=== Lcawte|Away is now known as Lcawte | ||
=== Lcawte is now known as Lcawte|Away | ||
paule32 | hello | 00:40 |
---|---|---|
paule32 | someone there with squid3 and mysql knowledge? | 00:40 |
=== mfisch is now known as Guest88107 | ||
=== med_ is now known as Guest17963 | ||
=== Monthrect is now known as Piper-Off | ||
=== Guest88107 is now known as mfisch | ||
=== paule32_ is now known as paule32 | ||
=== mfisch is now known as Guest9086 | ||
=== Piper-Off is now known as Monthrect | ||
=== Monthrect is now known as Piper-Off | ||
=== Piper-Off is now known as Monthrect | ||
=== Sprockt is now known as Sprocks | ||
=== wmp is now known as Guest86302 | ||
=== neunon_ is now known as neunon | ||
=== dasjoe_ is now known as dasjoe | ||
=== Ursinha_ is now known as Ursinha | ||
=== DalekSec_ is now known as DalekSec | ||
=== dasjoe_ is now known as dasjoe | ||
=== hackemate is now known as hxm | ||
=== Monthrect is now known as Piper-Off | ||
=== Piper-Off is now known as Monthrect | ||
=== lionel_ is now known as lionel | ||
=== ValicekB_ is now known as ValicekB | ||
=== Guest86302 is now known as wiuempe | ||
lordievader | Good afternoon. | 11:30 |
=== galeido_ is now known as galeido | ||
=== Lord_Govindam is now known as krishna | ||
=== krishna is now known as Brahman | ||
=== Brahman is now known as Govindam | ||
paule32 | hello | 12:01 |
paule32 | some on there with take some time? | 12:01 |
paule32 | my custom external helper does not work | 12:02 |
paule32 | <paule32> i want a custom helper, that search website in database | 12:02 |
paule32 | <paule32> if it blocked, then return "ERR" | 12:02 |
paule32 | <paule32> else "OK" | 12:02 |
paule32 | <paule32> here the script: | 12:02 |
paule32 | <paule32> http://pastebin.com/p1zAkhDQ | 12:02 |
paule32 | <paule32> and here the config: | 12:02 |
paule32 | <paule32> http://pastebin.com/kE3kbVGT | 12:02 |
paule32 | <paule32> this is log output: | 12:02 |
paule32 | <paule32> kid1| helperHandleRead: unexpected read from blockscript #Hlpr0, 3 bytes 'ERR' | 12:02 |
lordievader | paule32: It would probably help you to output the actual error instead of 'ERR'. | 12:14 |
paule32 | read from blockscript #Hlpr0, 3 bytes | 12:14 |
lordievader | What I mean is if it errors you don't know if $row[2] was equal to one or if $rec was less than one. When trying to debug something you want as much (relevant) information as possible. | 12:16 |
paule32 | $row[0] ::= id | 12:18 |
paule32 | $row[1] ::= name (of url) | 12:19 |
paule32 | $row[2] ::= blocked (0 || 1) | 12:19 |
lordievader | I guess this is very specific to Squid, perhaps it is a good idea to ask around in #squid. | 12:22 |
paule32 | there sill noise | 12:23 |
paule32 | in the docs stands - return ERR or OK | 12:23 |
paule32 | the funny thing on this stroy is, i can run the script under console without exceptions | 12:24 |
paule32 | i can enter so long as i want | 12:24 |
paule32 | cancel with ctrl+c | 12:24 |
lordievader | Likely due to a completely different environment. | 12:26 |
=== pleia2_ is now known as pleia2 | ||
=== yeats_ is now known as yeats | ||
=== stgraber_ is now known as stgraber | ||
mrtAkdeniz | Hey there | 16:24 |
mrtAkdeniz | Guys I'm trying to create ftp server | 16:24 |
mrtAkdeniz | and I need to use a user who own /var/www/username | 16:24 |
mrtAkdeniz | i can do it with adduser command | 16:25 |
mrtAkdeniz | but my problem is that | 16:25 |
mrtAkdeniz | whenever this user upload a file to there, www-data will say "it is forbidden for me" | 16:25 |
mrtAkdeniz | how can I set default chown or chmod for that directory? | 16:25 |
Sling | mrtAkdeniz: you should make sure the files are owned by a group where both www-data and the user uploading files are member | 16:28 |
mrtAkdeniz | so I need to add that user to www-data? | 16:28 |
Sling | no | 16:28 |
mrtAkdeniz | and set chmod 775 ? | 16:28 |
Sling | no | 16:28 |
Sling | create a new group, add the www-data user and this ftp user to it | 16:28 |
Sling | then make the user the owner of all these files + folders, and make the shared group the group owner | 16:29 |
Sling | then set 750 for folders and 640 for files | 16:29 |
mrtAkdeniz | like chown ftpuser:createdgroup ? | 16:29 |
Sling | sure | 16:29 |
mrtAkdeniz | thanks Sling | 16:29 |
Sling | that way the httpd has only read rights to the content | 16:30 |
mrtAkdeniz | hmm | 16:30 |
Sling | and the user also doesn't have more permissions than he/she needs | 16:30 |
mrtAkdeniz | but sometimes httpd need to write? | 16:30 |
mrtAkdeniz | like logs, io based caching etc? | 16:30 |
Sling | those would be exceptions | 16:30 |
Sling | usually they would be in separate filesystem locations than the regular content | 16:30 |
mrtAkdeniz | actually nope, at least in my framework :\ | 16:31 |
mrtAkdeniz | web content are in public folder | 16:31 |
mrtAkdeniz | but logs, sessions, caches etc are in the storage folder | 16:31 |
mrtAkdeniz | storage and public need to be at the same level | 16:32 |
mrtAkdeniz | i mean | 16:32 |
mrtAkdeniz | - storage, -public, --index.html, -var | 16:32 |
mrtAkdeniz | thank you Sling ^^ | 16:44 |
=== SpamapS_ is now known as SpamapS | ||
mrtAkdeniz | Hey there again! | 17:55 |
mrtAkdeniz | I installed postfix and dovecot on my server, everything works well, I can read and sent mails from roundcube | 17:57 |
mrtAkdeniz | But I can not make smtp configuration for thunderbird or android app | 17:58 |
mrtAkdeniz | If I choose another SMTP and make IMAP conf. it works well | 17:58 |
mrtAkdeniz | but when I try to do smtp configuration, it fails | 17:58 |
mrtAkdeniz | postfix channel says, it is not releated to postfix | 17:58 |
TJ- | mrtAkdeniz: does the mail server have confirmed external access for *receiving* email? | 17:59 |
TJ- | mrtAkdeniz: are there firewall rules preventing connections. | 17:59 |
mrtAkdeniz | there is no firewall on the server | 17:59 |
mrtAkdeniz | and there is no problem about receiving :\ | 18:00 |
mrtAkdeniz | If I choose another smtp, i can get my mails on thunderbird | 18:00 |
mrtAkdeniz | if I get your point correct.. | 18:00 |
mrtAkdeniz | TJ-, yeah I checked the meaning of receiving -lack of English, sorry-; and has no problem with receiving | 18:01 |
mrtAkdeniz | but SMTP configuration | 18:01 |
TJ- | mrtAkdeniz: for a mail client to be able to send mail over SMTP, the SMTP server (postfix) probably needs to authenticate the client otherwise you'd have an open spam-relay. | 18:03 |
TJ- | mrtAkdeniz: if IMAP4 connections to dovecot also don't work that points to a common issue, which is why I mention the firewall. If firewall isn't the issue, look at the postfix (/var/log/mail.log) and dovecot (/var/log/dovecot.log) logs | 18:03 |
mrtAkdeniz | TJ-, there is no log for dovecot, and it is what I all have -> http://pastie.org/private/4vjpvxbbob4imgoljx29w | 18:06 |
mrtAkdeniz | I think my free ssl certificate forbidden by thunderbird | 18:06 |
mrtAkdeniz | but I search for it, and tell thunderbird to skip ssl cert check | 18:06 |
mrtAkdeniz | it is still failing.. | 18:06 |
stochastix | I am going to scp a website over to ubuntu 14.04, do I want to use scp -pr to preserve as much as i can for permissions? I may have to reown the files anyway though | 18:07 |
stochastix | well, guess ill find out soon enough. | 18:14 |
_KaszpiR_ | anyone knows what is retention time for AWS AMI with Ubuntu 14.04.3 LTS daily builds? | 18:20 |
=== yofel_ is now known as yofel | ||
mrtAkdeniz | Guys | 19:19 |
mrtAkdeniz | I'm buying SSL certificate | 19:19 |
mrtAkdeniz | and I'll use it for mail also | 19:19 |
mrtAkdeniz | and my mail server is on mail.mydomain.com | 19:19 |
mrtAkdeniz | do I need to buy it for mail.mydomain or mydomain.com | 19:20 |
paule32 | hello | 19:26 |
paule32 | have problem with squid3 for linux | 19:27 |
paule32 | http://pastebin.com/HXB63yyh | 19:27 |
_KaszpiR_ | looks like your /sap/squid/block.sh sucks in producting proper output | 19:32 |
paule32 | yes, because ERR\n0 | 19:33 |
paule32 | \0OK | 19:33 |
paule32 | any ideas? | 19:36 |
mahdi_ja | hi all | 19:38 |
mahdi_ja | i study about parallel programming in julia and get this statement. | 19:38 |
mahdi_ja | The base Julia installation has in-built support for two types of clusters: | 19:38 |
mahdi_ja | A local cluster specified with the -p option as shown above. | 19:38 |
mahdi_ja | A cluster spanning machines using the --machinefile option. This uses a passwordless ssh login to start julia worker processes (from the same path as the current host) on the specified machines. | 19:38 |
mahdi_ja | i want know what is cluster spanning and how i can create this in ubuntu | 19:39 |
mahdi_ja | thank 's for your help | 19:39 |
Sling | mahdi_ja: you should ask in #julia probably | 19:40 |
Sling | this is not something ubuntu-specific | 19:40 |
mahdi_ja | Sling, yes, but what is spanning cluster i do not find anythings about this | 19:40 |
lordievader | mahdi_ja: Probably multiple nodes running on different machines. | 19:41 |
lordievader | Wouldn't be surprised if it uses a mpich like technology underneath: https://www.mpich.org/ | 19:42 |
mrtAkdeniz | Guys I need help | 19:55 |
mrtAkdeniz | I'm trying to open ports | 19:55 |
mrtAkdeniz | and I don't have ufw enable | 19:55 |
mrtAkdeniz | I'm using sudo iptables -A INPUT -p tcp --dport 587 -j ACCEPT | 19:55 |
paule32 | flush the firewall | 19:55 |
mrtAkdeniz | but telnet localhost 587 still returning error | 19:55 |
RoyK | mrtAkdeniz: why not ufw? | 19:55 |
mrtAkdeniz | paule32, i have ufw disabled | 19:55 |
paule32 | iptables -t nat -L | 19:56 |
paule32 | ? | 19:56 |
mrtAkdeniz | RoyK, because I don't want | 19:56 |
RoyK | mrtAkdeniz: pastebin output of "iptables-save" | 19:56 |
mrtAkdeniz | RoyK, http://pastie.org/private/xptz3rt4jdxjxfxxzl5irq | 19:57 |
mrtAkdeniz | it is just pathetic, my localhost refusing my connection. | 19:58 |
lordievader | mrtAkdeniz: Is there anything listening to those ports? | 19:58 |
mrtAkdeniz | lordievader, I've postfix and dovecot installed | 19:58 |
mrtAkdeniz | and i think they are listening | 19:58 |
RoyK | mrtAkdeniz: all accepted there - nothing is blocking | 19:58 |
lordievader | mrtAkdeniz: netstat -tulpn|grep <those ports> | 19:58 |
mrtAkdeniz | lordievader, both returned empty | 19:58 |
=== rxc_ is now known as rxc | ||
lordievader | So nothing is listening. | 19:59 |
mrtAkdeniz | damn | 19:59 |
Sling | (try it with sudo if you're not root) | 20:00 |
mrtAkdeniz | I'm root :\ | 20:00 |
RoyK | mrtAkdeniz: it's not a firewall issue | 20:01 |
RoyK | mrtAkdeniz: nothing is blocked in that iptables setup | 20:01 |
mrtAkdeniz | RoyK, yeah I got it :\ | 20:01 |
mrtAkdeniz | it is postfix issue | 20:01 |
RoyK | mrtAkdeniz: the allow lines have no effect, since -P ACCEPT is on | 20:01 |
RoyK | mrtAkdeniz: I'd recommend using ufw until you get familiar with the iptables (or next, nftables) rules | 20:02 |
mrtAkdeniz | when I enable ufw, even my 80 port blocked | 20:02 |
mrtAkdeniz | and I had "ufw enable 80" and rebooted.. | 20:02 |
RoyK | no | 20:03 |
RoyK | ufw allow http | 20:03 |
RoyK | ufw allow ssh | 20:03 |
RoyK | ufw enable | 20:03 |
mrtAkdeniz | not enable sorry | 20:03 |
mrtAkdeniz | allow 80 | 20:03 |
RoyK | just use http | 20:03 |
mrtAkdeniz | but I need to open other ports | 20:03 |
RoyK | first iptables -F | 20:03 |
mrtAkdeniz | like 21, 25 etc | 20:03 |
RoyK | 21? are you (ab)using ftp? | 20:04 |
mrtAkdeniz | and I have 81 port which is another webserver | 20:04 |
mrtAkdeniz | yeah RoyK | 20:04 |
RoyK | just ufw allow 'whateverprotocol' | 20:04 |
RoyK | it's simple | 20:04 |
mrtAkdeniz | ufw allow 81? | 20:04 |
RoyK | ufw allow 81/tcp | 20:04 |
mrtAkdeniz | hmm | 20:04 |
mrtAkdeniz | let me try it | 20:04 |
RoyK | flush iptables first | 20:05 |
RoyK | *first* | 20:05 |
RoyK | because custom rules and ufw may interfere | 20:05 |
mrtAkdeniz | ok | 20:05 |
mrtAkdeniz | iptables -F right? | 20:05 |
RoyK | mhm | 20:06 |
RoyK | then this: ufw allow ssh; ufw allow http; ufw allow 81/tcp; ufw allow ftp # the latter if you're stupid enough to use FTP in production | 20:07 |
RoyK | the thing about FTP is, it uses different ports for control and data, which is a bad idea with NATed machines | 20:09 |
RoyK | it works, however, with protocol helpers | 20:09 |
RoyK | but then, if you try to do something smart, as in encrypting the data, the router can't see which ports to forward, and FTP just won't work | 20:09 |
RoyK | use SFTP instead | 20:10 |
MACscr | is there a channel for LXD? | 20:14 |
TJ- | there's #lxcontainers and #lxc-devel | 20:28 |
MACscr | yep, just noticed that its just the regular LXC channel. Wasnt sure if there was one specific to LXD. | 20:36 |
tonymke | I am struggling to get sshd's AuthorizedCommandKeys bit to work successfully | 20:42 |
tonymke | made a script that literally just curl my github keys to stdout | 20:42 |
tonymke | can't actually auth from results | 20:42 |
tonymke | Anyone see anything painfully wrong? http://i.imgur.com/cO2P7eq.png | 20:45 |
TJ- | What is this "AuthorizedCommandKeys" | 20:50 |
tonymke | TJ-: this - https://gist.github.com/sivel/c68f601137ef9063efd7 | 20:51 |
tonymke | supposedly a command you can tell sshd to run to get an alternative authorized_keys set before checking each user's home directory | 20:51 |
tonymke | trying to use it as a simple way to not have to update authorized_keys files across vms | 20:51 |
TJ- | tonymke: it's "AuthorizedKeysCommand" | 20:53 |
tonymke | that's what's in the sshd config | 20:55 |
tonymke | so that's not it | 20:55 |
tonymke | just a typo in here | 20:55 |
TJ- | OK :) ... try increasing logging verbosity of sshd | 20:56 |
TJ- | tonymke: you've also got "AuthorizedKeysCommandUser" configured and set to a valid user account? | 20:59 |
tonymke | "unsave permissions or modes for file" | 20:59 |
tonymke | alright, that's helpful | 20:59 |
TJ- | The man-page does say "The program must be owned by root, not writable by group or | 21:01 |
TJ- | others and specified by an absolute path | 21:01 |
tonymke | yeah, it's owned by root. trying 700 perms now | 21:02 |
Darkyyy | im running LAMP on ubuntu server 14.04 | 21:03 |
tonymke | got it | 21:04 |
tonymke | wooo | 21:04 |
Darkyyy | can't run a proxy script | 21:04 |
Darkyyy | im getting error 500 | 21:04 |
paule32 | hello | 22:57 |
paule32 | have problems with squid3.4 | 22:57 |
paule32 | http://pastebin.com/HXB63yyh | 22:57 |
=== Monthrect is now known as Piper-Off | ||
=== Lcawte is now known as Lcawte|Away | ||
=== Piper-Off is now known as Monthrect |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!