[00:00] <n2deep> and as far as I know that is what LXC does
[00:06] <RoyK> n2deep: why virtualbox when kvm is so cool?
[00:07] <RoyK> !kvm
[00:07] <RoyK> btw, lxc is ok, too, but I prefer isolating VMs properly so that if something happens, it happens to that VM alone
[01:36] <n2deep> RoyK: I'm waiting for KVM on OpenIndiana to level off a little bit before I explore that deeply.
[01:38] <n2deep> RoyK: I've explored zones on OS/OI, now I'm exploring LXC on Linux, since LXC seems to have matured recently.
[02:39] <SpamapS> n2deep: LXC still has a long way to go to catch up with things like OpenVZ.. but its quite cool and quite useful right now. :)
[02:44] <JoeCoder> Hello.  I used certtools to create a private key and certificate request, traded the request with my ssl provider for a cert and chain file; all this works great with apache.  but when I modify /etc/postfix/main.cf to point to the private-key and cert files, it acts like it doesn't even read them.  Inspecting the cert in thunderbird shows Organization=Courier Mail Server
[02:45] <JoeCoder> this is my main.cf:  https://gist.github.com/589c9e2d23617b4230c0
[02:45] <JoeCoder> my changes are at the very bottom
[02:45] <JoeCoder> the paths are valid
[02:45] <JoeCoder> mail.log records these errors:
[02:46] <JoeCoder> imapd: couriertls: read: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
[02:47] <JoeCoder> any ideas?
[02:50] <JoeCoder> wait, duh.  Those settings are for smtp
[02:50] <JoeCoder> thunderbird complains about the cert on opening the inbox, not on sending.
[02:51] <JoeCoder> so I think I need to be configuring courier and not postfix?
[02:51] <JoeCoder> one wonders how i got this far and am still asking questions like that.
[02:56] <JoeCoder> can I use one private key / certificate request to get certificates for multiple domains?
[02:58] <qman__> only if you get a wildcard cert, which costs a small fortune
[02:58] <qman__> you can use the same key but you have to buy a separate cert for each domain, and each needs its own request
[02:59] <JoeCoder> so far, startssl has been giving me certs for multiple domains for free
[02:59] <JoeCoder> but each one needs a different request--that's what I wanted to know.
[03:00] <qman__> yeah, I got one through them too
[03:00] <qman__> a little difficult to get set up compared to others, but free is free, and they've definitely got security in mind
[03:00] <JoeCoder> I thought it was difficult too; but it was the first time I setup a cert with anyone.
[03:02] <qman__> most of the difficulty is in the fact that most browsers don't have client certificates implemented properly / well
[03:02] <qman__> and client certificates have been around for ages, most people just don't use them
[03:03] <JoeCoder> IE still complains that the domain name doesn't match the common name, but other browsers work
[06:06] <axisys> how do I improve this mount command to give www-data (uid=33/gid=33) the full privilege? ``mount -t ext4 /dev/sdb1 /storage'' ?
[06:07] <axisys> mount -t ext4 -o uid=33,gid=33 /dev/sdb1 /storage did not work.. aparently not valid option for ext4 per man page
[06:14] <axisys> how to mount ext fs as non-root user?
[06:24] <andol> axisys: Why would you want to do that, instead of actually setting the permission within the mounted filesystem?
[06:25] <axisys> andol: because I was not thinking.. sorry
[06:25] <andol> axisys: Common mistake :)
[06:32] <blendedbychris> any idea how to fix a server that simply powers down after a reboot command instead of powering back on
[12:08] <ironm> Hello. does anyone run mysqld_multi on MariaDB 5.5.24 / ubuntu-server 11.10 or 12.04?
[16:54] <smw> Is there any type of ubuntu server certification?
[17:38] <njin> Hallo, can you tell if this is a bug ?  https://bugs.launchpad.net/ubuntu/+bug/1010786
[17:39] <njin> I cannot understand what is meaning
[17:46] <djdan2k8> Hi im looking for some advice i need to downgrade my version of php from 5.3 to 5.2 on my Ubuntu vps using plesk any help would be great
[17:51] <sergevn> hi
[18:00] <pmatulis> djdan2k8: normally you get one version per ubuntu release.  otherwise you need to use a PPA or have some kind of hybrid release config in sources.list
[18:02] <LordOfTime> djdan2k8:  you'd need a PPA with the lower version, why does 5.3 not work for you?
[18:02] <LordOfTime> (5.2 is old and has security flaws)
[18:02] <njin> bug 1007371
[18:03] <LordOfTime> njin:  is this your bug?
[18:03] <njin> no, are reports without package assigned
[18:03] <LordOfTime> ah
[18:03] <LordOfTime> well this one doesnt seem to be a bug report
[18:03]  * LordOfTime si on bug sqwuad
[18:03] <LordOfTime> is*
[18:03] <njin> and i don't know server side
[18:03] <LordOfTime> squad*
[18:04]  * LordOfTime grabs a few bugcontrol people
[18:04] <djdan2k8> it is because of a joomla plugin i need to use dosnt support 5.3
[18:04] <LordOfTime> djdan2k8:  so find a newer plugin?
[18:04] <LordOfTime> djdan2k8:  i dont think Joomla supports 5.2.x after a while
[18:04] <djdan2k8> there isnt one
[18:05] <LordOfTime> did you make sure Joomla itself supports 5.2.x still?
[18:05] <LordOfTime> afaik they were planning on phasing out 5.2.x support
[19:56] <docmur> My email server can send email but not receive email, when I try to send email from google to my server I get 554 5.7.1  ( as the error code ).
[19:56] <docmur> I don't know what to check
[19:59] <guntbert> docmur: are you experienced with managing mail servers?
[20:00] <docmur> not at all
[20:00] <docmur> this is my first time trying to set one up
[20:01] <guntbert> docmur: then don't try with a publicly available one!!   just do it in a private network to get your feet wet
[20:03] <docmur> I'm just using gmail to see if my mail server can receive emails, which is what the issue is, I can send them fine but I can't get them in
[20:05] <docmur> well I'm getting the same error if I try to send a message from a computer on the same network
[20:05] <guntbert> docmur: please stop the server - open mail relays can get you in serious trouble - they are the tool for spammers
[20:14] <shauno> docmur: there should be more text in that error message that'd tell you.  usually 'client access denied' (the receiving server didn't accept connections), or 'relay access denied' (which is a good thing, you're just denying one destination too many)
[20:16] <docmur> This is the section of the log where I send the mail out and can't get a message back from gmail http://pastebin.com/07cCejCM
[20:19] <shauno> that reads like (line 20) you're not either authorative or allowing relaying for kw-flipcup.ca  (which is a sensible default.  out of the box you want to accept nothing, and then allow the bare minimum)
[20:21] <docmur> I figure thats the issue, I just don't know what to change,  I know in /etc/postfix/main.cf there is relay_host but every guide I find never sets that value
[20:21] <guntbert> shauno: don't you share my view that is is a bad idea ™  for an inexperienced person to set up a publicly available mail server?
[20:21] <shauno> if you're the only server accepting mail for that domain, it'd be mydestination = I believe (but google that)
[20:21] <docmur> How is it publically available??  You still have to get to the mail server to even make an account
[20:22] <docmur> which is behind the firewall
[20:22] <docmur> you can't just access it openly
[20:22] <shauno> guntbert: he appears to have a sane default to work from.  it's not accepting *any* inbound, which is a sane place to start from
[20:22] <docmur> so do this:   relay_host=$my_destination
[20:23] <guntbert> docmur: how do you expect gmail to send any mails to your server when it is behind a firewall?
[20:24] <docmur> you open the required ports and only the required ports
[20:25] <docmur> this is my main.cf file ( edited of course ) http://pastebin.com/FNbcHaAa
[20:26] <guntbert> docmur: if you open the required port (25) then your server is publicly available - keep that in mind
[20:27] <guntbert> shauno: you are right, but a sane default doesn't necessarily stay sane when someone fiddles with the config
[20:28] <docmur> well in either case nothing can get to the server right now so no harm
[20:29] <shauno> he's right to worry.  if you start accepting relaying for anyone you're not authorative for, you end up on dns blacklists.  which is a pain for you, and your upstream host
[22:41] <pacci> !list
[23:19] <Womkes> been working for 3 days now on how to get KVM working with DRBD block device under ubuntu
[23:19] <Womkes> cant find any tutorials on this matter
[23:19] <Womkes> ive tried vmbuilder and virt-manager
[23:19] <Womkes> nothign works
[23:25] <RoyK> Womkes: dunno, but with VMs, wouldn't it be better to setup the redundancy on the VM side instead of using DRBD, which, IMHO is meant for iron?
[23:25]  * RoyK is off to slee
[23:25]  * RoyK is off to sleep