=== markthomas|away is now known as markthomas
jak2000better place for start a program when server start: /etc/init  or /etc/init.d/rc.local ?04:48
quanticjak2000: best would be to create a start script for it, but otherwise, /etc/rc.local04:49
quanticjak2000: don't mess with /etc/init, and /etc/init.d/rc.local is just the init script that runs the contents of /etc/rc.local04:50
jak2000the command is: sudo /opt/glassfish4/bin/asadmin start-domain swManzana04:53
=== markthomas is now known as markthomas|away
trapirateI have a few questions...if anyone has a moment.05:42
trapirateSF design dork here...wondering what I need in order to set up a server (software that is)05:43
trapirateI know how to write html,php,java, and thats about it.  Also basic database know how....05:43
trapiratehave the server ready05:44
trapiratebut not sure if I should do centOS or ubuntu05:44
trapirateif anyone can help I'll give you free space.05:44
trapiratefree webspace if you can help me set this thing up!05:44
jellytrapirate: just ask your questions, and if someone can and is willing to answer or comment, they will.  Mind the timezone gap.06:00
trapirateHow do I set up a web server?06:03
trapiratecentOS or should I ubuntu ?06:03
quantictrapirate: You can find a metric ton of tutorials on that by simply googling.06:14
Guest51163I know how to set the X11 server on different display's like ctrl+alt+fn06:18
Guest51163but is there away to set the X11 server and client on seperate computers completely?06:19
quanticGuest51163: See: X11 forwarding.06:23
Guest51163I guess it is just host:0,1,2...etc or ipaddr:0,1,2...etc but will this allow me to ssh into this machine and start a GUI enviorment for any of my clients ssh into the system?06:24
Guest51163Or if not what is the significants of haveing the X11 server side on a different machine then the client side?06:27
Guest51163quantic you know ?06:30
=== cipi is now known as CiPi
=== CiPi is now known as cipi
lordievaderGood morning.07:38
=== athairus is now known as afkthairus
=== Lcawte|Away is now known as Lcawte
=== Lcawte is now known as Lcawte|Away
=== Lcawte|Away is now known as Lcawte
root_____Does anyone else have the really annoying issue that there Ubuntu server would just start refusing connections. I have been through ever log I could find and it says NOTHING thats helpful. Do any of you amazing people know whats up?10:37
root_____Anyone talking?10:38
rbasak!patience | root_____10:39
ubotturoot_____: Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com or http://ubuntuforums.org or http://askubuntu.com/10:39
root_____What advantages does Ubuntu server have to Windows server?10:40
lordievaderroot_____: Refusing connections for what service? And do you run a firewall?10:42
root_____All servies, not firewall. I have it disabled??10:42
root_____Just to explain further - I would just be working on a website via FTP and suddenly the server would just start refusing connections via FTP and apache. LAN and WAN. I have to restart the server for it to work again.10:44
lordievaderUgh FTP. Lets focus on apache. Do you have physical access to a shell (or in some other way when this happens)?10:47
root_____yes, thats how i manage ro restart when this happens. SSH also stops10:48
lordievaderroot_____: At that point are the services still running?10:50
lordievaderroot_____: Do they still listen to their respective ports?10:51
root_____Yes, looking at netstat it seems that everything is still working how they should be but no connecting. Could this be something else on the network causing the probem?10:53
lordievaderDo you still have network connectivity?10:56
root_____The server is still able to ping nodes inside and outside the network if thats what you mean10:56
lordievaderInteresting. iptables -vnl shows empty tables?10:57
root_____iptables -vnl no command?11:00
lordievaderErr that should have been 'iptables -vnL'11:00
root_____i will be back11:03
root_____Did anyone suggest anything with the server that kept refusing connections?11:45
lordievaderNot while you were gone, could you answer my last question?11:46
root_____About the Iptables?11:46
root_____The tables were empty11:46
lordievaderHmm, what does nmap say when you try to connect to localhost port 22 or 80?11:47
root_____Nmap dosent show anything open on my IP once it goes down11:47
lordievaderroot_____: Not even on localhost?11:48
lordievaderWow. Does restarting sshd/httpd help?11:50
root_____Could it be something 'overloading' the server? Such as A Ddos flooding the server?11:50
root_____No, has to be restarted for it to start working again11:50
lordievaderAnything in dmesg?11:50
root_____Nothing that shouldnt be there11:50
TJ-Is it a bare-metal or virtualised server? if virtualised, what is the hypervisor?11:52
root_____Its not virtualised, its hosted on my network11:52
root_____Ive been lost on this for quite a while too, I have no idea11:54
lordievaderPerhaps resetting the network interface helps?11:54
root_____Ill try it, one second11:55
TJ-Can you pastebin /var/log/dmesg or, if using systemd-journald, "dmesg" capture11:56
root_____Restarting the network interface did nothing, and getting the dmesg from the server is rather dificult since I cannot get the file from the server to a computer that I can put it on pastebin12:05
TJ-root_____: No USB mass-storage to move the file with?12:06
alexstardear all12:07
alexstari want to ask for somthing12:07
root_____Go ahead alexstar12:08
alexstarcan ubuntu make server in my company with client folder sync12:08
root_____Ill gete this file in a minute and put it on pastebin12:08
alexstarclient folder sync , local network and website12:09
alexstarany answer ???12:10
lordievaderalexstar: I am not entirely sure what you want.12:10
alexstari explain to you12:10
alexstari want server can make12:11
alexstarexport files from other computer to it12:11
alexstar2- website12:12
alexstar3- local network connected with it12:12
TJ-alexstar: Does 'client folder sync'  mean 'roaming profiles' as done on Windows OS ?12:12
lordievaderDoes/could your server have ssh access to those machines?12:13
root_____So you want to copy a server and software to another computer?12:13
alexstarmoment by moment12:14
alexstarfrom all computer to server12:14
alexstarbackup server12:14
root_____A complete copy of everything?12:14
alexstarno no12:15
alexstarfolder i choose it12:15
lordievaderalexstar: Does it have ssh access?12:15
lordievaderHmm, that is too bad.12:15
root_____How about FTP?12:15
alexstari dont have ubuntu server12:15
root_____What server do you have?12:16
alexstarbut i want to install it for this12:16
lordievaderDon't do FTP, FTP is bad, rather use SFTP, FTPS or SCP.12:16
alexstari dont understand anything about ubunto server but i use ubunto desktop12:17
root_____What server software do you have?12:17
alexstari want to install ubuntu server 14.04.3 LTS12:18
root_____But you want to backup your files before you wipe the server?12:18
alexstari want to install new server in my company12:19
lordievaderAnyhow, having an FTP(S) server is one thing, then you need to install/write something that automates a backup to it...12:19
alexstarplease let me to tell what i need12:20
alexstari want to install server ( make back up from company computer to server in time - website with some information about company * joomla script * - odoo erb to human resource and projects - local network with all computer )12:24
alexstarthis i need12:24
alexstarany answer ??12:25
root_____So first of all you want to install Ubuntu-server to a computer12:25
lordievaderWhat OS do your company computers run?12:25
alexstarwindows 712:25
=== root_____ is now known as T3DDY
=== Lcawte is now known as Lcawte|Away
alexstardear all12:28
T3DDYDo you have a computer ready for the server OS to be installed?12:28
lordievaderalexstar: I know nothing of Windows backups...12:29
T3DDYlordievader: he wants to install Ubuntu-server to a computer and just move his website files over to it12:30
ogra_alexstar, well, start with installling it then12:31
T3DDYalexstar: Are you needing support to intall Ubuntu-server?12:32
lordievaderT3DDY: As I understand it, he also wants his Windows workstations to backup to it.12:32
ogra_thats a subsequent step though :)12:33
alexstari install it now us and i tell evry thing i need in this step12:33
T3DDYHe can use SAMBA to backup his files too?12:34
T3DDYalexstar: Do you just want a network file to put the files you want backed up to in?12:35
T3DDYalexstar: are you installing the ubuntu-server now?12:36
alexstarwait my cd i downloaded from internet12:38
T3DDYWhats the problem?12:39
sebastianlutterI have problems with ubuntu server crashes each 2-4 month, and I cannot find a cause. Last log entry I am able to find was in auth.log: https://dpaste.de/njZK  What does the weird symbols mean ?(^@^@^@)  SSH hacking attempt? Fault memory? What do you think?12:39
lordievadersebastianlutter: That is usually an indication of a drive failing. Could you pastebin the output of smartctl on your disks?12:40
sebastianlutterlordievader, doing small test with smartctl and will paste results when finished12:50
=== lukasa is now known as lukasa_away
=== lukasa_away is now known as lukasa
sebastianlutterlordievader, does not show up any errors: https://dpaste.de/zeE1   sda:  https://dpaste.de/zZ2M  sdb: https://dpaste.de/06YQ13:09
lordievaderYeah that looks okay.13:10
ubottuUbuntu 13.10 (Saucy Salamander) was the 19th release of Ubuntu. Support ended on July 17th, 2014. See !eol, !upgrade and http://ubottu.com/y/saucy13:10
lordievadersebastianlutter: Are you really running Saucy?13:10
sebastianlutteryes, some version things forced me to do so13:11
lordievaderOuch, you do know saucy is eol, I guess?13:12
sebastianlutterlordievader, you're right, and I should upgrade it. But I want to know the reason for the crash13:13
lordievaderI understand. My explanation for these kind of log messages is that the kernel didn't have time to write the full log message to disk and is then interpreted as null bytes.13:15
sebastianlutterlordievader, I see. Then it seems likely to me that it crashed during SSH was used/exploited/whatever. Other logs do not have this. Do you agree?13:19
=== mfisch is now known as Guest61243
lordievaderWhat makes you think ssh was exploited?13:20
jamespagecoreycb, hey - you might want to have a run through http://docs.openstack.org/releases/releases/liberty.html now that final dep versions have been frozen13:21
sebastianlutterlordievader, The auth log was the last service that logged anything. As usual there are a lot of failed login attempt (wordlist attacks). And I have no better theory13:21
TJ-sebastianlutter: is the server protected by UPS?13:21
coreycbjamespage, ok will do13:22
sebastianlutterTJ-, It is a root server from hetzner, so yes (https://www.hetzner.de/ot/)13:22
lordievaderCorellation doesn't mean causality.13:22
sebastianlutterlordievader, I know, but I want to believe ;)13:22
sebastianlutterDamn, no other hint what caused this. I hate this. Thanks a lot for your hints!13:28
=== SmokeBoi is now known as BrianBlaze420
T3DDYDoes anyone know of some software that would make a server a firewall server? So everything would go into this server and it would then redirect to other servers? Like a router but would stop bad packets13:47
dcosnetlearn iptables13:47
ogra_or ufw13:48
T3DDYDoes Fail2ban stop bad packets?13:49
ratraceT3DDY: yes, implicitly through blocking an IP address as a result of an event in some log, eg. brute force detected against SSH from some IPv413:54
ratraceas for firewalls, there's UFW, but also take a look into Shorewall13:54
ratraceor roll your own solution using iptables directly (as both ufw and shorewall are higher level wrappers around iptables)13:55
sebastianlutterstart with UFW and then look into IPTABLES to learn what UFW is doing for you13:55
=== marlinc_ is now known as marlinc
T3DDYOkay, thankyou14:00
=== lukasa is now known as lukasa_away
T3DDYWhat, in your opinion, is the best point to point VPN service?14:30
mripguruT3DDY:  the one you run yourself?14:30
T3DDYlike - openvpn, pptpd??14:31
mripguruoh :)14:32
mripguruI typically use OpenVPN where budget is an issue14:32
T3DDYDo you host it yourself?14:32
mripguruat least one end of it usually14:32
mripguru(if not both ends)14:33
T3DDYWhat does it mean when it asks for the management host?14:33
T3DDY(If you know)14:33
mripguruT3DDY:  where are you seeing this? I'm not familiar with that prompt (though that doesn't sound like OpenVPN - since it doesn't cluster by default.)14:34
T3DDYI was looking it up how to set it up and something was talking about a management interface. If I was going to setup a openvpn server, is this something that I would need to setup or is it not needed?14:35
T3DDYCan I get some help setting up my openvpn server? When I try to start it, it says its autostarting and then when I check its status it says its not running??14:41
T3DDYAnyone wanna just gimme the command to make a cert for my VPN??14:48
mripguruT3DDY:  I usually use OpenVPN AS14:53
mripguruwhich has a nice GUI14:53
mripgurufor all that sort of stuff14:53
mripguru(dirt cheap too.)14:54
beisnercoreycb, jamespage - icehouse sru staging-->proposed pushed  (http://paste.ubuntu.com/12514525/)15:25
beisnercoreycb, jamespage - kilo sru staging-->proposed pushed (http://paste.ubuntu.com/12514783/)15:26
coreycbbeisner, thanks15:31
=== kickinz1 is now known as kickinz1|afk
metalicehi, im setting postfix+dovecot and while testing im getting this: ehlo: command not found15:56
=== markthomas|away is now known as markthomas
dwoodsHey everyone, we’re having some problems installing Openstack through MAAS & Landscape.  Anyone here that can point me in a direction and get us going again?16:04
gQuigsdid we actually have a policy change on OpenStack support length?   12.04's Cloud archive was supported until 3 months after 14.04 released.   Now J/K/L (for 14.04) will be supported for 18 months regardless? - https://wiki.ubuntu.com/ServerTeam/CloudArchive.16:42
gQuigsThe text on the page doesn't actually mention the 18 month16:42
tewardsarnold: WRT the CVE for nginx that you said 'ignored' on, because backporting isn't trivial, I also "Won't Fix"'d the corresponding releases on the LP bug.  Just for the record.16:42
jamespagegQuigs, yeah - that was made prior to 14.04 release; all 14.04 cloud-archive pockets get 18 months of support16:43
gQuigsjamespage: thanks for confirming :)16:44
=== rmc3_ is now known as rmc3
jamespagegQuigs, apart from 'M' which will get until the end of 14.04 for support16:44
jamespageso 3 yrs16:44
=== rmc3 is now known as shishi
shishinick rmc316:45
=== shishi is now known as rmc3
tewardrmc3: important: the / is mandatory :)16:45
baggar11Anyone using openvswitch in here? Should I be bonding 2 physical nics or bridging them? Or both?16:56
baggar11Wondering what the best config would be for eth0 and eth1 without vlans.16:56
=== alai` is now known as adlai
=== adlai is now known as alai8
jamespagebaggar11, if those are going to be your primary network access, i'd use straight linux bonding (no ovs)17:05
jamespagebaggar11, you can do it with ovs, but its tricky to get right in terms of having it manage the primary network interface so early in boot17:05
jamespagenot impossible but tricky17:06
baggar11jamespage: I'm trying to play around with openvswitch, nothing is set in stone right now. I'm just wondering if ovs will do its thing over a bridge and/or bond.17:06
jamespagebaggar11, yes it will17:06
baggar11it will over both?17:06
jamespageI frequently use GRE/VXLAN overlay networks via a bridged network interface17:07
jamespagebonding is ok as well - loadbalancing is tricky, but active/passive is ok17:07
baggar11I've got a bridge up now with ovs for eth0/eth117:08
baggar11I'll stick a guest on each and run some tests17:08
baggar11jamespage: thanks17:10
=== Lcawte|Away is now known as Lcawte
=== bkon_ is now known as beth
=== afkthairus is now known as athairus
=== ideopathic_ is now known as ideopathic
PrudentMavhow can I create a system user and they only see and have access to /var/www/domain/public23:05
PrudentMavthis is the first time I am bringing on a new dev for front end work and not sure how to do this as I've always done everything as root23:05
AvatarAthere really are a lot of ways...23:09
AvatarAdepends really on your specific case23:09
AvatarApersonally I would just chmod that www and allow that user to make changes there23:10
AvatarAand just remove world permissions on whatever directories I don't want him to read23:10
sarnoldsshd's chroot may help out a bit, but maintaining chroots are annoying. making an apparmor profile for that user's shell may help23:10
AvatarAyou could also setup secure ftp for him just on that directory, if he doesn't need ssh login23:13
WicaeedHas anyone seen an error when trying to mount a remote Windows file share (Windows Server 2012R2) from Ubuntu server, "CIFS.VFS: cifs_mount failed w/return code = -95"?23:25
sarnoldEOPNOTSUPP 95 Operation not supported23:27
sarnoldWicaeed: I could imagine that if you don't have e.g. cifs or smbfs modules loaded into the kernel that you might get those errors; check lsmod ouput?23:27
sarnoldWicaeed: are there any more details in dmesg or other logs?23:28
Wicaeednah, just the error message that is spat out after I run the command23:28
Wicaeedlsmod | grep cifs cifs     278756 023:28
Wicaeedsmb doesn't show anything though, hm23:28
sarnolddang, I liked that idea.23:28
WicaeedWhen I add it to my fstab I do get an additional message "CIFS VFS: server quires packet signing to be enabled in /proc/fs/cifs/SecurityFlags."23:31
sarnoldWicaeed: you don't happen to have a comma in the password, do you? https://bugs.launchpad.net/ubuntu/+source/cifs-utils/+bug/106991523:32
ubottuLaunchpad bug 1069915 in linux (Ubuntu) "unable to mount CIFS share with comma in password" [Undecided,Confirmed]23:32
sarnold(not EOPNOTSUPP, but .. that entire section of code looks insanely brittle.)23:32
WicaeedNo, I've also tested with multiple accounts23:33
sarnoldWicaeed: hmm, the kernel's cifs README just suggests to echo a 1 or 2 into that file23:40
sarnoldWicaeed: try echo 1 > /proc/fs/cifs/SecurityFlags and then re-try the mount23:40
sarnoldWicaeed: see https://www.kernel.org/doc/readme/Documentation-filesystems-cifs-README for full details, but this file is seriously underdocumented23:40
WicaeedSOB, file share is on a Windows domain controller, which has a setting to force signing for network connections23:41
Wicaeed running Windows 2000, server-side packet signing must also be enabled. To enab23:41
Wicaeedoh Windows23:41
AvatarAwindows sharing, the great unknown :P23:42
AvatarAnow it works, now it doesn't23:43
sarnoldoh so true23:44
AvatarAprobably very advanced, free will!23:45
sarnoldand I don't think I ever got an anonymous read-only share to ever work with both win95 and winnt clients. maybe it's better now that the WFW codebase has been entirely retired, but configs that worked for one wouldn't work for the other..23:46

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!