// node-7.dc-ams.local — auth daemon — pid 4081 — uptime 41d 02htty1 · obsidian-2
$ http GET / -v
> GET / HTTP/1.1
> Host: obsidian-2.example
> User-Agent: curl/8.4.0
> Accept: */*
< HTTP/1.1 403 Forbidden
< Server: lighttpd/1.4.71
< X-Site-Status: private
< X-Auth-Required: yes
< X-Audit-Id: 9af3-1c4e-22b0
< Cache-Control: no-store
< Content-Length: 412
────────────────────────────────────────────────────────────────
┌────────────────┐
│ ┌────────┐ │
│ │ ▒▒▒▒▒▒ │ │
│ │ ▒ ▒ │ │
│ │ ▒ ▒ │ │
├───┴────────┴───┤
│ │
│ LOCKED │
│ │
│ obsidian-2 │
└────────────────┘
This site is private. Authorized users only.
Identify yourself via the configured token endpoint.
> obsidian-2.example/.well-known/auth
> ssh-agent + tls client cert combination accepted
> magic-link issued by ops, valid 15 minutes
> webauthn flow available for registered devices
> emergency console: contact on-call (out-of-band channel)
If you reached this page by accident — please leave.
All connections are accounted in /var/log/obsidian/audit-{date}.log
The audit log is reviewed daily by the on-call engineer.
# standard policy: deny-by-default, allow-by-token,
# audit-by-request, escalate-on-anomaly
403status
1.4 msedge
OKtls
authrequired
────────────────────────────────────────────────────────────────
fingerprint sha256:1c4e22b04a..d319a1
region eu-west-2/ams · rack 14 · u-22
build ob2-1.18.4 (release-stable)
last reload 2026-04-12 17:22:08 utc
ssl tls13 · ecdhe-x25519 · ja3 ok
contact ops@obsidian-2.example (out-of-band only)
schedule monthly review · 1st mon · 14:00 utc
# end of transmission. nothing more to see here.
_