Matt Horan's Blog

freebsd

Automatic TLS certificate rotation with lego on FreeBSD

lets-encrypt lego certificates tls ssl automation freebsd

I’ve been using Let’s Encrypt to manage certificates on my systems for some time now. I started off using the excellent acme-client, which has  since been integrated into OpenBSD. Previously, there was a portable version which had been ported to FreeBSD, but this is no longer maintained. I continued running it for some time without realizing this. Fortunately the FreeBSD port has since been removed.

Read more...

Encrypted root disk migration for FreeBSD

arpnetworks dump/restore encryption freebsd

I’ve had a VPS with ARP Networks for a long time now. Things were a bit different back then. The default FreeBSD installer suggested setting up multiple partitions (slices) on a disk by default. This is no longer the case. Encryption wasn’t a thing that people generally worried about. I’ve had it on my todo list for a while now to figure out how to converge to a single encrypted partition on my VPS — saving me from running out of space in /var/, and also to protect the data on the underlying “disk”. I finally worked it out a few weeks ago.

Read more...

Setting up two-factor authentication on FreeBSD

authentication freebsd hotp howto oath otp pam ssh totp

I typically utilize public key authentication when connecting via SSH to matthoran.com. However, there are times when I’m away from a device which has my private key and need access to my server. I reluctantly enabled password authentication for those occasions, but after enabling two-factor authentication for most of the services that I use regularly, I wanted to do the same for my own server.

Read more...

Setting up Postfix and Dovecot to play nicely with mutt, mbox, Maildir and FreeBSD

mutt maildir reebsd dovecot email imap freebsd sieve postfix

I’m one of two people I’m aware of who still runs their own e-mail servers. I do this for a multitude of reasons, mostly because I love mutt and nothing else quite stacks up to it. Running a local mail server with mutt reading a local inbox is relatively simple. I run Postfix and it gets the job done with relatively little configuration. However, if you’d like to check mail remotely, and not rely on ConnectBot to SSH into your ARP Networks VPS, you’ll have to venture into the world of IMAP servers.

Read more...

FreeRADIUS on FreeBSD and OpenLDAP

802.1x accounting authentication authorization eap freebsd freeradius gtc howto ldap openldap peap radius

Instead of relying on PAM or /etc/passwd for authentication and authorization, I decided to store account information in an OpenLDAP database. Of course I could have used NIS or flat file databases, but OpenLDAP proved to be the best solution for my situation.

Read more...

1 of 1