Engineering Nginx | BSD Now 51

Engineering Nginx | BSD Now 51

We’ll be showing you how to set up a secure, SSL-only webserver. There’s also an interview with Eric Le Blan about community participation and FreeBSD’s role in the commercial server space. All that and more, on BSD Now – the place to B.. SD.

Thanks to:



Direct Download:

Video | HD Video | MP3 Audio | OGG Audio | Torrent | YouTube

RSS Feeds:

MP3 Feed | OGG Feed | iTunes Feed | Video Feed | HD Vid Feed | HD Torrent Feed

– Show Notes: –


Password gropers take spamtrap bait

  • Our friend Peter Hansteen, who keeps his eyes glued to his log files, has a new blog post
  • He seems to have discovered another new weird phenomenon in his pop3 logs
  • “yes, I still run one, for the same bad reasons more than a third of my readers probably do: inertia”
  • Someone tried to log in to his service with an address that was known to be invalid
  • The rest of the post goes into detail about his theory of why someone would use a list of invalid addresses for this purpose

Inside the Atheros wifi chipset

  • Adrian Chadd – sometimes known in the FreeBSD community as “the wireless guy” – gave a talk at the Defcon Wireless Village 2014
  • He covers a lot of topics on wifi, specifically on Atheros chips and why they’re so popular for open source development
  • There’s a lot of great information in the presentation, including cool (and evil) things you can do with wireless cards
  • Very technical talk; some parts might go over your head if you’re not a driver developer
  • The raw video file is also available to download on
  • Adrian has also recently worked on getting Kismet and Aircrack-NG to work better with FreeBSD, including packet injection and other fun things

Trip report and hackathon mini- roundup

  • A few more (late) reports from BSDCan and the latest OpenBSD hackathon have been posted
  • Mark Linimon mentions some of the future plans for FreeBSD’s release engineering and ports
  • Bapt also has a BSDCan report detailing his work on ports and packages
  • Antoine Jacoutot writes about his work at the most recent hackathon, working with rc configuration and a new /etc/examples layout
  • Peter Hessler, a latecomer to the hackathon, details his experience too, hacking on the installer and built-in upgrade function
  • Christian Weisgerber talks about starting some initial improvements of OpenBSD’s ports infrastructure

DragonFly BSD 3.8.2 released

  • Although it was already branched, the release media is now available for DragonFly 3.8.2
  • This is a minor update, mostly to fix the recent OpenSSL vulnerabilities
  • It also includes some various other small fixes

Interview – Eric Le Blan –

Xinuos’ recent FreeBSD integration, BSD in the commercial server space


Building a hardened, feature-rich webserver

News Roundup

Defend your network and privacy, FreeBSD version

  • Back in episode 39, we covered a blog post about creating an OpenBSD gateway – partly based on our router tutorial
  • This is a follow-up post, by the same author, about doing a similar thing with FreeBSD
  • He mentions some of the advantages and disadvantages between the two operating systems, and encourages users to decide for themselves which one suits their needs
  • The rest is pretty much the same things: firewall, VPN, DHCP server, DNSCrypt, etc.

Don’t encrypt all the things

  • Another couple of interesting blog posts from Ted Unangst about encryption
  • It talks about how Google recently started ranking sites with HTTPS higher in their search results, and then reflects on how sometimes encryption does more harm than good
  • After heartbleed, the ones who might be able to decrypt your emails went from just a three-letter agency to any script kiddie
  • He also talks a bit about some PGP weaknesses and a possible future replacement
  • He also has another, similar post entitled “in defense of opportunistic encryption

New automounter lands in FreeBSD

  • The work on the new automounter has just landed in 11-CURRENT
  • With help from the FreeBSD Foundation, we’ll have a new “autofs” kernel option
  • Check the SVN viewer online to read over the man pages if you’re not running -CURRENT
  • You can also read a bit about it in the recent newsletter

OpenSSH 6.7 CFT

  • It’s been a little while since the last OpenSSH release, but 6.7 is almost ready
  • Our friend Damien Miller issued a call for testing for the upcoming version, which includes a fair amount of new features
  • It includes some old code removal, some new features and some internal reworkings – we’ll cover the full list in detail when it’s released
  • This version also officially supports being built with LibreSSL now
  • Help test it out and report any findings, especially if you have access to something a little more exotic than just a BSD system


  • All the tutorials are posted in their entirety at
  • We want to give a special thanks to our viewer Remy for writing the basis of today’s tutorial
  • Send questions, comments, show ideas/topics, or stories you want mentioned on the show to
  • Watch live Wednesdays at 2:00PM Eastern (18:00 UTC)
  • Final reminder: OpenBSD is moving to a new distributor in September (which is very soon!) so this is your last chance to buy any of their tshirts, CDs or posters – grab them now while you still can, and support the project

Question? Comments? Contact us here!