/srv/irclogs.ubuntu.com/2018/04/18/#ubuntu-server.txt

Neo4how to install postfix in ubuntu, I use this guide04:20
Neo4https://help.ubuntu.com/lts/serverguide/postfix.html04:20
cpaelzergood morning04:39
Neo4cpaelzer: good05:07
Neo4post fix send message and accept, but postfixadmin gets nothing05:07
Neo4maybe need to configure postfix with mysql05:08
Neo4I've tried a few mails to send on gmail and they didn't get to spam. it's nice05:10
Neo4what I need next?05:10
Neo4certificate?05:11
Neo4SASL?05:11
Neo4or ok, better maybe install mysql05:11
Neo4I've got this error:05:24
Neo4neo@v127722:~$ sudo apt-get postfix-mysql05:24
Neo4E: Invalid operation postfix-mysql05:24
Neo4oh05:24
Neo4install05:24
cpaelzeryep05:26
Neo4what do next?05:50
Neo4I installed postfix with mysql05:50
Neo4who know why dovecot doesn't run?12:04
Neo4I've configured it using this instruction12:05
Neo4https://www.rosehosting.com/blog/set-up-a-mail-server-with-postfixadmin-and-mariadb-on-centos-7/12:05
Neo4and it stopped to work :(12:05
Neo4I've got error https://paste.ubuntu.com/p/YrkP397tDG/12:14
ahasenacknacc: would you know why I started seeing this in the samba repo just now? https://pastebin.ubuntu.com/p/wpWzSFPMyP/16:31
ahasenackI've done many samba commits/uploads in the past, even the version that is right now in git, but now is the first time this happens16:31
ahasenackmaybe a new snap? Or it was reimported?16:32
naccahasenack: looking16:38
naccahasenack: dunno, that directory is defintely empty16:46
naccahasenack: did you see if it was added/emptied in the latest upload?16:47
ahasenacknacc: I didn't notice any of that16:47
ahasenacknacc: and 4.7.6 was uploaded twice16:48
ahasenackah, no, jus tonce16:48
ahasenackbut the first 4.7.6 upload came via a debian merge16:48
ahasenackmeaning, the whole git workflow process was used16:48
naccahasenack: i only see one 4.7.6 upload, what do you mean by first?16:51
naccahasenack: i mean i only see 2:4.7.6+dfsg~ubuntu-0ubuntu116:51
ahasenackand I corrected myself above16:52
ahasenackthere is only one 4.7.6 upload16:52
ahasenackbut it should have hit this problem then, or so I thought16:52
naccahasenack: 'first' came after the correction :)16:52
ahasenackI am working on the second upload16:53
naccahasenack: that directory didn't exist in 4.7.4, fyi16:53
naccahasenack: link to the merge MP?16:53
ahasenacknot done, because I hit this problem and I don't know what to do16:53
ahasenacksource packages are here: https://launchpad.net/~ahasenack/+archive/ubuntu/samba-kerberos-method-176173716:54
ahasenacka simple patch16:54
naccahasenack: ... the one that resulted in the last upload?16:55
ahasenackhm, let's see if I can find it16:55
naccahasenack: you do an MP normally for the new upload, it just won't match the upload tag (so you can upload tag or not, it doesn't matter)16:55
ahasenacknacc: this was the MP: https://code.launchpad.net/~ahasenack/ubuntu/+source/samba/+git/samba/+merge/34141816:56
ahasenackoh, interesting16:56
nacctar -czf samba_4.7.6+dfsg.orig.tar.gz --exclude="source4/heimdal/lib/wind/rfc*txt" --exclude="source4/ldap_server/devdocs" --exclude="*chm" samba-4.7.616:56
ahasenackyes, it's excluded because of dfsg16:57
naccbut it wasn't16:57
ahasenackbut that didn't exclude the directory itself?16:57
naccit's just empty16:57
naccyeah, something seems off in your orig16:57
nacc(i verified the orig by untarring it manually and it definitely has that directory)16:58
naccas to why your git commit didn't notice it, i'm not 100%16:58
naccpossibly an older git clone?16:58
ahasenackcould be16:58
ahasenackI could repackage it one more time, call it 4.7.6+dfsg~ubuntu1 perhaps17:00
ahasenackshucks17:00
naccahasenack: no, you don't want to do that, i don't think17:00
nacci mean, yes you can, but i don't think you should17:00
ahasenackwell, it's fine to ignore when committing, we know it was just doc removal that caused it (rfcs essentially)17:03
HeyWhen I commission a node in MAAS, It does not detect the storage.  How do I trouble shoot this?17:10
dpb1Hey: best to ask in #maas17:14
ahasenacknacc: yeah, I don't know what happened there17:21
ahasenackandreas@nsnx:~/x$ tar xzf samba-4.7.7.tar.gz17:21
ahasenackandreas@nsnx:~/x$ tar -czf samba_4.7.7+dfsg.orig.tar.gz --exclude="source4/heimdal/lib/wind/rfc*txt" --exclude="source4/ldap_server/devdocs" --exclude="*chm" samba-4.7.717:21
ahasenackandreas@nsnx:~/x$ tar tvzf samba_4.7.7+dfsg.orig.tar.gz |grep devdocs17:21
ahasenackandreas@nsnx:~/x$17:21
ahasenackit just works17:21
ahasenackmaybe something during sponsoring17:21
ahasenack(didn't find a 4.7.6 tarball, used 4.7.7 which has the same devdocs directory, for this test)17:24
ahasenacknacc: maybe this was used: --exclude="source4/ldap_server/devdocs/*"17:25
ahasenackthat leaves an empty decdocs directory17:25
ahasenackdevdocs*17:25
Heydpb1: MAAS is dead channel.. I'm sure its not intentional.17:26
dpb1apparently not17:29
naccahasenack: right, i pasted what you said in the MP, which may or may not have been what the sponsor did17:32
naccahasenack: this is why it's usually good (in the future) to put a hash for the tarball in17:33
nacccpaelzer: --^ fyi17:33
ahasenackok, I have a patch, it fixes the crash, but I won't get a confirmation from the reporter until tomorrow17:41
ahasenackand tomorrow is final freeze17:41
ahasenackdo I upload or not17:41
ahasenackpatch is from upstream, oneliner17:41
ProCycleI'm so confused. I have a script that makes a backup then encrypts and uploads it to S3. It works fine when I invoke it with "sudo -u backup /bin/bash /usr/local/bin/backup-mysql.sh varible1 varible2"18:23
ProCycleBut when systemd invokes it uploads a 0 byte file (otherwise backup file on server exists and is not 0 bytes)18:24
ProCycleThe service file: https://pastebin.com/Rx2rk48g18:24
ProCycleI've checked all of the script varibles (dumped to output) and they're exactly the same18:26
JanCProCycle: you'll need a shell for the redirection to work18:29
sdezielProCycle: I'm not sure you can use shell redirect18:29
JanCyou can't18:29
JanC"""Specifically, redirection using "<", "<<", ">", and ">>", pipes using "|", running programs in the background using "&", and other elements of shell syntax are not supported."""18:29
JanCfrom the 'systemd.service' manfile18:30
sdezielProCycle: based on that, maybe it would be better to edit the backup-mysql.sh script to accept an argument18:30
* ProCycle looks up shell redirection18:31
JanCor use "sh -c" when you can't change the backup script18:32
ProCycleOh, uh what do you mean by shell redirection? in my execstart?18:32
JanCyes18:32
ProCycleOh wait I get what you're seeing, that's a red herring18:33
ProCycle<s3_space_name> is a placeholder, I have an actual space name there18:33
ProCyclehttps://pastebin.com/QCSTieDa18:34
sdezielProCycle: could you test with sudo -Hu backup ... ?18:34
sdezielProCycle: if the S3 key is in your home dir, the backup user wouldn't have access to it18:35
sdezielI'm also not sure you test by forcing /bin/bash as the interpreter but that is another delta with how systemd runs the job18:36
sdeziels/sure/sure why/18:36
ProCycleFor some reason it won't run otherwise18:36
sdezielProCycle: is the file executale?18:36
ProCycleBut I just did sudo -Hu backup and got the same error18:36
* sdeziel can't type today18:36
ProCycleSo it must have something to do with the home directory18:37
ProCycleNothing is stored there though18:37
sdezielProCycle: if you need to specify /bin/bash it could mean 2 things (I think). 1) the shebang is wrong or 2) the file is not executable18:37
ProCyclehttps://github.com/ProCycleDev/debian-ubuntu-mariadb-backup/blob/master/backup-mysql.sh18:38
ProCyclechecking18:38
ProCycleOh it wasn't set as executable18:39
sdezielProCycle: I never used s3cmd but I seems possible that it access some files from your home or an env variable. I'd strace it to know18:39
ProCycleHmm it might have something to do with gpg218:45
ProCycleSince it uses that to encrypt the file18:45
ProCycleShouldn't matter since it's only using a symetrical cipher but then again gpg2 is very inistent you use the agent even when not using keys18:47
ProCycleIt breaks all the same if I run the s3cmd manually with sudo -hu backup18:48
ProCycleProblem is the backup user is a system user and has no shell login. Probably need to create a normal user instead18:49
SircleCannot redirect from http to https, what can be the reason https://pastebin.mozilla.org/9083351 ?18:49
sdezielProCycle: I use "openssl enc -aes128" for such needs but I think it's not considered very secure18:52
ProCycleSircle, Try doing this instead https://pastebin.com/45ZjSzM318:53
SircleProCycle,  I should do it in :80 vhost and :443 vhost as well?18:54
ProCycleIn my config I'm not using them, but I'd assume you'd do a vhost for your domain instead of the port18:56
Sirclecan you paste your config18:56
ProCycleThe rewrite rule just redirects them if they're not using HTTPS, otherwise nothing happens and things proceed normally18:57
ProCycleThat's literally my entire config (in an .htaccess file)18:57
ProCycleI mostly use nginx nowadays18:57
Sircleis it inside a vhost of a site or its an open config18:57
ProCycleBut that snippet is from apache's help site18:58
ProCycleI'd make a single vhost for your domain like normal and use that snippet to redirect non HTTPS connections18:59
Sirclecan you paste?18:59
ProCycleDo you only have one site on this apache install?19:01
ProCycleOr are there multiple domains?19:01
ProCyclehttps://httpd.apache.org/docs/2.4/mod/core.html#virtualhost19:02
ProCycleSo something like https://pastebin.com/wJ15shct19:06
SircleProCycle,  I have many19:06
Sircleand each is in its vhost19:06
ProCycleExcept correct for your site setup (I'm having a hard time making sense of your config file)19:06
ProCycleOh so you'd do <VirtualHost knockcrypto.com>19:06
ProCycleNot sure if that applies to www too (probably not)19:07
ProCycleSorry can't be more help, rather rusty on apache19:07
SircleI was missing RewriteEngine on19:08
naccpowersj: ping19:40
powersjnacc: hey19:41
naccpowersj: got a quick pytest question for you if have a sec19:41
powersjnacc: sure19:42
naccpowersj: could you join the standup HO? I think i can explain it fastest there19:42
powersjomw19:42
naccpowersj: thanks19:43
ProCyclesdeziel, Yep it was a problem with the user, couldn't write to it's own home directory. I ended up making a new user instead and now it works. Thanks for your insight!20:12
sdezielProCycle: great20:50
SircleProCycle,   I have made it simpler. Can you see the error. How can I know the reason behind it? https://pastebin.mozilla.org/908337322:50
ProCycleI'm sorry that's out of my scope of knowledge about apache22:53
compdocSircle, either the proxy portion isnt set up correctly and not working, or the user or path doesnt exist.23:10
compdocor permissions on the path is wrong23:10
compdoccould be many things23:11
Sirclehow can I back trace?23:13
sarnoldmaybe try tcpdump or tshark and see what is being senton the wire?23:14
tomreynSircle: first of all, just try to nc -vv to the backend hostname and port, to ensure the tcp port is actually open / listening for cxonnections from this host,23:25
Sircletomreyn,  nc -x localhost:50002 -vv?23:29
sarnoldbetter use the kryptowhatever.com address here too23:29
Sirclek23:29
Sirclewhats the actual command?23:30
tomreynSircle: what sarnold says, and i don'T see port 50002 listend in what you posted so far. the error message is about port 8023:30
tomreyn*lsited23:31
tomreyn*listed23:31
sarnoldtomreyn: the 50002 is from line 9 https://pastebin.mozilla.org/908337323:31
Sirclenmap localhost says 50002/tcp open     iiimsf23:31
tomreynsorry i'm blind. but why does line 23 refer to port 80?23:32
tomreynwe did not ask about localhost23:32
sarnoldI assumed that the was the apache server doing the proxying23:32
sarnoldI also assumed that localhost == knockcryptoapi.com23:32
tomreynkryptowhatever.com should not resolve to an ip address which reverse resolves to localhost.23:33
sarnoldright23:34
tomreynnor knockcryptoapi23:34
sarnoldwhich is why I suggested using the knockcryptoapi.com dns name in the nc tests23:34
sarnoldto make sure it resolves to something that the host itself can reach23:34
tomreynand i agree with this approach23:35
Sirclesarnold,  yes. ignore localhost23:35
Sircleso why its not proxying well?23:35
tomreynwe don't know and cannot speculate since you seem to be withholding relevant information. We suggest you try to have the system which reports "error reading status line from remote server knockcryptoapi.com:50002" to run "nc -vv knockcryptoapi.com:50002" to ensure that tcp conmmunication between it and its backend works properly.23:38
tomreyntypo. this should haver been: "nc -vv knockcryptoapi.com 50002"23:39
Sircletomreyn,  https://pastebin.mozilla.org/908337723:41
Sircleoh ok23:42
sarnoldno colon :)23:42
Sircleonnection to knockcryptoapi.com 50002 port [tcp/*] succeeded!23:42
tomreynso tcp connectivity works generally. then you'll want to investigate why "AH01102: error reading status line from remote server knockcryptoapi.com:50002" and "AH00898: Error reading from remote server returned by /cryptoarchid/webapi/v1/person/test " were triggered.23:44
tomreynexperiment with curl, tcpdump, firefox / chromium network console, burp proxy... whatever you prefer.23:46
Sirclehttp://knockcryptoapi.com:50002/ is just running fine23:48
Sircleits not proxing23:48
SircleStatus Code: 502 Proxy Error23:49
sarnoldthen bust out tshark or tcpdump and watch the traffic between the proxy and the :50002 program and try to spot the error?23:49
SircleRemote Address: 107.161.18.128:8023:49
SircleReferrer Policy: no-referrer-when-downgrade23:49
tomreynthen do whatever is needed to make it proxy.23:49
Sircle I have made it simpler. Can you see the error. How can I know the reason behind it? https://pastebin.mozilla.org/908337323:51
sarnolddoes the program on :50002 have logs?23:52
Sircleyes23:52
Sircleok, will do rnd and let you know23:57

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!