[03:01] <NatSocSiD> is there a way to configure "needrestart" to automatically restart the services that need to be restarted after an apt upgrade?
[03:03] <NatSocSiD> nevermind, just found how :)
[10:21] <wingarmac> Hi everyone !
[10:24] <wingarmac> I'm a private Ubuntu server 22.04 LTS user and I've put my webserver online. I would like advice on how to secure my web server with OpenSSL. SO far it seems very expensive for my personal needs.
[10:25] <wingarmac> I would like that people that visites my page do not have security messages to display the page. Can someone help ?
[10:25] <JanC> see https://letsencrypt.org/
[10:27] <joshaspinall> https://certbot.eff.org/
[10:33] <wingarmac> WAW, that was easy ! Thanks a lot JanC
[10:34] <wingarmac> Should I disable the virtual host on port 80 to prevent users going on http:// ?
[10:36] <wingarmac> I've had to change the http:// to https:// on my smartphone so it applies. Any advice on this?
[10:38] <wingarmac> It's rather complicated to explain this to a user that doesn't know the difference between those two. At top of that most browser hide it automaticaly and show the url without it.
[10:38] <wingarmac> If he didn't visit the site, will he be redirected automatically to https ?
[10:39] <wingarmac> I need another outside PC to test it. I do not have one right now.
[10:46] <joshaspinall> you will want to configure the site to automatically forward from http:// to https://
[11:26] <wingarmac> joshaspinall That's right.
[11:27] <wingarmac> joshaspinall Any clue how to ?
[11:29] <joshaspinall> it very much depends on your configuration, specifically which web server you have chosen (apache, nginx, other)
[11:29] <joshaspinall> a quick web search of your chosen server should give you what you need
[12:14] <wingarmac> joshaspinall What do you mean with "A quick web search" ? I use Appache2
[12:16] <wingarmac> joshaspinall You mean I'll find the answer on the web ? I'll do that of course. I was just wondering if someone could redirect me to the right information on the web. There are so much sort of explanations I often get lost on what's the right procedure.
[12:18] <wingarmac> Like for this SSL, I tried it by default on Ubuntu with what I did found on there supported websites, but I got turning arround with the creation of the key files. It's with the procedure on letsencrypt.org you did recommend me that I could solve it finally
[12:23] <wingarmac> I do understand that those examples on the web are made to have a general idea of what we have to setup as a company or enterprise, but it makes it difficult to find what I need precisely as a single home user. I did not need all those complicated settings, rather the simple basics for a little public home server.
[12:28] <wingarmac> joshaspinall I would like to thank you again, for the information provided so far. It's a nice feeling to be able to find a descent help. I would also like to thank again the other guy that did help me with BIND again, but he's on the Belgian channel of Ubuntu probably.
[12:36] <wingarmac> joshaspinall I would also like to access my webmin in SSL from anywhere
[12:39] <tomreyn> even though it is you personal webserver at home in a small setting, as soon as you open it to the internet, it is subject to constant attacks and therefore you need to make sure it is setup properly.
[12:42] <tomreyn> it's difficult to provide a works-for-all http -> https redirect configuration, it may need to be adjusted based on which virtual hosts it is meant to apply to (and which not), and the remaining configuration may need changng if you did not previously have a https vhost.
[12:43] <tomreyn> generally speaking, the first time you introduce https, you want to enable namebased virtual hosts (may already be soe), change the http (port 80) virtualhost to a port 443 virtualhost, and add a new port 80 virtualhost which just does the redirect
[12:46] <tomreyn> https://cwiki.apache.org/confluence/display/httpd/redirectssl - use the "Redirect" approach, not mod_rewrite, since rewriting increases server load and should not be necessary most of the time.
[13:00] <wingarmac> tomreyn I've followed the instruction on letsencrypt.org and it has made a copy of the existing port 80 virtual host to 443 on it's own.
[13:01] <wingarmac> I could see a virtual host has been added with the same domain name in the appache's configuration
[13:03] <wingarmac> I'm using Webmin to setup my server: https://ibb.co/mRq71Zw
[13:07] <wingarmac> I changed the server name, with the server's computer name for the virtual host in the html folder. Can I apply this to the public_html virtual host on port 80 to prevent the opening of http:// instead of https:// ?
[13:10] <wingarmac> by default, the virtualhost with root on html, could be openend with both, the name or the IP. I've tried to open it with IP instead of name and it still works. So I presume it will not work this way neider for the virtual hosts with public_html as root.
[13:13] <wingarmac> tomreyn The server contains only itself. I've no private data of importance on it for the time I need to learn how and be able to secure it. So I do not worry much about the attacks. Maybe I'll learn something from it two.
[13:14] <wingarmac> I presume their's no pooint to be the target of such attacks in my case. i've nothing precious to hide or protect.
[13:15] <wingarmac> sorry for my usage of English. I've learned it by helping people in call centers I've been working. So I make lot's of mistakes I guess.
[13:24] <wingarmac> tomreyn I can see this redirection needs another url as target. What if I would like the (www.)mydomain.org to be opened as https?  
[13:25] <wingarmac> I need to inverse the setting by creating the home.mydomain.org to redirect to mydomain.org is it ?
[13:34] <PaulW2U> vim
[13:36] <wingarmac> I've read the security advice on http://www.av-comparatives.org/wp-content/uploads/2015/05/avc_linux_2015_en.pdf for Linux systems. But these points are obvious to me. Before I had my server only local, so I had the desktop running on it. So it was a risk when I use GUI programs like a browser. But now it's running alone on a separate computer. This should be lots safer I presume.
[13:38] <wingarmac> I get noticed by webmin when an update is possible. This helps me maintaining my server up to date. At top of that Ubuntu Pro free subscription is active on it.
[15:13] <tomreyn> wingarmac: sounds good for starters, i guess if you go through cis_level1_server hardening ( https://ubuntu.com/tutorials/comply-with-cis-or-disa-stig-on-ubuntu ) and enable automatic updates you should be good.
[15:14] <tomreyn> regarding how to configure apache httpd using webmin i cannot comment, since i haven't used webmin for many years and don't know what it actually does to the configuration files.
[15:14] <wingarmac> I'm trying to setup LDAP for this time. It seems ... complicated: I try to follow these steps : https://fabianlee.org/2017/02/21/apache2-enable-ldap-authentication-and-ssl-termination-for-ubuntu/
[15:15] <tomreyn> if you want to learn server maintenance it'll be better to use it manually, editing configurations on your own
[15:16] <wingarmac> You're right. But a little motivation, by seeing it works is still welcome. I'll surely reinstall my server many times before I'll now how to handle it.
[15:16] <wingarmac> I've time to go for detailed instructions, but you're right it should be at some point.
[15:17] <tomreyn> oh i don't want to demotivate you, keep going! :)
[15:17] <wingarmac> Thanks !
[15:17] <tomreyn> ldap auth is probably not the first thing i'd recommend setting up, it can involve a high learning curve.
[15:18] <tomreyn> "high" -> "steep"
[15:18] <wingarmac> There are lots of settings I've to work on. At top of that I'll also need to try editing my website on my own. Like you can see I just made a page with Google Slides
[15:19] <wingarmac> I've 3 options in Webmin for user management: MySQL, PostgreSQL, and LDAP
[15:19] <wingarmac> the only that seem to have SSL in these shown options is LDAP
[15:20] <wingarmac> That's why I did select it.
[15:21] <wingarmac> I also presuled it would be the worst to configure. Secure = complicated in many situations
[15:21] <wingarmac> presumed ...
[15:21] <JanC> you don't need SSL internally on the server
[15:22] <wingarmac> I would need to access it worldwide. And later I need it to be avaible to user that connects trough a link on my page so my server gets there dynamic IP to simplifie the maintenance of those.
[15:23] <wingarmac> these people do not intend to use a terminal. It scares them of. That's why they trust me to do that for them.
[15:24] <JanC> the users don't need to connect directly to the database server, I would hope
[15:24] <JanC> they would connect to the web server, and then the web server talks to the database
[15:24] <wingarmac> I'm not sure I know exactly what is needed ot not at this point. You certainly now better as I do
[15:25] <wingarmac> The idea is to get their dynamic IP, with this link, so I can connect to their computer. I need to now how to apply SSL on their PC's too.
[15:26] <wingarmac> Or something like that I can only presume
[15:26] <wingarmac> It's only a concept. I do not yet now what can or not and how to set it up.
[15:27] <tomreyn> hmm it's a bit unclear what you're actually trying to achieve now, maybe focus on describing that as a first step.
[15:27] <wingarmac> I would like to be able to maintain from home, all installs I made for others how agree.
[15:28] <wingarmac> With the use of webmin, if possible
[15:28] <wingarmac> On a secured way of course
[15:28] <tomreyn> what kind of "installs" do you make for others?
[15:29] <wingarmac> Linux: Ubuntu or Cinnamon, they can choose the environment
[15:29] <wingarmac> I present them both. Apple user like ubuntu desktop, Windows user prefer Cinnamon
[15:29] <tomreyn> so you are setting up and  maintaining / servicing, remotely, desktop / laptop computers for others?
[15:30] <wingarmac> Friends and neighbours, yes !
[15:30] <wingarmac> I do this for free, as an hobby, and to help people that do not have money for IT support
[15:31] <tomreyn> there are these graphical remote management softwares for this purpose, such as anydesk, teamviewer, rustdesk
[15:32] <wingarmac> Now I still need a ride to get over there. It would be nice if I could. without Teamviewer on Windows (in the past).
[15:32] <tomreyn> you could use those, or you could use ssh
[15:32] <wingarmac> Nope, I want my own choice. Webmin seems perfect.
[15:33] <tomreyn> i don't think webmin is meant for managing a fleet of remote desktops, but my information may be outdated
[15:33] <wingarmac> I do not want to wait for user interaction when the PC needs reboot, ander other trouble of these kinds
[15:33] <wingarmac> You are right I think. But Webmin do not provide a domain name and an IP.
[15:33] <wingarmac> this is my part of the job to make it do so
[15:34] <wingarmac> Even if I've to setup a VPN for it
[15:34] <wingarmac> the VPN will be set up on my server if I need to
[15:35] <wingarmac> I'm not affraid of complicated. And I've plenty of time ;)
[15:35] <wingarmac> I think it can be done, don't you ?
[15:37] <JanC> you can make those systems automatically SSH into your server with a reverse tunnel; no need for interaction then...  :)
[15:37] <wingarmac> That's the kind of relevant information I like !
[15:37] <tomreyn> you could configure your friends' systems to automatically connect to your vpn server, and then manage them over ssh or - maybe - webmin. you could alternatively (or additionally) configure them to connect to a reverse ssh tunnel
[15:38] <wingarmac> tomreyn would that not cause them to have to remain connected? They should be connected to my network if they do not need maintenance
[15:39] <wingarmac> I would like they get a maximum of privacy. 
[15:39] <tomreyn> to be reachable by you, they would need to remain connected to you
[15:39] <wingarmac> That's not the case of teamviewer
[15:39] <JanC> especially if they are behind a NAT
[15:40] <wingarmac> They make it happen with a user account connection. I would rather like a link they should click
[15:41] <wingarmac> In theory I'm sure this make sense. But in practice It will be difficult to set up, because It's not made for it.
[15:41] <JanC> used to be possible with empathy+remmina IIRC
[15:43] <wingarmac> RDP was my first search, but it's under Microsoft license so it seems. I've tested it to get my USB webcam see whats happening home. But it was only a LAN test.
[15:43] <JanC> empathy + remmina + ssh-contact
[15:45] <wingarmac> these options makes me see their desktop. I do not need that. I just need to be able to update packages and get to the terminal to fix broken packages and eventualy configure it this way. This would satisfy me.
[15:46] <wingarmac> JanC would this make it possible ? empathy + remmina + ssh-contact - Remina is for RDP, that's what I did use with the VLC and the USB webcam
[15:46] <JanC> Remmina can do several different protocols
[15:47] <wingarmac> I've not tested it on the other protocols yet. I've seen it tough. It was used on Linux to apply some kind of remote session.
[15:48] <wingarmac> Remina is for pure control. Webmin gives me a general view of the computer status. If I choose. I still prefer my configuration. It will also help me understand the mechanics of websites and SSL.
[15:50] <wingarmac> What are the 2 others you've specified? what are their purpose ? empathy and ssh-contact ? Are those variants of Remmina or plugins to open Remmina secure remotly ?
[15:50] <tomreyn> desktops and laptops don't usually run websites. it's a bit unclear where you see the rleation between the scenario you describe (remotely manage users computers) and "using webmin"
[15:51] <wingarmac> I can install webmin on their system ? What's the problem with that ?
[15:52] <wingarmac> If it is secured so I'm the only that can open the webmin on their computers, what's the proble ?
[15:52] <tomreyn> you could install webmin on every one of their systems, and only make that available from 127.0.0.1. it will consume resources there while it's running, but probably not too many. you would still need an ssh server or similar way to connect to the system securely
[15:53] <tomreyn> https://netbird.io/ or https://www.netmaker.io/ are a way to build a mesh (wireguard) vpn across mutliple locations and behind nat
[15:53] <wingarmac> yes. I think so. That's where I want to go ... 
[15:53] <tomreyn> but those may too too much complexity for now
[15:54] <tomreyn> so maybe just start with the ssh reverse tunnel approach and webmin installed on their systems
[15:54] <wingarmac> first things first, my pages need to work like intend to and my own server or PC should be remotly available on internet on a secured way.
[15:55] <tomreyn> that seems like a separate project
[15:55] <wingarmac> If I can understand how to apply that on every install, I can concider the installation on client PC's
[15:55] <wingarmac> Yes, learning how it works
[15:56] <wingarmac> before proposing the service, you need to now you can set it up on a trusty way, Isn't it?
[15:56] <tomreyn> yes, but this shouldn't include a remotely accessible website
[15:57] <tomreyn> at least i would not recommend making webmin available on the internet
[15:57] <wingarmac> The website should provide a link to identify the distant computer on my network and request a connection
[15:57] <wingarmac> It's like a login and password, but I would like it uses the MAC address to identify the computer and it's settings and save the IP to be able to connect with webmin on it
[15:58] <tomreyn> hmm i'm not aware of an existing software for this purpose, there may well be one, but you'll need to search for it, i guess, or write it yourself.
[15:58] <wingarmac> My identification would already be on the computer as the installer of the system.
[15:59] <tomreyn> MAC addresses are only available on a LAN, not a WAN, not routed
[15:59] <wingarmac> You meen I can't see the mac address of a remote computer on the web ?
[16:00] <tomreyn> also, they're easily changed, non-unique and thus pretty weak identifiers
[16:00] <tomreyn> right
[16:00] <wingarmac> I'll use other settings I've made localy to lay the link. It would not be the only information.
[16:01] <wingarmac> it would be some kind of check of the variables, if they are met, I save the IP as a compuer avaible on webmin
[16:03] <tomreyn> first think about the network structure / architecture you'll need, understand NAT and the difficulties it causes, how to work around it, then design your network and application architecture, including the endpoint authentication you have in mind. this will be a very complex system, the way you describe it. not a good first project at all.
[16:04] <wingarmac> My first contact with my ISP concerning my request for subscription change, was: "You don't have a company, so you can't have a pro subscription" But finally I've been able to get it. Because this person didn't know how, did not meen it was not possible.
[16:04] <tomreyn> was that to get a fixed ip address?
[16:05] <wingarmac> Same thing here. I think it's logic. I do test until I proof myself I can't. Then  I confirm it doesn't work. At least for me.
[16:06] <wingarmac> yes, on a cheaper way. Residential it was more money. at top of that, now I've the same package, but it has 15Gb mobile data instead of 5GB. The same subscription residential is total: 130€/month. With the current subscription : 100€/month
[16:07] <wingarmac> I'm glad I made me angry some times on the phone to get it ;)
[16:08] <tomreyn> sheesh, that's a lot of money for so little data.
[16:08] <wingarmac> without the IP I was paying 79€, and it just had an incease to 81€ on my last bill
[16:09] <wingarmac> If you ask support, then it gets ugly everywhere
[16:09] <wingarmac> realy ugly for a private user
[16:09] <tomreyn> anyways, i'm not in .be, can't recommend anything. maybe lotuspsychj3 can recommend something cheaper. but we're off topic now.
[16:10] <wingarmac> these companies gladly ask 1000€/year just for support and lots of options you do not even matter. And if you try to explain why you use it and that you can't offerd what they want, they close ythe phone!
[16:10] <wingarmac> or the chat
[16:11] <wingarmac> they don't care what we need, they just want to sell
[16:11] <wingarmac> I hate these ways of handling people
[16:11] <tomreyn> yes, telecoms are a pain. now let's get back to the channel topic, which is ubuntu server
[16:12] <wingarmac> you're right!
[16:14] <wingarmac> well I think my brain needs a pause. I've my ideas crumbling. So I will take a nap. Cheers to all of you ! And many thanks for all your suggestions !
[16:14] <tomreyn> you're welcome :)
[16:22] <JanC> I find it a lot easier (and cheaper) to keep my dynamic IP & have my servers as a VPS somewhere...  :)
[16:31] <tomreyn> if that somewhere is where a connect back shell connects, then a mesh vpn can make sense
[16:35] <JanC> and https://www.edpnet.be/ has more reasonably priced internet/mobile than what wingarmac seems to have
[16:39] <JanC> possibly combined with streaming TV from TV Vlaanderen/Télésat if you need that
[18:08] <wingarmac> JanC Do you know about the Belgian ISP marked ? Proximus is grown out of Belgacom, that was the Belgian RTT before that, a company that was the gouvernements ownership. But due to privaticing of all the companies of the gouvernement, Belgacom has bought all the existing lines that where already build in all the country.
[18:09] <wingarmac> Since then, no ISP has his own lines, they all rent it to Proximus, and have to do higher prices, or use other type of connection, or limited network coverage to some parts of the country
[18:10] <wingarmac> that's how they monoplised this marked in Belgium. The only ISP that has an equivalent of quality here is Telent, but there coverage stop s in the Dutch side of Belgium
[18:10] <JanC> Belgacom/Proximus always owned the copper lines, they didn't have to buy them
[18:10] <wingarmac> It was from RTT, not Belgacom, they bought RTT, with their lines of course
[18:11] <wingarmac> We are in a such small country, that no other providers have the rights to build more lines. (Or it's to expensive to do so)
[18:11] <JanC> RTT is just the old name of Belgacom
[18:11] <wingarmac> Same thing with Wifi and mobile antennas
[18:11] <JanC> before it was a private company
[18:12] <wingarmac> it was RTT, ownership of the Belgian gouvernement, like for the trains and other civil services
[18:12] <wingarmac> Now they've been all privaticed
[18:12] <JanC> RTT became Belgacom when the government converted it from a government agency to a private company
[18:13] <wingarmac> i was still a litlle guy when this all happend
[18:14] <JanC> and when you look at edpnet (or Scarlet, which is owned by Proximus) you can see they have all cheaper contracts than Proximus itself
[18:14] <wingarmac> Yes, let's say the gave it t a politic that could do whatever the benefits with it, instead of being from the state and continue entering money to the country, now its the investors that take it all
[18:14] <wingarmac> Big shit in my opinion.
[18:14] <JanC> Proximus is >50% government owned still
[18:15] <wingarmac> Now Belgian gouvernement is complaining they do not have money, but I'm not wondering why
[18:16] <wingarmac> i do not now the details, only what I could see from the journal and how it felt for people going trough those changes
[18:16] <wingarmac> I've been working a few month also for Belgacom Skynet when I was 18. 
[18:16] <wingarmac> That was my first experience in Call center for IT Support
[18:17] <JanC> anyway, I pointed out there are cheaper contracts, it's your choice to make...   :)
[18:17] <wingarmac> I'm now oevr the 40 ;) 
[18:17] <wingarmac> long time ago ...
[18:18] <wingarmac> Cheaper doesn't often mean good, that's what I was suggesting
[18:19] <wingarmac> Like you say, it's the choice of the contractor, but he should knwo all the versions of the subject to be able to take a concient choice
[18:20] <wingarmac> for technology, the best of all here to me is Proximus (even if I had prefered there where more choices)
[18:20] <JanC> based on my experience, edpnet is no worse than Proximus or Telenet
[18:20] <wingarmac> I do not yet know. Have you a subscription, or ever had one there?
[18:21] <JanC> in fact, the FITZ!Box routers from edpnet are a lot better than the B-Boxes
[18:21] <JanC> I have edpnet, yes
[18:21] <wingarmac> I've never heard about this provider before. Maybe there are changes on the marked because of this opening of the frontiers
[18:22] <wingarmac> They could let in other type of connections from neighbors. It's interresting. i'll take a closer look later to this ...
[18:22] <JanC> edpnet have been around since 1999
[18:24] <wingarmac> To be honest, with what I knew, and what people I have been trough with their subscriptions on other providers as Telenet and Proximus, I had no reason to look to the others.
[18:24] <JanC> they have to rent copper pairs (for DSL) or fiber from Proximus, of course
[18:24] <wingarmac> Maybe it's time to do so.
[18:26] <wingarmac> That's the big matter. Do you realy think Proximus will rent their best lines to concurence? They will rent those old lines they do not maintain probably. that's for the trust I have in those companies ...
[18:26] <wingarmac> Same thing with their servers when I was young and made free subscriptions for Scarlet. Scarlet was made of those old servers and lines.
[18:27] <JanC> it's just whatever line comes to your house, it's not like they are going to replace them when you choose another provider (that would be horribly expensive)
[18:27] <wingarmac> what about DNS, mail and other servers. Do you realy think they where the same ?
[18:28] <wingarmac> You don't become the most rich company by helping your concurrence.
[18:28] <JanC> edpnet/Scarlet/etc. rent the lines between your house & the DSLAM (or the equivalent for the fiber)
[18:29] <JanC> their servers have nothing to do with Proximus
[18:29] <wingarmac> i do not now of a Belgian cheep subscription for internet that works great. 
[18:30] <JanC> edpnet works as good or as bad as a Proximus line in the same house works
[18:30] <wingarmac> I only see people complaining, about its not working, or at proximus, about its to expensive
[18:31] <wingarmac> Why not, if you have one and you seem to trust it. It's worth a try I think.
[18:32] <wingarmac> just now, I will not change on your words. I'm sure you understand that. @top of that, I have no normal subscription, you shouldn't compare with the prices I've mentioned. But rather look what you need.
[18:33] <wingarmac> And decide for yourself.
[18:33] <JanC> what's "not normal" about it?
[18:33] <wingarmac> I have a pro subscription. Not residential
[18:33] <JanC> so, like this: https://www.edpnet.be/en/business/internet.html
[18:34] <JanC> I doubt you really need that, but...
[18:34] <wingarmac> I've the 3th one+fixed IP of 30€/month https://www.proximus.be/fr/id_cb_all_businessflex_packs/independants-et-petites-entreprises/all-businessflex-packs.html
[18:35] <wingarmac> for total of approximately 100€/month
[18:37] <JanC> is that DSL? what speeds?
[18:37] <wingarmac> I had the same pack for residentials before, but with the biggest internet (79€/month) and no IP at that time
[18:37] <wingarmac> DSL
[18:37] <wingarmac> Fiber in street
[18:38] <JanC> why do you need the pro anyway?
[18:38] <wingarmac> Cheaper
[18:38] <wingarmac> I do not understand why neider
[18:39] <wingarmac> 79€/monthe was the price for my residential pack on 12/2022. In januari it has augmented to 89€/month. if I took the IP, I was over the 100€/month
[18:40] <wingarmac> Now I pay 100€/month for all my needs, and at top of that I've 15Gb mobile data instead of 5Gb
[18:40] <wingarmac> Not interesting ?
[18:41] <wingarmac> Again, do not ask me why it is so ... because I do not know how they decide their prices
[18:41] <JanC> as I said before: I would run my servers as a VPS somewhere & not pay for fixed IP at home
[18:41] <wingarmac> You do it right for your purpose, I do it right for mine.
[18:41] <JanC> but you can get what you have now for less than what Proximus asks...
[18:42] <wingarmac> not sure of that
[18:42] <wingarmac> cheaper doesn't mean it's the same at all
[18:42] <wingarmac> I'll not taking the risk
[18:43] <wingarmac> I trust in Proximus their tech
[18:43] <wingarmac> Even if I dislike their commercial practices
[18:44] <wingarmac> I trust in those guys of the pro IT services. They do their job verry well. The only problem is that their commercial do not respect people and take them for ignorant ones.
[18:45] <JanC> e.g. Pro internet including fixed IP & service contract is €65.95 at edpnet, mobile with 15GB data would be maybe €20 extra
[18:45] <wingarmac> (Maybe they are thinking right for most people, but that doesn't excuse these ways
[18:46] <wingarmac> Can I get everywhere internet, what about coverage? Is it all belgium ?
[18:46] <JanC> but I still don't really understand why you need fixed IP  :)
[18:46] <wingarmac> My hotspot works allmost everywhere in Belgium
[18:47] <wingarmac> It's only for my personnaly. You don't choose your car only because its cheep or its options because you need those. But because you wanna try and see. Same thing here.
[18:47] <wingarmac> It's like a new toy to play with
[18:48] <JanC> I'd rather play with stuff that is worth its money  :)
[18:48] <wingarmac> Do you knwo how much money we spend to distraction ? Netflix, GForceNow, Youtube, ... if you take this away, you could do the same
[18:48] <JanC> I spend €0 on all of those  :P
[18:49] <wingarmac> The "worth" depends on the "I like" or "I wish" for each of us. Not the I need.
[18:50] <wingarmac> The "I need" is only for those that can't afford what they realy would like.
[18:50] <JanC> okay, so why do you wish/like a fixed IP at home?  :)
[18:50] <wingarmac> To probe it, test what ever I can do without (only legaly) Study and test
[18:51] <wingarmac> Making my PC available this way, and setup my computer for once in my life like proffessionals do
[18:51] <wingarmac> This experience, was a child's dream I had.
[18:51] <wingarmac> Do you understand ?
[18:51] <JanC> I'm pretty sure most professionals run their servers in the cloud nowadays  ;)
[18:51] <wingarmac> Your right again, that doesn't change my own dreams
[18:52] <wingarmac> When I was 15, there where no clouds
[18:52] <wingarmac> I was using a 56K modem
[18:53] <wingarmac> verry expensive to pay/min
[18:53] <wingarmac> and oh so slow !
[18:53] <wingarmac> It was a pain in my a ...
[18:54] <wingarmac> Now i've my own server running on its public IP, I feel like a child again
[18:55] <wingarmac> PS: I'm no pro at all
[18:55] <wingarmac> I'm a private
[18:55] <JanC> I run my own (virtual) server(s) at a hosting company  :)
[18:55] <wingarmac> How old are you if I might ask ?
[18:56] <wingarmac> You probably grown up with more evoluated techs as I did because you're younder. Or you studied informatics somehow, what I did not, and do not know as much as you do.
[18:56] <wingarmac> younger
[18:57] <wingarmac> younger or wiser ?
[18:57] <wingarmac> or both maybe ?
[18:57] <JanC> I'm old enough to remember dial-up back when modems weren't 56kbaud yet  :)
[18:58] <wingarmac> And what about your knowledge, how did you acquire it ?
[18:58] <wingarmac> self-taught or studies ?
[18:58] <lotuspsychj3> wingarmac: im currently on scarlet.be a 70/10 vdsl2 line for 32 euro
[18:58] <alkisg> wingarmac: I didn't read the whole conversation, but if you want to make your home server available, you can use your-hostname.duckdns.org with dynamic IPs
[18:58] <JanC> lotuspsychj3: and I'm sure it works as fast as Proximus on the same line  :)
[18:59] <JanC> for a lot less
[19:01] <wingarmac> https://postimg.cc/4nckMNdR DynDNS in my router. Those are services compatible to use with Proximus, so you don't need a fixed IP
[19:01] <wingarmac> I do not care. I've what I wanted. I would like to provide myself ;)
[19:02] <wingarmac> not to depend of another service.
[19:02] <lotuspsychj3> JanC: i used to be on proximus too, where i payed 160 euro for business line
[19:04] <JanC> IMO the only reason to get pro/business contracts is if you need same-day repairs & such for business reasons
[19:04] <wingarmac> lotuspsychj3 And, what was your experience of it? What was included in your package ?
[19:04] <JanC> or if you need a full symmetric fiber, of course
[19:04] <wingarmac> You haven't with the subscription I have. This is only for verry big enterprises you get that, and its with least lines and such
[19:05] <lotuspsychj3> well its too long ago to still be valid for now, speeds were also not yet like now
[19:05] <wingarmac> At least at Proximus for what I know
[19:07] <wingarmac> They do provide some advice like illustrated on their website, but I do not trust it neider https://www.proximus.be/fr/id_catb_business_booster/independants-et-petites-entreprises/marketing-digital.html
[19:07] <wingarmac> I do not need all this crap. So I did not look closer
[19:09] <wingarmac> Probably usefull for a company. It's not my case at all
[19:10] <wingarmac> I'm just a fan of computers that want to test a new toy. There's no need to do the same as I do
[19:11] <wingarmac> I'm not an example to follow at all.
[19:11] <wingarmac> No need to look after a reason
[19:13] <wingarmac> It's rather a choice as a reasoning. I have no financial interest. So why compare with me. I do not earn money with it.
[19:13] <wingarmac> I just play my game. "I did it my way !"
[19:14] <wingarmac> I also had to face my last curtain at some point.
[19:14] <wingarmac> Now I'm always at home and have plenty of time.
[19:15] <wingarmac> So I can test everything I like !!!
[19:16] <wingarmac> Linux is a perfect mach to do so ! So lets talk Ubuntu again !
[19:18] <wingarmac> In a first place I thought it could be lots easier to setup this IP, but I didn't consider the routing to the IP of the router. In the past It was possible even here to connect directly.
[19:18] <wingarmac> I thought I could setup this public IP direct in the system. I've learned a lot these few days.
[21:42] <wingarmac> Hi again ! I wonder if somebody can help with this command on LDAP: https://docs.thoughtspot.com/software/latest/ldap-test I've changed the information with my settings, but the command is wrong, or I used it on a wrong way. This line return is confusing.
[21:43] <wingarmac> It results in ldapsearch: unrecognized option -
[21:44] <wingarmac> Even if I put the all command on the same line it gives an error
[21:44] <wingarmac> I would like to check if it's running and see what's going wrong somehow
[21:46] <wingarmac> When I tried to access the web server from outside the LAN (on LAN no access to domain yet), it's prompting for a user and pasword. I did pass this, but the page isn't displayed anymore. 
[21:46] <wingarmac> So I presume there is something wrong with the LDAP installation and setup
[22:11] <wingarmac> With this command I could see its running without errors: apache2ctl configtest                                                                                                                                                                                     
[22:11] <wingarmac> [Sat Feb 04 22:08:25.741524 2023] [ldap:debug] [pid 43512:tid 140170150332288] util_ldap.c(2630): AH01311: LDAP: Setting referral chasing Off
[22:11] <wingarmac> Syntax OK
[22:13] <wingarmac> But when I try this I get: nc -v wingarmac.org 636
[22:13] <wingarmac> nc: connect to wingarmac.org (91.183.239.36) port 636 (tcp) failed: Connection refused
[23:10] <sdeziel> wingarmac: maybe poke the private IP of the LDAP server instead of your public IP?