/srv/irclogs.ubuntu.com/2011/05/21/#ubuntu-server.txt

LebenDoes anyone have a clue why a stock (VPS) LAMP installation would download my index page when I view the site from the domain with the www prefix, but work fine if I leave the www off?  (ex. www.test.com doesn't work, test.com does)00:06
rewtdoes www.test.com point to the same ip as test.com ?00:08
rewtor is it a cname to test.com ?00:08
Lebencname00:08
rewtname-based vhost?00:08
LebenI'm using Dyndns as a host for the domain00:08
LebenNot sure. I tried adding a ServerName line to the 000-default, but it didn't do anything. Not sure if there's more I need to tinker with or not.00:10
Proz01danyone know some ways to test bandwidth speeds (sites as well)?02:18
Proz01dalso how do i restore the default firewall settings02:20
Delerium_speedtest.net for pure bandwith .. for your site, don't know of any online tools, only commercial product02:20
Proz01di need to test from the command line02:21
Delerium_do you have a browser (like lynx) on your server?02:23
Proz01dnope02:23
KiallDelerium_, if you have two servers .. you can use iperf02:23
Kiallsorry - Proz01d02:23
Delerium_;)02:24
Proz01dnp..02:24
Delerium_The following links seems to analyze your site from the Internet http://www.websiteoptimization.com/services/analyze/02:24
Proz01di tried wget and the xp sp2 download link from MS02:25
Kiallyea .. thats another method :) wget http://ubuntu/some.iso ;)02:25
Delerium_Maybe you can check with your hosting / internet provider to see if they have a FTP speed test available or something like that02:26
Kiallif you have two servers - nothing beats iperf for proving the max BW between the two.. other than that .. wget is usually the best option sadly!02:26
Delerium_Didn't knew about iperf thanks Kiall02:27
Kiallyea - its basically a command line speedtest.net .. but without the servers provided for you ;)02:28
Delerium_So you need to have iperf installed on both server and then launch it?02:28
KiallYea .. One side acts as a client, the other as a server ..02:29
Delerium_Cool... I should give this a try02:29
KiallBTW If its under 50Mb/s your expecting .. I can launch a server for a few mins..02:30
Delerium_Kiall: I'm waiting for my dedicated server to be setup, I'll test with that ;)02:31
Delerium_Thanks02:31
Kiallsure...02:31
Kiall[ 3] 0.0-10.1 sec 339 MBytes 283.8 Mbits/sec <-- Disappointing results ;)02:32
Proz01dwhat are you trynig?02:33
Proz01dkaill -> was that a wget?02:34
Kiallaha .. thats better :) "[  3]  0.0-10.0 sec  1.09 GBytes    933 Mbits/sec"02:35
Kiallno - iperf02:35
Proz01dWHAT?!02:35
KiallLAN ;)02:35
Kiall283.8 Mb/s was internet02:36
Proz01dthat's still crazy fast02:36
KiallIts not exactly my home connection ;)02:36
Proz01di'm guessing fiber...not ethernet02:36
Kiallwe take it as ethernet, but yea .. pretty much all BW in and out of datacenters is fibre ..02:37
Delerium_I should try to run this on our servers ... but not sure they will let me do it ;(02:37
Proz01dyou guys know how to get the default firewall settings back?02:38
Kialllol - call it a diagnostic test ;)02:38
Kiall`iptables -F` will empty the rules .. empty might not be your default tho02:39
Delerium_Kiall: ;) Management will says it's up to the network guys... they are pretty strict when it comes to do modification on our servers02:39
Delerium_Wondering about Proz question, does ubuntu-server use SELinux?02:39
Kiallnot by default, it does use apparmor which is somewhat similar02:40
Delerium_Ho okay...02:41
Delerium_AppArmor is more on the "application level" if I'm not mistaken02:41
Delerium_?02:41
KiallYea .. http://paste.ubuntu.com/610893/02:42
Kiallthats the mysql appa config...02:42
Delerium_Thanks Kiall02:43
uvirtbotNew bug: #786040 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/78604002:46
Delerium_Kiall, so basically, AppArmor restrict the files that a process can read / write !?02:49
Kiallyea .. when a program has an AA profile, it only has access to what's in the profile, and nothing else..02:50
Kialleg mysql's one has "network tcp" but not "network udp" .. so no UDP sockets ...02:51
Delerium_k, make sense .. nice to know ... I've been using Linux for a while but never go in deep...02:51
Delerium_Don't have much time with work (and we have only 2 olllddd Linux server)02:52
fastvegif I ssh into my server and run a python script, will the script stop when I close the ssh session?02:52
Kiallfastveg, yes .. unless you start it in the background ..02:52
fastvegor will it keep running even though I disconnect02:52
Kialleg `python bla.py &`02:52
Kiallor `screen -dmS my_app python bla.py`02:52
fastvegok thanks02:53
Delerium_fastveg,  ./myscript &02:53
fastvegeven better02:53
Kiallif you think you'll want to "reattch" to see how its doing etc ... use screen.. otherwise pop at & at the end and it'll quit when it quits :)02:54
Kiallreattach*02:54
Delerium_Having a log file is also a good idea ;)02:54
Kiallyea .. nothing worse than seeing a script die after a few hours of processing without logs ;)02:55
Delerium_yup.. It kills!02:55
KiallI had a 3 week long data import process that couldnt be paused, it had to start again from scratch if it died ..02:56
Kiall2 weeks in .. bam.02:56
Delerium_3 weeks import!?!?!? Gossshh... that was a DB ?02:56
Kiallsuffice to say heads rolled ;)02:56
Delerium_lol02:57
Kiallyea - 3 weeks .. data was sourced from an API that was slow a hell .. and there was craploads of it02:57
Kiallslow as*02:57
Delerium_Well... there is slow ... and SLLLOWWWWW02:59
Kiall;)03:02
Proz01djust curious...what are you guys using for dns?03:06
Delerium_My ISP DNS03:06
Kiallbind + the probind web UI ..03:06
Delerium_ho.. . as a DNS server... sorry ;)03:06
Proz01dlol np03:06
Delerium_bind too03:06
Delerium_but I don't personnaly manage our DNS, so I suck at bind ;)03:07
Proz01di'm setting up a vpn and i need to specify a dns...03:08
Proz01dso i'm pointing to one externally03:08
Proz01dbut i'm trying to improve performance so i was wondering if I should use bind instead03:12
Kiallgenerally (ie unless your ISP's DNS servers are crap) .. you're better using them for recursive resolving...03:14
Kiall(ie for looking up google.com... rather than mydomain.com DNS hosting) ..03:15
jmarsdenProz01d: Unless you have measured current performance and are sure from that work that DNS is your bottleneck, switching DNS servers seems unlikely to "improve performance"... are you sure DNS is slowing things down, not something else?03:18
Proz01dnope... but right now i'm pushing some dns server ip from the base openvpn isntall (it was commented out originally)03:24
Kiallyou probably dont need to be pushing a DNS server with the VPN, not unless you have your own internal DNS setup on the far side of the VPN, and it sounds like you don't :)03:27
Proz01di guess i can try diabling it03:27
m_tadeuwhat is the best place to put setkeycodes command?03:37
maxagazhi04:18
maxagazI'm in China where many website are banned, but I have a server abroad on which I installed OpenVPN, from this, can you tell me the main lines on how to open some website using this VPN ?04:20
=== MTecknology is now known as EvilMTeck
jmarsdenmaxagaz: Sounds like you want to run a proxy on the "abroad" server and the point your local web browser to that proxy.  I have used tinyproxy for this sort of thing (well, not from China...!)05:00
maxagazjmarsden, so, basically, what I need is a vpn (like openvpn), a proxy server (probably squid) and some iptables ?05:03
jmarsdensquid would be very heavyweight for this kind of (single user) use, and since you already have the tunnel working, no real need for iptables changes that I can see... but other than that, yes.05:04
jmarsdenIf the authorities see your VPN tunnel and get suspicious of you, don't blame me :)05:05
maxagazjmarsden, there's nothing wrong in making a tunnel, many companies do it05:06
jmarsdenOK.  If I were trying to prevent people seeing some websites, I'd sure be suspicions of people using VPNs... it's the #1 obvious way to get around the blocking :)  Be glad I'm not the Chinese authorities :) :)05:07
Kiallmaxagaz, you just need the VPN, so long as it sends a default route05:07
Kiall(and sends a DNS server from outside china)05:07
jmarsdenKiall: You can do that, but on a transcontinental link that could be pretty slow...05:07
Kialla proxy will have the same issue + wont "hide" anything but HTTP (eg DNS ..)05:08
maxagazKiall, I already have the VPN working, how to redirect the traffic through it ?05:09
jmarsdenA proxy inside the tunnel is more about bandwidth than hiding, IMO.  Better to only move the web traffic for the sites you need to use over the tunnel that way, leave the rest of your traffic out in the open locally.  But... theres more than one way to do it.05:09
Kiallmaxagaz, if you add `push "redirect-gateway def1"` to the config .. it should move all traffic over then VPN05:10
maxagazKiall, where to add it ?05:10
maxagazoh I see05:10
KiallAnywhere in the server config file05:10
Kialljmarsden, yea being selective about what you tunnel will obv make it faster.. but leaves you wide open to making a mistake :)05:11
maxagazKiall, but then all the traffic would be redirected, I just want the forbidden addresses to be redirected05:11
Kiallthats a tad harder to do - since your browser doesn't let you say "use proxy X for bla.com and bla2.com" ..05:12
jmarsdenmaxagaz: Use proxying and set your browser to selectively proxy ... firefox has addings like foxyproxy for that05:12
jmarsdenKiall: It does, with foxyproxy :)05:12
Kialljmarsden, ah nice :)05:12
maxagazthat sounds a good idea05:13
jmarsdenactually I hope it still does, not sure I have used that addon in Firefox 4.0 yet :)05:13
Kiallanyway - as jmarsden said, a proxy is better for selective traffic .. bear in mind that DNS may be blocked so try google's DNS servers (8.8.8.8 and 8.8.4.4) .. if "they" prevent you using 3rd party DNS, you have to push DNS over the VPN aswell05:14
maxagazI can change it manually to my resolv.conf05:14
jmarsdenKiall: Now that could get interesting... I wonder if you could set up a local DNS server and use bind views to do selective DNS forwarding :)05:15
Kiallsure - but they can catch all port 53 (DNS) traffic, and hijack it :)05:15
Kialljmarsden, yea .. thats certainly possible05:15
Kiallyou could do the same with a hosts file aswell tho :)05:16
jmarsdenKiall: well, harder to add every host *.microsoft.com to your hosts file than to tell a view to forward dns for *.microsoft.com through the VPN, I would think :)05:17
jmarsdenor *.facebook.com, or *.google.com ...05:17
Kiallyup - I didn't think of that!05:18
maxagazhow to allow my vpn to make redirections ?05:23
maxagazin foxyproxy, I have put the address of my vpn, but which port should I set ?05:27
jmarsdenThe port that your proxy is listening on :)05:30
maxagazjmarsden, ah, so I still have to install a proxy05:30
jmarsdenIf you want to do this the "selective" way, then I think so.05:31
jmarsdenfoxyproxy is for using proxies... hence its name :)05:31
maxagazjmarsden, and how to link the proxy to the vpn ?05:32
maxagazjmarsden, else, anybody could use my server as a proxy...05:32
jmarsdenHmmm?  Run the proxy server on the remote server at the 'abroad' end of the VPN tunnel.  You can configure proxies to only accept request from specific IPs, etc... read the docs that come with whatever proxy server software you choose.05:33
maxagazjmarsden, ok, I see05:33
jmarsdenYou may be able to only bind the proxy listener to the vpn tunnel interface on that server, so it is invisible to anyone else, too.05:33
* Kiall would still just go the "want to visit something restricted? start VPN, all traffic goes via it.. done? disconnect" route.. much simplier :)05:36
maxagazKiall, how would you do that ?05:37
Kiallwith the default route .. then you can just start and stop the VPN as you want to use it ..05:38
Kiallpretty much the same enabling disabling the proxy .. and safter/easier than creating a list of hosts for foxyproxy to selectively route over the VPN+Proxy combo05:39
maxagazKiall, you mean, by doing route del default gw, route add default gw my_vpn_ip ?05:39
Kiallno - with `push "redirect-gateway def1"` in the VPN servers config, and then you start/stop the VPN as you need to use it05:40
maxagazKiall, okay05:41
KiallIts defiantly easier to manage that way :)05:41
maxagazKiall, okay, I'll try it right now05:43
maxagazKiall, do I also need a 'push "route..." ' ?05:48
Kiallnope - just the gateway05:49
Kiallmaybe a `push "dhcp-option DNS 8.8.8.8"` line aswell05:49
maxagazKiall, it didn't work06:34
Kiallhumm what happened?06:35
maxagazKiall, when i restart the vpn client, i can't ping anything06:35
maxagazKiall, and even lost this chat room06:35
Kialldid you setup NAT on the server?06:36
maxagazKiall, no06:36
maxagazKiall, perhaps there are some default rules...06:36
maxagazKiall, i only have fail2ban in my iptables06:37
Kiallaha :) I thought that was mentioned earlier .. whoops ..06:37
maxagazKiall, ah... :)06:38
Kiall`iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE` - assuming eth0 is the servers internet connection06:38
KiallBUT06:38
Kiallbe careful with this part!06:38
Kiall(you have console access to the server? or the ability to reboot it?)06:38
maxagazwhy ?06:38
maxagazKiall, yes06:38
Kiallthen no worries :)06:38
maxagazKiall, perhaps I sould just try it fo a few seconds06:39
KiallMake a mistake with the rule and you could loose SSH access until you reboot / remove it (and that could be wrong .. its late!)06:39
Kiallonce its added, it either works, or you need to reboot / remove the rule via the server06:39
maxagazKiall, I'll do it and pray06:40
Kiall;)06:40
Kiallalso `iptables -t filter -A FORWARD -i vtun0 -o eth0 -j ACCEPT`06:40
maxagazoh, i need both...06:40
Kiall(assuming vtun0 == vpn interface, and eth0 == servers internet)06:40
maxagazthat was okay for the first one :)06:40
maxagazit's just tun0 for me06:41
Kiallyea - tun0 instead of vtun0 then06:41
maxagazokay, now let's restart the client to see if it works...06:42
maxagazI might lose the chat again...06:42
Kiallyou most likely will as it connects06:42
Kiallit should connect right back again tho - if it wored ;)06:42
Kiallworked*06:42
maxagazI was disconnected06:51
maxagazKiall, those to rules were for the server, right ?06:51
Kiallyea06:51
maxagazok06:52
Kiallany idea what part failed?06:52
KiallThis might be worth a read :) http://alestic.com/2009/05/openvpn-ec206:53
KiallSkip the ec2 parts and see if there is anything in there you havent already done06:53
maxagazKiall, with the two open vpn settings you gave me, I should get 8.8.8.8 in my resolv.conf and some changes in my routes, right ?06:54
Kiall8.8.8.8 resolv.conf doesnt always work (depends on the client settings...) .. but the default route should have swapped06:54
maxagazKiall, it didn't swap...06:55
Kiallsee anything in that link you've missed?06:56
maxagazfirefox is still trying to open it06:56
maxagazI hope this website isn't banned06:56
maxagazso many websites are banned here06:56
maxagazi'll have to use proxy4free to open it...06:57
Kiallor http://i.imgur.com/WvKFN.png06:58
maxagazthat one works :)06:58
maxagazthanks a lot :)06:59
Kiallanyway - gotta run .. good luck06:59
maxagazI have to go out to eat too, i'll try again once back, thanks a lot for your help07:00
Zaclnxnewbhi08:19
ZaclnxnewbCould someone help me get ddclient working?08:20
Zaclnxnewbor any DNS updater that will update multiple DNS servers with the dynamic IP?08:20
ZaclnxnewbWhat I've tried to work out isn't working08:20
ZaclnxnewbI would like it to update every 15 minutes08:20
=== nickmoeck_ is now known as nickmoeck
=== NG_ is now known as ng_
xperiahello to all. i have very big problems with web server session handling. for some strange reason session data disapear when i go from one page to other inside my site. i have tryed last 24 hours all what i can think off but nothing helped till yet. need really help with this problem.11:55
=== ng_ is now known as NG_
=== NG_ is now known as ng_
dkni'm trying to access a samba smb share from a mac, i'm trying to use force user & guest so anyone can write & delete files on this share, but i can only seem to create folders, not files13:22
=== ng_ is now known as NG_
=== NG_ is now known as ng_
uvirtbotNew bug: #786188 in openssh (main) "package openssh-server 1:5.8p1-1ubuntu3 failed to install/upgrade: le sous-processus nouveau script pre-installation a retourné une erreur de sortie d'état 1" [Undecided,New] https://launchpad.net/bugs/78618815:26
=== ng_ is now known as NG_
uvirtbotNew bug: #777855 in glibc "resolver failures without even sending queries, break Postfix" [High,Confirmed] https://launchpad.net/bugs/77785516:07
bluethundr_hello... what is the ubuntu equivalent of chkconfig under red hat?16:28
RoyKanyone that can see wtf is wrong with this regex? it's meant to mach a mac address, but fails /[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}/16:41
bencchow do I know if I need tcp tuning? http://fasterdata.es.net/fasterdata/host-tuning/linux/17:06
benccwill I see errors?17:06
jmarsdenbluethundr_: sudo service --status-all   # for a basic status list.  For run level details, you can try installing and using sysv-rc-conf17:17
Proz01droyk: did you get it qworking?\17:49
Proz01dwhere are you trying to run this?17:49
uvirtbotNew bug: #786250 in backuppc (main) "Remove dependency on perl-suid for Perl 5.12" [Undecided,New] https://launchpad.net/bugs/78625019:02
uuser123i am using ubuntu 10.04 ,how do i update my kvm to latest version19:14
jmarsdenIs   qemu-kvm | 0.12.3+noroms-0ubuntu9.6 | lucid-updates | source, amd64, i386     recent enough for your needs?  That is in lucid-updates.19:16
RoyKProz01d: yeah19:41
divansantanaanyone know the current state of kolab with ubuntu server? There is a wiki page talking about it being included with 10.10 server, but not sure if it's working, don't see any release news?20:47
divansantanaanyone?20:54

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!