=== markthomas is now known as markthomas|away === denbeiren is now known as zz_denbeiren === Tm_Tr is now known as Guest46635 [03:20] I am trying to use nginx to load balance two nginx web servers and I am getting a 502 error. I also don't see anything out of the ordinary in the error/access logs on the nginx web servers. [03:21] Any ideas? [03:23] check logs on all three systems? nginx error logs, access logs, syslog, firewall logs, etc? [03:28] Everything but firewall logs. [03:28] Haproxy logs look like 104.183.250.151:55964 [06/Aug/2015:02:38:01.225] appname appname/resonategroup 308/0/1/-1/309 502 204 - - SH-- 0/0/0/0/0 0/0 "GET / HTTP/1.1" [03:29] I could be overlooking something but I couldn't find anything that stuck out. [03:30] heh? [03:30] your using nginx to load balance? where does haproxy come into it? [03:31] Oh my bad. I've actually tried both. [03:31] I got a 502 error with both of them. [03:31] that means your proxy can't talk to the backends [03:32] so basically the configs from ALL of them will have to be posted [03:32] in order for anyone to know what is going on [03:34] Do you mind taking a look if I post the configs? [03:36] if not in a few more seconds, I will be gone [03:40] Ok here is my nginx web server config http://pastebin.com/rzscrXzW [03:43] Here is my load balancer config http://pastebin.com/5jRfJFjp [03:44] Do you need my nginx.conf file for the web servers? [03:44] heh? [03:44] wasn't that the first one? [03:44] if it wasn't, what was that first one? [03:45] The first one was the site config file. [03:45] 1.1.1.1? o_O [03:45] Drop in IP. I'm removed the actual IPs. [03:45] ip's should not be in there at all [03:46] but since there is only one server section, it becomes the default and will work around that mistake [03:48] what does the logs in the webservers look like? [03:49] They aren't showing any errors. I'm also not seeing any access logs from the actual load balancer though. [03:49] ping works between them all? [03:49] telnet works from the load balancer to the web servers on port 80? [03:53] How can I run "dpkg --configure -a" non interactively? [03:53] Yep they both work. [03:54] They are Linode VPS but all in the same data center. Could it be something on linode's end? [03:54] no [03:57] nox_42: if they can ping each other, and ssh from one to the other works, it's probably not linode's issue.. [03:57] neonixcoder: look for debconf noninteractive frontend [03:58] Sarnold: Let me have a look.. [04:03] Yeah, at this point i am just trying to throw anything out there that might be an issue. [04:06] only so much we could help with [04:06] the configs look fine [04:06] It looks like I am getting this error in the error.log file on the nginx load balancer upstream prematurely closed connection while reading response header from upstream, [04:06] need logs, need unmunged configs [04:42] Hmm could it have anything to do with php-fpm? === shirgall is now known as Guest54075 === Lcawte|Away is now known as Lcawte [08:21] Good morning. [09:12] morning lordievader [09:30] how do i unmount a drive? ubuntu server 14.04 does not have unmount command as per what i see on web [09:35] uh [09:35] the command is umount ? [09:37] ah [09:37] lemme give it a try [09:37] oh it worked lol [09:37] lol [09:37] umount also secretly destroys all the data [09:37] so jokes on you, sucker! [09:39] its a new drive so no data. [09:39] no joke [09:39] lol [09:39] ahha === utlemming is now known as utlemming_away [12:22] Hi all [12:23] I need some help regarding file permissions. Each time I create a file in my home, its permissions are 0600 and for a folder it is 0700. How can I set 0644 and 0755 as default chmod ? [12:24] !umask [12:24] jerto: man umask [12:25] RoyK: umask is OK (0022) [12:25] and if you run 'touch newfile' what permissions does that get? [12:26] 644 [12:26] then it works... :) [12:26] Hmmm [12:27] OK, so it only happens when I push files in ftp [12:27] I'm going to check my ftp parameters [12:27] then it's the umask in the ftp server [12:27] and btw, don't use FTP [12:28] just don't [12:28] sftp ftws [12:28] -s [12:28] use sftp/scp/rsync/somethingoverssh - don't use ftp [12:28] OK, I'll go for sftp then [12:29] nothing to install - it just works [12:32] RoyK: Nothing to install for sftp ? [12:32] jerto: it's part of openssh [12:34] OK Cool [12:39] RoyK: OK FTP server removed, SFTP OK and CHMOD OK. Thanks for the help [12:42] :) === Luke_ is now known as Luke [13:57] i have a text file with roughly 1.05 million lines in it. is there a way in linux to tell me which line is the longest? [13:59] thegoat: cat filename | awk '{print length, $0}'|sort -nr|head -1 [13:59] Sling: nice. [13:59] unless this file is so big that this might cause memory issues, then you will need to find some other solution that only reads it in line by line [14:00] possibly, add the line number ($NR) into the print as well [14:03] thegoat: "wc --max-line-length /path/to/file" [14:04] thegoat: ahh, that only shows the length of the line, but which line [14:04] right, i need the actual string [14:08] yea wc -L is just the length [14:11] thegoat: "awk 'length>LEN{LEN=length;LINE=NR;TEXT=$0}ENDFILE{print LINE, LEN, TEXT}' /path/to/file" === utlemming_away is now known as utlemming [14:29] has anyone set up hp's insight manager to monitor a ubuntu server? [14:30] in Windows I know one just sets up the SNMP community string, but everywhere I read, it says to install an hp agent on Linux? [14:38] TJ-: thanks...that last command did the trick === IdleOne is now known as Guest41975 === Guest41975 is now known as IdleOne [16:46] anybody know of a simple way to block countries? I'm getting plagued with hack attempts through HTTP, SSH, SIP, etc. It's becoming a huge time burder and I'd rather just blacklist countries known to cause me problems. But can't find a easy way to do it [16:46] xtables geoip block [16:46] it takes some work to setup though [16:47] never even heard of it. [16:47] is it easy to duplicate effort on multiple servers? I've got like 20 I have to take care of [16:48] the issue is compiling the geoip tables into kernel modules to be used [16:48] it's very picky about how that is done [16:48] web servers are ubuntu, phone servers are centos [16:48] once you do that, it's simple [16:48] bummer, so it's not a apt-get sort of install? [16:48] it is [16:48] for the kernel module [16:48] but the geoip tables are licensed [16:49] use the licensed tables, pay for the tables, use the public tables, make your own [16:49] doesn't matter, but have to compile them into a usable format to be used [16:51] I'd pay for easy. Right now i just need to lower the admin hours I spend on blocking attackers [16:51] kpettit: ansible, perhaps? or puppet? or chef? or cfengine? [16:51] I use ansible. So if I can get something I can duplicate that would be wonderful. It's just madining how crazy agressive these guys get. [16:52] I have one server that had 1million SSH login attemtps in 1 month. Freaking crazy [16:52] ssh throttling in iptables should be easy - or fail2ban, perhaps [16:52] I require SSH keys, use fail2ban, etc [16:52] fail2ban should be usable for most services given a little config [16:53] ok [16:53] password auth is turned off, etc [16:53] wise [16:53] that doesn't help me for web or sip though [16:54] sip what? asterisk? [16:54] yeah. I do alot of phone systems. [16:54] fail2ban just reads logs - it can be used for anything, really [16:54] On the ones I can I have a whitelist, but some I can't get away with that. [16:54] fail2ban works great with SIP [16:55] but it's still alot of volume and I'd rather just have a iptbales rule that blocks places that don't need access on every system I have [16:56] I'd block everything and open where's needed and then have fail2ban to use iptables to block after attacks [16:58] there are configs for apache/nginx etc in fail2ban [16:58] I know some people that just setup a crapload of astrisk sip fail2ban rules a few weeks ago [16:59] I don't see why building the geoip tables is that hard [16:59] you only have to do it once a month [16:59] then push it out to all your servers using ansible [16:59] and it could be fully automated very easily [17:00] patdk-wk: perhaps overkill to block whole countries_ [17:00] ? [17:00] that wasn't my option [17:00] that was his request [17:00] so just attempting to give him the only real answer to his question [17:00] patdk-wk: I'll look at it and give it at ry [17:00] if he asked the wrong question, well :) [17:01] but yes, there is no turnkey solution in any linux install, to do it [17:01] patdk-wk: I've just never tried it so was curious how hard it will be. Anything that works from a central list like that is great I think. and if I can script with ansible that's even better. So thanks for the suggestion [17:01] it's not hard [17:01] just doing it the first time is alittle tricky, and causes most people to have an issue or two [17:01] but once that is solved, it's simple [17:01] Yeah I just mainly wanted to make sure I didn't re-invent the wheel and script something that's easier done another way [17:02] looks like the standard asterisk rules in debian8 (which is what I'm running now) handles SIP [17:02] patdk-wk: do you have that truckload of asterisk fail2ban rules? [17:03] I don't [17:03] could probably get it [17:03] not sure if it's company property or not [17:04] ask if (s)he could share it - guess a lot of people would like that [17:04] I have made sure that my emplyer knows that everything I write is GPLed :P [17:04] fail2ban is great, but alot of the defaults don't work. [17:05] but if you hunt and peck and test them out it does great. [17:05] kpettit: shouldn't be so hard to fix - it's just regex [17:05] kpettit: and please post fixes when you make them :) [17:05] yeah it's just hunting them down and testing. I'm awful with regex so usually end up doing the google and trial/error [17:05] kpettit: we all started that way [17:07] haha, I just old and have always had a hard time learning it [17:07] :) === utlemming is now known as utlemming_away === utlemming_away is now known as utlemming === zz_denbeiren is now known as denbeiren === beisner is now known as beisner-afk === beisner-afk is now known as beisner === jerto1 is now known as jerto === Lcawte is now known as Lcawte|Away