=== markthomas is now known as markthomas|away
=== denbeiren is now known as zz_denbeiren
=== Tm_Tr is now known as Guest46635
nox_42I am trying to use nginx to load balance two nginx web servers and I am getting a 502 error. I also don't see anything out of the ordinary in the error/access logs on the nginx web servers.03:20
nox_42Any ideas?03:21
sarnoldcheck logs on all three systems? nginx error logs, access logs, syslog, firewall logs, etc?03:23
nox_42Everything but firewall logs.03:28
nox_42Haproxy logs look like [06/Aug/2015:02:38:01.225] appname appname/resonategroup 308/0/1/-1/309 502 204 - - SH-- 0/0/0/0/0 0/0 "GET / HTTP/1.1"03:28
nox_42I could be overlooking something but I couldn't find anything that stuck out.03:29
patdk-lap heh?03:30
patdk-lapyour using nginx to load balance? where does haproxy come into it?03:30
nox_42Oh my bad. I've actually tried both.03:31
nox_42I got a 502 error with both of them.03:31
patdk-lapthat means your proxy can't talk to the backends03:31
patdk-lapso basically the configs from ALL of them will have to be posted03:32
patdk-lapin order for anyone to know what is going on03:32
nox_42Do you mind taking a look if I post the configs?03:34
patdk-lapif not in a few more seconds, I will be gone03:36
nox_42Ok here is my nginx web server config http://pastebin.com/rzscrXzW03:40
nox_42Here is my load balancer config http://pastebin.com/5jRfJFjp03:43
nox_42Do you need my nginx.conf file for the web servers?03:44
patdk-lapwasn't that the first one?03:44
patdk-lapif it wasn't, what was that first one?03:44
nox_42The first one was the site config file.03:45
sarnold1.1.1.1? o_O03:45
nox_42Drop in IP. I'm removed the actual IPs.03:45
patdk-lapip's should not be in there at all03:45
patdk-lapbut since there is only one server section, it becomes the default and will work around that mistake03:46
patdk-lapwhat does the logs in the webservers look like?03:48
nox_42They aren't showing any errors. I'm also not seeing any access logs from the actual load balancer though.03:49
patdk-lapping works between them all?03:49
patdk-laptelnet works from the load balancer to the web servers on port 80?03:49
neonixcoderHow can I run "dpkg --configure -a" non interactively?03:53
nox_42Yep they both work.03:53
nox_42They are Linode VPS but all in the same data center. Could it be something on linode's end?03:54
sarnoldnox_42: if they can ping each other, and ssh from one to the other works, it's probably not linode's issue..03:57
sarnoldneonixcoder: look for debconf noninteractive frontend03:57
neonixcoderSarnold: Let me have a look..03:58
nox_42Yeah, at this point i am just trying to throw anything out there that might be an issue.04:03
patdk-laponly so much we could help with04:06
patdk-lapthe configs look fine04:06
nox_42It looks like I am getting this error in the error.log file on the nginx load balancer upstream prematurely closed connection while reading response header from upstream,04:06
patdk-lapneed logs, need unmunged configs04:06
nox_42Hmm could it have anything to do with php-fpm?04:42
=== shirgall is now known as Guest54075
=== Lcawte|Away is now known as Lcawte
lordievaderGood morning.08:21
fishcookermorning lordievader09:12
Wadduphow do i unmount a drive? ubuntu server 14.04 does not have unmount command as per what i see on web09:30
mwhudsonthe command is umount ?09:35
Wadduplemme give it a try09:37
Waddupoh it worked lol09:37
mybalzitchumount also secretly destroys all the data09:37
mybalzitchso jokes on you, sucker!09:37
Waddupits a new drive so no data.09:39
Waddupno joke09:39
=== utlemming is now known as utlemming_away
jertoHi all12:22
jertoI need some help regarding file permissions. Each time I create a file in my home, its permissions are 0600 and for a folder it is 0700. How can I set 0644 and 0755 as default chmod ?12:23
RoyKjerto: man umask12:24
jertoRoyK: umask is OK (0022)12:25
RoyKand if you run 'touch newfile' what permissions does that get?12:25
RoyKthen it works... :)12:26
jertoOK, so it only happens when I push files in ftp12:27
jertoI'm going to check my ftp parameters12:27
RoyKthen it's the umask in the ftp server12:27
RoyKand btw, don't use FTP12:27
RoyKjust don't12:28
mybalzitchsftp ftws12:28
RoyKuse sftp/scp/rsync/somethingoverssh - don't use ftp12:28
jertoOK, I'll go for sftp then12:28
RoyKnothing to install - it just works12:29
jertoRoyK: Nothing to install for sftp ?12:32
RoyKjerto: it's part of openssh12:32
jertoOK Cool12:34
jertoRoyK: OK FTP server removed, SFTP OK and CHMOD OK. Thanks for the help12:39
=== Luke_ is now known as Luke
thegoati have a text file with roughly 1.05 million lines in it.  is there a way in linux to tell me which line is the longest?13:57
Slingthegoat: cat filename | awk '{print length, $0}'|sort -nr|head -113:59
mybalzitchSling: nice.13:59
Slingunless this file is so big that this might cause memory issues, then you will need to find some other solution that only reads it in line by line13:59
jellypossibly, add the line number ($NR) into the print as well14:00
TJ-thegoat: "wc --max-line-length /path/to/file"14:03
TJ-thegoat: ahh, that only shows the length of the line, but which line14:04
thegoatright, i need the actual string14:04
Slingyea wc -L is just the length14:08
TJ-thegoat: "awk 'length>LEN{LEN=length;LINE=NR;TEXT=$0}ENDFILE{print LINE, LEN, TEXT}' /path/to/file"14:11
=== utlemming_away is now known as utlemming
DammitJimhas anyone set up hp's insight manager to monitor a ubuntu server?14:29
DammitJimin Windows I know one just sets up the SNMP community string, but everywhere I read, it says to install an hp agent on Linux?14:30
thegoatTJ-: thanks...that last command did the trick14:38
=== IdleOne is now known as Guest41975
=== Guest41975 is now known as IdleOne
kpettitanybody know of a simple way to block countries?  I'm getting plagued with hack attempts through HTTP, SSH, SIP, etc.  It's becoming a huge time burder and I'd rather just blacklist countries known to cause me problems.  But can't find a easy way to do it16:46
patdk-wkxtables geoip block16:46
patdk-wkit takes some work to setup though16:46
kpettitnever even heard of it.16:47
kpettitis it easy to duplicate effort on multiple servers?  I've got like 20 I have to take care of16:47
patdk-wkthe issue is compiling the geoip tables into kernel modules to be used16:48
patdk-wkit's very picky about how that is done16:48
kpettitweb servers are ubuntu, phone servers are centos16:48
patdk-wkonce you do that, it's simple16:48
kpettitbummer, so it's not a apt-get sort of install?16:48
patdk-wkit is16:48
patdk-wkfor the kernel module16:48
patdk-wkbut the geoip tables are licensed16:48
patdk-wkuse the licensed tables, pay for the tables, use the public tables, make your own16:49
patdk-wkdoesn't matter, but have to compile them into a usable format to be used16:49
kpettitI'd pay for easy.  Right now i just need to lower the admin hours I spend on blocking attackers16:51
RoyKkpettit: ansible, perhaps? or puppet? or chef? or cfengine?16:51
kpettitI use ansible.  So if I can get something I can duplicate that would be wonderful.  It's just madining how crazy agressive these guys get.16:51
kpettitI have one server that had 1million SSH login attemtps in 1 month.  Freaking crazy16:52
RoyKssh throttling in iptables should be easy - or fail2ban, perhaps16:52
kpettitI require SSH keys, use fail2ban, etc16:52
RoyKfail2ban should be usable for most services given a little config16:52
kpettitpassword auth is turned off, etc16:53
kpettitthat doesn't help me for web or sip though16:53
RoyKsip what? asterisk?16:54
kpettityeah.  I do alot of phone systems.16:54
RoyKfail2ban just reads logs - it can be used for anything, really16:54
kpettitOn the ones I can I have a whitelist, but some I can't get away with that.16:54
kpettitfail2ban works great with SIP16:54
kpettitbut it's still alot of volume and I'd rather just have a iptbales rule that blocks places that don't need access on every system I have16:55
RoyKI'd block everything and open where's needed and then have fail2ban to use iptables to block after attacks16:56
RoyKthere are configs for apache/nginx etc in fail2ban16:58
patdk-wkI know some people that just setup a crapload of astrisk sip fail2ban rules a few weeks ago16:58
patdk-wkI don't see why building the geoip tables is that hard16:59
patdk-wkyou only have to do it once a month16:59
patdk-wkthen push it out to all your servers using ansible16:59
patdk-wkand it could be fully automated very easily16:59
RoyKpatdk-wk: perhaps overkill to block whole countries_17:00
patdk-wkthat wasn't my option17:00
patdk-wkthat was his request17:00
patdk-wkso just attempting to give him the only real answer to his question17:00
kpettitpatdk-wk: I'll look at it and give it at ry17:00
patdk-wkif he asked the wrong question, well :)17:00
patdk-wkbut yes, there is no turnkey solution in any linux install, to do it17:01
kpettitpatdk-wk: I've just never tried it so was curious how hard it will be.  Anything that works from a central list like that is great I think.  and if I can script with ansible that's even better.  So thanks for the suggestion17:01
patdk-wkit's not hard17:01
patdk-wkjust doing it the first time is alittle tricky, and causes most people to have an issue or two17:01
patdk-wkbut once that is solved, it's simple17:01
kpettitYeah I just mainly wanted to make sure I didn't re-invent the wheel and script something that's easier done another way17:01
RoyKlooks like the standard asterisk rules in debian8 (which is what I'm running now) handles SIP17:02
RoyKpatdk-wk: do you have that truckload of asterisk fail2ban rules?17:02
patdk-wkI don't17:03
patdk-wkcould probably get it17:03
patdk-wknot sure if it's company property or not17:03
RoyKask if (s)he could share it - guess a lot of people would like that17:04
RoyKI have made sure that my emplyer knows that everything I write is GPLed :P17:04
kpettitfail2ban is great, but alot of the defaults don't work.17:04
kpettitbut if you hunt and peck and test them out it does great.17:05
RoyKkpettit: shouldn't be so hard to fix - it's just regex17:05
RoyKkpettit: and please post fixes when you make them :)17:05
kpettityeah it's just hunting them down and testing.  I'm awful with regex so usually end up doing the google and trial/error17:05
RoyKkpettit: we all started that way17:05
kpettithaha, I just old and have always had a hard time learning it17:07
=== utlemming is now known as utlemming_away
=== utlemming_away is now known as utlemming
=== zz_denbeiren is now known as denbeiren
=== beisner is now known as beisner-afk
=== beisner-afk is now known as beisner
=== jerto1 is now known as jerto
=== Lcawte is now known as Lcawte|Away

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!