; Joerg Staudemeier; O'Reilly</li> +<li>Understanding the Linux Kernel; Daniel P. Bovet, Marco Cesati; O'Reilly</li> <li>BPF Performance Tools - Linux System and Application Observability, Brendan Gregg; Addison Wesley</li> -<li>Go: Design Patterns for Real-World Projects; Mat Ryer; Packt</li> <li>The Linux Programming Interface; Michael Kerrisk; No Starch Press </li> -<li>Understanding the Linux Kernel; Daniel P. Bovet, Marco Cesati; O'Reilly</li> -<li>Implementing Service Level Objectives; Alex Hidalgo; O'Reilly</li> <li>Relayd and Httpd Mastery; Michael W Lucas</li> +<li>Groovy Kurz & Gut; Joerg Staudemeier; O'Reilly</li> +<li>Go: Design Patterns for Real-World Projects; Mat Ryer; Packt</li> +<li>Implementing Service Level Objectives; Alex Hidalgo; O'Reilly</li> <li>Algorithms; Robert Sedgewick, Kevin Wayne; Addison Wesley</li> </ul><br /> <h2 style='display: inline' id='self-development-and-soft-skills-books'>Self-development and soft-skills books</h2><br /> @@ -118,44 +118,44 @@ <span>In random order:</span><br /> <br /> <ul> -<li>Digital Minimalism; Cal Newport; Portofolio Penguin</li> -<li>Consciousness: A Very Short Introduction; Susan Blackmore; Oxford Uiversity Press</li> -<li>The Courage to Be Disliked; Ichiro Kishimi and Fumitake Koga; Audiobook</li> -<li>The Phoenix Project - A Novel About IT, DevOps, and Helping your Business Win; Gene Kim and Kevin Behr; Trade Select</li> -<li>97 Things Every Engineering Manager Should Know; Camille Fournier; Audiobook</li> +<li>Influence without Authority; A. Cohen, D. Bradford; Wiley</li> +<li>Slow Productivity; Cal Newport; Penguin Random House</li> +<li>Psycho-Cybernetics; Maxwell Maltz; Perigee Books</li> +<li>Who Moved My Cheese?; Dr. Spencer Johnson; Vermilion</li> <li>Atomic Habits; James Clear; Random House Business</li> -<li>Soft Skills; John Sommez; Manning Publications</li> +<li>The Daily Stoic; Ryan Holiday, Stephen Hanselman; Profile Books</li> <li>Ultralearning; Scott Young; Thorsons</li> -<li>Coders at Work - Reflections on the craft of programming, Peter Seibel and Mitchell Dorian et al., Audiobook</li> -<li>The Good Enough Job; Simone Stolzoff; Ebury Edge</li> -<li>Psycho-Cybernetics; Maxwell Maltz; Perigee Books</li> +<li>The Off Switch; Mark Cropley; Virgin Books (RE-READ 1ST TIME)</li> +<li>97 Things Every Engineering Manager Should Know; Camille Fournier; Audiobook</li> +<li>The Joy of Missing Out; Christina Crook; New Society Publishers</li> <li>So Good They Can't Ignore You; Cal Newport; Business Plus</li> -<li>Time Management for System Administrators; Thomas A. Limoncelli; O'Reilly</li> -<li>The Power of Now; Eckhard Tolle; Yellow Kite</li> -<li>The Daily Stoic; Ryan Holiday, Stephen Hanselman; Profile Books</li> -<li>Eat That Frog!; Brian Tracy; Hodder Paperbacks</li> -<li>Eat That Frog; Brian Tracy</li> -<li>Staff Engineer: Leadership beyond the management track; Will Larson; Audiobook</li> +<li>Search Inside Yourself - The Unexpected path to Achieving Success, Happiness (and World Peace); Chade-Meng Tan, Daniel Goleman, Jon Kabat-Zinn; HarperOne</li> <li>Never Split the Difference; Chris Voss, Tahl Raz; Random House Business</li> -<li>The Bullet Journal Method; Ryder Carroll; Fourth Estate</li> -<li>Deep Work; Cal Newport; Piatkus</li> +<li>Buddah and Einstein walk into a Bar; Guy Joseph Ale, Claire Bloom; Blackstone Publishing</li> <li>The Obstacle Is The Way; Ryan Holiday; Profile Books Ltd</li> -<li>The Joy of Missing Out; Christina Crook; New Society Publishers</li> -<li>Getting Things Done; David Allen</li> -<li>Stop starting, start finishing; Arne Roock; Lean-Kanban University </li> -<li>Meditation for Mortals, Oliver Burkeman, Audiobook</li> -<li>Who Moved My Cheese?; Dr. Spencer Johnson; Vermilion</li> -<li>101 Essays that change the way you think; Brianna Wiest; Audiobook</li> -<li>The Complete Software Developer's Career Guide; John Sonmez; Unabridged Audiobook</li> -<li>Influence without Authority; A. Cohen, D. Bradford; Wiley</li> <li>The Software Engineer's Guidebook: Navigating senior, tech lead, and staff engineer positions at tech companies and startups; Gergely Orosz; Audiobook </li> -<li>The 7 Habits Of Highly Effective People; Stephen R. Covey; Simon & Schuster UK</li> -<li>Buddah and Einstein walk into a Bar; Guy Joseph Ale, Claire Bloom; Blackstone Publishing</li> -<li>Slow Productivity; Cal Newport; Penguin Random House</li> -<li>Ultralearning; Anna Laurent; Self-published via Amazon</li> -<li>Search Inside Yourself - The Unexpected path to Achieving Success, Happiness (and World Peace); Chade-Meng Tan, Daniel Goleman, Jon Kabat-Zinn; HarperOne</li> +<li>Digital Minimalism; Cal Newport; Portofolio Penguin</li> +<li>Eat That Frog!; Brian Tracy; Hodder Paperbacks</li> +<li>The Courage to Be Disliked; Ichiro Kishimi and Fumitake Koga; Audiobook</li> +<li>Deep Work; Cal Newport; Piatkus</li> +<li>Consciousness: A Very Short Introduction; Susan Blackmore; Oxford Uiversity Press</li> +<li>The Good Enough Job; Simone Stolzoff; Ebury Edge</li> <li>Solve for Happy; Mo Gawdat (RE-READ 1ST TIME)</li> -<li>The Off Switch; Mark Cropley; Virgin Books (RE-READ 1ST TIME)</li> +<li>Staff Engineer: Leadership beyond the management track; Will Larson; Audiobook</li> +<li>Time Management for System Administrators; Thomas A. Limoncelli; O'Reilly</li> +<li>Ultralearning; Anna Laurent; Self-published via Amazon</li> +<li>The 7 Habits Of Highly Effective People; Stephen R. Covey; Simon & Schuster UK</li> +<li>Eat That Frog; Brian Tracy</li> +<li>Meditation for Mortals, Oliver Burkeman, Audiobook</li> +<li>Coders at Work - Reflections on the craft of programming, Peter Seibel and Mitchell Dorian et al., Audiobook</li> +<li>Stop starting, start finishing; Arne Roock; Lean-Kanban University </li> +<li>Soft Skills; John Sommez; Manning Publications</li> +<li>The Complete Software Developer's Career Guide; John Sonmez; Unabridged Audiobook</li> +<li>Getting Things Done; David Allen</li> +<li>101 Essays that change the way you think; Brianna Wiest; Audiobook</li> +<li>The Bullet Journal Method; Ryder Carroll; Fourth Estate</li> +<li>The Power of Now; Eckhard Tolle; Yellow Kite</li> +<li>The Phoenix Project - A Novel About IT, DevOps, and Helping your Business Win; Gene Kim and Kevin Behr; Trade Select</li> </ul><br /> <a class='textlink' href='../notes/index.html'>Here are notes of mine for some of the books</a><br /> <br /> @@ -164,22 +164,22 @@ <span>Some of these were in-person with exams; others were online learning lectures only. In random order:</span><br /> <br /> <ul> -<li>Red Hat Certified System Administrator; Course + certification (Although I had the option, I decided not to take the next course as it is more effective to self learn what I need)</li> -<li>Linux Security and Isolation APIs Training; Michael Kerrisk; 3-day on-site training</li> -<li>AWS Immersion Day; Amazon; 1-day interactive online training </li> <li>Functional programming lecture; Remote University of Hagen</li> -<li>Ultimate Go Programming; Bill Kennedy; O'Reilly Online</li> <li>Structure and Interpretation of Computer Programs; Harold Abelson and more...; </li> -<li>Algorithms Video Lectures; Robert Sedgewick; O'Reilly Online</li> -<li>MySQL Deep Dive Workshop; 2-day on-site training</li> -<li>Apache Tomcat Best Practises; 3-day on-site training</li> -<li>Developing IaC with Terraform (with Live Lessons); O'Reilly Online</li> -<li>The Ultimate Kubernetes Bootcamp; School of Devops; O'Reilly Online</li> <li>F5 Loadbalancers Training; 2-day on-site training; F5, Inc. </li> +<li>The Ultimate Kubernetes Bootcamp; School of Devops; O'Reilly Online</li> +<li>Apache Tomcat Best Practises; 3-day on-site training</li> +<li>MySQL Deep Dive Workshop; 2-day on-site training</li> +<li>Ultimate Go Programming; Bill Kennedy; O'Reilly Online</li> +<li>Linux Security and Isolation APIs Training; Michael Kerrisk; 3-day on-site training</li> +<li>Cloud Operations on AWS - Learn how to configure, deploy, maintain, and troubleshoot your AWS environments; 3-day online live training with labs; Amazon</li> <li>Protocol buffers; O'Reilly Online</li> +<li>Red Hat Certified System Administrator; Course + certification (Although I had the option, I decided not to take the next course as it is more effective to self learn what I need)</li> <li>The Well-Grounded Rubyist Video Edition; David. A. Black; O'Reilly Online</li> <li>Scripting Vim; Damian Conway; O'Reilly Online</li> -<li>Cloud Operations on AWS - Learn how to configure, deploy, maintain, and troubleshoot your AWS environments; 3-day online live training with labs; Amazon</li> +<li>Developing IaC with Terraform (with Live Lessons); O'Reilly Online</li> +<li>AWS Immersion Day; Amazon; 1-day interactive online training </li> +<li>Algorithms Video Lectures; Robert Sedgewick; O'Reilly Online</li> </ul><br /> <h2 style='display: inline' id='technical-guides'>Technical guides</h2><br /> <br /> @@ -187,8 +187,8 @@ <br /> <ul> <li>Advanced Bash-Scripting Guide </li> -<li>Raku Guide at https://raku.guide </li> <li>How CPUs work at https://cpu.land</li> +<li>Raku Guide at https://raku.guide </li> </ul><br /> <h2 style='display: inline' id='podcasts'>Podcasts</h2><br /> <br /> @@ -197,60 +197,60 @@ <span>In random order:</span><br /> <br /> <ul> -<li>The Changelog Podcast(s)</li> +<li>Hidden Brain</li> <li>Cup o' Go [Golang]</li> -<li>Fallthrough [Golang]</li> +<li>BSD Now [BSD]</li> +<li>Pratical AI</li> <li>Deep Questions with Cal Newport</li> -<li>Fork Around And Find Out</li> -<li>Wednesday Wisdom</li> -<li>Dev Interrupted</li> -<li>Hidden Brain</li> -<li>Backend Banter</li> <li>The ProdCast (Google SRE Podcast)</li> -<li>Maintainable</li> +<li>Wednesday Wisdom</li> <li>The Pragmatic Engineer Podcast</li> +<li>Fallthrough [Golang]</li> <li>Modern Mentor</li> -<li>Pratical AI</li> -<li>BSD Now [BSD]</li> +<li>Fork Around And Find Out</li> +<li>Backend Banter</li> +<li>Dev Interrupted</li> +<li>Maintainable</li> +<li>The Changelog Podcast(s)</li> </ul><br /> <h3 style='display: inline' id='podcasts-i-liked'>Podcasts I liked</h3><br /> <br /> <span>I liked them but am not listening to them anymore. The podcasts have either "finished" (no more episodes) or I stopped listening to them due to time constraints or a shift in my interests.</span><br /> <br /> <ul> -<li>CRE: Chaosradio Express [german]</li> +<li>Go Time (predecessor of fallthrough)</li> <li>FLOSS weekly</li> -<li>Java Pub House</li> -<li>Ship It (predecessor of Fork Around And Find Out)</li> +<li>CRE: Chaosradio Express [german]</li> <li>Modern Mentor</li> -<li>Go Time (predecessor of fallthrough)</li> +<li>Ship It (predecessor of Fork Around And Find Out)</li> +<li>Java Pub House</li> </ul><br /> <h2 style='display: inline' id='newsletters-i-like'>Newsletters I like</h2><br /> <br /> <span>This is a mix of tech and non-tech newsletters I am subscribed to. In random order:</span><br /> <br /> <ul> -<li>byteSizeGo</li> +<li>Changelog News</li> +<li>VK Newsletter</li> <li>The Imperfectionist</li> +<li>Andreas Brandhorst Newsletter (Sci-Fi author)</li> <li>The Pragmatic Engineer</li> -<li>Changelog News</li> -<li>Ruby Weekly</li> -<li>Golang Weekly</li> -<li>Applied Go Weekly Newsletter</li> -<li>The Valuable Dev</li> <li>Register Spill</li> +<li>Applied Go Weekly Newsletter</li> +<li>Golang Weekly</li> <li>Monospace Mentor</li> -<li>Andreas Brandhorst Newsletter (Sci-Fi author)</li> -<li>VK Newsletter</li> +<li>The Valuable Dev</li> +<li>byteSizeGo</li> +<li>Ruby Weekly</li> </ul><br /> <h2 style='display: inline' id='magazines-i-liked'>Magazines I like(d)</h2><br /> <br /> <span>This is a mix of tech I like(d). I may not be a current subscriber, but now and then, I buy an issue. In random order:</span><br /> <br /> <ul> -<li>LWN (online only)</li> <li>freeX (not published anymore)</li> <li>Linux User</li> +<li>LWN (online only)</li> <li>Linux Magazine</li> </ul><br /> <h1 style='display: inline' id='formal-education'>Formal education</h1><br /> diff --git a/gemfeed/2025-07-14-f3s-kubernetes-with-freebsd-part-6.html b/gemfeed/2025-07-14-f3s-kubernetes-with-freebsd-part-6.html index 7e293951..9bb66851 100644 --- a/gemfeed/2025-07-14-f3s-kubernetes-with-freebsd-part-6.html +++ b/gemfeed/2025-07-14-f3s-kubernetes-with-freebsd-part-6.html @@ -1225,6 +1225,8 @@ paul@f0:~ % doas sh -c <font color="#808080">'for client in r0 r1 r2 earth; do < <font color="#808080"> -subj "/C=US/ST=State/L=City/O=F3S Storage/CN=${client}.lan.buetow.org"</font> <font color="#808080"> openssl x509 -req -days 3650 -in ${client}.csr -CA ca-cert.pem \</font> <font color="#808080"> -CAkey ca-key.pem -CAcreateserial -out ${client}-cert.pem</font> +<font color="#808080"> # Combine cert and key into a single file for stunnel client</font> +<font color="#808080"> cat ${client}-cert.pem ${client}-key.pem > ${client}-stunnel.pem</font> <font color="#808080">done'</font> </pre> <br /> @@ -1713,12 +1715,12 @@ http://www.gnu.org/software/src-highlite --> [root@r0 ~]<i><font color="silver"># dnf install -y stunnel nfs-utils</font></i> <i><font color="silver"># Copy client certificate and CA certificate from f0</font></i> -[root@r0 ~]<i><font color="silver"># scp f0:/usr/local/etc/stunnel/ca/r0-key.pem /etc/stunnel/</font></i> +[root@r0 ~]<i><font color="silver"># scp f0:/usr/local/etc/stunnel/ca/r0-stunnel.pem /etc/stunnel/</font></i> [root@r0 ~]<i><font color="silver"># scp f0:/usr/local/etc/stunnel/ca/ca-cert.pem /etc/stunnel/</font></i> <i><font color="silver"># Configure stunnel client with certificate authentication</font></i> [root@r0 ~]<i><font color="silver"># tee /etc/stunnel/stunnel.conf <<'EOF'</font></i> -cert = /etc/stunnel/r<font color="#000000">0</font>-key.pem +cert = /etc/stunnel/r<font color="#000000">0</font>-stunnel.pem CAfile = /etc/stunnel/ca-cert.pem client = yes verify = <font color="#000000">2</font> @@ -1734,7 +1736,7 @@ EOF <i><font color="silver"># Repeat for r1 and r2 with their respective certificates</font></i> </pre> <br /> -<span>Note: Each client must use its certificate file (<span class='inlinecode'>r0-key.pem</span>, <span class='inlinecode'>r1-key.pem</span>, <span class='inlinecode'>r2-key.pem</span>, or <span class='inlinecode'>earth-key.pem</span> - the latter is for my Laptop, which can also mount the NFS shares).</span><br /> +<span>Note: Each client must use its certificate file (<span class='inlinecode'>r0-stunnel.pem</span>, <span class='inlinecode'>r1-stunnel.pem</span>, <span class='inlinecode'>r2-stunnel.pem</span>, or <span class='inlinecode'>earth-stunnel.pem</span> - the latter is for my Laptop, which can also mount the NFS shares).</span><br /> <br /> <h3 style='display: inline' id='nfsv4-user-mapping-config-on-rocky'>NFSv4 user mapping config on Rocky</h3><br /> <br /> @@ -1785,11 +1787,11 @@ http://www.gnu.org/software/src-highlite --> [root@r0 ~]<i><font color="silver"># mkdir -p /data/nfs/k3svolumes</font></i> <i><font color="silver"># Mount through stunnel (using localhost and NFSv4)</font></i> -[root@r0 ~]<i><font color="silver"># mount -t nfs4 -o port=2323 127.0.0.1:/data/nfs/k3svolumes /data/nfs/k3svolumes</font></i> +[root@r0 ~]<i><font color="silver"># mount -t nfs4 -o port=2323 127.0.0.1:/k3svolumes /data/nfs/k3svolumes</font></i> <i><font color="silver"># Verify mount</font></i> [root@r0 ~]<i><font color="silver"># mount | grep k3svolumes</font></i> -<font color="#000000">127.0</font>.<font color="#000000">0.1</font>:/data/nfs/k3svolumes on /data/nfs/k3svolumes +<font color="#000000">127.0</font>.<font color="#000000">0.1</font>:/k3svolumes on /data/nfs/k3svolumes <b><u><font color="#000000">type</font></u></b> nfs4 (rw,relatime,vers=<font color="#000000">4.2</font>,rsize=<font color="#000000">131072</font>,wsize=<font color="#000000">131072</font>, namlen=<font color="#000000">255</font>,hard,proto=tcp,port=<font color="#000000">2323</font>,timeo=<font color="#000000">600</font>,retrans=<font color="#000000">2</font>,sec=sys, clientaddr=<font color="#000000">127.0</font>.<font color="#000000">0.1</font>,local_lock=none,addr=<font color="#000000">127.0</font>.<font color="#000000">0.1</font>) diff --git a/gemfeed/DRAFT-ipv6test-deployment.html b/gemfeed/DRAFT-ipv6test-deployment.html new file mode 100644 index 00000000..9bc33ffb --- /dev/null +++ b/gemfeed/DRAFT-ipv6test-deployment.html @@ -0,0 +1,322 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> +<title>Deploying an IPv6 Test Service on Kubernetes</title> +<link rel="shortcut icon" type="image/gif" href="/favicon.ico" /> +<link rel="stylesheet" href="../style.css" /> +<link rel="stylesheet" href="style-override.css" /> +</head> +<body> +<p class="header"> +<a href="https://foo.zone">Home</a> | <a href="https://codeberg.org/snonux/foo.zone/src/branch/content-md/gemfeed/DRAFT-ipv6test-deployment.md">Markdown</a> | <a href="gemini://foo.zone/gemfeed/DRAFT-ipv6test-deployment.gmi">Gemini</a> +</p> +<h1 style='display: inline' id='deploying-an-ipv6-test-service-on-kubernetes'>Deploying an IPv6 Test Service on Kubernetes</h1><br /> +<br /> +<h2 style='display: inline' id='introduction'>Introduction</h2><br /> +<br /> +<span>This post covers deploying a simple IPv6/IPv4 connectivity test application to the f3s Kubernetes cluster. The application displays visitors' IP addresses and determines whether they're connecting via IPv6 or IPv4—useful for testing dual-stack connectivity.</span><br /> +<br /> +<span>The interesting technical challenge was preserving the original client IP address through multiple reverse proxies: from the OpenBSD relayd frontends, through Traefik ingress, to the Apache CGI backend.</span><br /> +<br /> +<a class='textlink' href='./2024-11-17-f3s-kubernetes-with-freebsd-part-1.html'>f3s series</a><br /> +<br /> +<h2 style='display: inline' id='architecture-overview'>Architecture Overview</h2><br /> +<br /> +<span>The request flow looks like this:</span><br /> +<br /> +<pre> +Client → relayd (OpenBSD) → Traefik (k3s) → Apache + CGI (Pod) +</pre> +<br /> +<span>Each hop needs to preserve the client's real IP address via the <span class='inlinecode'>X-Forwarded-For</span> header.</span><br /> +<br /> +<h2 style='display: inline' id='the-application'>The Application</h2><br /> +<br /> +<span>The application is a simple Perl CGI script that:</span><br /> +<br /> +<span>1. Detects whether the client is using IPv4 or IPv6</span><br /> +<span>2. Performs DNS lookups on client and server addresses</span><br /> +<span>3. Displays diagnostic information</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre><i><font color="silver">#!/usr/bin/perl</font></i> +<b><u><font color="#000000">use</font></u></b> strict; +<b><u><font color="#000000">use</font></u></b> warnings; + +<b><u><font color="#000000">print</font></u></b> <font color="#808080">"Content-type: text/html\n\n"</font>; + +<b><u><font color="#000000">my</font></u></b> $is_ipv4 = ($ENV{REMOTE_ADDR} =~ <font color="#808080">/(?:\d+\.){3}\d/</font>); +<b><u><font color="#000000">print</font></u></b> <font color="#808080">"You are using: "</font> . ($is_ipv4 ? <font color="#808080">"IPv4"</font> : <font color="#808080">"IPv6"</font>) . <font color="#808080">"\n"</font>; +<b><u><font color="#000000">print</font></u></b> <font color="#808080">"Client address: $ENV{REMOTE_ADDR}\n"</font>; +</pre> +<br /> +<h2 style='display: inline' id='docker-image'>Docker Image</h2><br /> +<br /> +<span>The Docker image uses Apache httpd with CGI and <span class='inlinecode'>mod_remoteip</span> enabled:</span><br /> +<br /> +<pre> +FROM httpd:2.4-alpine + +RUN apk add --no-cache perl bind-tools + +# Enable CGI and remoteip modules +RUN sed -i 's/#LoadModule cgid_module/LoadModule cgid_module/' \ + /usr/local/apache2/conf/httpd.conf && \ + sed -i 's/#LoadModule remoteip_module/LoadModule remoteip_module/' \ + /usr/local/apache2/conf/httpd.conf && \ + echo 'RemoteIPHeader X-Forwarded-For' >> /usr/local/apache2/conf/httpd.conf && \ + echo 'RemoteIPInternalProxy 10.0.0.0/8' >> /usr/local/apache2/conf/httpd.conf && \ + echo 'RemoteIPInternalProxy 192.168.0.0/16' >> /usr/local/apache2/conf/httpd.conf + +COPY index.pl /usr/local/apache2/cgi-bin/index.pl +</pre> +<br /> +<span>The key is <span class='inlinecode'>mod_remoteip</span>: it reads the <span class='inlinecode'>X-Forwarded-For</span> header and sets <span class='inlinecode'>REMOTE_ADDR</span> to the original client IP. The <span class='inlinecode'>RemoteIPInternalProxy</span> directives tell Apache which upstream proxies to trust.</span><br /> +<br /> +<h2 style='display: inline' id='kubernetes-deployment'>Kubernetes Deployment</h2><br /> +<br /> +<span>The Helm chart is straightforward:</span><br /> +<br /> +<pre> +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ipv6test + namespace: services +spec: + replicas: 1 + selector: + matchLabels: + app: ipv6test + template: + spec: + containers: + - name: ipv6test + image: registry.lan.buetow.org:30001/ipv6test:1.1.0 + ports: + - containerPort: 80 +</pre> +<br /> +<h2 style='display: inline' id='configuring-traefik-to-trust-forwarded-headers'>Configuring Traefik to Trust Forwarded Headers</h2><br /> +<br /> +<span>By default, Traefik overwrites <span class='inlinecode'>X-Forwarded-For</span> with its own view of the client IP (which is the upstream proxy, not the real client). To preserve the original header, Traefik needs to trust the upstream proxies.</span><br /> +<br /> +<span>In k3s, this is configured via a HelmChartConfig:</span><br /> +<br /> +<pre> +apiVersion: helm.cattle.io/v1 +kind: HelmChartConfig +metadata: + name: traefik + namespace: kube-system +spec: + valuesContent: |- + additionalArguments: + - "--entryPoints.web.forwardedHeaders.trustedIPs=192.168.0.0/16,10.0.0.0/8" + - "--entryPoints.websecure.forwardedHeaders.trustedIPs=192.168.0.0/16,10.0.0.0/8" +</pre> +<br /> +<span>This tells Traefik to trust <span class='inlinecode'>X-Forwarded-For</span> headers from the WireGuard tunnel IPs (where relayd connects from) and internal pod networks.</span><br /> +<br /> +<h2 style='display: inline' id='relayd-configuration'>Relayd Configuration</h2><br /> +<br /> +<span>The OpenBSD relayd proxy already sets the <span class='inlinecode'>X-Forwarded-For</span> header:</span><br /> +<br /> +<pre> +http protocol "https" { + match request header set "X-Forwarded-For" value "$REMOTE_ADDR" + match request header set "X-Forwarded-Proto" value "https" +} +</pre> +<br /> +<h2 style='display: inline' id='ipv4-only-and-ipv6-only-subdomains'>IPv4-Only and IPv6-Only Subdomains</h2><br /> +<br /> +<span>To properly test IPv4 and IPv6 connectivity separately, three hostnames are configured:</span><br /> +<br /> +<ul> +<li>ipv6test.f3s.buetow.org - Dual stack (A + AAAA records)</li> +<li>ipv4.ipv6test.f3s.buetow.org - IPv4 only (A record only)</li> +<li>ipv6.ipv6test.f3s.buetow.org - IPv6 only (AAAA record only)</li> +</ul><br /> +<span>The NSD zone template dynamically generates the correct record types:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre><% <b><u><font color="#000000">for</font></u></b> <b><u><font color="#000000">my</font></u></b> $host (@$f3s_hosts) { + <b><u><font color="#000000">my</font></u></b> $is_ipv6_only = $host =~ <font color="#808080">/^ipv6\./</font>; + <b><u><font color="#000000">my</font></u></b> $is_ipv4_only = $host =~ <font color="#808080">/^ipv4\./</font>; +-%> +<font color="#808080"><% unless ($is_ipv6_only) { -%></font> +<font color="#808080"><%= $host %></font>. <font color="#000000">300</font> IN A <font color="#808080"><%= $ips-></font>{current_master}{ipv4} %> +<font color="#808080"><% } -%></font> +<font color="#808080"><% unless ($is_ipv4_only) { -%></font> +<font color="#808080"><%= $host %></font>. <font color="#000000">300</font> IN AAAA <font color="#808080"><%= $ips-></font>{current_master}{ipv6} %> +<font color="#808080"><% } -%></font> +<font color="#808080"><% } -%></font> +</pre> +<br /> +<span>This ensures:</span><br /> +<ul> +<li>Hosts starting with <span class='inlinecode'>ipv6.</span> get only AAAA records</li> +<li>Hosts starting with <span class='inlinecode'>ipv4.</span> get only A records</li> +<li>All other hosts get both A and AAAA records</li> +</ul><br /> +<span>The Kubernetes ingress handles all three hostnames, routing to the same backend service.</span><br /> +<br /> +<h2 style='display: inline' id='tls-certificates-with-subject-alternative-names'>TLS Certificates with Subject Alternative Names</h2><br /> +<br /> +<span>Since Let's Encrypt validates domains via HTTP, the IPv6-only subdomain (<span class='inlinecode'>ipv6.ipv6test.f3s.buetow.org</span>) cannot be validated directly—Let's Encrypt's validation servers use IPv4. The solution is to include all subdomains as Subject Alternative Names (SANs) in the parent certificate.</span><br /> +<br /> +<span>The ACME client configuration template dynamically builds the SAN list:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre><% <b><u><font color="#000000">for</font></u></b> <b><u><font color="#000000">my</font></u></b> $host (@$acme_hosts) { + <i><font color="silver"># Skip ipv4/ipv6 subdomains - they're included as SANs in parent cert</font></i> + <b><u><font color="#000000">next</font></u></b> <b><u><font color="#000000">if</font></u></b> $host =~ <font color="#808080">/^(ipv4|ipv6)\./</font>; +-%> +<% <b><u><font color="#000000">my</font></u></b> @alt_names = (<font color="#808080">"www.$host"</font>); + <b><u><font color="#000000">for</font></u></b> <b><u><font color="#000000">my</font></u></b> $sub_host (@$acme_hosts) { + <b><u><font color="#000000">if</font></u></b> ($sub_host =~ <font color="#808080">/^(ipv4|ipv6)\.\Q$host\E$/</font>) { + <b><u><font color="#000000">push</font></u></b> @alt_names, $sub_host; + } + } +-%> +domain <font color="#808080"><%= $host %></font> { + alternative names { <font color="#808080"><%= join(' ', @alt_names) %></font> } + ... +} +<font color="#808080"><% } -%></font> +</pre> +<br /> +<span>This generates a single certificate for <span class='inlinecode'>ipv6test.f3s.buetow.org</span> that includes:</span><br /> +<ul> +<li>www.ipv6test.f3s.buetow.org</li> +<li>ipv4.ipv6test.f3s.buetow.org</li> +<li>ipv6.ipv6test.f3s.buetow.org</li> +</ul><br /> +<h2 style='display: inline' id='dns-and-tls-deployment'>DNS and TLS Deployment</h2><br /> +<br /> +<span>The DNS records and ACME certificates are managed via Rex automation:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre><b><u><font color="#000000">our</font></u></b> @f3s_hosts = <b><u><font color="#000000">qw</font></u></b>/ + ... + ipv6test.f3s.buetow.org + ipv4.ipv6test.f3s.buetow.org + ipv6.ipv6test.f3s.buetow.org +/; + +<b><u><font color="#000000">our</font></u></b> @acme_hosts = <b><u><font color="#000000">qw</font></u></b>/ + ... + ipv6test.f3s.buetow.org + ipv4.ipv6test.f3s.buetow.org + ipv6.ipv6test.f3s.buetow.org +/; +</pre> +<br /> +<span>Running <span class='inlinecode'>rex nsd httpd acme acme_invoke relayd</span> deploys the DNS zone, configures httpd for ACME challenges, obtains the certificates, and reloads relayd.</span><br /> +<br /> +<h2 style='display: inline' id='testing'>Testing</h2><br /> +<br /> +<span>Verify DNS records are correct:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>$ dig ipv4.ipv6test.f3s.buetow.org A +short +<font color="#000000">46.23</font>.<font color="#000000">94.99</font> + +$ dig ipv4.ipv6test.f3s.buetow.org AAAA +short +(no output - IPv4 only) + +$ dig ipv6.ipv6test.f3s.buetow.org AAAA +short +2a03:<font color="#000000">6000</font>:6f67:<font color="#000000">624</font>::<font color="#000000">99</font> + +$ dig ipv6.ipv6test.f3s.buetow.org A +short +(no output - IPv6 only) +</pre> +<br /> +<span>Verify the application shows the correct test type:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>$ curl -s https://ipv<font color="#000000">4</font>.ipv6test.f3s.buetow.org/cgi-bin/index.pl | grep <font color="#808080">"Test Results"</font> +<h3>IPv4 Only Test Results:</h<font color="#000000">3</font>> +</pre> +<br /> +<span>The displayed IP should be the real client IP, not an internal cluster address.</span><br /> +<br /> +<h2 style='display: inline' id='w3c-compliant-html'>W3C Compliant HTML</h2><br /> +<br /> +<span>The CGI script generates valid HTML5 that passes W3C validation. Key considerations:</span><br /> +<br /> +<ul> +<li>Proper DOCTYPE, charset, and lang attributes</li> +<li>HTML-escaping command outputs (dig output contains <span class='inlinecode'><<>></span> characters)</li> +</ul><br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre><b><u><font color="#000000">sub</font></u></b> html_escape { + <b><u><font color="#000000">my</font></u></b> $str = <b><u><font color="#000000">shift</font></u></b>; + $str =~ <b><u><font color="#000000">s</font></u></b>/&/&amp;/<b><u><font color="#000000">g</font></u></b>; + $str =~ <b><u><font color="#000000">s</font></u></b>/</&lt;/<b><u><font color="#000000">g</font></u></b>; + $str =~ <b><u><font color="#000000">s</font></u></b>/>/&gt;/<b><u><font color="#000000">g</font></u></b>; + <b><u><font color="#000000">return</font></u></b> $str; +} + +<b><u><font color="#000000">my</font></u></b> $digremote = html_escape(`dig -<b><u><font color="#000000">x</font></u></b> $ENV{REMOTE_ADDR}`); +</pre> +<br /> +<span>You can verify the output passes validation:</span><br /> +<br /> +<a class='textlink' href='https://validator.w3.org/nu/?doc=https%3A%2F%2Fipv6test.f3s.buetow.org%2Fcgi-bin%2Findex.pl'>W3C Validator</a><br /> +<br /> +<h2 style='display: inline' id='summary'>Summary</h2><br /> +<br /> +<span>Preserving client IP addresses through multiple reverse proxies requires configuration at each layer:</span><br /> +<br /> +<span>1. **relayd**: Sets <span class='inlinecode'>X-Forwarded-For</span> header</span><br /> +<span>2. **Traefik**: Trusts headers from known proxy IPs via <span class='inlinecode'>forwardedHeaders.trustedIPs</span></span><br /> +<span>3. **Apache**: Uses <span class='inlinecode'>mod_remoteip</span> to set <span class='inlinecode'>REMOTE_ADDR</span> from the header</span><br /> +<br /> +<span>Additional challenges solved:</span><br /> +<br /> +<ul> +<li>**TLS for IPv6-only hosts**: Use SANs to include all subdomains in a single certificate validated via the dual-stack parent domain</li> +<li>**W3C compliance**: HTML-escape all command outputs to handle special characters</li> +</ul><br /> +<span>The configuration is managed via GitOps with ArgoCD, including the Traefik HelmChartConfig.</span><br /> +<br /> +<a class='textlink' href='https://codeberg.org/snonux/ipv6test'>Source code</a><br /> +<a class='textlink' href='https://codeberg.org/snonux/conf/src/branch/master/f3s/ipv6test'>Kubernetes manifests</a><br /> +<a class='textlink' href='https://codeberg.org/snonux/conf/src/branch/master/f3s/traefik-config'>Traefik configuration</a><br /> +<br /> +<span>E-Mail your comments to paul@paulbias.net :-)</span><br /> +<br /> +<a class='textlink' href='./index.html'>← Back to the index</a><br /> +<p class="footer"> + Generated with <a href="https://codeberg.org/snonux/gemtexter">Gemtexter 3.0.1-develop</a> | + served by <a href="https://www.OpenBSD.org">OpenBSD</a>/<a href="https://man.openbsd.org/relayd.8">relayd(8)</a>+<a href="https://man.openbsd.org/httpd.8">httpd(8)</a> | + <a href="https://foo.zone/site-mirrors.html">Site Mirrors</a> + <br /> + Webring: <a href="https://shring.sh/foo.zone/previous">previous</a> | <a href="https://shring.sh">shring</a> | <a href="https://shring.sh/foo.zone/next">next</a> +</p> +</body> +</html> diff --git a/gemfeed/atom.xml b/gemfeed/atom.xml index 5a7541e1..d8063be1 100644 --- a/gemfeed/atom.xml +++ b/gemfeed/atom.xml @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="utf-8"?> <feed xmlns="http://www.w3.org/2005/Atom"> - <updated>2026-01-27T10:09:14+02:00</updated> + <updated>2026-01-31T19:49:46+02:00</updated> <title>foo.zone feed</title> <subtitle>To be in the .zone!</subtitle> <link href="https://foo.zone/gemfeed/atom.xml" rel="self" /> @@ -7671,6 +7671,8 @@ paul@f0:~ % doas sh -c <font color="#808080">'for client in r0 r1 r2 earth; do < <font color="#808080"> -subj "/C=US/ST=State/L=City/O=F3S Storage/CN=${client}.lan.buetow.org"</font> <font color="#808080"> openssl x509 -req -days 3650 -in ${client}.csr -CA ca-cert.pem \</font> <font color="#808080"> -CAkey ca-key.pem -CAcreateserial -out ${client}-cert.pem</font> +<font color="#808080"> # Combine cert and key into a single file for stunnel client</font> +<font color="#808080"> cat ${client}-cert.pem ${client}-key.pem > ${client}-stunnel.pem</font> <font color="#808080">done'</font> </pre> <br /> @@ -8159,12 +8161,12 @@ http://www.gnu.org/software/src-highlite --> [root@r0 ~]<i><font color="silver"># dnf install -y stunnel nfs-utils</font></i> <i><font color="silver"># Copy client certificate and CA certificate from f0</font></i> -[root@r0 ~]<i><font color="silver"># scp f0:/usr/local/etc/stunnel/ca/r0-key.pem /etc/stunnel/</font></i> +[root@r0 ~]<i><font color="silver"># scp f0:/usr/local/etc/stunnel/ca/r0-stunnel.pem /etc/stunnel/</font></i> [root@r0 ~]<i><font color="silver"># scp f0:/usr/local/etc/stunnel/ca/ca-cert.pem /etc/stunnel/</font></i> <i><font color="silver"># Configure stunnel client with certificate authentication</font></i> [root@r0 ~]<i><font color="silver"># tee /etc/stunnel/stunnel.conf <<'EOF'</font></i> -cert = /etc/stunnel/r<font color="#000000">0</font>-key.pem +cert = /etc/stunnel/r<font color="#000000">0</font>-stunnel.pem CAfile = /etc/stunnel/ca-cert.pem client = yes verify = <font color="#000000">2</font> @@ -8180,7 +8182,7 @@ EOF <i><font color="silver"># Repeat for r1 and r2 with their respective certificates</font></i> </pre> <br /> -<span>Note: Each client must use its certificate file (<span class='inlinecode'>r0-key.pem</span>, <span class='inlinecode'>r1-key.pem</span>, <span class='inlinecode'>r2-key.pem</span>, or <span class='inlinecode'>earth-key.pem</span> - the latter is for my Laptop, which can also mount the NFS shares).</span><br /> +<span>Note: Each client must use its certificate file (<span class='inlinecode'>r0-stunnel.pem</span>, <span class='inlinecode'>r1-stunnel.pem</span>, <span class='inlinecode'>r2-stunnel.pem</span>, or <span class='inlinecode'>earth-stunnel.pem</span> - the latter is for my Laptop, which can also mount the NFS shares).</span><br /> <br /> <h3 style='display: inline' id='nfsv4-user-mapping-config-on-rocky'>NFSv4 user mapping config on Rocky</h3><br /> <br /> @@ -8231,11 +8233,11 @@ http://www.gnu.org/software/src-highlite --> [root@r0 ~]<i><font color="silver"># mkdir -p /data/nfs/k3svolumes</font></i> <i><font color="silver"># Mount through stunnel (using localhost and NFSv4)</font></i> -[root@r0 ~]<i><font color="silver"># mount -t nfs4 -o port=2323 127.0.0.1:/data/nfs/k3svolumes /data/nfs/k3svolumes</font></i> +[root@r0 ~]<i><font color="silver"># mount -t nfs4 -o port=2323 127.0.0.1:/k3svolumes /data/nfs/k3svolumes</font></i> <i><font color="silver"># Verify mount</font></i> [root@r0 ~]<i><font color="silver"># mount | grep k3svolumes</font></i> -<font color="#000000">127.0</font>.<font color="#000000">0.1</font>:/data/nfs/k3svolumes on /data/nfs/k3svolumes +<font color="#000000">127.0</font>.<font color="#000000">0.1</font>:/k3svolumes on /data/nfs/k3svolumes <b><u><font color="#000000">type</font></u></b> nfs4 (rw,relatime,vers=<font color="#000000">4.2</font>,rsize=<font color="#000000">131072</font>,wsize=<font color="#000000">131072</font>, namlen=<font color="#000000">255</font>,hard,proto=tcp,port=<font color="#000000">2323</font>,timeo=<font color="#000000">600</font>,retrans=<font color="#000000">2</font>,sec=sys, clientaddr=<font color="#000000">127.0</font>.<font color="#000000">0.1</font>,local_lock=none,addr=<font color="#000000">127.0</font>.<font color="#000000">0.1</font>) @@ -13,7 +13,7 @@ </p> <h1 style='display: inline' id='hello'>Hello!</h1><br /> <br /> -<span class='quote'>This site was generated at 2026-01-27T10:09:14+02:00 by <span class='inlinecode'>Gemtexter</span></span><br /> +<span class='quote'>This site was generated at 2026-01-31T19:49:46+02:00 by <span class='inlinecode'>Gemtexter</span></span><br /> <br /> <span>Welcome to the foo.zone!</span><br /> <br /> diff --git a/uptime-stats.html b/uptime-stats.html index 643bbd65..9a562502 100644 --- a/uptime-stats.html +++ b/uptime-stats.html @@ -13,7 +13,7 @@ </p> <h1 style='display: inline' id='my-machine-uptime-stats'>My machine uptime stats</h1><br /> <br /> -<span class='quote'>This site was last updated at 2026-01-27T10:09:14+02:00</span><br /> +<span class='quote'>This site was last updated at 2026-01-31T19:49:46+02:00</span><br /> <br /> <span>The following stats were collected via <span class='inlinecode'>uptimed</span> on all of my personal computers over many years and the output was generated by <span class='inlinecode'>guprecords</span>, the global uptime records stats analyser of mine.</span><br /> <br /> @@ -46,9 +46,9 @@ | 10. | *makemake | 81 | Linux 6.9.9-200.fc40.x86_64 | | 11. | uranus | 59 | NetBSD 10.1 | | 12. | pluto | 51 | Linux 3.2.0-4-amd64 | -| 13. | *fishfinger | 50 | OpenBSD 7.7 | +| 13. | *mega-m3-pro | 50 | Darwin 24.6.0 | | 14. | mega15289 | 50 | Darwin 23.4.0 | -| 15. | *mega-m3-pro | 50 | Darwin 24.6.0 | +| 15. | *fishfinger | 50 | OpenBSD 7.7 | | 16. | *t450 | 46 | FreeBSD 14.2-RELEASE | | 17. | *blowfish | 45 | OpenBSD 7.7 | | 18. | phobos | 40 | Linux 3.4.0-CM-g1dd7cdf | @@ -66,8 +66,8 @@ | Pos | Host | Uptime | Last Kernel | +-----+----------------+-----------------------------+-----------------------------------+ | 1. | vulcan | 4 years, 5 months, 6 days | Linux 3.10.0-1160.81.1.el7.x86_64 | -| 2. | *blowfish | 4 years, 1 months, 6 days | OpenBSD 7.7 | -| 3. | *earth | 4 years, 1 months, 5 days | Linux 6.18.4-200.fc43.x86_64 | +| 2. | *earth | 4 years, 1 months, 8 days | Linux 6.18.4-200.fc43.x86_64 | +| 3. | *blowfish | 4 years, 1 months, 6 days | OpenBSD 7.7 | | 4. | sun | 3 years, 9 months, 26 days | FreeBSD 10.3-RELEASE-p24 | | 5. | uranus | 3 years, 9 months, 5 days | NetBSD 10.1 | | 6. | uugrn | 3 years, 5 months, 5 days | FreeBSD 11.2-RELEASE-p4 | @@ -77,7 +77,7 @@ | 10. | tauceti | 2 years, 3 months, 19 days | Linux 3.2.0-4-amd64 | | 11. | mega15289 | 1 years, 12 months, 17 days | Darwin 23.4.0 | | 12. | tauceti-f | 1 years, 9 months, 18 days | Linux 3.2.0-3-amd64 | -| 13. | *mega-m3-pro | 1 years, 8 months, 3 days | Darwin 24.6.0 | +| 13. | *mega-m3-pro | 1 years, 8 months, 8 days | Darwin 24.6.0 | | 14. | *t450 | 1 years, 7 months, 26 days | FreeBSD 14.2-RELEASE | | 15. | mega8477 | 1 years, 3 months, 25 days | Darwin 13.4.0 | | 16. | host0 | 1 years, 3 months, 9 days | FreeBSD 6.2-RELEASE-p5 | @@ -111,8 +111,8 @@ | 13. | tauceti | 141 | Linux 3.2.0-4-amd64 | | 14. | *makemake | 139 | Linux 6.9.9-200.fc40.x86_64 | | 15. | *t450 | 128 | FreeBSD 14.2-RELEASE | -| 16. | tauceti-f | 108 | Linux 3.2.0-3-amd64 | -| 17. | *mega-m3-pro | 108 | Darwin 24.6.0 | +| 16. | *mega-m3-pro | 108 | Darwin 24.6.0 | +| 17. | tauceti-f | 108 | Linux 3.2.0-3-amd64 | | 18. | tauceti-e | 96 | Linux 3.2.0-4-amd64 | | 19. | callisto | 86 | Linux 4.0.4-303.fc22.x86_64 | | 20. | mega8477 | 80 | Darwin 13.4.0 | @@ -162,7 +162,7 @@ | 2. | dionysus | 8 years, 6 months, 17 days | FreeBSD 13.0-RELEASE-p11 | | 3. | alphacentauri | 6 years, 9 months, 13 days | FreeBSD 11.4-RELEASE-p7 | | 4. | *makemake | 4 years, 10 months, 16 days | Linux 6.9.9-200.fc40.x86_64 | -| 5. | *earth | 4 years, 7 months, 4 days | Linux 6.18.4-200.fc43.x86_64 | +| 5. | *earth | 4 years, 7 months, 8 days | Linux 6.18.4-200.fc43.x86_64 | | 6. | vulcan | 4 years, 5 months, 6 days | Linux 3.10.0-1160.81.1.el7.x86_64 | | 7. | *blowfish | 4 years, 1 months, 7 days | OpenBSD 7.7 | | 8. | sun | 3 years, 10 months, 2 days | FreeBSD 10.3-RELEASE-p24 | @@ -177,7 +177,7 @@ | 17. | callisto | 2 years, 3 months, 13 days | Linux 4.0.4-303.fc22.x86_64 | | 18. | tauceti-e | 2 years, 1 months, 29 days | Linux 3.2.0-4-amd64 | | 19. | tauceti-f | 1 years, 9 months, 20 days | Linux 3.2.0-3-amd64 | -| 20. | *mega-m3-pro | 1 years, 8 months, 31 days | Darwin 24.6.0 | +| 20. | *mega-m3-pro | 1 years, 9 months, 4 days | Darwin 24.6.0 | +-----+----------------+-----------------------------+-----------------------------------+ </pre> <br /> @@ -207,8 +207,8 @@ | 16. | Darwin 15... | 15 | | 17. | Darwin 22... | 12 | | 18. | Darwin 18... | 11 | -| 19. | OpenBSD 4... | 10 | -| 20. | FreeBSD 7... | 10 | +| 19. | FreeBSD 7... | 10 | +| 20. | FreeBSD 6... | 10 | +-----+----------------+-------+ </pre> <br /> @@ -224,14 +224,14 @@ | 2. | *OpenBSD 7... | 8 years, 1 months, 7 days | | 3. | FreeBSD 10... | 5 years, 9 months, 9 days | | 4. | Linux 5... | 4 years, 10 months, 21 days | -| 5. | *Linux 6... | 3 years, 4 months, 5 days | +| 5. | *Linux 6... | 3 years, 4 months, 8 days | | 6. | *FreeBSD 14... | 2 years, 11 months, 5 days | | 7. | Linux 4... | 2 years, 7 months, 22 days | | 8. | FreeBSD 11... | 2 years, 4 months, 28 days | | 9. | Linux 2... | 1 years, 11 months, 21 days | | 10. | Darwin 13... | 1 years, 3 months, 25 days | | 11. | FreeBSD 6... | 1 years, 3 months, 9 days | -| 12. | *Darwin 24... | 0 years, 12 months, 11 days | +| 12. | *Darwin 24... | 0 years, 12 months, 15 days | | 13. | Darwin 23... | 0 years, 11 months, 3 days | | 14. | OpenBSD 4... | 0 years, 8 months, 12 days | | 15. | Darwin 21... | 0 years, 8 months, 2 days | @@ -255,22 +255,22 @@ | 2. | *OpenBSD 7... | 517 | | 3. | FreeBSD 10... | 406 | | 4. | Linux 5... | 317 | -| 5. | *Linux 6... | 226 | +| 5. | *Linux 6... | 227 | | 6. | *FreeBSD 14... | 211 | | 7. | Linux 4... | 175 | | 8. | FreeBSD 11... | 159 | | 9. | Linux 2... | 121 | | 10. | Darwin 13... | 80 | | 11. | FreeBSD 6... | 75 | -| 12. | *Darwin 24... | 64 | +| 12. | *Darwin 24... | 65 | | 13. | Darwin 23... | 55 | | 14. | OpenBSD 4... | 39 | | 15. | Darwin 21... | 38 | | 16. | Darwin 18... | 32 | | 17. | Darwin 22... | 30 | | 18. | Darwin 15... | 29 | -| 19. | FreeBSD 13... | 25 | -| 20. | FreeBSD 5... | 25 | +| 19. | FreeBSD 5... | 25 | +| 20. | FreeBSD 13... | 25 | +-----+----------------+-------+ </pre> <br /> @@ -298,10 +298,10 @@ +-----+------------+-----------------------------+ | Pos | KernelName | Uptime | +-----+------------+-----------------------------+ -| 1. | *Linux | 28 years, 4 months, 28 days | +| 1. | *Linux | 28 years, 5 months, 1 days | | 2. | *FreeBSD | 12 years, 10 months, 8 days | | 3. | *OpenBSD | 8 years, 8 months, 18 days | -| 4. | *Darwin | 5 years, 3 months, 25 days | +| 4. | *Darwin | 5 years, 3 months, 29 days | | 5. | NetBSD | 0 years, 1 months, 1 days | +-----+------------+-----------------------------+ </pre> @@ -314,10 +314,10 @@ +-----+------------+-------+ | Pos | KernelName | Score | +-----+------------+-------+ -| 1. | *Linux | 1885 | +| 1. | *Linux | 1886 | | 2. | *FreeBSD | 912 | | 3. | *OpenBSD | 557 | -| 4. | *Darwin | 345 | +| 4. | *Darwin | 346 | | 5. | NetBSD | 0 | +-----+------------+-------+ </pre> |