=== Lcawte|Away is now known as Lcawte
=== Lcawte is now known as Lcawte|Away
paule32someone there with squid3 and mysql knowledge?00:40
=== mfisch is now known as Guest88107
=== med_ is now known as Guest17963
=== Monthrect is now known as Piper-Off
=== Guest88107 is now known as mfisch
=== paule32_ is now known as paule32
=== mfisch is now known as Guest9086
=== Piper-Off is now known as Monthrect
=== Monthrect is now known as Piper-Off
=== Piper-Off is now known as Monthrect
=== Sprockt is now known as Sprocks
=== wmp is now known as Guest86302
=== neunon_ is now known as neunon
=== dasjoe_ is now known as dasjoe
=== Ursinha_ is now known as Ursinha
=== DalekSec_ is now known as DalekSec
=== dasjoe_ is now known as dasjoe
=== hackemate is now known as hxm
=== Monthrect is now known as Piper-Off
=== Piper-Off is now known as Monthrect
=== lionel_ is now known as lionel
=== ValicekB_ is now known as ValicekB
=== Guest86302 is now known as wiuempe
lordievaderGood afternoon.11:30
=== galeido_ is now known as galeido
=== Lord_Govindam is now known as krishna
=== krishna is now known as Brahman
=== Brahman is now known as Govindam
paule32some on there with take some time?12:01
paule32 my custom external helper does not work12:02
paule32<paule32> i want a custom helper, that search website in database12:02
paule32<paule32> if it blocked, then return "ERR"12:02
paule32<paule32> else "OK"12:02
paule32<paule32> here the script:12:02
paule32<paule32> http://pastebin.com/p1zAkhDQ12:02
paule32<paule32> and here the config:12:02
paule32<paule32> http://pastebin.com/kE3kbVGT12:02
paule32<paule32> this is log output:12:02
paule32<paule32> kid1| helperHandleRead: unexpected read from blockscript #Hlpr0, 3 bytes 'ERR'12:02
lordievaderpaule32: It would probably help you to output the actual error instead of 'ERR'.12:14
paule32read from blockscript #Hlpr0, 3 bytes12:14
lordievaderWhat I mean is if it errors you don't know if $row[2] was equal to one or if $rec was less than one. When trying to debug something you want as much (relevant) information as possible.12:16
paule32$row[0] ::= id12:18
paule32$row[1] ::= name (of url)12:19
paule32$row[2] ::= blocked (0 || 1)12:19
lordievaderI guess this is very specific to Squid, perhaps it is a good idea to ask around in #squid.12:22
paule32there sill noise12:23
paule32in the docs stands - return ERR or OK12:23
paule32the funny thing on this stroy is,  i can run the script under console without exceptions12:24
paule32i can enter so long as i want12:24
paule32cancel with ctrl+c12:24
lordievaderLikely due to a completely different environment.12:26
=== pleia2_ is now known as pleia2
=== yeats_ is now known as yeats
=== stgraber_ is now known as stgraber
mrtAkdenizHey there16:24
mrtAkdenizGuys I'm trying to create ftp server16:24
mrtAkdenizand I need to use a user who own /var/www/username16:24
mrtAkdenizi can do it with adduser command16:25
mrtAkdenizbut my problem is that16:25
mrtAkdenizwhenever this user upload a file to there, www-data will say "it is forbidden for me"16:25
mrtAkdenizhow can I set default chown or chmod for that directory?16:25
SlingmrtAkdeniz: you should make sure the files are owned by a group where both www-data and the user uploading files are member16:28
mrtAkdenizso I need to add that user to www-data?16:28
mrtAkdenizand set chmod 775 ?16:28
Slingcreate a new group, add the www-data user and this ftp user to it16:28
Slingthen make the user the owner of all these files + folders, and make the shared group the group owner16:29
Slingthen set 750 for folders and 640 for files16:29
mrtAkdenizlike chown ftpuser:createdgroup ?16:29
mrtAkdenizthanks Sling16:29
Slingthat way the httpd has only read rights to the content16:30
Slingand the user also doesn't have more permissions than he/she needs16:30
mrtAkdenizbut sometimes httpd need to write?16:30
mrtAkdenizlike logs, io based caching etc?16:30
Slingthose would be exceptions16:30
Slingusually they would be in separate filesystem locations than the regular content16:30
mrtAkdenizactually nope, at least in my framework :\16:31
mrtAkdenizweb content are in public folder16:31
mrtAkdenizbut logs, sessions, caches etc are in the storage folder16:31
mrtAkdenizstorage and public need to be at the same level16:32
mrtAkdenizi mean16:32
mrtAkdeniz- storage, -public, --index.html, -var16:32
mrtAkdenizthank you Sling ^^16:44
=== SpamapS_ is now known as SpamapS
mrtAkdenizHey there again!17:55
mrtAkdenizI installed postfix and dovecot on my server, everything works well, I can read and sent mails from roundcube17:57
mrtAkdenizBut I can not make smtp configuration for thunderbird or android app17:58
mrtAkdenizIf I choose another SMTP and make IMAP conf. it works well17:58
mrtAkdenizbut when I try to do smtp configuration, it fails17:58
mrtAkdenizpostfix channel says, it is not releated to postfix17:58
TJ-mrtAkdeniz: does the mail server have confirmed external access for *receiving* email?17:59
TJ-mrtAkdeniz: are there firewall rules preventing connections.17:59
mrtAkdenizthere is no firewall on the server17:59
mrtAkdenizand there is no problem about receiving :\18:00
mrtAkdenizIf I choose another smtp, i can get my mails on thunderbird18:00
mrtAkdenizif I get your point correct..18:00
mrtAkdenizTJ-, yeah I checked the meaning of receiving -lack of English, sorry-; and has no problem with receiving18:01
mrtAkdenizbut SMTP configuration18:01
TJ-mrtAkdeniz: for a mail client to be able to send mail over SMTP, the SMTP server (postfix) probably needs to authenticate the client otherwise you'd have an open spam-relay.18:03
TJ-mrtAkdeniz: if IMAP4 connections to dovecot also don't work that points to a common issue, which is why I mention the firewall. If firewall isn't the issue, look at the postfix (/var/log/mail.log) and dovecot (/var/log/dovecot.log) logs18:03
mrtAkdenizTJ-, there is no log for dovecot, and it is what I all have -> http://pastie.org/private/4vjpvxbbob4imgoljx29w18:06
mrtAkdenizI think my free ssl certificate forbidden by thunderbird18:06
mrtAkdenizbut I search for it, and tell thunderbird to skip ssl cert check18:06
mrtAkdenizit is still failing..18:06
stochastixI am going to scp a website over to ubuntu 14.04, do I want to use scp -pr  to preserve as much as i can for permissions?  I may have to reown the files anyway though18:07
stochastixwell, guess ill find out soon enough.18:14
_KaszpiR_anyone knows what is retention time for AWS AMI with Ubuntu 14.04.3 LTS daily builds?18:20
=== yofel_ is now known as yofel
mrtAkdenizI'm buying SSL certificate19:19
mrtAkdenizand I'll use it for mail also19:19
mrtAkdenizand my mail server is on mail.mydomain.com19:19
mrtAkdenizdo I need to buy it for mail.mydomain or mydomain.com19:20
paule32have problem with squid3 for linux19:27
_KaszpiR_looks like your /sap/squid/block.sh sucks in producting proper output19:32
paule32yes, because ERR\n019:33
paule32any ideas?19:36
mahdi_jahi all19:38
mahdi_jai study about parallel programming in julia and get this statement.19:38
mahdi_jaThe base Julia installation has in-built support for two types of clusters:19:38
mahdi_ja    A local cluster specified with the -p option as shown above.19:38
mahdi_ja    A cluster spanning machines using the --machinefile option. This uses a passwordless ssh login to start julia worker processes (from the same path as the current host) on the specified machines.19:38
mahdi_jai want know what is cluster spanning and how i can create this in ubuntu19:39
mahdi_jathank 's for your help19:39
Slingmahdi_ja: you should ask in #julia probably19:40
Slingthis is not something ubuntu-specific19:40
mahdi_jaSling, yes, but what is spanning cluster i do not find anythings about this19:40
lordievadermahdi_ja: Probably multiple nodes running on different machines.19:41
lordievaderWouldn't be surprised if it uses a mpich like technology underneath: https://www.mpich.org/19:42
mrtAkdenizGuys I need help19:55
mrtAkdenizI'm trying to open ports19:55
mrtAkdenizand I don't have ufw enable19:55
mrtAkdenizI'm using sudo iptables -A INPUT -p tcp --dport 587 -j ACCEPT19:55
paule32flush the firewall19:55
mrtAkdenizbut telnet localhost 587 still returning error19:55
RoyKmrtAkdeniz: why not ufw?19:55
mrtAkdenizpaule32, i have ufw disabled19:55
paule32iptables -t nat -L19:56
mrtAkdenizRoyK, because I don't want19:56
RoyKmrtAkdeniz: pastebin output of "iptables-save"19:56
mrtAkdenizRoyK, http://pastie.org/private/xptz3rt4jdxjxfxxzl5irq19:57
mrtAkdenizit is just pathetic, my localhost refusing my connection.19:58
lordievadermrtAkdeniz: Is there anything listening to those ports?19:58
mrtAkdenizlordievader, I've postfix and dovecot installed19:58
mrtAkdenizand i think they are listening19:58
RoyKmrtAkdeniz: all accepted there - nothing is blocking19:58
lordievadermrtAkdeniz: netstat -tulpn|grep <those ports>19:58
mrtAkdenizlordievader, both returned empty19:58
=== rxc_ is now known as rxc
lordievaderSo nothing is listening.19:59
Sling(try it with sudo if you're not root)20:00
mrtAkdenizI'm root :\20:00
RoyKmrtAkdeniz: it's not a firewall issue20:01
RoyKmrtAkdeniz: nothing is blocked in that iptables setup20:01
mrtAkdenizRoyK, yeah I got it :\20:01
mrtAkdenizit is postfix issue20:01
RoyKmrtAkdeniz: the allow lines have no effect, since -P ACCEPT is on20:01
RoyKmrtAkdeniz: I'd recommend using ufw until you get familiar with the iptables (or next, nftables) rules20:02
mrtAkdenizwhen I enable ufw, even my 80 port blocked20:02
mrtAkdenizand I had "ufw enable 80" and rebooted..20:02
RoyKufw allow http20:03
RoyKufw allow ssh20:03
RoyKufw enable20:03
mrtAkdeniznot enable sorry20:03
mrtAkdenizallow 8020:03
RoyKjust use http20:03
mrtAkdenizbut I need to open other ports20:03
RoyKfirst iptables -F20:03
mrtAkdenizlike 21, 25 etc20:03
RoyK21? are you (ab)using ftp?20:04
mrtAkdenizand I have 81 port which is another webserver20:04
mrtAkdenizyeah RoyK20:04
RoyKjust ufw allow 'whateverprotocol'20:04
RoyKit's simple20:04
mrtAkdenizufw allow 81?20:04
RoyKufw allow 81/tcp20:04
mrtAkdenizlet me try it20:04
RoyKflush iptables first20:05
RoyKbecause custom rules and ufw may interfere20:05
mrtAkdeniziptables -F right?20:05
RoyKthen this: ufw allow ssh; ufw allow http; ufw allow 81/tcp; ufw allow ftp # the latter if you're stupid enough to use FTP in production20:07
RoyKthe thing about FTP is, it uses different ports for control and data, which is a bad idea with NATed machines20:09
RoyKit works, however, with protocol helpers20:09
RoyKbut then, if you try to do something smart, as in encrypting the data, the router can't see which ports to forward, and FTP just won't work20:09
RoyKuse SFTP instead20:10
MACscris there a channel for LXD?20:14
TJ- there's #lxcontainers and #lxc-devel20:28
MACscryep, just noticed that its just the regular LXC channel. Wasnt sure if there was one specific to LXD.20:36
tonymkeI am struggling to get sshd's AuthorizedCommandKeys bit to work successfully20:42
tonymkemade a script that literally just curl my github keys to stdout20:42
tonymkecan't actually auth from results20:42
tonymkeAnyone see anything painfully wrong? http://i.imgur.com/cO2P7eq.png20:45
TJ-What is this "AuthorizedCommandKeys"20:50
tonymkeTJ-: this - https://gist.github.com/sivel/c68f601137ef9063efd720:51
tonymkesupposedly a command you can tell sshd to run to get an alternative authorized_keys set before checking each user's home directory20:51
tonymketrying to use it as a simple way to not have to update authorized_keys files across vms20:51
TJ-tonymke: it's  "AuthorizedKeysCommand"20:53
tonymkethat's what's in the sshd config20:55
tonymkeso that's not it20:55
tonymkejust a typo in here20:55
TJ-OK :) ... try increasing logging verbosity of sshd20:56
TJ-tonymke: you've also got "AuthorizedKeysCommandUser" configured and set to a valid user account?20:59
tonymke"unsave permissions or modes for file"20:59
tonymkealright, that's helpful20:59
TJ-The man-page does say "The program must be owned by root, not writable by group or21:01
TJ-             others and specified by an absolute path21:01
tonymkeyeah, it's owned by root. trying 700 perms now21:02
Darkyyyim running LAMP on ubuntu server 14.0421:03
tonymkegot it21:04
Darkyyycan't run a proxy script21:04
Darkyyyim getting error 50021:04
paule32have problems with squid3.422:57
=== Monthrect is now known as Piper-Off
=== Lcawte is now known as Lcawte|Away
=== Piper-Off is now known as Monthrect

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!