[03:20] <nox_42> I am trying to use nginx to load balance two nginx web servers and I am getting a 502 error. I also don't see anything out of the ordinary in the error/access logs on the nginx web servers.
[03:21] <nox_42> Any ideas?
[03:23] <sarnold> check logs on all three systems? nginx error logs, access logs, syslog, firewall logs, etc?
[03:28] <nox_42> Everything but firewall logs.
[03:28] <nox_42> Haproxy logs look like  104.183.250.151:55964 [06/Aug/2015:02:38:01.225] appname appname/resonategroup 308/0/1/-1/309 502 204 - - SH-- 0/0/0/0/0 0/0 "GET / HTTP/1.1"
[03:29] <nox_42> I could be overlooking something but I couldn't find anything that stuck out.
[03:30] <patdk-lap>  heh?
[03:30] <patdk-lap> your using nginx to load balance? where does haproxy come into it?
[03:31] <nox_42> Oh my bad. I've actually tried both.
[03:31] <nox_42> I got a 502 error with both of them.
[03:31] <patdk-lap> that means your proxy can't talk to the backends
[03:32] <patdk-lap> so basically the configs from ALL of them will have to be posted
[03:32] <patdk-lap> in order for anyone to know what is going on
[03:34] <nox_42> Do you mind taking a look if I post the configs?
[03:36] <patdk-lap> if not in a few more seconds, I will be gone
[03:40] <nox_42> Ok here is my nginx web server config http://pastebin.com/rzscrXzW
[03:43] <nox_42> Here is my load balancer config http://pastebin.com/5jRfJFjp
[03:44] <nox_42> Do you need my nginx.conf file for the web servers?
[03:44] <patdk-lap> heh?
[03:44] <patdk-lap> wasn't that the first one?
[03:44] <patdk-lap> if it wasn't, what was that first one?
[03:45] <nox_42> The first one was the site config file.
[03:45] <sarnold> 1.1.1.1? o_O
[03:45] <nox_42> Drop in IP. I'm removed the actual IPs.
[03:45] <patdk-lap> ip's should not be in there at all
[03:46] <patdk-lap> but since there is only one server section, it becomes the default and will work around that mistake
[03:48] <patdk-lap> what does the logs in the webservers look like?
[03:49] <nox_42> They aren't showing any errors. I'm also not seeing any access logs from the actual load balancer though.
[03:49] <patdk-lap> ping works between them all?
[03:49] <patdk-lap> telnet works from the load balancer to the web servers on port 80?
[03:53] <neonixcoder> How can I run "dpkg --configure -a" non interactively?
[03:53] <nox_42> Yep they both work.
[03:54] <nox_42> They are Linode VPS but all in the same data center. Could it be something on linode's end?
[03:54] <patdk-lap> no
[03:57] <sarnold> nox_42: if they can ping each other, and ssh from one to the other works, it's probably not linode's issue..
[03:57] <sarnold> neonixcoder: look for debconf noninteractive frontend
[03:58] <neonixcoder> Sarnold: Let me have a look..
[04:03] <nox_42> Yeah, at this point i am just trying to throw anything out there that might be an issue.
[04:06] <patdk-lap> only so much we could help with
[04:06] <patdk-lap> the configs look fine
[04:06] <nox_42> It looks like I am getting this error in the error.log file on the nginx load balancer upstream prematurely closed connection while reading response header from upstream,
[04:06] <patdk-lap> need logs, need unmunged configs
[04:42] <nox_42> Hmm could it have anything to do with php-fpm?
[08:21] <lordievader> Good morning.
[09:12] <fishcooker> morning lordievader
[09:30] <Waddup> how do i unmount a drive? ubuntu server 14.04 does not have unmount command as per what i see on web
[09:35] <mwhudson> uh
[09:35] <mwhudson> the command is umount ?
[09:37] <Waddup> ah
[09:37] <Waddup> lemme give it a try
[09:37] <Waddup> oh it worked lol
[09:37] <mybalzitch> lol
[09:37] <mybalzitch> umount also secretly destroys all the data
[09:37] <mybalzitch> so jokes on you, sucker!
[09:39] <Waddup> its a new drive so no data.
[09:39] <Waddup> no joke
[09:39] <Waddup> lol
[09:39] <mybalzitch> ahha
[12:22] <jerto> Hi all
[12:23] <jerto> I need some help regarding file permissions. Each time I create a file in my home, its permissions are 0600 and for a folder it is 0700. How can I set 0644 and 0755 as default chmod ?
[12:24] <RoyK> !umask
[12:24] <RoyK> jerto: man umask
[12:25] <jerto> RoyK: umask is OK (0022)
[12:25] <RoyK> and if you run 'touch newfile' what permissions does that get?
[12:26] <jerto> 644
[12:26] <RoyK> then it works... :)
[12:26] <jerto> Hmmm
[12:27] <jerto> OK, so it only happens when I push files in ftp
[12:27] <jerto> I'm going to check my ftp parameters
[12:27] <RoyK> then it's the umask in the ftp server
[12:27] <RoyK> and btw, don't use FTP
[12:28] <RoyK> just don't
[12:28] <mybalzitch> sftp ftws
[12:28] <mybalzitch> -s
[12:28] <RoyK> use sftp/scp/rsync/somethingoverssh - don't use ftp
[12:28] <jerto> OK, I'll go for sftp then
[12:29] <RoyK> nothing to install - it just works
[12:32] <jerto> RoyK: Nothing to install for sftp ?
[12:32] <RoyK> jerto: it's part of openssh
[12:34] <jerto> OK Cool
[12:39] <jerto> RoyK: OK FTP server removed, SFTP OK and CHMOD OK. Thanks for the help
[12:42] <RoyK> :)
[13:57] <thegoat> i have a text file with roughly 1.05 million lines in it.  is there a way in linux to tell me which line is the longest?
[13:59] <Sling> thegoat: cat filename | awk '{print length, $0}'|sort -nr|head -1
[13:59] <mybalzitch> Sling: nice.
[13:59] <Sling> unless this file is so big that this might cause memory issues, then you will need to find some other solution that only reads it in line by line
[14:00] <jelly> possibly, add the line number ($NR) into the print as well
[14:03] <TJ-> thegoat: "wc --max-line-length /path/to/file"
[14:04] <TJ-> thegoat: ahh, that only shows the length of the line, but which line
[14:04] <thegoat> right, i need the actual string
[14:08] <Sling> yea wc -L is just the length
[14:11] <TJ-> thegoat: "awk 'length>LEN{LEN=length;LINE=NR;TEXT=$0}ENDFILE{print LINE, LEN, TEXT}' /path/to/file"
[14:29] <DammitJim> has anyone set up hp's insight manager to monitor a ubuntu server?
[14:30] <DammitJim> in Windows I know one just sets up the SNMP community string, but everywhere I read, it says to install an hp agent on Linux?
[14:38] <thegoat> TJ-: thanks...that last command did the trick
[16:46] <kpettit> anybody know of a simple way to block countries?  I'm getting plagued with hack attempts through HTTP, SSH, SIP, etc.  It's becoming a huge time burder and I'd rather just blacklist countries known to cause me problems.  But can't find a easy way to do it
[16:46] <patdk-wk> xtables geoip block
[16:46] <patdk-wk> it takes some work to setup though
[16:47] <kpettit> never even heard of it.
[16:47] <kpettit> is it easy to duplicate effort on multiple servers?  I've got like 20 I have to take care of
[16:48] <patdk-wk> the issue is compiling the geoip tables into kernel modules to be used
[16:48] <patdk-wk> it's very picky about how that is done
[16:48] <kpettit> web servers are ubuntu, phone servers are centos
[16:48] <patdk-wk> once you do that, it's simple
[16:48] <kpettit> bummer, so it's not a apt-get sort of install?
[16:48] <patdk-wk> it is
[16:48] <patdk-wk> for the kernel module
[16:48] <patdk-wk> but the geoip tables are licensed
[16:49] <patdk-wk> use the licensed tables, pay for the tables, use the public tables, make your own
[16:49] <patdk-wk> doesn't matter, but have to compile them into a usable format to be used
[16:51] <kpettit> I'd pay for easy.  Right now i just need to lower the admin hours I spend on blocking attackers
[16:51] <RoyK> kpettit: ansible, perhaps? or puppet? or chef? or cfengine?
[16:51] <kpettit> I use ansible.  So if I can get something I can duplicate that would be wonderful.  It's just madining how crazy agressive these guys get.
[16:52] <kpettit> I have one server that had 1million SSH login attemtps in 1 month.  Freaking crazy
[16:52] <RoyK> ssh throttling in iptables should be easy - or fail2ban, perhaps
[16:52] <kpettit> I require SSH keys, use fail2ban, etc
[16:52] <RoyK> fail2ban should be usable for most services given a little config
[16:53] <RoyK> ok
[16:53] <kpettit> password auth is turned off, etc
[16:53] <RoyK> wise
[16:53] <kpettit> that doesn't help me for web or sip though
[16:54] <RoyK> sip what? asterisk?
[16:54] <kpettit> yeah.  I do alot of phone systems.
[16:54] <RoyK> fail2ban just reads logs - it can be used for anything, really
[16:54] <kpettit> On the ones I can I have a whitelist, but some I can't get away with that.
[16:54] <kpettit> fail2ban works great with SIP
[16:55] <kpettit> but it's still alot of volume and I'd rather just have a iptbales rule that blocks places that don't need access on every system I have
[16:56] <RoyK> I'd block everything and open where's needed and then have fail2ban to use iptables to block after attacks
[16:58] <RoyK> there are configs for apache/nginx etc in fail2ban
[16:58] <patdk-wk> I know some people that just setup a crapload of astrisk sip fail2ban rules a few weeks ago
[16:59] <patdk-wk> I don't see why building the geoip tables is that hard
[16:59] <patdk-wk> you only have to do it once a month
[16:59] <patdk-wk> then push it out to all your servers using ansible
[16:59] <patdk-wk> and it could be fully automated very easily
[17:00] <RoyK> patdk-wk: perhaps overkill to block whole countries_
[17:00] <RoyK> ?
[17:00] <patdk-wk> that wasn't my option
[17:00] <patdk-wk> that was his request
[17:00] <patdk-wk> so just attempting to give him the only real answer to his question
[17:00] <kpettit> patdk-wk: I'll look at it and give it at ry
[17:00] <patdk-wk> if he asked the wrong question, well :)
[17:01] <patdk-wk> but yes, there is no turnkey solution in any linux install, to do it
[17:01] <kpettit> patdk-wk: I've just never tried it so was curious how hard it will be.  Anything that works from a central list like that is great I think.  and if I can script with ansible that's even better.  So thanks for the suggestion
[17:01] <patdk-wk> it's not hard
[17:01] <patdk-wk> just doing it the first time is alittle tricky, and causes most people to have an issue or two
[17:01] <patdk-wk> but once that is solved, it's simple
[17:01] <kpettit> Yeah I just mainly wanted to make sure I didn't re-invent the wheel and script something that's easier done another way
[17:02] <RoyK> looks like the standard asterisk rules in debian8 (which is what I'm running now) handles SIP
[17:02] <RoyK> patdk-wk: do you have that truckload of asterisk fail2ban rules?
[17:03] <patdk-wk> I don't
[17:03] <patdk-wk> could probably get it
[17:03] <patdk-wk> not sure if it's company property or not
[17:04] <RoyK> ask if (s)he could share it - guess a lot of people would like that
[17:04] <RoyK> I have made sure that my emplyer knows that everything I write is GPLed :P
[17:04] <kpettit> fail2ban is great, but alot of the defaults don't work.
[17:05] <kpettit> but if you hunt and peck and test them out it does great.
[17:05] <RoyK> kpettit: shouldn't be so hard to fix - it's just regex
[17:05] <RoyK> kpettit: and please post fixes when you make them :)
[17:05] <kpettit> yeah it's just hunting them down and testing.  I'm awful with regex so usually end up doing the google and trial/error
[17:05] <RoyK> kpettit: we all started that way
[17:07] <kpettit> haha, I just old and have always had a hard time learning it
[17:07] <RoyK> :)