Reconfigure ezjail to use https

James B. Byrne byrnejb at harte-lyne.ca
Mon Mar 27 18:48:30 UTC 2017


I am having a problem with ezjail's choice of ftp as its default
mechanism for obtaining FreeBSD install and update data.  Specifically
with our pf firewall blocking it.

I have attempted to get the ftp-proxy solution working but, as usual,
the documentation ceases to be helpful before a working solution is
arrived at.

pass out proto tcp from $proxy to any port ftp

where $proxy expands to the address the proxy daemon is bound to.

The difficulty being that the example previously has shown this:

nat-anchor "ftp-proxy/*"
rdr pass on $int_if proto tcp from any to any port ftp -> 127.0.0.1
port 8021

with nary a mention of $proxy.  It would have been a LOT clearer had
the example done something like this instead (if indeed this is what
is meant):

proxy = 127.0.0.1
nat-anchor "ftp-proxy/*"
rdr pass on $int_if proto tcp from any to any port ftp -> $proxy port
8021

Which would at least have been consistent.  However, I cannot get this
to work either.

In any case ftp is no what I would prefer to use.  However, the
documentation respecting changing /usr/local/etc/ezjail.conf so that
the protocol used is likewise either misleading or wrong.

If I do this:

ezjail-admin install -h
https://download.freebsd.org/ftp/releases/amd64/11.0-RELEASE

Then I see this:

Could not fetch base from
https://download.freebsd.org/ftp/releases/amd64/11.0-RELEASE.
  Maybe your release (11.0-RELEASE) is specified incorrectly or the
host download.freebsd.org/ftp/releases/amd64/11.0-RELEASE does not
provide that release build.
  Use the -r option to specify an existing release or the -h option to
specify an alternative ftp server.

However, if I do this:

wget
https://download.freebsd.org/ftp/releases/amd64/11.0-RELEASE/base.txz

Then I see this:

--2017-03-27 14:46:01-- 
https://download.freebsd.org/ftp/releases/amd64/11.0-RELEASE/base.txz
Resolving download.freebsd.org (download.freebsd.org)... 96.47.72.72,
2610:1c1:1:606c::15:0
Connecting to download.freebsd.org
(download.freebsd.org)|96.47.72.72|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 96364744 (92M) [application/octet-stream]
Saving to: 'base.txz'

Clearly https://download.freebsd.org/ftp/releases/amd64/11.0-RELEASE
is a valid protocol, host and path.  Why then does ezjail not use it?

-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3



More information about the freebsd-questions mailing list