[04:20] <Neo4> how to install postfix in ubuntu, I use this guide
[04:20] <Neo4> https://help.ubuntu.com/lts/serverguide/postfix.html
[04:39] <cpaelzer> good morning
[05:07] <Neo4> cpaelzer: good
[05:07] <Neo4> post fix send message and accept, but postfixadmin gets nothing
[05:08] <Neo4> maybe need to configure postfix with mysql
[05:10] <Neo4> I've tried a few mails to send on gmail and they didn't get to spam. it's nice
[05:10] <Neo4> what I need next?
[05:11] <Neo4> certificate?
[05:11] <Neo4> SASL?
[05:11] <Neo4> or ok, better maybe install mysql
[05:24] <Neo4> I've got this error:
[05:24] <Neo4> neo@v127722:~$ sudo apt-get postfix-mysql
[05:24] <Neo4> E: Invalid operation postfix-mysql
[05:24] <Neo4> oh
[05:24] <Neo4> install
[05:26] <cpaelzer> yep
[05:50] <Neo4> what do next?
[05:50] <Neo4> I installed postfix with mysql
[12:04] <Neo4> who know why dovecot doesn't run?
[12:05] <Neo4> I've configured it using this instruction
[12:05] <Neo4> https://www.rosehosting.com/blog/set-up-a-mail-server-with-postfixadmin-and-mariadb-on-centos-7/
[12:05] <Neo4> and it stopped to work :(
[12:14] <Neo4> I've got error https://paste.ubuntu.com/p/YrkP397tDG/
[16:31] <ahasenack> nacc: would you know why I started seeing this in the samba repo just now? https://pastebin.ubuntu.com/p/wpWzSFPMyP/
[16:31] <ahasenack> I've done many samba commits/uploads in the past, even the version that is right now in git, but now is the first time this happens
[16:32] <ahasenack> maybe a new snap? Or it was reimported?
[16:38] <nacc> ahasenack: looking
[16:46] <nacc> ahasenack: dunno, that directory is defintely empty
[16:47] <nacc> ahasenack: did you see if it was added/emptied in the latest upload?
[16:47] <ahasenack> nacc: I didn't notice any of that
[16:48] <ahasenack> nacc: and 4.7.6 was uploaded twice
[16:48] <ahasenack> ah, no, jus tonce
[16:48] <ahasenack> but the first 4.7.6 upload came via a debian merge
[16:48] <ahasenack> meaning, the whole git workflow process was used
[16:51] <nacc> ahasenack: i only see one 4.7.6 upload, what do you mean by first?
[16:51] <nacc> ahasenack: i mean i only see 2:4.7.6+dfsg~ubuntu-0ubuntu1
[16:52] <ahasenack> and I corrected myself above
[16:52] <ahasenack> there is only one 4.7.6 upload
[16:52] <ahasenack> but it should have hit this problem then, or so I thought
[16:52] <nacc> ahasenack: 'first' came after the correction :)
[16:53] <ahasenack> I am working on the second upload
[16:53] <nacc> ahasenack: that directory didn't exist in 4.7.4, fyi
[16:53] <nacc> ahasenack: link to the merge MP?
[16:53] <ahasenack> not done, because I hit this problem and I don't know what to do
[16:54] <ahasenack> source packages are here: https://launchpad.net/~ahasenack/+archive/ubuntu/samba-kerberos-method-1761737
[16:54] <ahasenack> a simple patch
[16:55] <nacc> ahasenack: ... the one that resulted in the last upload?
[16:55] <ahasenack> hm, let's see if I can find it
[16:55] <nacc> ahasenack: you do an MP normally for the new upload, it just won't match the upload tag (so you can upload tag or not, it doesn't matter)
[16:56] <ahasenack> nacc: this was the MP: https://code.launchpad.net/~ahasenack/ubuntu/+source/samba/+git/samba/+merge/341418
[16:56] <ahasenack> oh, interesting
[16:56] <nacc> tar -czf samba_4.7.6+dfsg.orig.tar.gz --exclude="source4/heimdal/lib/wind/rfc*txt" --exclude="source4/ldap_server/devdocs" --exclude="*chm" samba-4.7.6
[16:57] <ahasenack> yes, it's excluded because of dfsg
[16:57] <nacc> but it wasn't
[16:57] <ahasenack> but that didn't exclude the directory itself?
[16:57] <nacc> it's just empty
[16:57] <nacc> yeah, something seems off in your orig
[16:58] <nacc> (i verified the orig by untarring it manually and it definitely has that directory)
[16:58] <nacc> as to why your git commit didn't notice it, i'm not 100%
[16:58] <nacc> possibly an older git clone?
[16:58] <ahasenack> could be
[17:00] <ahasenack> I could repackage it one more time, call it 4.7.6+dfsg~ubuntu1 perhaps
[17:00] <ahasenack> shucks
[17:00] <nacc> ahasenack: no, you don't want to do that, i don't think
[17:00] <nacc> i mean, yes you can, but i don't think you should
[17:03] <ahasenack> well, it's fine to ignore when committing, we know it was just doc removal that caused it (rfcs essentially)
[17:10] <Hey> When I commission a node in MAAS, It does not detect the storage.  How do I trouble shoot this?
[17:14] <dpb1> Hey: best to ask in #maas
[17:21] <ahasenack> nacc: yeah, I don't know what happened there
[17:21] <ahasenack> andreas@nsnx:~/x$ tar xzf samba-4.7.7.tar.gz
[17:21] <ahasenack> andreas@nsnx:~/x$ tar -czf samba_4.7.7+dfsg.orig.tar.gz --exclude="source4/heimdal/lib/wind/rfc*txt" --exclude="source4/ldap_server/devdocs" --exclude="*chm" samba-4.7.7
[17:21] <ahasenack> andreas@nsnx:~/x$ tar tvzf samba_4.7.7+dfsg.orig.tar.gz |grep devdocs
[17:21] <ahasenack> andreas@nsnx:~/x$
[17:21] <ahasenack> it just works
[17:21] <ahasenack> maybe something during sponsoring
[17:24] <ahasenack> (didn't find a 4.7.6 tarball, used 4.7.7 which has the same devdocs directory, for this test)
[17:25] <ahasenack> nacc: maybe this was used: --exclude="source4/ldap_server/devdocs/*"
[17:25] <ahasenack> that leaves an empty decdocs directory
[17:25] <ahasenack> devdocs*
[17:26] <Hey> dpb1: MAAS is dead channel.. I'm sure its not intentional.
[17:29] <dpb1> apparently not
[17:32] <nacc> ahasenack: right, i pasted what you said in the MP, which may or may not have been what the sponsor did
[17:33] <nacc> ahasenack: this is why it's usually good (in the future) to put a hash for the tarball in
[17:33] <nacc> cpaelzer: --^ fyi
[17:41] <ahasenack> ok, I have a patch, it fixes the crash, but I won't get a confirmation from the reporter until tomorrow
[17:41] <ahasenack> and tomorrow is final freeze
[17:41] <ahasenack> do I upload or not
[17:41] <ahasenack> patch is from upstream, oneliner
[18:23] <ProCycle> I'm so confused. I have a script that makes a backup then encrypts and uploads it to S3. It works fine when I invoke it with "sudo -u backup /bin/bash /usr/local/bin/backup-mysql.sh varible1 varible2"
[18:24] <ProCycle> But when systemd invokes it uploads a 0 byte file (otherwise backup file on server exists and is not 0 bytes)
[18:24] <ProCycle> The service file: https://pastebin.com/Rx2rk48g
[18:26] <ProCycle> I've checked all of the script varibles (dumped to output) and they're exactly the same
[18:29] <JanC> ProCycle: you'll need a shell for the redirection to work
[18:29] <sdeziel> ProCycle: I'm not sure you can use shell redirect
[18:29] <JanC> you can't
[18:29] <JanC> """Specifically, redirection using "<", "<<", ">", and ">>", pipes using "|", running programs in the background using "&", and other elements of shell syntax are not supported."""
[18:30] <JanC> from the 'systemd.service' manfile
[18:30] <sdeziel> ProCycle: based on that, maybe it would be better to edit the backup-mysql.sh script to accept an argument
[18:31]  * ProCycle looks up shell redirection
[18:32] <JanC> or use "sh -c" when you can't change the backup script
[18:32] <ProCycle> Oh, uh what do you mean by shell redirection? in my execstart?
[18:32] <JanC> yes
[18:33] <ProCycle> Oh wait I get what you're seeing, that's a red herring
[18:33] <ProCycle> <s3_space_name> is a placeholder, I have an actual space name there
[18:34] <ProCycle> https://pastebin.com/QCSTieDa
[18:34] <sdeziel> ProCycle: could you test with sudo -Hu backup ... ?
[18:35] <sdeziel> ProCycle: if the S3 key is in your home dir, the backup user wouldn't have access to it
[18:36] <sdeziel> I'm also not sure you test by forcing /bin/bash as the interpreter but that is another delta with how systemd runs the job
[18:36] <sdeziel> s/sure/sure why/
[18:36] <ProCycle> For some reason it won't run otherwise
[18:36] <sdeziel> ProCycle: is the file executale?
[18:36] <ProCycle> But I just did sudo -Hu backup and got the same error
[18:36]  * sdeziel can't type today
[18:37] <ProCycle> So it must have something to do with the home directory
[18:37] <ProCycle> Nothing is stored there though
[18:37] <sdeziel> ProCycle: if you need to specify /bin/bash it could mean 2 things (I think). 1) the shebang is wrong or 2) the file is not executable
[18:38] <ProCycle> https://github.com/ProCycleDev/debian-ubuntu-mariadb-backup/blob/master/backup-mysql.sh
[18:38] <ProCycle> checking
[18:39] <ProCycle> Oh it wasn't set as executable
[18:39] <sdeziel> ProCycle: I never used s3cmd but I seems possible that it access some files from your home or an env variable. I'd strace it to know
[18:45] <ProCycle> Hmm it might have something to do with gpg2
[18:45] <ProCycle> Since it uses that to encrypt the file
[18:47] <ProCycle> Shouldn't matter since it's only using a symetrical cipher but then again gpg2 is very inistent you use the agent even when not using keys
[18:48] <ProCycle> It breaks all the same if I run the s3cmd manually with sudo -hu backup
[18:49] <ProCycle> Problem is the backup user is a system user and has no shell login. Probably need to create a normal user instead
[18:49] <Sircle> Cannot redirect from http to https, what can be the reason https://pastebin.mozilla.org/9083351 ?
[18:52] <sdeziel> ProCycle: I use "openssl enc -aes128" for such needs but I think it's not considered very secure
[18:53] <ProCycle> Sircle, Try doing this instead https://pastebin.com/45ZjSzM3
[18:54] <Sircle> ProCycle,  I should do it in :80 vhost and :443 vhost as well?
[18:56] <ProCycle> In my config I'm not using them, but I'd assume you'd do a vhost for your domain instead of the port
[18:56] <Sircle> can you paste your config
[18:57] <ProCycle> The rewrite rule just redirects them if they're not using HTTPS, otherwise nothing happens and things proceed normally
[18:57] <ProCycle> That's literally my entire config (in an .htaccess file)
[18:57] <ProCycle> I mostly use nginx nowadays
[18:57] <Sircle> is it inside a vhost of a site or its an open config
[18:58] <ProCycle> But that snippet is from apache's help site
[18:59] <ProCycle> I'd make a single vhost for your domain like normal and use that snippet to redirect non HTTPS connections
[18:59] <Sircle> can you paste?
[19:01] <ProCycle> Do you only have one site on this apache install?
[19:01] <ProCycle> Or are there multiple domains?
[19:02] <ProCycle> https://httpd.apache.org/docs/2.4/mod/core.html#virtualhost
[19:06] <ProCycle> So something like https://pastebin.com/wJ15shct
[19:06] <Sircle> ProCycle,  I have many
[19:06] <Sircle> and each is in its vhost
[19:06] <ProCycle> Except correct for your site setup (I'm having a hard time making sense of your config file)
[19:06] <ProCycle> Oh so you'd do <VirtualHost knockcrypto.com>
[19:07] <ProCycle> Not sure if that applies to www too (probably not)
[19:07] <ProCycle> Sorry can't be more help, rather rusty on apache
[19:08] <Sircle> I was missing RewriteEngine on
[19:40] <nacc> powersj: ping
[19:41] <powersj> nacc: hey
[19:41] <nacc> powersj: got a quick pytest question for you if have a sec
[19:42] <powersj> nacc: sure
[19:42] <nacc> powersj: could you join the standup HO? I think i can explain it fastest there
[19:42] <powersj> omw
[19:43] <nacc> powersj: thanks
[20:12] <ProCycle> sdeziel, Yep it was a problem with the user, couldn't write to it's own home directory. I ended up making a new user instead and now it works. Thanks for your insight!
[20:50] <sdeziel> ProCycle: great
[22:50] <Sircle> ProCycle,   I have made it simpler. Can you see the error. How can I know the reason behind it? https://pastebin.mozilla.org/9083373
[22:53] <ProCycle> I'm sorry that's out of my scope of knowledge about apache
[23:10] <compdoc> Sircle, either the proxy portion isnt set up correctly and not working, or the user or path doesnt exist.
[23:10] <compdoc> or permissions on the path is wrong
[23:11] <compdoc> could be many things
[23:13] <Sircle> how can I back trace?
[23:14] <sarnold> maybe try tcpdump or tshark and see what is being senton the wire?
[23:25] <tomreyn> Sircle: first of all, just try to nc -vv to the backend hostname and port, to ensure the tcp port is actually open / listening for cxonnections from this host,
[23:29] <Sircle> tomreyn,  nc -x localhost:50002 -vv?
[23:29] <sarnold> better use the kryptowhatever.com address here too
[23:29] <Sircle> k
[23:30] <Sircle> whats the actual command?
[23:30] <tomreyn> Sircle: what sarnold says, and i don'T see port 50002 listend in what you posted so far. the error message is about port 80
[23:31] <tomreyn> *lsited
[23:31] <tomreyn> *listed
[23:31] <sarnold> tomreyn: the 50002 is from line 9 https://pastebin.mozilla.org/9083373
[23:31] <Sircle> nmap localhost says 50002/tcp open     iiimsf
[23:32] <tomreyn> sorry i'm blind. but why does line 23 refer to port 80?
[23:32] <tomreyn> we did not ask about localhost
[23:32] <sarnold> I assumed that the was the apache server doing the proxying
[23:32] <sarnold> I also assumed that localhost == knockcryptoapi.com
[23:33] <tomreyn> kryptowhatever.com should not resolve to an ip address which reverse resolves to localhost.
[23:34] <sarnold> right
[23:34] <tomreyn> nor knockcryptoapi
[23:34] <sarnold> which is why I suggested using the knockcryptoapi.com dns name in the nc tests
[23:34] <sarnold> to make sure it resolves to something that the host itself can reach
[23:35] <tomreyn> and i agree with this approach
[23:35] <Sircle> sarnold,  yes. ignore localhost
[23:35] <Sircle> so why its not proxying well?
[23:38] <tomreyn> we don't know and cannot speculate since you seem to be withholding relevant information. We suggest you try to have the system which reports "error reading status line from remote server knockcryptoapi.com:50002" to run "nc -vv knockcryptoapi.com:50002" to ensure that tcp conmmunication between it and its backend works properly.
[23:39] <tomreyn> typo. this should haver been: "nc -vv knockcryptoapi.com 50002"
[23:41] <Sircle> tomreyn,  https://pastebin.mozilla.org/9083377
[23:42] <Sircle> oh ok
[23:42] <sarnold> no colon :)
[23:42] <Sircle> onnection to knockcryptoapi.com 50002 port [tcp/*] succeeded!
[23:44] <tomreyn> so tcp connectivity works generally. then you'll want to investigate why "AH01102: error reading status line from remote server knockcryptoapi.com:50002" and "AH00898: Error reading from remote server returned by /cryptoarchid/webapi/v1/person/test " were triggered.
[23:46] <tomreyn> experiment with curl, tcpdump, firefox / chromium network console, burp proxy... whatever you prefer.
[23:48] <Sircle> http://knockcryptoapi.com:50002/ is just running fine
[23:48] <Sircle> its not proxing
[23:49] <Sircle> Status Code: 502 Proxy Error
[23:49] <sarnold> then bust out tshark or tcpdump and watch the traffic between the proxy and the :50002 program and try to spot the error?
[23:49] <Sircle> Remote Address: 107.161.18.128:80
[23:49] <Sircle> Referrer Policy: no-referrer-when-downgrade
[23:49] <tomreyn> then do whatever is needed to make it proxy.
[23:51] <Sircle>  I have made it simpler. Can you see the error. How can I know the reason behind it? https://pastebin.mozilla.org/9083373
[23:52] <sarnold> does the program on :50002 have logs?
[23:52] <Sircle> yes
[23:57] <Sircle> ok, will do rnd and let you know