today's howtos

posted by Roy Schestowitz on Sep 16, 2025

• Sven Hoexter: HaProxy: Configuring SNI for a TLS Proxy

  If you use HaProxy to e.g. terminate TLS on the frontend and connect via TLS to a backend, one has to take care of sending the SNI (server name indication) extension in the TLS handshake sort of manually.

  Even if you use host names to address the backend server, e.g.

• Sven Hoexter: Surveillance Giant Google Cloud: When the Load Balancer Frontend Hands you an F

  If someone hands you an IP:Port of a Surveillance Giant Google Cloud load balancer, and tells you to connect there with TLS, but all you receive in return is an F (and a few other bytes with none printable characters) on running openssl s_client -connect ..., you might be missing SNI (server name indication). Sadly the other side was not transparent enough to explain in detail which exact type of Surveillance Giant Google Cloud load balancer they used, but the conversation got more detailed and up to a working TLS connection when the missing -servername foobar.host.name was added. I could not find any sort of official documentation on the responses of the GFE (the frontend part) when TLS parameters do not match the expectations. Also you won't have anything in the logs, because logging at Surveillance Giant Google Cloud is a backend function, and as long as your requests do not reach the backend, there are no logs. That makes it rather unpleasant to debug such cases, when one end says "I do not see anything in the logs", and the other one says "you reject my connection and just reply F".

• MWL ☛ Launching tomorrow: “Networking for System Administrators, 2nd edition”

  The N4SA2e Kickstarter opens tomorrow, about 8AM EDT. Why “about?” The launch is manual. I must log in and hit a button. The first 512 bytes of my brainstem are barely enough to hold the instructions for obtaining caffeine, so it won’t be first thing.

• Linux Host Support ☛ HTTP 423 Error Locked: What is it and how to fix it?

  In this blog post, we will explain what the HTTP 423 Locked Error is and how to resolve it. The HTTP 423 Error Locked indicates that the requested resource is locked and can not be accessed or modified. This usually occurs when the resource is already in use by another user or process.

• TuMFatig ☛ Redundant DHCP and DNS Resolver using OpenBSD

  One of my OpenBSD server provides DHCP and DNS resolving for my home LAN. But it sometimes has to go into maintenance mode. And if an IoT or phone requires an IP address or an FQDN at the precise moment, I hear screaming throughout the whole house.

  So I decided to have fully redundant network services using two OpenBSD servers.

• idroot

  • ID Root ☛ How To Install Abusive Monopolist Microsoft SQL Server on Linux Mint 22 [Ed: Microsoft SQL Server does not run on any Linux; it runs on Drawbridge, but the myths/lies live on]

  • ID Root ☛ How To Install Miniconda on AlmaLinux 10

    Miniconda represents a lightweight, minimal installation of the conda package management system and Python distribution. Unlike the full Anaconda package that includes hundreds of pre-installed scientific packages, Miniconda provides only the essential components: Python, conda package manager, and their dependencies.

  • ID Root ☛ How To Enable Automatic Security Updates on Debian

    Keeping a Debian system secure requires consistent application of security patches and updates. Manual update management can become overwhelming, especially when managing multiple servers or systems. Fortunately, Debian provides powerful tools to automate security updates, ensuring systems remain protected without constant manual intervention. The unattended-upgrades package serves as Debian’s primary mechanism for automated security updates.