Search results for tag #snac2
![[?]](https://68k.social/jibsaram/s/f9251ad53ddc96c5f7f49f8a3a6d40db.jpeg)
And if not, well, then this was me shouting into the proverbial big void. Win-win either way?
![[?]](https://fed.sfl.pro.br/photo/profile/oigreslima.jpeg?ts=1764598781)
#TerSoftware com tema #selfhosting Vai ter que ser listinha: Num VPS (Contabo)
- #Friendica
- #FreshRss
- #Pelican
- #Forte (Fediverso)
- #Gophernicus (gopherhole)
- #Piwigo (fotos)
- #Nextcloud
Em casa num notebook velho:
#snac2 (fediverso)
![[?]](https://romanzolotarev.com/logo.png){kind=logo}
![[?]](https://wii.cafe/ltning/s/avatar-1122131a322ac7a58db83a2ce72c763b.png){kind=avatar}
It has been suggested it is time to detail a bit about the configuration of this beast. Let's start with the basics: This is a straight-up #NetBSD 11rc2 installation on a stock #Nintendo #Wii. Many people have detailed how to install it, but one useful source of information is Alex Haydock's blog[2], and of course the NetBSD release documentation. The kernel config[3] is modified slightly from the default WII in an attempt to save a bit of memory.
Building #snac2 was straight forward; no difference from building on i486 or i686. Simply make and make install, with the -f Makefile.NetBSD (the NetBSD-specific makefile is included with the snac sources).
Since snac won't do TLS for inbound connections, a TLS proxy is needed. My go-to nginx isn't in the 11rc2 PPC package repository at the time of writing, so I built it from pkgsrc myself. This only took a couple of hours.. But alas, it's a bit too memory hungry for my taste, even with a minimal configuration.
Next up, I found ttp[4]. It is a very small and simple proxy server, which works fine but cannot serve static files, nor does it support TLS 1.3. It is also incapable of dropping privileges, and since I want to run it as nobody I had to find a different way to pass port 443 traffic to it.
Luckily, NetBSD has npf, a built-in firewall that can do NAT and which is fairly easy to configure (at least with the usual good documentation and examples included). Picking up port 443 and NATing it to a high port for ttp to handle worked fine - and allows me to easily move traffic from one TLS proxy to another while I experiment.
TTP wasn't without problems - but they turned out to not be entirely its fault. I kept getting connection failures and snac kept exiting for no obvious reason.
After some fiddling around, the snac author suggested[5] that I was running out of file handles, which is indeed the case. Adding ulimit -n 1024 to /etc/rc.d/snac solved that issue as well.
Then my thoughts landed on an old acquaintance of mine - pound[6]. This is a reverse proxy with good TLS support, and recent versions can even serve static files in a fairly simple way. After a couple of bug reports, lots of help by the current maintainer, and some more fiddling, I got the most recent versions to build. Once the next release drops (4.21), I'll have a go at doing my first pkgsrc port update :)
The pound configuration[7] now seems to be fairly complete, even keeping out most random scanning attacks (yes, they have already started).
[1] https://wii.cafe/ltning/p/1773014130.033156
[2] https://blog.infected.systems/posts/2025-04-21-this-blog-is-hosted-on-a-nintendo-wii/
[3] https://anduin.net/~ltning/WII_TINY
[4] https://github.com/Theldus/ttp
[5] https://codeberg.org/grunfink/snac2/issues/576
[6] https://www.gnu.org.ua/software/pound/manual/index.html
[7] https://anduin.net/~ltning/pound/wiicafe_pound.tgz
Alt...
Screenshot of htop running on the Wii. pound and snac processes both hovering between 1 and 2 MB resident memory.
from the first to last, excluding timeouts (they get requeued for later)
Mar 13 13:15:53 s2 snac[69343]: 13:15:00 output message: sent to inbox ... (202 Accepted)
...
Mar 13 13:15:53 s2 snac[69343]: 13:15:53 output message: sent to inbox ... (202 Accepted)
![[?]](https://media.bsd.cafe/bsdmmedia01/accounts/avatars/110/740/169/477/916/693/original/dfa8f1b9beefa405.png)
![[?]](https://nano.uninformation.org/snackr/s/avatar-fb3e5a88e1f5e3be479badffa30b5e34.jpg){kind=avatar}
![[?]](https://snac.bsd.cafe/passthejoe/s/avatar-3095aef94f222e1594810481e9365920.jpg){kind=avatar}
![[?]](https://jrollans.com/social/jrollans/s/60bdff5db15911cb206ca5ce2288977a.png)