I have just written another blog post, this time about building a reverse proxy on #FreeBSD using #HAProxy and CARP for fault tolerance:
https://www.subnetspider.com/2025/01/22/building-a-fault-tolerant-reverse-proxy-with-freebsd.html
This is what I currently use to access my internal services.
=> More informations about this toot | View the thread
Yesterday I noticed that my Fairphone 4 had been stuck on /e/OS 1.17 (Android 12 LineageOS fork) since the last update in November 2023, as Signal and other apps were complaining about running an old version.
I had to install adb (Android Debug Bridge) on a PC and update the phone via USB in recovery mode, but now it's running /e/OS 2.7 (Android 14) with all the patches from 9 January 2025. 😓
Interestingly, some apps now run 2-3 times faster, which is not what I expected from upgrading to a new version of Android. 👍
=> More informations about this toot | View the thread
I thought I would write a post about how I replaced the old 4 TB hard drives in my second FreeBSD NAS with some larger 18 TB drives:
https://www.subnetspider.com/2025/01/06/expanding-zfs-pool-with-zpool-replace.html
Maybe this could even be useful to someone, who knows... 😉
=> More informations about this toot | View the thread
The ZFS pool expansion is now complete. 😎
=> More informations about this toot | View the thread
And now it's time to replace the second drive in the ZFS mirror.
Command used: doas zpool replace data-pool /dev/gpt/HDD10 /dev/gpt/HDD23
I am curious to see if ZFS will automatically grow the available size of the pool, we will see in another three and a half hours. 🤔
=> More informations about this toot | View the thread
It's time to replace the old 4TB HDDs in this zpool with new, bigger ones :)
Command used: doas zpool replace data-pool /dev/gpt/HDD09 /dev/gpt/HDD22
The drives "HDD09" and "HDD10" are 4TB, the drive "HDD22" is 18TB.
=> More informations about this toot | View the thread
Today I shut down my TrueNAS CORE NAS, swapped the disks and it's now running #FreeBSD 14.2 with all services in bastille jails.
There are still a few things I need to document or set up (e.g. zfs replication, monitoring, firewall rules), but all in all it is up and running. 😎
=> More informations about this toot | View the thread
I've just finished migrating the last of the iocage jails from my TrueNAS CORE server, all of which are now running on a FreeBSD 14.2 server managed by bastille.
All that remains is to migrate the Samba and NFS clients to the new server, after which I will shut down and retire my TrueNAS CORE server.
I've taken a lot of inspiration from blog posts by @stefano, @marzlberger, @vermaden and many others, which have really helped me along the way (thanks).
Before deciding to go with FreeBSD, I considered moving to TrueNAS Scale, but having to migrate all my services from jails to iXsystems' custom Docker implementation, waiting weeks for middleware fixes, and being limited by the GUI or automating tasks in an unstable environment made me think twice.
The following services now run on the new FreeBSD server:
Thanks to the simplicity of jails, migrating from iocage to bastille was very easy, I just needed to edit jail.conf and some mount points.
I'm pretty sure this setup will serve me well until 2025, which will lay the foundation for future projects. 😊
=> More informations about this toot | View the thread
I've just spent the last couple of hours debugging my new VLAN bridge network setup for my VNET jails, reading man pages, searching my notes, googling the web, tcpdump, disabling pf, even swapping network cards, only to find that I've managed to overlook one tiny detail:
The "UP" flags on my VLAN interfaces were missing the whole time, so the bridge interfaces couldn't pass traffic in the first place. 🤡
After fixing this very obvious layer 8 problem by adding ifconfig_igb0_="up" to rc.conf, everything now works as expected. 🥴
=> More informations about this toot | View the thread
Today I've upgraded all my #FreeBSD VMs running my Tor relay jails from 14.1 to 14.2, which only required running freebsd-update, rebooting, editing the fstabs of the bastille jails, and then running freebsd-update again with another reboot.
In the last 7 weeks, they have all relayed a total of 212TB, which is almost exactly 10MB/s of 24/7 traffic.
=> More informations about this toot | View the thread
Today I upgraded a FreeBSD VM at work to 14.2-RELEASE, which I've set up as a DHCP server to bootstrap firewalls.
It originally used 14.0-RELEASE when I set up dhcpd(8) in a hurry about one year ago, and then forgot about it because it just kept working.
The upgrade and mandatory ;) pf setup only took about 15 minutes, and I probably won't have to touch it again until the next point release comes out.
This is truly the definition of "set it and forget it".
=> More informations about this toot | View the thread
Which of the following #ZFS properties do you change on the datasets shared by Samba on a #FreeBSD server?
If so, which values would you recommend?
For example:
=> More informations about this toot | View the thread
Yesterday evening I spent over an hour trying to diagnose why FreeBSD wouldn't create the bridge0 interface I specified in /etc/rc.conf not matter what I did.
Today I've took another look at it and noticed the following error in my /etc/rc.conf:
cloned_interfaces="bridge0" ifconfig_re0="up" ifconfig_bridge0_ipv6="inet6 auto_linklocal accept_rtadv addm re0" ... cloned_interfaces="lo1" # 🤡 ifconfig_lo1_name="bastille0"
Reminded me of what a teacher of mine used to say:
"The problem usually sits in front of the screen"
=> More informations about this toot | View the thread
Hey #FreeBSD people,
Does anyone know of a CLI tool that can display system information (e.g. hostname, hardware, IPs) as a QR code?
Right now I am using qrencode, which works fine, but maybe there is something better out there.
=> More informations about this toot | View the thread
I just found out that the #IPv6 prefix assigned via DHCPv6 to the firewall behind my parents' Vodafone router hasn't changed once in the last 2 months.
I was always under the impression that the IPv6 prefix would change every 24 hours since this is a residential DS-Lite Internet plan.
This is great new as it allowed me to set up an OpenVPN remote access VPN to their firewall behind the Vodafone router and switch the site-to-site IPSec VPN to my network from IPv4 to IPv6.
Maybe someone at Vodafone finally took a look at the RIPE-690 Best Common Practices document?
https://www.ripe.net/publications/docs/ripe-690/#5-2--why-non-persistent-assignments-are-considered-harmful
=> More informations about this toot | View the thread
@stefano I've just tried your Uptime-Kuma guide in a BastilleBSD jail, worked first try. 😁
=> More informations about this toot | View the thread
Got my hands on a used ThinkPad T470p and threw one of my GhostBSD PC's M.2 NVMe SSDs in it.
Everything except sound works out of the box, even sleep and resume with zzz(8). 😄
WiFi is a little slow, but launching programs is incredibly fast and the OS feels very responsive.
=> More informations about this toot | View the thread
Just put the #bsdcafe #boxybsd stickers I got from @gyptazy at FrOSCon on my laptop, still more space to fill. 😄
=> More informations about this toot | View the thread
Today I tried relayd on OpenBSD as an alternative to HAProxy on FreeBSD, so far it's working fine.
Next step is to point my DNS to the OpenBSD reverse proxy and set up TLS certificates with LetsEncrypt, should be easy.
=> More informations about this toot | View the thread
So it seems that if you enable ipfw(8) when running #VNET jails on a #FreeBSD server, the following ruleset will appear in all of the jails:
65535 deny ip from any to any
This means I have to set up ipfw(8) in my VNET jails as well, because all communication (except DHCP?) is blocked.
I have tried to find information online about this behavior of ipfw(8) and VNET jails, but have found nothing. Can someone shed some light on this? 😕
=> More informations about this toot | View the thread
=> This profile with reblog | Go to subnetspider@bsd.cafe account This content has been proxied by September (3851b).Proxy Information
text/gemini