29 files changed, 247 insertions, 34 deletions
diff --git a/20241020-a-song-a-day.md b/20241020-a-song-a-day.md
deleted file mode 100644
index 99577a3..0000000
--- a/20241020-a-song-a-day.md
+++ /dev/null
@@ -1,15 +0,0 @@
-# A song a day
-
-October 20, 2024
-
-Actually, some of these are not songs but eh, I thought it made for a catchy title. Here is an assortment of music I (really) like. Some I've been listening to for years, others for weeks. In no particular order:
-
-* Monday - [Shankara](https://www.youtube.com/watch?v=nesQKzSqtbg) by Panda Dub. Start your week chillin'.
-* Tuesday - [Toxicity](https://www.youtube.com/watch?v=iywaBOMvYLI) by System Of A Down. Week day routine surely is bad for you.
-* Wednesday - [Some Type Of Skin](https://www.youtube.com/watch?v=iMfQoZUrn4M) by Aurora. We're good people and we deserve peace. Its's difficult, it seems.
-* Thursday - [Thusday Night](https://www.youtube.com/watch?v=C5Sl0iSLE20) by Olivier Orand. Time to shake it off! Fun fact: this song's title inspired this article.
-* Friday - [Toccata & Fugue BWV565](https://www.youtube.com/watch?v=8tpzyYFqJWM) by J. S. Bach. Classical concert to kick-off the week-end! An organ is probably the most beautiful music instrument. A marvel to the ears _and_ to the eyes!
-* Saturday - [A Thousand Miles (feat. Beea)](https://www.youtube.com/watch?v=Scws-WCEfvo) by TimeMachine1985. Dance some more on Saturday night.
-* Sunday - [On a Pale Horse](https://www.youtube.com/watch?v=_BNBc4H9p00) by Martin O'Donnell & Michael Salvatori. A rainy Sunday afternoon is perfect for a bit of Halo. Gamer or not, this one will surely strike a chord or two.
-
-May your day be magnificent.
diff --git a/20250324-web-proxy-with-relayd.md b/20250324-web-proxy-with-relayd.md
new file mode 100644
index 0000000..dbfe106
--- /dev/null
+++ b/20250324-web-proxy-with-relayd.md
@@ -0,0 +1,96 @@
+# Web proxy with OpenBSD and relayd
+
+March 24, 2025
+
+## But why?
+
+Recently I needed to setup  a proxy for three websites. The proxy and the sites are distributed among two servers. One of the servers hosts the proxy itself as well as two of the sites. The other server hosts the remaining site. The two machines are connected through the internet so the forwarded traffic to the remote server needs to be encrypted. A picture is worth a thousand words as they say:
+
+[![Network diagram](/static/20250324-network-diagram.png)](/static/20250324-network-diagram.png)
+
+Both servers are running OpenBSD, so we're going to rely on [`relayd(8)`](https://man.openbsd.org/relayd.8) as the proxy and [`httpd(8)`](https://man.openbsd.org/httpd.8) as the web server.
+
+## relayd setup
+
+In the `relayd(8)` configuration file `/etc/relayd.conf` we must first define two tables, one for the local server running `relayd(8)` and another for the remote server `server2.com `:
+
+	table <local> { 127.0.0.1 }
+	table <remote> { server2.com }
+
+Then we have to define a `www` protocol to setup the proxy behavior for regular HTTP connections. It will forward the request to the right server based on the `Host` header. We also add special headers to the forwarded request so that the services running behind the proxy can use the information provided with these headers to adjust their behavior, should they need to. Finally, a request that doesn't match any of the expected hostnames is simply blocked.
+
+	http protocol www {
+	        match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
+	        match request header append "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"
+	
+	        pass request quick header "Host" value "site3.com" forward to <remote>
+	        pass request quick forward to <local>
+	
+	        block
+	}
+
+We also define a `wwwtls` protocol that is configured almost the same, it just has the certificates for each host we are proxying.
+
+	http protocol wwwtls {
+	        tls keypair site1.com
+	        tls keypair site2.com
+	        tls keypair site3.com
+	        match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
+	        match request header append "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"
+	
+	        pass request quick header "Host" value "site3.com" forward to <remote>
+	        pass request quick forward to <local>
+	
+	        block
+	}
+
+The line `tls keypair site1.com` means that `relayd(8)` will look for a certificate file named `/etc/ssl/site1.com.crt` and a private key named `/etc/ssl/private/site1.com.key`. If your certificates are signed through a chain (like the ones provided by Let's Encrypt), the `.crt` file needs to contain the intermediate certificates, not just your final one. I use [`acme-client(1)`](https://man.openbsd.org/acme-client.1) to manage my certificates, which does not write the intermediate certificates with the default configuration. Thus we need to set this up in `/etc/acme-client.conf`:
+
+	domain site1.com {
+		domain key "/etc/ssl/private/site1.com.key"
+		domain full chain certificate "/etc/ssl/site1.com.crt"
+		sign with letsencrypt
+	}
+
+After editing the file, you should of course run `acme-client` to update the certificates. Next come the relays. They define  which protocol to use for a request as well as where it can be forwarded. There's one for `http` and another for `https`. Nothing special here except that you may have noticed the ports for the local web server are set to 8080 and 4443. That's because  `relayd(8)` is already listening on ports 80 and 443 on the proxy.
+
+	relay www {
+	        listen on egress port 80
+	        protocol www
+	        forward to <local> port 8080
+	        forward to <remote> port 80
+	}
+	
+	relay wwwtls {
+	        listen on egress port 443 tls
+	        protocol wwwtls
+	        forward with tls to <local> port 4443
+	        forward with tls to <remote> port 443
+	}
+
+Ideally, we would not need to use TLS for the local forwarding. But somehow `relayd(8)` would not work with TLS enabled only on the remote forward rule. I don't know whether it's a configuration mistake on my end or whether it's a `relayd(8)` quirk. If you know more about this, I'd be glad to hear about it.
+
+Finally, at the very top of the file, we can ask `relayd(8)` to log all connections.
+
+	log connection
+
+## httpd setup
+
+There's not much to do on the `httpd(8)` side of things, except setting the ports to 8080 and 4443 on the local server, and also setting the log style to `forwarded`. This allows the IP address of the client which made the request to be logged instead of just the proxy. Please note that this information is read from the `X-Forwarded-For` and `X-Forwarded-Port` request headers, so the proxy has to set those on the forwarded request. We set this up in the previous section. An example site could be configured as such in `/etc/httpd.conf`:
+
+	server "site1.com" {
+		listen on * port 8080
+		listen on * port 4443
+		log style forwarded
+		tls {
+			certificate "/etc/ssl/site1.com.crt"
+			key "/etc/ssl/private/site1.com.key"
+		}
+		root "/htdocs/site1"
+	}
+
+If any of the services you're proxying requires its configuration to be updated, please make sure to do so.
+
+## Why not a VPN to secure traffic over the internet?
+
+I don't know how to setup a VPN. It could be the topic of a future article, but I don't know that it would provide many benefits? If you can think of any, please get in touch!
diff --git a/20250609-suckless-presentations.md b/20250609-suckless-presentations.md
new file mode 100644
index 0000000..b0ed8f7
--- /dev/null
+++ b/20250609-suckless-presentations.md
@@ -0,0 +1,55 @@
+# Suckless presentations
+
+June 9, 2025
+
+I'm a big fan of [suckless](http://suckless.org) tools. My laptop has been running [dwm](http://dwm.suckless.org) for years now. One of their tool has fascinated me ever since I discovered it: [sent](http://tools.suckless.org/sent).
+
+Its purpose is to create presentations. Being a suckless tool, it only needs a plain text file with each paragraph corresponding to a slide. Pictures can be displayed on a slide, but not with text on the same slide. You then launch sent on the file and the presentation starts in a plain X11 window.
+
+It is diabolically efficient, and I like that. No need for a bloated WYSIWYG tool or elaborate markup language. Just write what you want to present, and it's done. With the file being plain text, you can even open it with any viewer or editor and just read it that way.
+
+Some may find that the resulting presentation is a little too bland for their taste. In my opinion, that's a feature. I think many slides are way too bloated in the presentations I see. Having a few simple sentences or just one picture per slide is enough. It lets the viewer quickly read it and then listen to what is being said about it. The slide should support the talk, and not the opposite.
+
+To test drive sent, I've created a simple "Maven primer" presentation. Don't take it too seriously, I've not checked everything I've written. You can find the presentation source file [here](/static/20250609-maven-primer.txt). The sent home page is quite clear that exporting the presentation to other formats is not supported, but suggests automating a PNG export of each slide. That's exactly what I've done with a quick and dirty bash script:
+
+    #!/bin/bash
+    
+    echo "Please focus sent window"
+    
+    for i in {3..1}
+    do
+    	echo "$i..."
+    	sleep 1
+    done
+    
+    xdotool getactivewindow windowsize $1 $2
+    
+    for i in {01..19}
+    do
+    	import -screen -window 'sent' $i.png
+    	xdotool getactivewindow key n
+    done
+
+Just launch it with your desired output resolution and then you have 3 seconds to focus the sent presentation to export:
+
+    $ ./sent-export.sh 800 600
+
+[![01](/static/20250609-maven-primer-01.png)](/static/20250609-maven-primer-01.png)
+[![02](/static/20250609-maven-primer-02.png)](/static/20250609-maven-primer-02.png)
+[![03](/static/20250609-maven-primer-03.png)](/static/20250609-maven-primer-03.png)
+[![04](/static/20250609-maven-primer-04.png)](/static/20250609-maven-primer-04.png)
+[![05](/static/20250609-maven-primer-05.png)](/static/20250609-maven-primer-05.png)
+[![06](/static/20250609-maven-primer-06.png)](/static/20250609-maven-primer-06.png)
+[![07](/static/20250609-maven-primer-07.png)](/static/20250609-maven-primer-07.png)
+[![08](/static/20250609-maven-primer-08.png)](/static/20250609-maven-primer-08.png)
+[![09](/static/20250609-maven-primer-09.png)](/static/20250609-maven-primer-09.png)
+[![10](/static/20250609-maven-primer-10.png)](/static/20250609-maven-primer-10.png)
+[![11](/static/20250609-maven-primer-11.png)](/static/20250609-maven-primer-11.png)
+[![12](/static/20250609-maven-primer-12.png)](/static/20250609-maven-primer-12.png)
+[![13](/static/20250609-maven-primer-13.png)](/static/20250609-maven-primer-13.png)
+[![14](/static/20250609-maven-primer-14.png)](/static/20250609-maven-primer-14.png)
+[![15](/static/20250609-maven-primer-15.png)](/static/20250609-maven-primer-15.png)
+[![16](/static/20250609-maven-primer-16.png)](/static/20250609-maven-primer-16.png)
+[![17](/static/20250609-maven-primer-17.png)](/static/20250609-maven-primer-17.png)
+[![18](/static/20250609-maven-primer-18.png)](/static/20250609-maven-primer-18.png)
+[![19](/static/20250609-maven-primer-19.png)](/static/20250609-maven-primer-19.png)
diff --git a/Makefile b/Makefile
index d79ab3f..aa8f364 100644
--- a/Makefile
+++ b/Makefile
@@ -50,4 +50,4 @@ serve :
 	python3 -m http.server 8080 --directory output/
 
 upload :
-	rsync -avc --delete output/ vincent@blog.vdouillet.fr:/var/www/htdocs/blog/
+	rsync -av --delete output/ vincent@blog.vdouillet.fr:/var/www/htdocs/blog/
diff --git a/makesite.pl b/makesite.pl
index fa55cf8..f85f1c5 100755
--- a/makesite.pl
+++ b/makesite.pl
@@ -65,17 +65,6 @@ while(<*.md>) {
 	open my $articleHandle, "<", $articleFile;
 	my $headLine = <$articleHandle>;
 	$headLine = substr $headLine, 2, -1;
-
-	# Extract description : first paragraph of the article
-	my $description = "";
-	while(my $line = <$articleHandle>) {
-		if($. == 5) {
-			$description = $line;
-			last;
-		}
-	}
-	$description =~ s/\R//; # remove any new line
-	$description .= ".."; # to have "..." at the end of description
 	close $articleHandle;
 
 	# Extract output file name: MD file name without the date
@@ -91,7 +80,7 @@ while(<*.md>) {
 	my $year = substr $articleFile, 0, 4;
 	my $month = substr $articleFile, 4, 2;
 	my $day = substr $articleFile, 6, 2;
-	my $articleData = { date => "$month-$day-$year", title => $headLine, address => $pageFile, description => $description };
+	my $articleData = { date => "$month-$day-$year", title => $headLine, address => $pageFile, description => $articleContent };
 	push @articleList, $articleData; 
 }
 
@@ -110,8 +99,8 @@ open my $outHandle, ">", "output/rss.xml";
 # Write channel info and insert publication and build dates
 open my $inHandle, "<", "template/rss.xml";
 my $pubDate = Time::Piece->strptime($articleList[$#articleList]{date}, "%m-%d-%Y"); # Last article date
-$pubDate = $pubDate->strftime();
-my $buildDate = gmtime->strftime(); # Current date
+$pubDate = $pubDate->strftime("%a, %d %b %Y %H:%M:%S %z");
+my $buildDate = gmtime->strftime("%a, %d %b %Y %H:%M:%S %z"); # Current date
 while(<$inHandle>) {
 	$_ =~ s/\$link/$BASE_URL/;
 	$_ =~ s/\$pubDate/$pubDate/;
@@ -123,7 +112,10 @@ for(my $i = $#articleList; $i >= 0; $i--) {
 	open my $inHandle, "<", "template/rss-item.xml";
 	my $url = $BASE_URL . $articleList[$i]{address};
 	my $pubDate = Time::Piece->strptime($articleList[$i]{date}, "%m-%d-%Y");
-	$pubDate = $pubDate->strftime();
+	$pubDate = $pubDate->strftime("%a, %d %b %Y %H:%M:%S %z");
+	# No relative link in RSS feed
+	$articleList[$i]{description} =~ s/href="\//href="$BASE_URL/g;
+	$articleList[$i]{description} =~ s/src="\//src="$BASE_URL/g;
 	while(<$inHandle>) {
 		$_ =~ s/\$title/$articleList[$i]{title}/;
 		$_ =~ s/\$link/$url/;
diff --git a/static/index.md b/static/index.md
index 45badf2..e6fd1d8 100644
--- a/static/index.md
+++ b/static/index.md
@@ -1,2 +1,2 @@
-Hello, my name is Vincent and you've landed on the small space where I may ask more questions than I answer. You might be interested in the [RSS feed](/rss.xml), my [git repos](//git.vdouillet.fr) or the [about](/about.html) page.
+Hello, my name is Vincent and you've landed on the small space where I talk about tech related stuff. You might be interested in the [RSS feed](/rss.xml), my [git repos](//git.vdouillet.fr), the [about](/about.html) page, or my [gemini capsule](gemini://capsule.vdouillet.fr).
 
diff --git a/static/passthrough/20250324-network-diagram.png b/static/passthrough/20250324-network-diagram.png
new file mode 100644
index 0000000..d7a4683
--- /dev/null
+++ b/static/passthrough/20250324-network-diagram.png
diff --git a/static/passthrough/20250609-maven-primer-01.png b/static/passthrough/20250609-maven-primer-01.png
new file mode 100644
index 0000000..bd9b40c
--- /dev/null
+++ b/static/passthrough/20250609-maven-primer-01.png
diff --git a/static/passthrough/20250609-maven-primer-02.png b/static/passthrough/20250609-maven-primer-02.png
new file mode 100644
index 0000000..87eadad
--- /dev/null
+++ b/static/passthrough/20250609-maven-primer-02.png
diff --git a/static/passthrough/20250609-maven-primer-03.png b/static/passthrough/20250609-maven-primer-03.png
new file mode 100644
index 0000000..c0607a0
--- /dev/null
+++ b/static/passthrough/20250609-maven-primer-03.png
diff --git a/static/passthrough/20250609-maven-primer-04.png b/static/passthrough/20250609-maven-primer-04.png
new file mode 100644
index 0000000..bfe8fa3
--- /dev/null
+++ b/static/passthrough/20250609-maven-primer-04.png
diff --git a/static/passthrough/20250609-maven-primer-05.png b/static/passthrough/20250609-maven-primer-05.png
new file mode 100644
index 0000000..9e06f2c
--- /dev/null
+++ b/static/passthrough/20250609-maven-primer-05.png
diff --git a/static/passthrough/20250609-maven-primer-06.png b/static/passthrough/20250609-maven-primer-06.png
new file mode 100644
index 0000000..b64518e
--- /dev/null
+++ b/static/passthrough/20250609-maven-primer-06.png
diff --git a/static/passthrough/20250609-maven-primer-07.png b/static/passthrough/20250609-maven-primer-07.png
new file mode 100644
index 0000000..4111503
--- /dev/null
+++ b/static/passthrough/20250609-maven-primer-07.png
diff --git a/static/passthrough/20250609-maven-primer-08.png b/static/passthrough/20250609-maven-primer-08.png
new file mode 100644
index 0000000..eefe23f
--- /dev/null
+++ b/static/passthrough/20250609-maven-primer-08.png
diff --git a/static/passthrough/20250609-maven-primer-09.png b/static/passthrough/20250609-maven-primer-09.png
new file mode 100644
index 0000000..6a70447
--- /dev/null
+++ b/static/passthrough/20250609-maven-primer-09.png
diff --git a/static/passthrough/20250609-maven-primer-10.png b/static/passthrough/20250609-maven-primer-10.png
new file mode 100644
index 0000000..be21727
--- /dev/null
+++ b/static/passthrough/20250609-maven-primer-10.png
diff --git a/static/passthrough/20250609-maven-primer-11.png b/static/passthrough/20250609-maven-primer-11.png
new file mode 100644
index 0000000..70a38fb
--- /dev/null
+++ b/static/passthrough/20250609-maven-primer-11.png
diff --git a/static/passthrough/20250609-maven-primer-12.png b/static/passthrough/20250609-maven-primer-12.png
new file mode 100644
index 0000000..aa6f054
--- /dev/null
+++ b/static/passthrough/20250609-maven-primer-12.png
diff --git a/static/passthrough/20250609-maven-primer-13.png b/static/passthrough/20250609-maven-primer-13.png
new file mode 100644
index 0000000..e7d6c37
--- /dev/null
+++ b/static/passthrough/20250609-maven-primer-13.png
diff --git a/static/passthrough/20250609-maven-primer-14.png b/static/passthrough/20250609-maven-primer-14.png
new file mode 100644
index 0000000..ad22ed5
--- /dev/null
+++ b/static/passthrough/20250609-maven-primer-14.png
diff --git a/static/passthrough/20250609-maven-primer-15.png b/static/passthrough/20250609-maven-primer-15.png
new file mode 100644
index 0000000..95e6be9
--- /dev/null
+++ b/static/passthrough/20250609-maven-primer-15.png
diff --git a/static/passthrough/20250609-maven-primer-16.png b/static/passthrough/20250609-maven-primer-16.png
new file mode 100644
index 0000000..6859680
--- /dev/null
+++ b/static/passthrough/20250609-maven-primer-16.png
diff --git a/static/passthrough/20250609-maven-primer-17.png b/static/passthrough/20250609-maven-primer-17.png
new file mode 100644
index 0000000..ec08402
--- /dev/null
+++ b/static/passthrough/20250609-maven-primer-17.png
diff --git a/static/passthrough/20250609-maven-primer-18.png b/static/passthrough/20250609-maven-primer-18.png
new file mode 100644
index 0000000..47685e1
--- /dev/null
+++ b/static/passthrough/20250609-maven-primer-18.png
diff --git a/static/passthrough/20250609-maven-primer-19.png b/static/passthrough/20250609-maven-primer-19.png
new file mode 100644
index 0000000..c4803b1
--- /dev/null
+++ b/static/passthrough/20250609-maven-primer-19.png
diff --git a/static/passthrough/20250609-maven-primer.txt b/static/passthrough/20250609-maven-primer.txt
new file mode 100644
index 0000000..9d438a0
--- /dev/null
+++ b/static/passthrough/20250609-maven-primer.txt
@@ -0,0 +1,82 @@
+Maven
+A beginner's guide
+
+https://maven.apache.org
+"Apache Maven is a software project management
+and comprehension tool"
+
+Based on a "project object model (POM)"
+that allows Maven to build the project as configured
+
+Through its configuration, you can tell Maven:
+- What your project dependencies are
+- How to compile your project
+- How to package your project
+- How to run your unit tests
+- How to... whatever, really
+
+Maven is architected around plugins.
+Its functionnalities can be extended by writing new plugins.
+Though, most likely a plugin already exists for your needs.
+
+Maven is launched through the command line
+with its command and a target "phase".
+$ mvn deploy
+
+When Maven runs, it follows a "lifecycle".
+A lifecycle is made of "phases".
+Maven will run all the phases up to the
+one you specified on the command line.
+
+Default lifecycle
+- validate
+- compile
+- test
+- package
+- verify
+- install
+- deploy
+
+Each build phase is made up of plugin goals.
+You configure which plugins run at each phase
+through Maven's config file "pom.xml".
+
+The POM file should be in the directory from
+which you invoke Maven.
+
+The POM file specifies:
+- The project's dependencies
+- The plugins to use for the build
+
+The dependencies and the plugins are called
+artifacts.
+They're identified by a group, a name, and
+a version.
+
+<plugin>
+    <groupId>org.apache.maven.plugins</groupId>
+    <artifactId>maven-compiler-plugin</artifactId>
+    <version>3.14.0</version>
+</plugin>
+
+Maven downloads artifacts from a "repository".
+There are 2 types of repositories.
+
+Local repository
+A directory on your computer.
+Maven caches remote downloads
+in the local repository
+
+Remote repository
+Any other repository is a remote repository.
+It can be a directory, an HTTP server, ...
+
+By default, Maven uses the following remote repository
+https://repo.maven.apache.org/maven2/
+
+Through the POM file, you can configure one
+or several repositories to use.
+
+You can instruct Maven to "deploy" your locally built 
+artifact to a repository, so that other users can
+instruct Maven to depend on it for their build.
diff --git a/template/rss-item.xml b/template/rss-item.xml
index 0a86187..f27bf1a 100644
--- a/template/rss-item.xml
+++ b/template/rss-item.xml
@@ -1,7 +1,9 @@
 <item>
 <title>$title</title>
 <link>$link</link>
-<description>$description</description>
+<description><![CDATA[
+$description
+]]></description>
 <guid isPermaLink="false">$guid</guid>
 <pubDate>$pubDate</pubDate>
 </item>
diff --git a/template/rss.xml b/template/rss.xml
index 4f519ac..61f0df9 100644
--- a/template/rss.xml
+++ b/template/rss.xml
@@ -1,7 +1,8 @@
-<rss version="2.0">
+<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
 <channel>
 <title>blog.vdouillet.fr</title>
 <link>$link</link>
+<atom:link href="$linkrss.xml" rel="self" type="application/rss+xml" />
 <description>Humble ramblings about IT and occasionally other topics</description>
 <language>en-us</language>
 <pubDate>$pubDate</pubDate>