Excavating bugs - fossil httpd

2020-08-16

My goal was recreating 44BSD logo and self-host it on my Distributed Version control DVCS before 15th.

My half-assed reach,

httpd - TLS configuration mismatch confusion
fossil - Fastcgi excavation on progress..
OBSD logo? - think I did my best

httpd bypass TLS config mismatch

I have plans to document relayd with thorough examples (unconventional port forwarding with TLS acceleration, subdomains to localhost:port etc..) but as of now I'm relying on httpd.

server "displ.nl" {
    listen on * tls port 443
    alias "www.displ.nl my.displ.nl"
    alias "mta-sts.*"
    log style combined
    hsts 
    {
        subdomains
    }
    root "/htdocs/displ.nl/public/"   
    tls {
        certificate "/etc/ssl/displ.nl.fullchain.pem"
        key "/etc/ssl/private/displ.nl.key"
        ciphers "HIGH:!AES128:!kRSA:!aNULL"
        ecdhe "P-384,P-256,X25519"
    }
    location "/pub/*" {
        directory auto index
    }
    location "/.well-known/mta-sts.txt" {
        root "/mta-sts"
        request strip 1
        pass
    }
    location "/.well-known/acme-challenge/*" {
        root "/acme"
        request strip 2
            directory no auto index
    }
}

server "fsl.displ.nl" {
    # listen on 0.0.0.0 port 8080 # boom boom confusion
    listen on * tls port 443
    root "/htdocs/fsl.displ.nl"
    tls {
            certificate "/etc/ssl/displ.nl.fullchain.pem"
            key "/etc/ssl/private/displ.nl.key"
    }
    hsts {
            max-age 15768000
            preload
            subdomains
    }
    connection max request body 104857600
    location  "/*" {
        fastcgi { 
            param SCRIPT_FILENAME "/cgi-bin/scm"
            param SCRIPT_NAME " "
        }
    }
    location "/.well-known/acme-challenge/*" {
            root "/acme"
            request strip 2
    }
}

The problem with above config is different ciphers and ecdhe, so far good. But this having listen on 0.0.0.0 bypasses this?? more mailing list

Fossil fastcgi SCRIPT_NAME param

Unless I define SCRIPT_NAME fast cgi parameter in httpd.conf fossil doc it reports

Bad request: missing SCRIPT_NAME

Caveat, script names appends to request url ie fsl.displ.nl/repo/home becomes fsl.displ.nl<script_name>/repo/home, my dirty workaround is using

param SCRIPT_NAME " "

Firefox auto dectects decoded space %20 so it removes (I call this cool) but my secondary browswer luakit serves as fsl.displ.nl%20 (guess also bhrome does)

Follow up on fossil forum

Also POST request get corrupted. Here

UPDATE 2020-08-22

Fixed in check-in d6f69343, Fossil's Great and simple :)

Openbsd Badges

Despite all this I'm really happy how it turned out,

alt OBSD-6.7-current

beddit post, I have included a gitlab link which I felt sry for myself,

On my way to embrace cvsweb YEAH!!

_<<_

_>>_