sarnoldhi set_02:26
set_Where should I look to view tutorials on making my server run outside of my servers?02:26
set_I have ubuntu server.02:27
set_For instance, should I use Bind9?02:27
sarnoldwhat problem are you trying to solve?02:27
set_I can only view my web page online on my network for some reason.02:28
set_I want to view it outside of the network.02:28
sarnoldalright .. there's a lot of moving parts to that one :)02:28
set_I am using apache2 for now.02:29
set_I plan on using nginx later but for now, I would like to stick w/ apache2.02:29
sarnoldso .. is your network NATted? (probably yes)02:29
sarnoldalright then :)02:29
sarnoldwhat IP addresses is apache bound to?02:30
set_an ip address w/ :443 only.02:30
sarnoldyou need to make sure that it's bound on a routable address, not just a lan-local address or localhost02:30
sarnoldyou need to make sure any firewall in place on the network or the machine allow network connections from the world02:31
set_Right. I got that idea.02:31
set_The routable address needs to be from a service or can I use free addresses?02:32
set_See. I own this website and I am thinking of getting dynamic dns services for a static ip.02:32
sarnoldwhatever IP addresses you've been allocated by your ISP ought to work02:33
set_I learned how to use netplan but the Ubuntu server is/or netplan is complaining. So, I went w/ another idea = apache2.02:34
set_I have 18.04 and netplan loves to complain. Are you having trouble w/ this issue or netplan in general?02:34
sarnoldnetplan has worked well for me so far02:36
set_sarnold: Oh.02:36
set_No issue.02:36
sarnoldbut I've got a really simple network: the laptop is just using network manager, the big machine in the basement is just doing one IP behind a nat firewall..02:37
set_See. I was going to host a website from my own server but the ideas are vast and I am only one person. It takes an age to get things done.02:37
set_This is why I thought a service might help out.02:38
set_Anyway...I appreciate your help.02:38
set_I guess I do not know the correct way to ask just yet. I will have to read more.02:38
set_I read this book, "Mastering Ubuntu Server, (LaCroix 2018)," and the ideas are beating my brain senseless.02:40
set_I have not been able to reproduce the steps this person took w/ Ubuntu Server.02:40
set_sarnold: Have you read this book?02:40
sarnoldset_: sorry, no. but that's not too much of a surprise ..02:41
sarnoldset_: so, where are you currently stuck?02:41
sarnoldset_: like, is your apache bound to a routable IP?02:41
set_The website comes up and it is live, I have https for my site, and the site is not live outside of the network.02:42
set_I tried to view it elsewhere and it just keeps circling.02:42
set_No reponse.02:42
set_reponse = response02:42
set_My apache2 server works. Ubuntu Server works. I am missing something.02:43
sarnoldset_: so, from a host off your network, what do you get when you run openssl s_client -connect ipadress:443  ?02:44
sarnoldtry it against google if you want to see what success looks like, openssl s_client -connect www.google.com:44302:44
set_I would have to look tomorrow when I travel.02:45
set_If I am not using openssl, does that command still work?02:46
sarnoldif you don't have an aws instance or similar to use for testing, you could also try the qualys checker, https://www.ssllabs.com/ssltest/analyze.html?viaform=on&d=02:46
sarnoldthis is just using openssl's s_client interface to talk tls to a service and then do nothing else02:46
sarnoldit's great for testing web servers, mail servers, irc servers etc02:47
sarnoldit's a lot like a netcat that understands TLS02:47
set_Yea. sarnold: You are talking out of my league still. I am a fresh-off-the-boat user for ubuntu server.02:48
set_I used openssl but stopped b/c I did not self-signed certs.02:48
sarnoldokay, a quick intro to netcat then :) try "echo hi | nc localhost 22" to see your openssh login banner02:49
set_Anyway sarnold: I have a lot to learn and tonight might not be the night. I need to learn more to discuss things w/ this crowd (obviously).02:50
set_Thank you, anyway. Maybe another time, sorry.02:50
sarnoldalright, have fun :)02:51
set_I appreciate the effort and help.02:51
Harishello all06:18
HarisI'm having trouble with mod_ruid2 mod for apache on 14.04. The user group I set in vhost configs, apache is not writing new files with its ownership. Also, is this issue resolved in 16.x, 18.x? this is an amazon aws instance, running from the freely available images on amazon06:19
tomreynHaris: 14.04 is almost end of life, upgrade now!10:13
Harisyes, I know. but still need a way to keep things running meanwhile10:14
tomreynHaris: what do you use / need mod_ruid2 for?10:15
Harisfor anything uploaded or any file/folder created by web scripts to be with ownership, permissions of the configured u/g10:15
Harisprocesses apache runs for that specific vhost run with perms/ownership of that u/g10:16
tomreynwhich languages are those web scripts in?10:16
tomreynwhy don't you use php-fpm?10:16
Harisdon't want to use php plugin independent of web server10:17
Harisno significant benefit from it10:18
tomreynhave you ever used it?10:18
tomreynthen i'm surprised you see no benefit10:19
tomreyni never used mod_ruid2, though. but if it's anything like suexec...10:19
Harisit works ok on centos10:19
Harisdoesn't work on ubuntu's implementation10:19
Harisnot like suexec10:19
Harisits inline, included plugin in apache10:20
Harisdoesn't run separate10:20
tomreynsure, it's a module, this can probably improve handling. on the other hand it means it needs to have authority to change ownership of files to any users, i guess, which effectively means root.10:22
tomreynbut i'll need to read up more10:22
Harisits good because it works as an inline, included plugin. removes all headaches like suexec10:23
tomreyni'm assumign you're doing shared hosting there, in which case per customer / user process control and isolation is important. does it do this well?10:28
xednivim encountering issues with the 18.04.2 live cd. when installing using lvm and a custom partition layout, the fstab mountpoints use UUIDs only, and during first boot, /usr cannot be mounted. same for root, more or less. lvm vgchange -a y fixes it.10:41
tomreynxedniv: can you show the custom partition layout?10:44
tomreynby "18.04.2 live cd" you mean the 18.04.2 live-server installer, right?10:44
lotuspsychjepabed: ask your issue here mate, volunteers might help think along with you10:45
pabedlotuspsychje: in this path "/etc/network/if-pre-up.d/ i see https://termbin.com/0f0g not iptables10:47
pabedI followe this https://paste.ubuntu.com/p/sjpxf9FdGD/ for persistent iptables , but there is no such file there10:49
RoyKpabed: iptables-persistent, perhaps?10:50
pabedRoyK: how should I use this command?10:51
RoyKapt install iptables-persistent10:51
RoyKthen read the manual10:51
xednivtomreyn, yes10:54
pabedRoyK: I installed but it is not found10:57
xednivtomreyn, https://pastebin.com/K9sqi7qg10:57
xednivthe fstab10:57
xednivtomreyn, the ubuntu-vg mapper entries: https://pastebin.com/KyjXCM3i10:58
RoyKpabed: it was just a suggestion - personally, I just use ufw10:59
tomreynxedniv: thanks. i'll try to reproduce this. have you filed a bug report, yet?11:00
xednivnot yet, i havent got my launchpad account in order in ages11:01
xedniv(but will do)11:01
tomreynxedniv: would you post it here when you did, please?11:01
xednivtomreyn, in a couple hours, yes11:02
xednivare you trying to repro it now?11:02
xednivthe dirty workaround I used in one guest was to add a initramfs script11:03
xednivthat just calls lvm vgchange -a y11:03
xednivbut thats tricky, it could definitely mess things up in other installations11:03
xednivby activating groups not needed at boot11:03
xednivtomreyn, https://bugs.launchpad.net/bugs/157398211:16
ubottuLaunchpad bug 1573982 in lvm2 (Ubuntu) "LVM boot problem - volumes not activated after upgrade to Xenial" [Undecided,Confirmed]11:16
xednivtomreyn, https://askubuntu.com/questions/551446/cant-find-lvm-root-dropped-back-to-initramfs11:16
xednivseems im not alone11:17
tomreynxedniv: i'd say file a new bug against subiquity (server live-installer) and curtin. unless you did btrfs?11:26
tomreynthis bug report is old, centers on unsupported versions11:26
tomreynthat's unless oyu know it's axctly your bug11:27
tomreyni.e. this commit makes a difference for your use case.11:28
xednivnot so old if it applies to current11:28
tomreynhmm yes maybe you're right11:29
tomreyni think this Tag fginther added is actually a reference to a cnonical internal ticket, suggesting there may be someone planning to work on this.11:29
tomreyn(after comment 25)11:30
tomreynxedniv: the issue i take there is that the bug title describes an upgrade, whereas your issue is a fresh installation (different, and more serious).11:35
tomreynrewriting the first title (and maybe the first post, too) may be an option, if it doesn't break context.11:37
tomreyni won't try to reproduce it then, though.11:37
xednivyou might eb able to repro faster than i can file the bug though11:38
xednivswamped atm11:38
xednivi already had the issue with two separate installs fyi11:39
tomreynif you're looking for a solution, use the alternative server installer, it may work better.11:40
xednivwhat are the main differences?11:44
xedniv(lazy question, i know!)11:44
tomreynthe alternative server installer is the old "debian-installer" (also still in use for mini.iso). is both enables and forces you to configure a lot more, whereas the new server-live installer comes not only with a nicer GUI, but also asks a lot less questions, and installs as soon as it can. the live-server (subiquity) installer is also an image-based installation just like the (ubiquity) desktop installer, i.e. a tarball of the completed11:49
tomreyninstallation is produced when building the installer and shipped with it, and just pushed to the disk during the installation, which is a lot faster than actually installing all those debian packages one by one.11:49
tomreynxedniv: ^11:50
tomreynthis said, the server installer still has several relevant bugs (from the perspective of this non cannoical affiliated volunteer)11:51
Pyro_KillerWhat do ya'll know about the funky version of Ubuntu 16.04 every VPS provider seems to use12:05
Pyro_Killer*VPS providers seem12:06
=== Wryhder is now known as Lucas_Gray
whislockDefine "funky"?13:46
whislockOh, he's gone. Oops.13:46
tewardwhislock: they probably meant the preinstalled 'images' :P17:08
whislockOh, yeah. A lot of them are terribad.17:57
whislockLinode: "Here, you need wifi support." What?!17:57
JanCseems like the main thing my VPS provider's new cloud infrastructure adds (in addition to adding their own APT mirrors & optionally injecting your SSH keys) is Qemu guest agent19:07
=== gislaved40 is now known as gislaved

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!