[00:40] <paule32> hello
[00:40] <paule32> someone there with squid3 and mysql knowledge?
[11:30] <lordievader> Good afternoon.
[12:01] <paule32> hello
[12:01] <paule32> some on there with take some time?
[12:02] <paule32>  my custom external helper does not work
 i want a custom helper, that search website in database
 if it blocked, then return "ERR"
 else "OK"
 here the script:
 http://pastebin.com/p1zAkhDQ
 and here the config:
 http://pastebin.com/kE3kbVGT
 this is log output:
 kid1| helperHandleRead: unexpected read from blockscript #Hlpr0, 3 bytes 'ERR'
[12:14] <lordievader> paule32: It would probably help you to output the actual error instead of 'ERR'.
[12:14] <paule32> read from blockscript #Hlpr0, 3 bytes
[12:16] <lordievader> What I mean is if it errors you don't know if $row[2] was equal to one or if $rec was less than one. When trying to debug something you want as much (relevant) information as possible.
[12:18] <paule32> $row[0] ::= id
[12:19] <paule32> $row[1] ::= name (of url)
[12:19] <paule32> $row[2] ::= blocked (0 || 1)
[12:22] <lordievader> I guess this is very specific to Squid, perhaps it is a good idea to ask around in #squid.
[12:23] <paule32> there sill noise
[12:23] <paule32> in the docs stands - return ERR or OK
[12:24] <paule32> the funny thing on this stroy is,  i can run the script under console without exceptions
[12:24] <paule32> i can enter so long as i want
[12:24] <paule32> cancel with ctrl+c
[12:26] <lordievader> Likely due to a completely different environment.
[16:24] <mrtAkdeniz> Hey there
[16:24] <mrtAkdeniz> Guys I'm trying to create ftp server
[16:24] <mrtAkdeniz> and I need to use a user who own /var/www/username
[16:25] <mrtAkdeniz> i can do it with adduser command
[16:25] <mrtAkdeniz> but my problem is that
[16:25] <mrtAkdeniz> whenever this user upload a file to there, www-data will say "it is forbidden for me"
[16:25] <mrtAkdeniz> how can I set default chown or chmod for that directory?
[16:28] <Sling> mrtAkdeniz: you should make sure the files are owned by a group where both www-data and the user uploading files are member
[16:28] <mrtAkdeniz> so I need to add that user to www-data?
[16:28] <Sling> no
[16:28] <mrtAkdeniz> and set chmod 775 ?
[16:28] <Sling> no
[16:28] <Sling> create a new group, add the www-data user and this ftp user to it
[16:29] <Sling> then make the user the owner of all these files + folders, and make the shared group the group owner
[16:29] <Sling> then set 750 for folders and 640 for files
[16:29] <mrtAkdeniz> like chown ftpuser:createdgroup ?
[16:29] <Sling> sure
[16:29] <mrtAkdeniz> thanks Sling
[16:30] <Sling> that way the httpd has only read rights to the content
[16:30] <mrtAkdeniz> hmm
[16:30] <Sling> and the user also doesn't have more permissions than he/she needs
[16:30] <mrtAkdeniz> but sometimes httpd need to write?
[16:30] <mrtAkdeniz> like logs, io based caching etc?
[16:30] <Sling> those would be exceptions
[16:30] <Sling> usually they would be in separate filesystem locations than the regular content
[16:31] <mrtAkdeniz> actually nope, at least in my framework :\
[16:31] <mrtAkdeniz> web content are in public folder
[16:31] <mrtAkdeniz> but logs, sessions, caches etc are in the storage folder
[16:32] <mrtAkdeniz> storage and public need to be at the same level
[16:32] <mrtAkdeniz> i mean
[16:32] <mrtAkdeniz> - storage, -public, --index.html, -var
[16:44] <mrtAkdeniz> thank you Sling ^^
[17:55] <mrtAkdeniz> Hey there again!
[17:57] <mrtAkdeniz> I installed postfix and dovecot on my server, everything works well, I can read and sent mails from roundcube
[17:58] <mrtAkdeniz> But I can not make smtp configuration for thunderbird or android app
[17:58] <mrtAkdeniz> If I choose another SMTP and make IMAP conf. it works well
[17:58] <mrtAkdeniz> but when I try to do smtp configuration, it fails
[17:58] <mrtAkdeniz> postfix channel says, it is not releated to postfix
[17:59] <TJ-> mrtAkdeniz: does the mail server have confirmed external access for *receiving* email?
[17:59] <TJ-> mrtAkdeniz: are there firewall rules preventing connections.
[17:59] <mrtAkdeniz> there is no firewall on the server
[18:00] <mrtAkdeniz> and there is no problem about receiving :\
[18:00] <mrtAkdeniz> If I choose another smtp, i can get my mails on thunderbird
[18:00] <mrtAkdeniz> if I get your point correct..
[18:01] <mrtAkdeniz> TJ-, yeah I checked the meaning of receiving -lack of English, sorry-; and has no problem with receiving
[18:01] <mrtAkdeniz> but SMTP configuration
[18:03] <TJ-> mrtAkdeniz: for a mail client to be able to send mail over SMTP, the SMTP server (postfix) probably needs to authenticate the client otherwise you'd have an open spam-relay.
[18:03] <TJ-> mrtAkdeniz: if IMAP4 connections to dovecot also don't work that points to a common issue, which is why I mention the firewall. If firewall isn't the issue, look at the postfix (/var/log/mail.log) and dovecot (/var/log/dovecot.log) logs
[18:06] <mrtAkdeniz> TJ-, there is no log for dovecot, and it is what I all have -> http://pastie.org/private/4vjpvxbbob4imgoljx29w
[18:06] <mrtAkdeniz> I think my free ssl certificate forbidden by thunderbird
[18:06] <mrtAkdeniz> but I search for it, and tell thunderbird to skip ssl cert check
[18:06] <mrtAkdeniz> it is still failing..
[18:07] <stochastix> I am going to scp a website over to ubuntu 14.04, do I want to use scp -pr  to preserve as much as i can for permissions?  I may have to reown the files anyway though
[18:14] <stochastix> well, guess ill find out soon enough.
[18:20] <_KaszpiR_> anyone knows what is retention time for AWS AMI with Ubuntu 14.04.3 LTS daily builds?
[19:19] <mrtAkdeniz> Guys
[19:19] <mrtAkdeniz> I'm buying SSL certificate
[19:19] <mrtAkdeniz> and I'll use it for mail also
[19:19] <mrtAkdeniz> and my mail server is on mail.mydomain.com
[19:20] <mrtAkdeniz> do I need to buy it for mail.mydomain or mydomain.com
[19:26] <paule32> hello
[19:27] <paule32> have problem with squid3 for linux
[19:27] <paule32> http://pastebin.com/HXB63yyh
[19:32] <_KaszpiR_> looks like your /sap/squid/block.sh sucks in producting proper output
[19:33] <paule32> yes, because ERR\n0
[19:33] <paule32> \0OK
[19:36] <paule32> any ideas?
[19:38] <mahdi_ja> hi all
[19:38] <mahdi_ja> i study about parallel programming in julia and get this statement.
[19:38] <mahdi_ja> The base Julia installation has in-built support for two types of clusters:
[19:38] <mahdi_ja>     A local cluster specified with the -p option as shown above.
[19:38] <mahdi_ja>     A cluster spanning machines using the --machinefile option. This uses a passwordless ssh login to start julia worker processes (from the same path as the current host) on the specified machines.
[19:39] <mahdi_ja> i want know what is cluster spanning and how i can create this in ubuntu
[19:39] <mahdi_ja> thank 's for your help
[19:40] <Sling> mahdi_ja: you should ask in #julia probably
[19:40] <Sling> this is not something ubuntu-specific
[19:40] <mahdi_ja> Sling, yes, but what is spanning cluster i do not find anythings about this
[19:41] <lordievader> mahdi_ja: Probably multiple nodes running on different machines.
[19:42] <lordievader> Wouldn't be surprised if it uses a mpich like technology underneath: https://www.mpich.org/
[19:55] <mrtAkdeniz> Guys I need help
[19:55] <mrtAkdeniz> I'm trying to open ports
[19:55] <mrtAkdeniz> and I don't have ufw enable
[19:55] <mrtAkdeniz> I'm using sudo iptables -A INPUT -p tcp --dport 587 -j ACCEPT
[19:55] <paule32> flush the firewall
[19:55] <mrtAkdeniz> but telnet localhost 587 still returning error
[19:55] <RoyK> mrtAkdeniz: why not ufw?
[19:55] <mrtAkdeniz> paule32, i have ufw disabled
[19:56] <paule32> iptables -t nat -L
[19:56] <paule32> ?
[19:56] <mrtAkdeniz> RoyK, because I don't want
[19:56] <RoyK> mrtAkdeniz: pastebin output of "iptables-save"
[19:57] <mrtAkdeniz> RoyK, http://pastie.org/private/xptz3rt4jdxjxfxxzl5irq
[19:58] <mrtAkdeniz> it is just pathetic, my localhost refusing my connection.
[19:58] <lordievader> mrtAkdeniz: Is there anything listening to those ports?
[19:58] <mrtAkdeniz> lordievader, I've postfix and dovecot installed
[19:58] <mrtAkdeniz> and i think they are listening
[19:58] <RoyK> mrtAkdeniz: all accepted there - nothing is blocking
[19:58] <lordievader> mrtAkdeniz: netstat -tulpn|grep <those ports>
[19:58] <mrtAkdeniz> lordievader, both returned empty
[19:59] <lordievader> So nothing is listening.
[19:59] <mrtAkdeniz> damn
[20:00] <Sling> (try it with sudo if you're not root)
[20:00] <mrtAkdeniz> I'm root :\
[20:01] <RoyK> mrtAkdeniz: it's not a firewall issue
[20:01] <RoyK> mrtAkdeniz: nothing is blocked in that iptables setup
[20:01] <mrtAkdeniz> RoyK, yeah I got it :\
[20:01] <mrtAkdeniz> it is postfix issue
[20:01] <RoyK> mrtAkdeniz: the allow lines have no effect, since -P ACCEPT is on
[20:02] <RoyK> mrtAkdeniz: I'd recommend using ufw until you get familiar with the iptables (or next, nftables) rules
[20:02] <mrtAkdeniz> when I enable ufw, even my 80 port blocked
[20:02] <mrtAkdeniz> and I had "ufw enable 80" and rebooted..
[20:03] <RoyK> no
[20:03] <RoyK> ufw allow http
[20:03] <RoyK> ufw allow ssh
[20:03] <RoyK> ufw enable
[20:03] <mrtAkdeniz> not enable sorry
[20:03] <mrtAkdeniz> allow 80
[20:03] <RoyK> just use http
[20:03] <mrtAkdeniz> but I need to open other ports
[20:03] <RoyK> first iptables -F
[20:03] <mrtAkdeniz> like 21, 25 etc
[20:04] <RoyK> 21? are you (ab)using ftp?
[20:04] <mrtAkdeniz> and I have 81 port which is another webserver
[20:04] <mrtAkdeniz> yeah RoyK
[20:04] <RoyK> just ufw allow 'whateverprotocol'
[20:04] <RoyK> it's simple
[20:04] <mrtAkdeniz> ufw allow 81?
[20:04] <RoyK> ufw allow 81/tcp
[20:04] <mrtAkdeniz> hmm
[20:04] <mrtAkdeniz> let me try it
[20:05] <RoyK> flush iptables first
[20:05] <RoyK> *first*
[20:05] <RoyK> because custom rules and ufw may interfere
[20:05] <mrtAkdeniz> ok
[20:05] <mrtAkdeniz> iptables -F right?
[20:06] <RoyK> mhm
[20:07] <RoyK> then this: ufw allow ssh; ufw allow http; ufw allow 81/tcp; ufw allow ftp # the latter if you're stupid enough to use FTP in production
[20:09] <RoyK> the thing about FTP is, it uses different ports for control and data, which is a bad idea with NATed machines
[20:09] <RoyK> it works, however, with protocol helpers
[20:09] <RoyK> but then, if you try to do something smart, as in encrypting the data, the router can't see which ports to forward, and FTP just won't work
[20:10] <RoyK> use SFTP instead
[20:14] <MACscr> is there a channel for LXD?
[20:28] <TJ->  there's #lxcontainers and #lxc-devel
[20:36] <MACscr> yep, just noticed that its just the regular LXC channel. Wasnt sure if there was one specific to LXD.
[20:42] <tonymke> I am struggling to get sshd's AuthorizedCommandKeys bit to work successfully
[20:42] <tonymke> made a script that literally just curl my github keys to stdout
[20:42] <tonymke> can't actually auth from results
[20:45] <tonymke> Anyone see anything painfully wrong? http://i.imgur.com/cO2P7eq.png
[20:50] <TJ-> What is this "AuthorizedCommandKeys"
[20:51] <tonymke> TJ-: this - https://gist.github.com/sivel/c68f601137ef9063efd7
[20:51] <tonymke> supposedly a command you can tell sshd to run to get an alternative authorized_keys set before checking each user's home directory
[20:51] <tonymke> trying to use it as a simple way to not have to update authorized_keys files across vms
[20:53] <TJ-> tonymke: it's  "AuthorizedKeysCommand"
[20:55] <tonymke> that's what's in the sshd config
[20:55] <tonymke> so that's not it
[20:55] <tonymke> just a typo in here
[20:56] <TJ-> OK :) ... try increasing logging verbosity of sshd
[20:59] <TJ-> tonymke: you've also got "AuthorizedKeysCommandUser" configured and set to a valid user account?
[20:59] <tonymke> "unsave permissions or modes for file"
[20:59] <tonymke> alright, that's helpful
[21:01] <TJ-> The man-page does say "The program must be owned by root, not writable by group or
[21:01] <TJ->              others and specified by an absolute path
[21:02] <tonymke> yeah, it's owned by root. trying 700 perms now
[21:03] <Darkyyy> im running LAMP on ubuntu server 14.04
[21:04] <tonymke> got it
[21:04] <tonymke> wooo
[21:04] <Darkyyy> can't run a proxy script
[21:04] <Darkyyy> im getting error 500
[22:57] <paule32> hello
[22:57] <paule32> have problems with squid3.4
[22:57] <paule32> http://pastebin.com/HXB63yyh