[01:29] <JRicketts_> good evening, anyone have a good guide on how to install a LAMP server onto Ubuntu? I am new at this and recently aquired a static IP from comcast and would like to host my own webserver. Its only going to support one site and would like to setup with either ISPconfig or Webmin? Thanks for support
[01:30] <sarnold> JRicketts_: I'd like to strongly recommend staying away from the web frontend things, they are almost always without exception horrible code.
[01:31] <JRicketts_> you know I have heard bad things about all excpet Cpanel, but I don't want to pay 500 bucks. I have heard you can run almost everything from the from the source itself
[01:32] <JRicketts_> I have been reading up on it and have found that Ubuntu is a strong webserver software, was playing around with Centos then heard good and bad about both then went to linux.org and ready a lot of good reviews about Ubuntu, so trying it out
[01:32] <sarnold> JRicketts_: I _think_ if you install the "tasksel" package, you'll be able to "taskel install lamp", or something similar, but I don't think it does anything that you can'd do yourself with "apt-get install apache php5 mysql-server mysql-client" ...
[01:32] <JRicketts_> great thats the exact answer I was looking for
[01:34] <JRicketts_> http://www.howtoforge.com/ubuntu_lamp_for_newbies found this guide on howtoforge, its pretyt old but anyone think its about the same?
[01:36] <sarnold> JRicketts_: I don't immediately see anything wrong with it, that's a plus :) hehe
[01:36] <sarnold> JRicketts_: note also: https://help.ubuntu.com/12.04/serverguide/index.html
[01:37] <JRicketts_> Sarnold, great, thank you for feedback
[01:37] <sarnold> JRicketts_: have fun :)
[01:37] <JRicketts_> i will, i think the only problem I am going to have is when I have everything setup
[01:38] <excalibr> Hello. Anyone is familiar with lxc? Why it takes so long to be ready to use when I start it up with lxc-start?
[01:39] <JRicketts_> I need to portforward so when someone types my domain name it goes to the correct computer on my network, I have my modem bridged by comcast, and my router taking care of the firewall so far. I also have godaddy hosting my DNS and SSL, so I need to figure out how to set that all up, but first need to install LAMP and Ubuntu
[01:41] <sarnold> excalibr: I wonder if you have hit this: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1193594
[01:46] <JRicketts_> stupid ?, should the hostname matter since its on my network?
[01:47] <sarnold> JRicketts_: the name mostly doesn't matter, but i'd avoid giving it a domainname of '.local', newfangled mdns things assume .local is entirely theirs
[01:48] <sarnold> JRicketts_: the hostname will also be customer-facing in some apache error pages, so be tasteful :)
[01:48] <JRicketts_> thanks for adivce
[01:50] <excalibr> sarnold: Nope, can't reproduce it on my ubuntu. Maybe because I'm not using 64-bit ubuntu
[01:53] <JRicketts_> sarnold: would you reccomend setting up the encryption for the home directroy? Its an option during setup? Will that mess with any system files etc to run the LAMP server?
[01:54] <sarnold> JRicketts_: you can set it up if you'd prefer to keep the contents of your home directory encrypted when you are not logged in
[01:54] <sarnold> JRicketts_: it's especially nice if you have multiple users and want to make sure one can't easily get to the other of another user..
[01:55] <sarnold> JRicketts_: since my machines are all single-user machines, I'm content to not use the home-directory encryption and rely upon my hard drive vendor's whole-disk encryption. (Which is iffy, since hard drive vendors sometimes screw it up.)
[01:56] <JRicketts_> Thanks
[01:57] <sarnold> JRicketts_: (note that hard-drive-vendor whole-disk encryption requires a passphrase at boot -- probably not a good idea for unattended server)
[01:58] <JRicketts_> i decided to use the extra security, i am not always around to look at the server and I think it would be a great Idea to do that
[01:58] <JRicketts_> thanks for info on it, it makes since whats it used for
[02:01] <JRicketts_> I just realized i like how Ubuntu has the Package Tasks, I see how it has LAMP in it... Happy camper so far :)
[02:11] <JRicketts_> reccomendations for having openssh installed along with LAMP?
[02:11] <roaksoax> adam_g: still around?
[02:25] <fluvvell> JRicketts_, install ssh - yes!
[02:28] <JRicketts_> i got it :)
[02:30] <JRicketts_> looked i up, quick question for anyone... Got the LAMP server installed and everything working great! I even got the default page up and running... Now this is the hard part for me. I need to point my domain which is hosted by godaddy to my new server. I do have a static IP, but I noticed whe I ogged in onto the server the first time its using the DHCP fromt he routher which I expected, How do I portforward any req
[02:31] <JRicketts_> setup but just don't know how to setup through ubuntu, I did make it static IP on ubuntu
[02:34] <JRicketts_> found how to edit Ubuntu https://help.ubuntu.com/12.04/serverguide/network-configuration.html
[02:34] <JRicketts_> sorry will look further before asking stupid ?s lol
[03:04]  * JRicketts_ is now away - Reason : Auto-Away (Away from Keyboard for 30 minutes)
[03:35] <JRicketts_> anyone avaiable to assit in IP configs behind a firewall? I have searched the internet and just confused? Trying to access server from another source using my domain name from godaddy
[03:35]  * JRicketts_ is no longer away - Gone for 30 mins 40 secs
[04:00] <adam_g> roaksoax, heren ow
[04:05]  * JRicketts_ is now away - Reason : Auto-Away (Away from Keyboard for 30 minutes)
[04:05] <ScottK> !away | JRicketts_
[09:43] <iliv> hi, I was applying updates and I "lost" a couple of updates. Meaning, I saw in apt-get -s dist-upgrade output "Inst python-libvirt [0.9.8-2ubuntu17.8] (0.9.8-2ubuntu17.10 Ubuntu:12.04/precise-updates [amd64])" this line, and after running apt-get update followed up with apt-get install ...
[09:43] <iliv> ... libpython2.7 python python-minimal python2.7 python2.7-minimal (i.e. deliberately omitting python-libvirt and other libvirt packages) apt now reports that a) the update is no longer there available b) current version of python-libvirt is still 0.9.8-2ubuntu17.8, i.e. the old one. Looks like ...
[09:43] <iliv> ... nothing was upgraded (and that's good), but the updates are gone (that's bad). Has anyone ever run into a situation like this before?
[11:18] <hadifarnoud> my ubuntu server is under DDoS attack. I managed to block most of it but I'm getting a strange http GET requests. https://gist.github.com/hadifarnoud/c761a50fa53b90befbf1
[12:49] <thelionroars> Can anyone tell me what this means: pam_unix(login:account): account xxx has password changed in future
[12:53] <zul> jamespage:  so would you be upset if i didnt include mongodb and happybase for ceilometer MIR
[13:01] <zul> jamespage:  and we definently need new kombu otherwise ceilometer isnt going to work
[13:46] <aandy> hi guys, i'm trying to force setting a pw (with passwd) via ssh, which fails for one of two generic reasons: Permissions denied, or Unexpected failure. Password file/table unchanged". the error happens when trying to put the cmd as part of the ssh cmd line, and not if it is separated (ssh line to login, then manually typing passwd), which leads me to believe it's a tty issue. any ideas how i can proceed?
[13:51] <aandy> i can generate the hashed pw, but i'd really prefer NOT tampering with the shadow file myself (very ugly and error prone solution for what should be a trivial problem)
[13:52] <psivaa> hallyn: sorry to bother you again but the floodlight test appears to hang and the bug (bug #1181315)that was impacting the test does not seem to be the reason for this hang afaik
[13:52] <psivaa> hallyn: there is a VM active with this issue in the server if you'd like to investigate
[14:04] <hallyn> psivaa: which vm?
[14:05] <psivaa> hallyn: utah-10632-saucy-server-amd64
[14:08] <hallyn> psivaa: looks like utah itself may be hung?  I see:
[14:08] <hallyn> root      2584  2478  0 08:01 ?        00:00:01 python /usr/bin/utah -f yaml -r /tmp/floodlight.run -o /var/lib/utah/utah.out
[14:08] <hallyn> root      2603  2584  0 08:02 ?        00:00:00 [sh] <defunct>
[14:11] <psivaa> hallyn: probably.. but i was not sure why this only happens with floodlight tests. i was wondering if the following is any reason
[14:11] <psivaa> 107       7065  0.5 36.7 1175516 184788 ?      Ssl  09:19   0:16 java -Dpython.home=/usr/share/jython -Dlogback.configurationFile=/etc/floodlight/logba
[14:13] <hallyn> psivaa: could be.  but i don't know what that is, or the floodlight tests for that matter
[14:14] <psivaa> hallyn: ok, ill ping utah team to see if they could shed some light. thanks for your time
[14:14] <hallyn> psivaa: ok.  fwiw i started a manual run and it's going ok so far.
[14:14] <hallyn> starting to worry this could be a qemu bug on the host...
[14:15] <hallyn> though really utah bug seems likely :)
[14:15] <psivaa> hallyn: ok, i assume that you are trying with today or yesterday's image because this issue only came up with yesterday's image
[14:16] <psivaa> doanac: would you mind taking a look at utah-10632-saucy-server-amd64 in aldebaran to see if utah is causing the hang please?
[14:17] <hallyn> psivaa: no i meant i was running it insside that vm
[14:17] <psivaa> doanac: this is a floodlight saucy server test on amd64 and from yesterday the test appear to hang and does not timeout
[14:18] <psivaa> hallyn: ohh then my question to doanac is more meaningful :)
[14:19] <doanac> psivaa: sure. in a meeting now. so I need a bit
[14:20] <psivaa> doanac: sure. can wait. thanks
[14:30] <doanac> psivaa: utah is hung.
[14:30] <doanac> the VM is logging to /var/lib/ubuntu-server-iso-testing/workspace/saucy-server-amd64-smoke-floodlight/log/utah-10632.syslog.log however, utah isn't seeing new messages in that file somehow
[14:32] <doanac> psivaa: please open a bug. this is the first bug i've seen like this live
[14:36] <psivaa> doanac: will do, thanks
[14:41] <hadifarnoud> my ubuntu server is under DDoS attack. I managed to block most of it but I'm getting a strange http GET requests. https://gist.github.com/hadifarnoud/c761a50fa53b90befbf1
[14:59] <kaje> My /boot partition filled up and now apt is choking. I've cleared some space, but I'm getting this error when I try to install anything: http://pastebin.com/bGtWrA1F
[14:59] <kaje> What should I do to fix this problem?
[15:28] <hadifarnoud> kaje: ask in #ubuntu. it's very quiet here and your question is more of a general one.
[15:30] <kaje> I'm not getting any help there... Can I remove the linux-server package and then install it? Or will that nuke my box?
[15:57] <kaje> Anyone else know how I can fix this apt dependency problem? http://pastebin.com/fvczXPZZ
[16:05] <JanC> kaje: try to update the package list first?
[16:09] <Semen_Dickman> hii
[16:09] <Semen_Dickman> but.. is this where gay people talks
[16:09] <Semen_Dickman> ??
[16:33] <pmatulis> Semen_Dickman: try #gaygeeks
[16:35] <Semen_Dickman> I TRIED #YOURMOTHERSASS IT WAS HOT
[16:47] <Semen_Dickman> eyy bitch niggaz please help me to uninstall ubuntu
[16:48]  * RoyK looks around for ops
[16:48] <Semen_Dickman> ya fuck you nigger ass pussy admin bitch
[16:49] <RoyK> thanks
[16:49] <Pici> look no further, opman is here
[16:49] <RoyK> hehe
[17:54] <adam_g_> roaksoax, what do i run to get the latest saucy FPI image in MAAS?
[17:57] <roaksoax> adam_g_: you mean ephemeral image?
[17:58] <adam_g_> roaksoax, whatever cloud image ends up booting. theres a cloud-init + upstart issue that should be fixed in a more recent daily
[17:58] <roaksoax> adam_g_: maas-import-ephemerals, but you need to modify /etc/maas/import_ephemerals to use STREAM="daily"
[18:01] <adam_g_> roaksoax, thats what i thought, thanks
[19:02] <savid> If I have custom logs in /var/log/apache2, shouldn't those logs be automatically rotated?
[19:04] <savid> The conf file in /etc/logrotate.d has /var/log/apache2/*.log, however my new logs don't seem to be rotated.
[19:04] <sarnold> savid: does apache properly close and re-open log files when logrotate asks?
[19:05] <savid> sarnold, I have no idea
[19:05] <savid> sarnold, I'm not sure how that part works :-/
[19:06] <sarnold> savid: I expect the logrotate config file says where to find the pid to send which signal...
[19:08] <savid> sarnold, well it rotates the other logs just fine
[19:08] <sarnold> savid: the other _apache_ logs? or..
[19:08] <savid> sarnold,  that is, I have _access.log and _error.log,  and those are rotating fine.  But I also have a custom log called _responsetime.log, and that one is not being rotated.
[19:09] <sarnold> savid: hrm, does apache's configuration need any tweeking to know to close/open _that_ log file as well?
[19:34] <adam_g_> smoser, in what log did you notice upstart upgrade borking cloud-init?
[19:34] <smoser> no logs
[19:35] <smoser> oh.
[19:35] <smoser> /var/log/cloud-init-output.log
[19:35] <smoser> if the upgrade has upstart or any of its dependencies in it
[19:42] <vmuser1000> anyone running geronimo 3.0 on 12.04?
[19:51] <adam_g_> smoser, is there somewhere else this info gets published now? https://maas.ubuntu.com/images/query/saucy/ephemeral/daily-dl.current.txt
[20:13] <Chocobo> I am having a problem with nova-compute.   NFS needs to be mounted before nova-compute can start.  With upstart is there a way to ensure a certain condition before a service is started?
[20:13] <Chocobo> or at the very least try periodicially to start it?
[20:14] <patdk-wk_> upstart does both
[20:14] <patdk-wk_> start on (remote-filesystems and .......
[20:15] <patdk-wk_> respawn limit x x
[20:15] <Chocobo> patdk-wk_: this is the default "start on":  start on runlevel [2345]
[20:16] <Chocobo> so I could just modify it to:  start on (remote-filesystems and runlevel [2345])
[20:16] <patdk-wk_> yep
[20:16] <Chocobo> that is pretty bad add actually
[20:16] <Chocobo> s/add/ass
[20:16] <patdk-wk_> heh?
[20:16] <Chocobo> bad ass.
[20:17] <Chocobo> patdk-wk_: thanks
[20:31] <gQuigs> on fresh reboot, sunrpc debug flags are 0
[20:31] <gQuigs> but I have them specified in sysctl.conf and when I run sysctl -p they get set correctly
[20:31] <gQuigs> what am I doing wrong?
[20:31] <gQuigs> http://pastebin.ubuntu.com/5799593/
[20:42] <smoser> adam_g_, i dont thinks so.
[20:42] <smoser> (wrt maas iamges data)
[20:42] <adam_g_> smoser, yea. looks like all other releases have recent ephemerals but saucy
[20:42] <smoser> hm.
[20:46] <smoser> adam_g_, yeah, they're failing to build. not sure why.
[20:47] <adam_g_> smoser, hm ok
[20:48] <LargePrime> I have a few virtual Hosting questions
[20:49] <LargePrime> they are best practice related
[20:49] <LargePrime> should i ask here or look for a apatche2 channel?
[20:52] <jacobw_> LargePrime, we can probably answer most questions about virtual hosts here
[20:53] <LargePrime> is it better to have all of the sies in the conf file or use site-enable
[20:54] <LargePrime> is there a best practice for that
[20:57] <LargePrime> or is it just preference?
[21:00] <gQuigs> my issue was weird openstack issue, works fine in stock vm
[21:14] <smoser> adam_g_, ok. maybe i fixed that...
[21:18] <adam_g_> smoser, nice
[21:20] <smoser> adam_g_, sent mail. that build failed.
[21:21] <adam_g_> smoser,thanks.
[21:21] <adam_g_> smoser, also did you see my late-night msg last week regarding openstack + m1.tiny?
[22:24] <Vec_> Hey guys, i am installing ubuntu server. I am running a BIOS-raid mirror (fakeraid). I am at the point where i choose where to install the GRUB boot loader. Where do i install it? Under /dev/mapper/{array name}? or just /dev/sda ?
[22:29] <shankstaBytes> how can i set a chroot on a user account?
[22:30] <xnox> Vec_: depends, for intel raid /dev/mapper/{array name}
[22:30] <shankstaBytes> i want their home directory to chroot them
[22:30] <xnox> Vec_: for others that expose the raid array as /dev/sdX then well /dev/sdX
[22:30] <shankstaBytes> is it a permission thing?
[22:30] <shankstaBytes> i dont want them to leave that directory
[22:31] <xnox> Vec_: you do want to install bootloader on the array.
[22:31] <xnox> shankstaBytes: the two are arthogonal, as it's trivial to escape chroot and get & browse files outside of chroot.
[22:32] <xnox> shankstaBytes: setup an lxc-container and let the person inside that, or a virtual machine and let them inside that only.
[22:32] <sarnold> shankstaBytes: that's miserably difficult. this might be more to your liking: http://wiki.apparmor.net/index.php/Pam_apparmor_example
[22:33] <sarnold> shankstaBytes: xnox's suggestions are also quite good, if the user isn't expected to be able to share data with other users or services on the machine
[22:33] <Vec_> xnox: thanks, im on intel arcitechture if thats what you ment. so /dev/mapper/<arrayname> then?
[22:33] <xnox> sarnold: intersting, didn't know about capabilities pam_apparmor
[22:33] <xnox> Vec_: yeah
[22:34]  * Vec_ started learning linux today ~
[22:34] <Vec_> Alright, when i LS my /mapper i get like, erm, hold on
[22:34] <Vec_> "control", "nvidia_cafjdbgb", "nvidia_cafjdbgb1", "nvidia_cafjdbgb2", "nvidia_cafjdbgb5"
[22:35] <shankstaBytes> sarnold: i think this is more then i am going for
[22:35] <Vec_> I assume "nvidia_cafjdbgb" is the name i'm supposed to enter as bootloader install place?
[22:35] <shankstaBytes> sarnold: i am using vsftp trying to just let a person login to a folder but do nothing elsee
[22:35] <sarnold> shankstaBytes: ah, could be, but it does save the hassle of trying to set up a chroot environment or lxc environments..
[22:36] <sarnold> shankstaBytes: vsftpd has some provisions for chrooting, doesn't it?
[22:36] <shankstaBytes> sarnold: ya but they dont seem to be working
[22:36] <sarnold> shankstaBytes: aha :) any error messages in the logs?
[22:38] <shankstaBytes> sarnold: oh im sorry it is working the issue is that the user can login via ssh
[22:38] <shankstaBytes> i was just using sftp:// instead of ftp://
[22:39] <sarnold> xnox: pam_apparmor is mighty-heavy artillery, very nice for enforcing some system-wide constraints on users whenever they log in through PAM-aware services...
[22:39] <shankstaBytes> sarnold: i will have to look into as i have heard good things
[22:39] <sarnold> xnox: but I haven't set it up for myself on my own laptop, so...
[22:39] <sarnold> shankstaBytes: aha! confusing sftp with ftps is too easy and too common.
[22:39] <shankstaBytes> xnox: i have looked into lxc containers and they are awesome but i heard not ready for production
[22:40] <xnox> sarnold: =))) well on ubuntu escaping pam is harder than escaping chroot. so that sounds good.
[22:40] <sarnold> xnox: hehehe :)
[22:40] <sarnold> xnox: well put :)
[22:41] <xnox> shankstaBytes: please define "ready for production". It's quite an arbitrary phrase, mostly used as a fake excuse.
[22:42] <xnox> shankstaBytes: it's fully supported to launch ubuntu server, desktop and cloud (with/without cloud init) from 12.04 LTS and up, fully integrated and well supported in main across the board.
[22:42] <shankstaBytes> xnox: when i hear that it means i should not use it because the creators don't think it is ready to be used in a real business situation.
[22:42] <shankstaBytes> maybe we are talking about something else
[22:42] <shankstaBytes> oh im thinking of docker
[22:43] <Vec_> xnox: you were correct, grub loader @ dev/mapper/<arrayname> worked like a charm!
[22:43] <shankstaBytes> http://www.docker.io/
[22:44] <xnox> shankstaBytes: lxc is the most secure, stable, scalable container solution.
[22:44] <xnox> shankstaBytes: i'd not trust docker, but they are working on better/proper underlying lxc foundation so one day it might be good...... but you can use lxc with LTS today ;-)
[22:48] <shankstaBytes> xnox: i se
[22:48] <shankstaBytes> see*
[22:49] <shankstaBytes> figured out how to disable ssh login that wasn't so bad
[22:49] <shankstaBytes> man i was trying to figure out a graphical solution to get done what i wanted but it was really like 5 commands to setup vsftp with chroot and disable ssh login
[22:50] <shankstaBytes> some one said it was easy to break out of chroot?  Does that only apply when your logged in via ssh?
[22:51] <sarnold> shankstaBytes: chroot is best considered a convience option than a security option; it _only_ changes the filesystem root for a given process and all its children. it doesn't stop sending signals, IPC, or ptrace; setuid executables can be used to escape, /proc/ can be used to escape, etc.
[22:52] <shankstaBytes> ahh
[22:52] <shankstaBytes> i think in this instance i would be better served just enabling some logging and reviewing it later
[22:52] <sarnold> giving someone ssh access typically grants a huge pile of tools to users that could probably be combined to escape. but there's nothing magic about ssh being involved that would make it easier or harder
[22:52] <shankstaBytes> sarnold: is there any way i can monitor all actions on the server by a specific ip?
[22:54] <sarnold> shankstaBytes: not particularly easy, since a given remote peer could communicate via a huge number of services, and the actions taken don't necessarily obviously line up with remote-initiated vs local-initiated..
[22:54] <shankstaBytes> sarnold: i am giving the user access to execute php scripts as well so really if they wanted to they could make a script that allows them to execute some code on it, but i dont think the default www-data user would be allowed to execute code outside of /var/www
[22:54] <shankstaBytes> any experience with this?
[22:55] <shankstaBytes> i semi-trust them so
[22:55] <sarnold> shankstaBytes: the PAM stack logs logins and logouts to /var/log/auth or /var/log/audit/audit.log (if you've got auditd installed) -- but once authenticated, it is up to each service to log whatever activities would be performed on behalf of the remote user, and something like apache isn't going to go through the PAM stack...
[22:55] <shankstaBytes> ill probably backup as well
[22:55] <shankstaBytes> ok
[22:55] <sarnold> shankstaBytes: ooof. defintely look into apparmor or similar tools.
[22:55] <shankstaBytes> sarnold: its just a test server gonna do some development with a guy
[22:55] <shankstaBytes> so not super serious
[22:56] <sarnold> shankstaBytes: okay, so a guy you'd happily give your root password to and ask him to not abuse it. :)
[22:56] <shankstaBytes> haha i dont know about that
[22:56] <shankstaBytes> i dont trust anyone with my root! :D
[22:57] <shankstaBytes> my time for setup is limited i guess i will just have to take a small risk
[22:57] <sarnold> fair enough
[22:57] <sarnold> your time is valuable, must be measured against other things you can do :)
[22:58] <shankstaBytes> sarnold: it doesn't have anything important on it though it is pretty much a new apache setup
[22:58] <sarnold> do consider running that apache/php stuff in an lxc or virtual machine too...
[22:58] <shankstaBytes> sarnold: what would that involve?
[22:58] <sarnold> shankstaBytes: I've never tried lxc outside of juju, so I'm pretty fuzzy there..
[22:58] <shankstaBytes> sudo do-magic-container
[22:59] <shankstaBytes> that would be sweet