/srv/irclogs.ubuntu.com/2013/06/25/#ubuntu-server.txt

JRicketts_good evening, anyone have a good guide on how to install a LAMP server onto Ubuntu? I am new at this and recently aquired a static IP from comcast and would like to host my own webserver. Its only going to support one site and would like to setup with either ISPconfig or Webmin? Thanks for support01:29
sarnoldJRicketts_: I'd like to strongly recommend staying away from the web frontend things, they are almost always without exception horrible code.01:30
JRicketts_you know I have heard bad things about all excpet Cpanel, but I don't want to pay 500 bucks. I have heard you can run almost everything from the from the source itself01:31
JRicketts_I have been reading up on it and have found that Ubuntu is a strong webserver software, was playing around with Centos then heard good and bad about both then went to linux.org and ready a lot of good reviews about Ubuntu, so trying it out01:32
sarnoldJRicketts_: I _think_ if you install the "tasksel" package, you'll be able to "taskel install lamp", or something similar, but I don't think it does anything that you can'd do yourself with "apt-get install apache php5 mysql-server mysql-client" ...01:32
JRicketts_great thats the exact answer I was looking for01:32
JRicketts_http://www.howtoforge.com/ubuntu_lamp_for_newbies found this guide on howtoforge, its pretyt old but anyone think its about the same?01:34
sarnoldJRicketts_: I don't immediately see anything wrong with it, that's a plus :) hehe01:36
sarnoldJRicketts_: note also: https://help.ubuntu.com/12.04/serverguide/index.html01:36
JRicketts_Sarnold, great, thank you for feedback01:37
sarnoldJRicketts_: have fun :)01:37
JRicketts_i will, i think the only problem I am going to have is when I have everything setup01:37
excalibrHello. Anyone is familiar with lxc? Why it takes so long to be ready to use when I start it up with lxc-start?01:38
JRicketts_I need to portforward so when someone types my domain name it goes to the correct computer on my network, I have my modem bridged by comcast, and my router taking care of the firewall so far. I also have godaddy hosting my DNS and SSL, so I need to figure out how to set that all up, but first need to install LAMP and Ubuntu01:39
sarnoldexcalibr: I wonder if you have hit this: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/119359401:41
JRicketts_stupid ?, should the hostname matter since its on my network?01:46
sarnoldJRicketts_: the name mostly doesn't matter, but i'd avoid giving it a domainname of '.local', newfangled mdns things assume .local is entirely theirs01:47
sarnoldJRicketts_: the hostname will also be customer-facing in some apache error pages, so be tasteful :)01:48
JRicketts_thanks for adivce01:48
excalibrsarnold: Nope, can't reproduce it on my ubuntu. Maybe because I'm not using 64-bit ubuntu01:50
JRicketts_sarnold: would you reccomend setting up the encryption for the home directroy? Its an option during setup? Will that mess with any system files etc to run the LAMP server?01:53
sarnoldJRicketts_: you can set it up if you'd prefer to keep the contents of your home directory encrypted when you are not logged in01:54
sarnoldJRicketts_: it's especially nice if you have multiple users and want to make sure one can't easily get to the other of another user..01:54
sarnoldJRicketts_: since my machines are all single-user machines, I'm content to not use the home-directory encryption and rely upon my hard drive vendor's whole-disk encryption. (Which is iffy, since hard drive vendors sometimes screw it up.)01:55
JRicketts_Thanks01:56
sarnoldJRicketts_: (note that hard-drive-vendor whole-disk encryption requires a passphrase at boot -- probably not a good idea for unattended server)01:57
JRicketts_i decided to use the extra security, i am not always around to look at the server and I think it would be a great Idea to do that01:58
JRicketts_thanks for info on it, it makes since whats it used for01:58
JRicketts_I just realized i like how Ubuntu has the Package Tasks, I see how it has LAMP in it... Happy camper so far :)02:01
JRicketts_reccomendations for having openssh installed along with LAMP?02:11
roaksoaxadam_g: still around?02:11
fluvvellJRicketts_, install ssh - yes!02:25
JRicketts_i got it :)02:28
JRicketts_looked i up, quick question for anyone... Got the LAMP server installed and everything working great! I even got the default page up and running... Now this is the hard part for me. I need to point my domain which is hosted by godaddy to my new server. I do have a static IP, but I noticed whe I ogged in onto the server the first time its using the DHCP fromt he routher which I expected, How do I portforward any req02:30
JRicketts_setup but just don't know how to setup through ubuntu, I did make it static IP on ubuntu02:31
JRicketts_found how to edit Ubuntu https://help.ubuntu.com/12.04/serverguide/network-configuration.html02:34
JRicketts_sorry will look further before asking stupid ?s lol02:34
=== roasted_ is now known as roasted
* JRicketts_ is now away - Reason : Auto-Away (Away from Keyboard for 30 minutes)03:04
JRicketts_anyone avaiable to assit in IP configs behind a firewall? I have searched the internet and just confused? Trying to access server from another source using my domain name from godaddy03:35
* JRicketts_ is no longer away - Gone for 30 mins 40 secs03:35
adam_groaksoax, heren ow04:00
* JRicketts_ is now away - Reason : Auto-Away (Away from Keyboard for 30 minutes)04:05
ScottK!away | JRicketts_04:05
ubottuJRicketts_: Please do not use noisy away messages and nicks in Ubuntu channels. It is annoying and unnecessary. Use the command "/away <reason>" to set your client away silently. See also Ā«/msg ubottu GuidelinesĀ»04:05
=== smb` is now known as smb
=== Will_ is now known as Guest51322
ilivhi, I was applying updates and I "lost" a couple of updates. Meaning, I saw in apt-get -s dist-upgrade output "Inst python-libvirt [0.9.8-2ubuntu17.8] (0.9.8-2ubuntu17.10 Ubuntu:12.04/precise-updates [amd64])" this line, and after running apt-get update followed up with apt-get install ...09:43
iliv... libpython2.7 python python-minimal python2.7 python2.7-minimal (i.e. deliberately omitting python-libvirt and other libvirt packages) apt now reports that a) the update is no longer there available b) current version of python-libvirt is still 0.9.8-2ubuntu17.8, i.e. the old one. Looks like ...09:43
iliv... nothing was upgraded (and that's good), but the updates are gone (that's bad). Has anyone ever run into a situation like this before?09:43
hadifarnoudmy ubuntu server is under DDoS attack. I managed to block most of it but I'm getting a strange http GET requests. https://gist.github.com/hadifarnoud/c761a50fa53b90befbf111:18
thelionroarsCan anyone tell me what this means: pam_unix(login:account): account xxx has password changed in future12:49
zuljamespage:  so would you be upset if i didnt include mongodb and happybase for ceilometer MIR12:53
zuljamespage:  and we definently need new kombu otherwise ceilometer isnt going to work13:01
aandyhi guys, i'm trying to force setting a pw (with passwd) via ssh, which fails for one of two generic reasons: Permissions denied, or Unexpected failure. Password file/table unchanged". the error happens when trying to put the cmd as part of the ssh cmd line, and not if it is separated (ssh line to login, then manually typing passwd), which leads me to believe it's a tty issue. any ideas how i can proceed?13:46
aandyi can generate the hashed pw, but i'd really prefer NOT tampering with the shadow file myself (very ugly and error prone solution for what should be a trivial problem)13:51
psivaahallyn: sorry to bother you again but the floodlight test appears to hang and the bug (bug #1181315)that was impacting the test does not seem to be the reason for this hang afaik13:52
psivaahallyn: there is a VM active with this issue in the server if you'd like to investigate13:52
=== wedgwood_away is now known as wedgwood
hallynpsivaa: which vm?14:04
psivaahallyn: utah-10632-saucy-server-amd6414:05
hallynpsivaa: looks like utah itself may be hung?  I see:14:08
hallynroot      2584  2478  0 08:01 ?        00:00:01 python /usr/bin/utah -f yaml -r /tmp/floodlight.run -o /var/lib/utah/utah.out14:08
hallynroot      2603  2584  0 08:02 ?        00:00:00 [sh] <defunct>14:08
=== soren_ is now known as soren
psivaahallyn: probably.. but i was not sure why this only happens with floodlight tests. i was wondering if the following is any reason14:11
psivaa107       7065  0.5 36.7 1175516 184788 ?      Ssl  09:19   0:16 java -Dpython.home=/usr/share/jython -Dlogback.configurationFile=/etc/floodlight/logba14:11
=== henkjan_ is now known as henkjan
hallynpsivaa: could be.  but i don't know what that is, or the floodlight tests for that matter14:13
=== LordOfTime is now known as LordOfTime|EC2
psivaahallyn: ok, ill ping utah team to see if they could shed some light. thanks for your time14:14
=== jrgifford__ is now known as jrgifford
hallynpsivaa: ok.  fwiw i started a manual run and it's going ok so far.14:14
hallynstarting to worry this could be a qemu bug on the host...14:14
=== jrgifford is now known as Guest98593
hallynthough really utah bug seems likely :)14:15
psivaahallyn: ok, i assume that you are trying with today or yesterday's image because this issue only came up with yesterday's image14:15
psivaadoanac: would you mind taking a look at utah-10632-saucy-server-amd64 in aldebaran to see if utah is causing the hang please?14:16
hallynpsivaa: no i meant i was running it insside that vm14:17
psivaadoanac: this is a floodlight saucy server test on amd64 and from yesterday the test appear to hang and does not timeout14:17
psivaahallyn: ohh then my question to doanac is more meaningful :)14:18
doanacpsivaa: sure. in a meeting now. so I need a bit14:19
psivaadoanac: sure. can wait. thanks14:20
doanacpsivaa: utah is hung.14:30
doanacthe VM is logging to /var/lib/ubuntu-server-iso-testing/workspace/saucy-server-amd64-smoke-floodlight/log/utah-10632.syslog.log however, utah isn't seeing new messages in that file somehow14:30
doanacpsivaa: please open a bug. this is the first bug i've seen like this live14:32
psivaadoanac: will do, thanks14:36
hadifarnoudmy ubuntu server is under DDoS attack. I managed to block most of it but I'm getting a strange http GET requests. https://gist.github.com/hadifarnoud/c761a50fa53b90befbf114:41
=== Pupeno_ is now known as Pupeno
=== shanemeyers_ is now known as shanemeyers
=== phunyguy_ is now known as phunyguy
kajeMy /boot partition filled up and now apt is choking. I've cleared some space, but I'm getting this error when I try to install anything: http://pastebin.com/bGtWrA1F14:59
kajeWhat should I do to fix this problem?14:59
=== baggar11_ is now known as baggar11
=== whaley_ is now known as whaley
hadifarnoudkaje: ask in #ubuntu. it's very quiet here and your question is more of a general one.15:28
kajeI'm not getting any help there... Can I remove the linux-server package and then install it? Or will that nuke my box?15:30
=== micahg_ is now known as micahg
kajeAnyone else know how I can fix this apt dependency problem? http://pastebin.com/fvczXPZZ15:57
JanCkaje: try to update the package list first?16:05
Semen_Dickmanhii16:09
Semen_Dickmanbut.. is this where gay people talks16:09
Semen_Dickman??16:09
=== Tribaal_ is now known as Tribaal
=== Aww_ is now known as EvilAww
=== Will_ is now known as Guest74441
=== thelionroars_ is now known as thelionroars
pmatulisSemen_Dickman: try #gaygeeks16:33
Semen_DickmanI TRIED #YOURMOTHERSASS IT WAS HOT16:35
=== masACC is now known as maswan
Semen_Dickmaneyy bitch niggaz please help me to uninstall ubuntu16:47
* RoyK looks around for ops16:48
Semen_Dickmanya fuck you nigger ass pussy admin bitch16:48
RoyKthanks16:49
Picilook no further, opman is here16:49
RoyKhehe16:49
=== markthomas1 is now known as markthomas
=== Aww_ is now known as EvilAww
=== manjo` is now known as manjo
=== deegee__ is now known as drussell
=== unreal_ is now known as unreal
adam_g_roaksoax, what do i run to get the latest saucy FPI image in MAAS?17:54
roaksoaxadam_g_: you mean ephemeral image?17:57
adam_g_roaksoax, whatever cloud image ends up booting. theres a cloud-init + upstart issue that should be fixed in a more recent daily17:58
roaksoaxadam_g_: maas-import-ephemerals, but you need to modify /etc/maas/import_ephemerals to use STREAM="daily"17:58
adam_g_roaksoax, thats what i thought, thanks18:01
=== moonligh- is now known as moonlight
=== masACC is now known as maswan
=== andreas__ is now known as ahasenack
savidIf I have custom logs in /var/log/apache2, shouldn't those logs be automatically rotated?19:02
savidThe conf file in /etc/logrotate.d has /var/log/apache2/*.log, however my new logs don't seem to be rotated.19:04
sarnoldsavid: does apache properly close and re-open log files when logrotate asks?19:04
savidsarnold, I have no idea19:05
savidsarnold, I'm not sure how that part works :-/19:05
sarnoldsavid: I expect the logrotate config file says where to find the pid to send which signal...19:06
savidsarnold, well it rotates the other logs just fine19:08
sarnoldsavid: the other _apache_ logs? or..19:08
savidsarnold,  that is, I have _access.log and _error.log,  and those are rotating fine.  But I also have a custom log called _responsetime.log, and that one is not being rotated.19:08
sarnoldsavid: hrm, does apache's configuration need any tweeking to know to close/open _that_ log file as well?19:09
adam_g_smoser, in what log did you notice upstart upgrade borking cloud-init?19:34
smoserno logs19:34
smoseroh.19:35
smoser/var/log/cloud-init-output.log19:35
smoserif the upgrade has upstart or any of its dependencies in it19:35
vmuser1000anyone running geronimo 3.0 on 12.04?19:42
adam_g_smoser, is there somewhere else this info gets published now? https://maas.ubuntu.com/images/query/saucy/ephemeral/daily-dl.current.txt19:51
ChocoboI am having a problem with nova-compute.   NFS needs to be mounted before nova-compute can start.  With upstart is there a way to ensure a certain condition before a service is started?20:13
Chocoboor at the very least try periodicially to start it?20:13
patdk-wk_upstart does both20:14
patdk-wk_start on (remote-filesystems and .......20:14
patdk-wk_respawn limit x x20:15
Chocobopatdk-wk_: this is the default "start on":  start on runlevel [2345]20:15
Chocoboso I could just modify it to:  start on (remote-filesystems and runlevel [2345])20:16
patdk-wk_yep20:16
Chocobothat is pretty bad add actually20:16
Chocobos/add/ass20:16
patdk-wk_heh?20:16
Chocobobad ass.20:16
Chocobopatdk-wk_: thanks20:17
gQuigson fresh reboot, sunrpc debug flags are 020:31
gQuigsbut I have them specified in sysctl.conf and when I run sysctl -p they get set correctly20:31
gQuigswhat am I doing wrong?20:31
gQuigshttp://pastebin.ubuntu.com/5799593/20:31
smoseradam_g_, i dont thinks so.20:42
smoser(wrt maas iamges data)20:42
adam_g_smoser, yea. looks like all other releases have recent ephemerals but saucy20:42
smoserhm.20:42
smoseradam_g_, yeah, they're failing to build. not sure why.20:46
adam_g_smoser, hm ok20:47
LargePrimeI have a few virtual Hosting questions20:48
LargePrimethey are best practice related20:49
LargePrimeshould i ask here or look for a apatche2 channel?20:49
jacobw_LargePrime, we can probably answer most questions about virtual hosts here20:52
LargePrimeis it better to have all of the sies in the conf file or use site-enable20:53
LargePrimeis there a best practice for that20:54
LargePrimeor is it just preference?20:57
gQuigsmy issue was weird openstack issue, works fine in stock vm21:00
smoseradam_g_, ok. maybe i fixed that...21:14
adam_g_smoser, nice21:18
smoseradam_g_, sent mail. that build failed.21:20
adam_g_smoser,thanks.21:21
adam_g_smoser, also did you see my late-night msg last week regarding openstack + m1.tiny?21:21
=== dduffey_afk is now known as dduffey
Vec_Hey guys, i am installing ubuntu server. I am running a BIOS-raid mirror (fakeraid). I am at the point where i choose where to install the GRUB boot loader. Where do i install it? Under /dev/mapper/{array name}? or just /dev/sda ?22:24
shankstaByteshow can i set a chroot on a user account?22:29
xnoxVec_: depends, for intel raid /dev/mapper/{array name}22:30
shankstaBytesi want their home directory to chroot them22:30
xnoxVec_: for others that expose the raid array as /dev/sdX then well /dev/sdX22:30
shankstaBytesis it a permission thing?22:30
shankstaBytesi dont want them to leave that directory22:30
xnoxVec_: you do want to install bootloader on the array.22:31
xnoxshankstaBytes: the two are arthogonal, as it's trivial to escape chroot and get & browse files outside of chroot.22:31
xnoxshankstaBytes: setup an lxc-container and let the person inside that, or a virtual machine and let them inside that only.22:32
sarnoldshankstaBytes: that's miserably difficult. this might be more to your liking: http://wiki.apparmor.net/index.php/Pam_apparmor_example22:32
sarnoldshankstaBytes: xnox's suggestions are also quite good, if the user isn't expected to be able to share data with other users or services on the machine22:33
Vec_xnox: thanks, im on intel arcitechture if thats what you ment. so /dev/mapper/<arrayname> then?22:33
xnoxsarnold: intersting, didn't know about capabilities pam_apparmor22:33
xnoxVec_: yeah22:33
* Vec_ started learning linux today ~22:34
Vec_Alright, when i LS my /mapper i get like, erm, hold on22:34
Vec_"control", "nvidia_cafjdbgb", "nvidia_cafjdbgb1", "nvidia_cafjdbgb2", "nvidia_cafjdbgb5"22:34
shankstaBytessarnold: i think this is more then i am going for22:35
Vec_I assume "nvidia_cafjdbgb" is the name i'm supposed to enter as bootloader install place?22:35
shankstaBytessarnold: i am using vsftp trying to just let a person login to a folder but do nothing elsee22:35
sarnoldshankstaBytes: ah, could be, but it does save the hassle of trying to set up a chroot environment or lxc environments..22:35
sarnoldshankstaBytes: vsftpd has some provisions for chrooting, doesn't it?22:36
shankstaBytessarnold: ya but they dont seem to be working22:36
sarnoldshankstaBytes: aha :) any error messages in the logs?22:36
shankstaBytessarnold: oh im sorry it is working the issue is that the user can login via ssh22:38
shankstaBytesi was just using sftp:// instead of ftp://22:38
sarnoldxnox: pam_apparmor is mighty-heavy artillery, very nice for enforcing some system-wide constraints on users whenever they log in through PAM-aware services...22:39
shankstaBytessarnold: i will have to look into as i have heard good things22:39
sarnoldxnox: but I haven't set it up for myself on my own laptop, so...22:39
sarnoldshankstaBytes: aha! confusing sftp with ftps is too easy and too common.22:39
shankstaBytesxnox: i have looked into lxc containers and they are awesome but i heard not ready for production22:39
xnoxsarnold: =))) well on ubuntu escaping pam is harder than escaping chroot. so that sounds good.22:40
sarnoldxnox: hehehe :)22:40
sarnoldxnox: well put :)22:40
xnoxshankstaBytes: please define "ready for production". It's quite an arbitrary phrase, mostly used as a fake excuse.22:41
xnoxshankstaBytes: it's fully supported to launch ubuntu server, desktop and cloud (with/without cloud init) from 12.04 LTS and up, fully integrated and well supported in main across the board.22:42
shankstaBytesxnox: when i hear that it means i should not use it because the creators don't think it is ready to be used in a real business situation.22:42
shankstaBytesmaybe we are talking about something else22:42
shankstaBytesoh im thinking of docker22:42
Vec_xnox: you were correct, grub loader @ dev/mapper/<arrayname> worked like a charm!22:43
shankstaByteshttp://www.docker.io/22:43
xnoxshankstaBytes: lxc is the most secure, stable, scalable container solution.22:44
xnoxshankstaBytes: i'd not trust docker, but they are working on better/proper underlying lxc foundation so one day it might be good...... but you can use lxc with LTS today ;-)22:44
shankstaBytesxnox: i se22:48
shankstaBytessee*22:48
shankstaBytesfigured out how to disable ssh login that wasn't so bad22:49
shankstaBytesman i was trying to figure out a graphical solution to get done what i wanted but it was really like 5 commands to setup vsftp with chroot and disable ssh login22:49
shankstaBytessome one said it was easy to break out of chroot?  Does that only apply when your logged in via ssh?22:50
sarnoldshankstaBytes: chroot is best considered a convience option than a security option; it _only_ changes the filesystem root for a given process and all its children. it doesn't stop sending signals, IPC, or ptrace; setuid executables can be used to escape, /proc/ can be used to escape, etc.22:51
shankstaBytesahh22:52
shankstaBytesi think in this instance i would be better served just enabling some logging and reviewing it later22:52
sarnoldgiving someone ssh access typically grants a huge pile of tools to users that could probably be combined to escape. but there's nothing magic about ssh being involved that would make it easier or harder22:52
shankstaBytessarnold: is there any way i can monitor all actions on the server by a specific ip?22:52
=== wedgwood is now known as Guest19180
sarnoldshankstaBytes: not particularly easy, since a given remote peer could communicate via a huge number of services, and the actions taken don't necessarily obviously line up with remote-initiated vs local-initiated..22:54
shankstaBytessarnold: i am giving the user access to execute php scripts as well so really if they wanted to they could make a script that allows them to execute some code on it, but i dont think the default www-data user would be allowed to execute code outside of /var/www22:54
shankstaBytesany experience with this?22:54
shankstaBytesi semi-trust them so22:55
sarnoldshankstaBytes: the PAM stack logs logins and logouts to /var/log/auth or /var/log/audit/audit.log (if you've got auditd installed) -- but once authenticated, it is up to each service to log whatever activities would be performed on behalf of the remote user, and something like apache isn't going to go through the PAM stack...22:55
shankstaBytesill probably backup as well22:55
shankstaBytesok22:55
sarnoldshankstaBytes: ooof. defintely look into apparmor or similar tools.22:55
shankstaBytessarnold: its just a test server gonna do some development with a guy22:55
shankstaBytesso not super serious22:55
=== Guest19180 is now known as wedgwood
sarnoldshankstaBytes: okay, so a guy you'd happily give your root password to and ask him to not abuse it. :)22:56
shankstaByteshaha i dont know about that22:56
shankstaBytesi dont trust anyone with my root! :D22:56
shankstaBytesmy time for setup is limited i guess i will just have to take a small risk22:57
sarnoldfair enough22:57
sarnoldyour time is valuable, must be measured against other things you can do :)22:57
shankstaBytessarnold: it doesn't have anything important on it though it is pretty much a new apache setup22:58
sarnolddo consider running that apache/php stuff in an lxc or virtual machine too...22:58
shankstaBytessarnold: what would that involve?22:58
sarnoldshankstaBytes: I've never tried lxc outside of juju, so I'm pretty fuzzy there..22:58
shankstaBytessudo do-magic-container22:58
shankstaBytesthat would be sweet22:59
=== wedgwood is now known as wedgwood_away

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!