[00:40] <benpardo> I'm very new to setting up my own server. I'm working with Nodejs and it seems like things are going well, but I'm having trouble making my site accessible beyond localhost. Is anyone willing to take just a little time to talk with me and answer questions? I would really appreciate it. Thank you.
[00:43] <pmatulis> !ask | benpardo
[00:44] <Patrickdk> !ask pmatulis
[00:44] <Patrickdk> it won't ask you :(
[00:45] <benpardo> Thank you ubottu! Glad to!
[00:45]  * ObrienDave blinks
[00:46] <benpardo> Why is my Ubunto server only working with local host and not fulfilling requests from the public internets?
[00:46] <Patrickdk> you have the firewall tuned on
[00:46] <Patrickdk> you configured your application incorrectly
[00:47] <Patrickdk> you could have done a million other things
[00:47] <pmatulis> there is no cable where it should be
[00:47] <Patrickdk> we could guess for the next 10years
[00:47] <benpardo> I'm hosting on digital ocean
[00:47] <benpardo> How can I check that my firewall is turned on?
[00:48] <pmatulis> benpardo: what is the public IP address?
[00:48] <benpardo> Patrickdk, I'm glad to make it easy for everyone to gather knowledge about my problem. I'm just trying to find ways to work at it.
[00:48] <Patrickdk> netstat would be a good starting place
[00:48] <Patrickdk> followed by tcpdump
[00:48] <benpardo> http://104.131.102.147
[00:48] <Patrickdk> and your config
[00:48] <benpardo> what is my config?
[00:48] <benpardo> How can I evaluate it
[00:49] <Patrickdk> I dunno, I didn't install nodejs
[00:49] <Patrickdk> you claim you did though
[00:49] <benpardo> pmatulis, would you like me to make the server listen?
[00:49] <benpardo> Patrickdk, I did install nodejs
[00:50] <benpardo> I'm not running a highly sophisticated operation. I have metalsmith.io generating static pages and serving them with metalsmith-serve
[00:51] <pmatulis> benpardo: what port is you web server supposed to be listening on?
[00:52] <benpardo> pmatulis: I just launched the app. I'm listening at port 8080
[00:52] <pmatulis> benpardo: confirmed
[00:52] <benpardo> pmatulis, what is confirmed?
[00:53] <pmatulis> benpardo: it is listening on that port
[00:53] <benpardo> pmatulis, how do you know that?
[00:53] <pmatulis> benpardo: but nothing loads when i point my client at that IP and port
[00:53] <benpardo> pmatulis, so it is publicly available
[00:53] <pmatulis> benpardo: i scanned that IP for that port
[00:54] <benpardo> what application did you us on linux?
[00:54] <pmatulis> benpardo: but it says 'filtered'
[00:55] <benpardo> pmatulis: what does that mean?
[00:56] <benpardo> pmatulis: also, the site works on local host.
[00:56] <benpardo> when I connect
[00:57] <pmatulis> benpardo: since this is a cloud instance, normally you need to set up a security group.  it's essentially a firewall at the cloud level.  did you do that?
[00:58] <benpardo> pmatulis: I did not. How do I?
[00:58] <pmatulis> benpardo: using the digital ocean control panel thingy
[00:59]  * pmatulis has never used DO
[01:00] <benpardo> pmatulis: I think I found the lever. It has a button you can push to make it publicly available ipv6
[01:00] <benpardo> Do you think that is it?
[01:02] <pmatulis> benpardo: looks like i am AWS-centric.  DO does stuff differently.  it looks like you simply need to configure the firewall local to the instance (directly with iptables)
[01:02] <benpardo> pmatulis, can you try what you did again?
[01:02] <pmatulis> https://www.exratione.com/2013/06/a-few-notes-on-migrating-an-ubuntu-instance-from-aws-to-digital-ocean/
[01:02] <pmatulis> benpardo: no change
[01:03] <pmatulis> benpardo: hint, use ufw as a frontend to iptables
[01:04] <benpardo> pmatulis: Thank you. This is helping me. I don't feel like I'm floating on a raft any more. I've got stuff I can try.
[01:04] <benpardo> I really appreciate it.
[01:04] <pmatulis> benpardo: great.  come back with more specific questions and someone will surely help
[01:05] <benpardo> pmatulis: Thank you so much. I've got some stuff to work with now
[01:40] <benpardo> pmatulis: just setup my firewall. Still having the same problem at the same port: 8080
[01:47] <pmatulis> benpardo: what is the output of 'sudo iptables -L -n' ?  use a pastebin
[01:50] <benpardo> http://pastebin.com/hWH24Yxr
[01:50] <benpardo> pmatulis, voila: http://pastebin.com/hWH24Yxr
[01:51] <cryptodan> benpardo: what is your site's url?
[01:51] <benpardo> mindfire.vision
[01:52] <cryptodan> I dont think .vision is a TLD
[01:55] <benpardo> cryptodan: .vision is a new top level domain
[01:57] <cryptodan> I dont see it listed on godaddy
[01:59] <cryptodan> benpardo: port 80 is not available on that domain
[02:00] <pmatulis> benpardo: i do not see TCP port 8080 in your rules and i believe (i'm not an iptables expert) you have 'deny by default' for the 'public' chain
[02:00] <benpardo> cryptodan: do you want to see what ufw status says?
[02:00] <cryptodan> benpardo: [cryptodan@alphacentari ~ ]$ curl 104.131.102.147
[02:00] <cryptodan> curl: (7) Failed to connect to 104.131.102.147 port 80: No route to host
[02:00] <cryptodan> [cryptodan@alphacentari ~ ]$ curl mindfire.vision
[02:00] <cryptodan> curl: (7) Failed to connect to mindfire.vision port 80: No route to host
[02:01] <pmatulis> benpardo: you can always save your rules, flush them, and test.  in addition, you should see block messages in the kernel log
[02:02] <pmatulis> benpardo: of course make sure the server is listening on TCP port 8080 on the appropriate interface.  use netstat or lsof to test that
[02:03] <benpardo> pmatuslis: This is helping.
[02:04] <benpardo> cryptodan: you both are helping very much.
[02:04] <benpardo> I'm going to try more and come back
[02:04] <cryptodan> also check your port assignment in your config and see if its on 8080 or 80 there
[02:06] <pmatulis> sudo lsof -i:8080 -n
[05:43] <lickalott> gents, when I run a showmount -a I see mounts to my server from an internal class C address that doesn't currently exist on my network.  <-- that's 1.
[05:43] <lickalott> #2 is; I had to rebuild my windows box (reload OS) and now I can't access the NFS mounts from my ubuntu server without changing permissions for the world to 5.  it wasn't like this before the rebuild.  I don't want to leave all that stuff open like that.  Any ideas?
[11:27] <samba35> i am faceing problem with apt-get install xxx ,when i try to install any package i got error http://paste.ubuntu.com/9658949/
[11:27] <samba35> some time back i was getting error with half-installed
[11:28] <samba35> i dont have kernel  3.13.0-43  i have 3.13.0-41-generic
[14:29] <lnxmen> hello
[14:29] <lnxmen> Why do my server refuses to load images via SSL?
[14:30] <lnxmen> What do you need to help me?
[14:30] <lnxmen> Developer Tool (Chromium) shows me: net::ERR_INSECURE_RESPONSE error.
[14:32] <Patrickdk> hmm, servers don't load images
[14:32] <Patrickdk> browsers do
[14:33] <lnxmen> Patrickdk: Yes, sorry.
[14:33] <Patrickdk> so what is the actual problem?
[14:33] <lnxmen> When I load page via browser I can see net::ERR_INSECURE_RESPONSE error for every image.
[14:34] <lnxmen> But it's only if I am using SSL.
[14:34] <Patrickdk> well, fix your webpage then
[14:34] <lnxmen> Yes, it's mine.
[14:34] <Patrickdk> this isn't exactly #html
[14:34] <lnxmen> It's apache configuration, and os is Ubuntu.
[14:34] <Patrickdk> what does that have to do with anything?
[14:35] <Patrickdk> did apache or ubuntu write your html page?
[14:35] <lnxmen> Actually, paths are okay.
[14:35] <Patrickdk> no one said anything about paths
[14:35] <lnxmen> So html page is also okay.
[14:35] <Patrickdk> no it's not
[14:35] <Patrickdk> you just said you got err_insecure_response
[14:35] <lnxmen> html code is okay itself.
[14:35] <Patrickdk> no it's not
[14:36] <Patrickdk> if it was, you wouldn't have err_insecure_response
[14:36] <lnxmen> I am sure it is.
[14:36] <Patrickdk> that is why you are having a problem
[14:36] <Patrickdk> cause you refuse to look at the source of the problem, cause you believe it's not the problem
[14:36] <lnxmen> Patrickdk: I am moving site from old server.
[14:36] <lnxmen> It worked.
[14:36] <lnxmen> I think the problem is vhost/htaccess configuration.
[14:37] <lnxmen> But I can't figure it out.
[14:39] <lnxmen> Patrickdk: okay, browser need to accept SSL certificate after some time.
[14:40] <lnxmen> Just two clicks, and it works. lol
[14:40] <lnxmen> Patrickdk: Anyway, thank you for your help.
[15:06] <rberg-> I find that in Ubuntu 12.04 ssh gets started in the chroot when I am imaging with pxe / debootstrap, even with a policy-rc.d diversion, does anybody know of a solution for that?
[18:52] <blackyboy> btrfs now in production environment ? Can i use in production ?
[20:09] <Annoyed> Greetings
[20:10] <Annoyed> Are there any known issues with ufw on server 14.04 LTS ?
[20:11] <bekks> Annoyed: Why?
[20:13] <Annoyed> Following the directions at https://help.ubuntu.com/lts/serverguide/firewall.html, specifically the IP masq. section doesn't allow inside machines to access the net... they can get to the server inside inteface, but nothing further. The server box itself is fine...   and killing ufw, rebooting and manually entering the iptables command does allow access
[20:13] <Annoyed> iptables -t nat -A POSTROUTING -s 172.16.0.0/24 -o p2p1 -j MASQUERADE   does work though.
[20:16] <cryptodan> p2p1 does not look like a valid interface
[20:16] <Annoyed> It is on this system
[20:16] <cryptodan> can you do an ifconfig and dpaste.com the results
[20:16] <Annoyed> damned renaming tning
[20:16] <Annoyed> thing, even
[20:18] <Annoyed> http://dpaste.com/0VC3J0H
[20:18] <cryptodan> Annoyed: what kind of interfaces are those dial up?
[20:19] <Annoyed> ethernet
[20:19] <cryptodan> they should be eth0 and eth1 then
[20:19] <Annoyed> Ubuntu renames things
[20:19] <cryptodan> no it doesnt
[20:19] <Annoyed> Yes, it does
[20:19] <cryptodan> Uh no
[20:19] <cryptodan> I have Ubuntu 14.04 LTS Server and it specifies eth1 for my ethernet port
[20:21] <Annoyed> Well, you can see the ifconfig output. And those designations work for all other networking related.. as we all manually entering the iptables command
[20:23] <Annoyed> Could it be that ufw doesn't like the renaming bit?
[20:24] <cryptodan> why not rename them from p2p1 to eth0 and eth1 and the p's to me signify some kind of point to point or dial up interfaces
[20:25] <Annoyed> That's what it did out of the box, and everything else is configured using those names.
[20:25] <cryptodan> so is this an andriod?
[20:25] <Annoyed> Nope. PC
[20:25] <cryptodan> because I did a google for p2p0 and it came up with mobile phones and nothing about personal computers
[20:25] <rberg-> thats caused by the biosdevname package I believe
[20:25] <rberg-> p for pci
[20:26] <Annoyed> That is what the system refers to the interfaces as.
[20:26] <Annoyed> Anyway, I don't have time to spend on it any more right now. Just wanted to see if there are any known issues
[20:27] <rberg-> ok, I dont know anything about ufw, I do know why your interface is named that way :)
[20:28] <cryptodan> remove that package and see if ufw will work
[20:29] <Annoyed> heh. I know what files I've set up using the p2P1 / p3p1 names, but I have no idea what may have been autogenerated, and am hesitant to break that.
[20:29] <rberg-> delete /etc/udev/rules.d/70-persistent-net.rules and add "biosdevname=0" to the kernel cmdline and reboot to disable
[20:31] <Annoyed> Maybe I'll try that... but later. I got to git.. thanks for the suggestion
[20:50] <Crell> Mystery kernel errors are the bane of my existence...
[23:03] <kevinde> On a Ubuntu server, what would be the best place to download a tar.gz file that has to be extracted, compiled & installed?
[23:03] <kevinde>  /tmp?
[23:06] <andol> kevinde: The best place wouldn't be on the server at all, but rather rather on your workstation, where you build a Deb package to install on the server. Yet, if you insists on compiling it on the server I guess I'd go with /usr/local/src, it always being a good thing keeping a copy of the install source.
[23:07] <kevinde> andol: Thank you :)
[23:08] <cryptodan> kevinde: first look for the package or application via apt-cache search
[23:08] <kevinde> That is always the latest version right?
[23:09] <cryptodan> its the latest of whats ever in the repo
[23:25] <Annoyed> Greetings again
[23:27] <Annoyed> Still having fun w/iptables..  I wasn't able to get it going with ufw.. I tried manually entering " <Annoyed> Anyway, I don't have time to spend on it any more right now. Just wanted to see if there
[23:27] <Annoyed>           are any known issues
 ok, I dont know anything about ufw, I do know why your interface is named that way :)
 remove that package and see if ufw will work
 heh. I know what files I've set up using the p2P1 / p3p1 names, but I have no idea what
[23:27] <Annoyed>           may have been autogenerated, and am hesitant to break that.
 delete /etc/udev/rules.d/70-persistent-net.rules and add "biosdevname=0" to the kernel
[23:27] <Annoyed>          cmdline and reboot to disable
[23:27] <Annoyed> Ung.. sorry
[23:28] <Annoyed> let me start that over.
[23:28] <Annoyed> Still having fun w/iptables..  I wasn't able to get it going with ufw..
[23:29] <cryptodan> what made you install that biosdevname package?
[23:32] <Annoyed> tried entering "iptables -t nat -A POSTROUTING -s 172.16.0.0/24 -o p2p1 -j MASQUERADE" at the command line, and it worked.. allowed inside machines to see the net.. Since then, I have shut the machine down.. and restarted it. and it still works.. but now I don't understand why it is working. I had NOT saved the riles before shutdown
[23:33] <Annoyed> cryptodan: I didn't install it.. installion put it in there
[23:33] <teward> Annoyed: check and see if the rules are still in place - iptables -t nat -L
[23:33] <teward> if it's still present just remove the rule/
[23:36] <Annoyed> It's not.. since I didn't save the rule, I don't get how it can still be active
[23:36] <Annoyed> root@unimatrix0:/etc# iptables -t nat -L
[23:36] <Annoyed> Chain PREROUTING (policy ACCEPT)
[23:36] <Annoyed> target     prot opt source               destination
[23:36] <Annoyed> Chain INPUT (policy ACCEPT)
[23:36] <Annoyed> target     prot opt source               destination
[23:36] <Annoyed> Chain OUTPUT (policy ACCEPT)
[23:36] <Annoyed> target     prot opt source               destination
[23:36] <Annoyed> Chain POSTROUTING (policy ACCEPT)
[23:36] <Annoyed> target     prot opt source               destination
[23:37] <Annoyed> where would it save it? there is no iptables directory in /etc
[23:37] <cryptodan> iptables.save
[23:38] <Annoyed> root@unimatrix0:/etc# ls -l iptables.save
[23:38] <Annoyed> ls: cannot access iptables.save: No such file or directory
[23:39] <cryptodan> I would simply remove that package and go back to eth0 or eth1
[23:40] <cryptodan> if it was a required package, I am sure that I would have it installed on my install
[23:40] <Annoyed> cryptodan: I don't think the device name is the problem. If it was, the raw iptables command wouldn't have got it working, 'cause iptables would not know the device name
[23:41] <Annoyed> Well, it installed on its own when I installed 14.04.1 server
[23:42] <cryptodan> well if you want to use ufw, then youll need to go back to eth0
[23:43] <Annoyed> Now i can't figure out why it is STILL working after reboot. iptables isn't persistant unless the rules are saved SOMEWHERE.
[23:45] <cryptodan> once you write them they are saved
[23:46] <Annoyed> That's just it. I *didn't* successfully write them
[23:46] <Annoyed> Tried a few times, didn't recall the command right and got errors
[23:47] <cryptodan> can you scroll up in your buffer and see the commands?
[23:48] <Annoyed> iptables -t nat -A POSTROUTING -s 172.16.0.0/24 -o p2p1 -j MASQUERADE
[23:48] <Annoyed> iptables save /root/iptables
[23:48] <Annoyed> iptables-save /root/iptables
[23:49] <Annoyed> and there is no file called iptables in /root
[23:49] <cryptodan> look for iptables-save
[23:50] <Annoyed> so I'm at a loss as to how the inside machine can get on the 'net
[23:50] <cryptodan> are you trying to setup a router?
[23:50] <Annoyed> yes
[23:51] <Annoyed> root@unimatrix0:/etc# grep -i -R iptables-save *   comes back with nothing
[23:51] <cryptodan> Annoyed: here https://help.ubuntu.com/community/Router
[23:57] <Annoyed> bah
[23:59] <Annoyed> is it possible that iptables sees forwarding turned on in sysctl.conf and figures out out on its own?