[02:26] <set_> Hello!
[02:26] <sarnold> hi set_
[02:26] <set_> Where should I look to view tutorials on making my server run outside of my servers?
[02:27] <set_> I have ubuntu server.
[02:27] <set_> For instance, should I use Bind9?
[02:27] <sarnold> what problem are you trying to solve?
[02:27] <set_> Oh.
[02:28] <set_> I can only view my web page online on my network for some reason.
[02:28] <set_> I want to view it outside of the network.
[02:28] <sarnold> alright .. there's a lot of moving parts to that one :)
[02:28] <set_> Yea!
[02:29] <set_> I am using apache2 for now.
[02:29] <set_> I plan on using nginx later but for now, I would like to stick w/ apache2.
[02:29] <sarnold> so .. is your network NATted? (probably yes)
[02:29] <set_> No.
[02:29] <sarnold> ohho
[02:29] <sarnold> alright then :)
[02:30] <set_> Yep!
[02:30] <sarnold> what IP addresses is apache bound to?
[02:30] <set_> an ip address w/ :443 only.
[02:30] <sarnold> you need to make sure that it's bound on a routable address, not just a lan-local address or localhost
[02:31] <set_> Oh.
[02:31] <sarnold> you need to make sure any firewall in place on the network or the machine allow network connections from the world
[02:31] <set_> Right. I got that idea.
[02:32] <set_> The routable address needs to be from a service or can I use free addresses?
[02:32] <set_> See. I own this website and I am thinking of getting dynamic dns services for a static ip.
[02:33] <sarnold> whatever IP addresses you've been allocated by your ISP ought to work
[02:34] <set_> I learned how to use netplan but the Ubuntu server is/or netplan is complaining. So, I went w/ another idea = apache2.
[02:34] <set_> Okay.
[02:34] <set_> I have 18.04 and netplan loves to complain. Are you having trouble w/ this issue or netplan in general?
[02:36] <sarnold> netplan has worked well for me so far
[02:36] <set_> sarnold: Oh.
[02:36] <set_> Okay.
[02:36] <set_> No issue.
[02:37] <sarnold> but I've got a really simple network: the laptop is just using network manager, the big machine in the basement is just doing one IP behind a nat firewall..
[02:37] <set_> Oh.
[02:37] <set_> See. I was going to host a website from my own server but the ideas are vast and I am only one person. It takes an age to get things done.
[02:37] <set_> ...
[02:38] <set_> This is why I thought a service might help out.
[02:38] <set_> Anyway...I appreciate your help.
[02:38] <set_> I guess I do not know the correct way to ask just yet. I will have to read more.
[02:40] <set_> I read this book, "Mastering Ubuntu Server, (LaCroix 2018)," and the ideas are beating my brain senseless.
[02:40] <set_> I have not been able to reproduce the steps this person took w/ Ubuntu Server.
[02:40] <set_> sarnold: Have you read this book?
[02:41] <sarnold> set_: sorry, no. but that's not too much of a surprise ..
[02:41] <sarnold> set_: so, where are you currently stuck?
[02:41] <sarnold> set_: like, is your apache bound to a routable IP?
[02:41] <set_> Okay.
[02:41] <set_> Yes.
[02:42] <set_> The website comes up and it is live, I have https for my site, and the site is not live outside of the network.
[02:42] <set_> I tried to view it elsewhere and it just keeps circling.
[02:42] <set_> No reponse.
[02:42] <set_> reponse = response
[02:43] <set_> My apache2 server works. Ubuntu Server works. I am missing something.
[02:44] <sarnold> set_: so, from a host off your network, what do you get when you run openssl s_client -connect ipadress:443  ?
[02:44] <sarnold> try it against google if you want to see what success looks like, openssl s_client -connect www.google.com:443
[02:45] <set_> I would have to look tomorrow when I travel.
[02:46] <set_> If I am not using openssl, does that command still work?
[02:46] <sarnold> if you don't have an aws instance or similar to use for testing, you could also try the qualys checker, https://www.ssllabs.com/ssltest/analyze.html?viaform=on&d=
[02:46] <sarnold> this is just using openssl's s_client interface to talk tls to a service and then do nothing else
[02:47] <set_> Okay.
[02:47] <sarnold> it's great for testing web servers, mail servers, irc servers etc
[02:47] <set_> Aw.
[02:47] <sarnold> it's a lot like a netcat that understands TLS
[02:48] <set_> Yea. sarnold: You are talking out of my league still. I am a fresh-off-the-boat user for ubuntu server.
[02:48] <set_> I used openssl but stopped b/c I did not self-signed certs.
[02:49] <sarnold> okay, a quick intro to netcat then :) try "echo hi | nc localhost 22" to see your openssh login banner
[02:50] <set_> Anyway sarnold: I have a lot to learn and tonight might not be the night. I need to learn more to discuss things w/ this crowd (obviously).
[02:50] <set_> Thank you, anyway. Maybe another time, sorry.
[02:51] <sarnold> alright, have fun :)
[02:51] <set_> I appreciate the effort and help.
[06:18] <Haris> hello all
[06:19] <Haris> I'm having trouble with mod_ruid2 mod for apache on 14.04. The user group I set in vhost configs, apache is not writing new files with its ownership. Also, is this issue resolved in 16.x, 18.x? this is an amazon aws instance, running from the freely available images on amazon
[10:13] <tomreyn> Haris: 14.04 is almost end of life, upgrade now!
[10:14] <Haris> yes, I know. but still need a way to keep things running meanwhile
[10:15] <tomreyn> Haris: what do you use / need mod_ruid2 for?
[10:15] <Haris> for anything uploaded or any file/folder created by web scripts to be with ownership, permissions of the configured u/g
[10:16] <Haris> processes apache runs for that specific vhost run with perms/ownership of that u/g
[10:16] <tomreyn> which languages are those web scripts in?
[10:16] <Haris> php
[10:16] <tomreyn> why don't you use php-fpm?
[10:17] <Haris> don't want to use php plugin independent of web server
[10:18] <Haris> no significant benefit from it
[10:18] <tomreyn> have you ever used it?
[10:18] <Haris> yes
[10:19] <tomreyn> then i'm surprised you see no benefit
[10:19] <tomreyn> i never used mod_ruid2, though. but if it's anything like suexec...
[10:19] <Haris> it works ok on centos
[10:19] <Haris> doesn't work on ubuntu's implementation
[10:19] <Haris> not like suexec
[10:20] <Haris> its inline, included plugin in apache
[10:20] <Haris> doesn't run separate
[10:22] <tomreyn> sure, it's a module, this can probably improve handling. on the other hand it means it needs to have authority to change ownership of files to any users, i guess, which effectively means root.
[10:22] <tomreyn> but i'll need to read up more
[10:23] <Haris> its good because it works as an inline, included plugin. removes all headaches like suexec
[10:28] <tomreyn> i'm assumign you're doing shared hosting there, in which case per customer / user process control and isolation is important. does it do this well?
[10:41] <xedniv> im encountering issues with the 18.04.2 live cd. when installing using lvm and a custom partition layout, the fstab mountpoints use UUIDs only, and during first boot, /usr cannot be mounted. same for root, more or less. lvm vgchange -a y fixes it.
[10:44] <tomreyn> xedniv: can you show the custom partition layout?
[10:44] <tomreyn> by "18.04.2 live cd" you mean the 18.04.2 live-server installer, right?
[10:45] <lotuspsychje> pabed: ask your issue here mate, volunteers might help think along with you
[10:47] <pabed> lotuspsychje: in this path "/etc/network/if-pre-up.d/ i see https://termbin.com/0f0g not iptables
[10:49] <pabed> I followe this https://paste.ubuntu.com/p/sjpxf9FdGD/ for persistent iptables , but there is no such file there
[10:50] <RoyK> pabed: iptables-persistent, perhaps?
[10:51] <pabed> RoyK: how should I use this command?
[10:51] <RoyK> apt install iptables-persistent
[10:51] <RoyK> then read the manual
[10:54] <xedniv> tomreyn, yes
[10:57] <pabed> RoyK: I installed but it is not found
[10:57] <xedniv> tomreyn, https://pastebin.com/K9sqi7qg
[10:57] <xedniv> the fstab
[10:58] <xedniv> tomreyn, the ubuntu-vg mapper entries: https://pastebin.com/KyjXCM3i
[10:59] <RoyK> pabed: it was just a suggestion - personally, I just use ufw
[11:00] <tomreyn> xedniv: thanks. i'll try to reproduce this. have you filed a bug report, yet?
[11:01] <xedniv> not yet, i havent got my launchpad account in order in ages
[11:01] <xedniv> :(
[11:01] <xedniv> (but will do)
[11:01] <tomreyn> xedniv: would you post it here when you did, please?
[11:02] <xedniv> tomreyn, in a couple hours, yes
[11:02] <xedniv> are you trying to repro it now?
[11:03] <xedniv> the dirty workaround I used in one guest was to add a initramfs script
[11:03] <xedniv> that just calls lvm vgchange -a y
[11:03] <xedniv> but thats tricky, it could definitely mess things up in other installations
[11:03] <xedniv> by activating groups not needed at boot
[11:16] <xedniv> tomreyn, https://bugs.launchpad.net/bugs/1573982
[11:16] <xedniv> tomreyn, https://askubuntu.com/questions/551446/cant-find-lvm-root-dropped-back-to-initramfs
[11:17] <xedniv> seems im not alone
[11:26] <tomreyn> xedniv: i'd say file a new bug against subiquity (server live-installer) and curtin. unless you did btrfs?
[11:26] <xedniv> ext4
[11:26] <tomreyn> this bug report is old, centers on unsupported versions
[11:27] <tomreyn> that's unless oyu know it's axctly your bug
[11:28] <tomreyn> i.e. this commit makes a difference for your use case.
[11:28] <xedniv> not so old if it applies to current
[11:29] <tomreyn> hmm yes maybe you're right
[11:29] <tomreyn> i think this Tag fginther added is actually a reference to a cnonical internal ticket, suggesting there may be someone planning to work on this.
[11:30] <tomreyn> (after comment 25)
[11:35] <tomreyn> xedniv: the issue i take there is that the bug title describes an upgrade, whereas your issue is a fresh installation (different, and more serious).
[11:37] <tomreyn> rewriting the first title (and maybe the first post, too) may be an option, if it doesn't break context.
[11:37] <tomreyn> i won't try to reproduce it then, though.
[11:38] <xedniv> yup
[11:38] <xedniv> you might eb able to repro faster than i can file the bug though
[11:38] <xedniv> swamped atm
[11:39] <xedniv> i already had the issue with two separate installs fyi
[11:40] <tomreyn> if you're looking for a solution, use the alternative server installer, it may work better.
[11:44] <xedniv> what are the main differences?
[11:44] <xedniv> (lazy question, i know!)
[11:49] <tomreyn> the alternative server installer is the old "debian-installer" (also still in use for mini.iso). is both enables and forces you to configure a lot more, whereas the new server-live installer comes not only with a nicer GUI, but also asks a lot less questions, and installs as soon as it can. the live-server (subiquity) installer is also an image-based installation just like the (ubiquity) desktop installer, i.e. a tarball of the completed
[11:49] <tomreyn> installation is produced when building the installer and shipped with it, and just pushed to the disk during the installation, which is a lot faster than actually installing all those debian packages one by one.
[11:50] <tomreyn> xedniv: ^
[11:51] <tomreyn> this said, the server installer still has several relevant bugs (from the perspective of this non cannoical affiliated volunteer)
[12:05] <Pyro_Killer> What do ya'll know about the funky version of Ubuntu 16.04 every VPS provider seems to use
[12:06] <Pyro_Killer> *VPS providers seem
[13:46] <whislock> Define "funky"?
[13:46] <whislock> Oh, he's gone. Oops.
[17:08] <teward> whislock: they probably meant the preinstalled 'images' :P
[17:57] <whislock> Oh, yeah. A lot of them are terribad.
[17:57] <whislock> Linode: "Here, you need wifi support." What?!
[19:07] <JanC> seems like the main thing my VPS provider's new cloud infrastructure adds (in addition to adding their own APT mirrors & optionally injecting your SSH keys) is Qemu guest agent