Create SSH tunnel to access web pages running on localhost on another server.

Posted on December 21, 2025 by shelter

There’s always new tricks to learn, here’s one I didn’t know about.
I needed to access a web page running on a server as localhost, accessing it through LAN did not let me access all features. What you need to do is create an SSH tunnel to that server so it thinks you’re accessing it locally.

On your client type this, assuming your web server is running on port 443.
ssh <your_server> -L 8888:localhost:443

By doing this you can access the page as localhost on your client by going to https://localhost:8888

Fix OpenBSD guest CPU idle usage – KVM / Proxmox (qemu)

Posted on July 16, 2024 by shelter

When running OpenBSD as guest under KVM, the qemu CPU usage can be quite high.
This seems to be partly because of the USB drivers being active in OpenBSD, what you can do is to disable loading of the USB drivers.
NOTE: This will stop USB keyboards and mouse from working, so it’s really only suitable for headless servers with ssh or vnc console access.

Make sure your KVM machine type is set to i440fx which should be the default setting in qemu, my guest was installed as an EFI system but it should work with BIOS too.
In the OpenBSD guest, create a file called /etc/bsd.re-config and add the following:


disable usb
disable ahci
disable uhci
disable xhci

Save the file and reboot the OpenBSD guest, the qemu/kvm process should have resonable CPU usage now, it’s might still be ~1% higher than other OSes though.

For reference, here are my proxmox settings for the OpenBSD guest:

balloon: 0
bios: ovmf
boot: order=virtio0;ide2;net0
cores: 4
cpu: max,flags=+aes
efidisk0: ext-local01:1180/vm-1180-disk-0.qcow2,efitype=4m,pre-enrolled-keys=1,size=528K
ide2: none,media=cdrom
memory: 4096
meta: creation-qemu=9.0.0,ctime=1721055908
name: OpenBSD
net0: virtio=BC:24:11:A7:55:35,bridge=vmbr0,firewall=1
numa: 0
ostype: other
scsihw: virtio-scsi-pci
smbios1: uuid=fe4b2233-55f9-445e-8355-6d9532228dcd
sockets: 1
tablet: 0
virtio0: ext-local01:1180/vm-1180-disk-1.qcow2,backup=1,cache=writeback,iothread=1,size=32G
vmgenid: 42f0eef1-b401-4988-ae8c-f09779ce062b

Resize a qcow2 disk image on Linux

Posted on June 30, 2024 by shelter

For some reason, a lot of sites reference to tools that are not needed.
All you need to do to resize a qcow2 image is the following:
qemu-img resize <diskimg.qcow2> +15G
This increase the disk size by 15 Gigabyte.

Then you need to use gparted to resize the partitions you want (use a USB live boot if you don’t have a GUI installed).

Quick reference/Howto – Create a PR on Github

Posted on June 19, 2024 by shelter

Initial setup

To create a PR you first need to setup API keys and gpg signature for your account on github.

To make git always sign your commits using your gpg signture, set the following config for git:
git config --global user.signingkey <key id> git config --global commit.gpgsign true

You can find your gpg key id using:
gpg --list-secret-keys --keyid-format=long

Password for the account when prompted is your API key.

Create the PR

Fork the repository on github.com that you want to create a PR for.
Clone your forked repository: git clone <url>
Change directory to the cloned repository and create a new branch: checkout -b <branch>
Make your changes
Add your changes: git add .
Commit your changes to your forked repository: git commit -m "type your commit description here"
Check origin using: git remote
If your origin is “origin”, type: git push origin <branch> (branch is the branch in step 3)
Go to your fork on github.com to submit the PR.

Import wireguard config to NetworkManager

Posted on September 4, 2022 by shelter

To import a wireguard config to NetworkManager in linux, use the following command:

sudo nmcli connection import type wireguard file yourvpn.conf

This can be helpful because adding a wireguard configuration manually in desktop environments like KDE doesn’t always work.

FreeBSD – Upgrade PHP 7.4 to 8.0 in one line

Posted on June 8, 2021 by shelter

This is more of a note to myself but if you want to upgrade PHP 7.4 in one go in FreeBSD, run the following command:

pkg install `pkg query %n-%v | grep php|grep --invert json | sed 's/74/80/; s/-7.*//'`

Note: The above command excludes anything with json, the reason is because the json extension is enabled in PHP 8 by default, so there’s no such package for it. If you have other PHP json packages installed, those will be excluded too.

To check what packages the command will replace, run:

pkg query %n-%v | grep php |grep --invert json | echo `sed 's/74/80/; s/-7.*//'`

If you know what you’re doing you can edit the command for other PHP versions.

Fix Remove-AppxProvisionedPackage error

Posted on December 19, 2019 by shelter

Remove-AppxProvisionedPackage : The system cannot find the path specified.
Does this look familiar? This might help fix that error for you!

It could be a mismatch somewhere that makes that command to fail.
Instead check what packages dism.exe reports is installed, we use YourPhone as example here:

DISM.exe /online /Get-ProvisionedAppxPackages

Now look at the PackageName reported by dism, then start File Explorer and go to “C:\Program Files\WindowsApps”. Here you might see a folder called Microsoft.YourPhone_2019.1126.308.0_neutral_~_8wekyb3d8bbwe which is in fact the version installed on your system, to remove it, run:

DISM.exe /online /Remove-ProvisionedAppxPackage /PackageName:Microsoft.YourPhone_2019.1126.308.0_neutral_~_8wekyb3d8bbwe

And that’s it, you have successfully removed YourPhone from your computer.

NOTE: If you do not find the app you’re looking for under “C:\Program Files\WindowsApps”, then it isn’t installed and you have a stale entry somewhere. I do not know how to remove the stale entry that dism reports though, I’ll update if I manage find to out.

Gentoo – resume compile

Posted on July 2, 2019 by shelter

If a package/ebuild fails to compile on gentoo you can use this feature to continue where it failed. Useful if a compile fails and you need to make manual edits to the files. Or if a compile fails because of out of memory, can happen when you compile chromium. Run the following command:

FEATURES=keepwork emerge -av <package>

If you don’t use the “keepwork” feature, gentoo will unpack the source code again, configure and restart the compile, which might not be ideal in all cases.

Generate htpasswd for nginx with openssl

Posted on December 13, 2018 by shelter

There’s no need to have apache utils or tools to generate a Basic authentication password for nginx. Type the following in bash and replace user with the username you want:

printf "user:`openssl passwd -apr1`\n" >> /etc/nginx/.htpasswd

Dnsmasq – Conditional DNS Forwarding for Windows Active Directory Domains

Posted on December 7, 2018 by shelter

Let’s say your Windows domain is “domain.local” and your Windows DNS IP address is “192.168.1.55” and “192.168.1.56”
In OpenWrt, add this to /etc/config/dhcp:

        option rebind_protection '0'
        list server '/domain.local/192.168.1.55'
        list server '/domain.local/192.168.1.56'

The trick here which isn’t well documented is that rebind protection MUST be set to ‘0’ otherwise lookups for *.domain.local will fail.
UPDATE: Be sure to NOT have filterwin2k set in dnsmasq (/etc/config/dhcp), if you do, gpupdate and AD-domain lookups will fail.

Now your other computers/devices/servers that use the dnsmasq DNS-server can resolve computers that are AD-connected.

bsdpro.se

random computer tech stuff