| === chris14_ is now known as chris14 | ||
| Liver_K | Hey before I file this as a bug, and I have already done a search on launchpad for similar bugs with no results, is the problem with the nvidia-headless-390 package's nvidia-uvm kernel module component known? Or any workarounds to fix the package? | 05:33 |
|---|---|---|
| Liver_K | It's a pretty specific problem so I'm not expecting much of anything | 05:34 |
| tomreyn | Liver_K: for what it's worth (in case you're wondering why you're not getting a reply): i just spent 3 minutes trying to understand what "the problem with the nvidia-headless-390 package's nvidia-uvm kernel module component" is, that you're referring to, and failed. | 11:31 |
| inscw00table | So, I am having a surprising amount of difficulty dropping into a shell once an autoinstall is kicked off, I have tried any number of things. What is the right way to do this? Basically I just want to get in a shell and spelunk around with strace and network tools to debug why it is stalling out for ten minutes. | 11:34 |
| wingarmac | Hi everyone !<wingarmac> Can someone help me setup my linux home server with Apache2 and Bind. I have SSL configured, but I would like to access webmin from outside. I have trouble to understand the routing in NAT. | 12:00 |
| wingarmac | I've a fixed public IP on my ISP router and my index page shows up on my domain name in https. | 12:00 |
| wingarmac | I do not get how to routing should be set: In bind dns server or in the NAT router ? | 12:01 |
| wingarmac | I also can't access my webhosting on th LAN network | 12:01 |
| wingarmac | only from WAN the page shows up | 12:01 |
| tomreyn | inscw00table: according to bug 1879284 you'd just need to press enter to spawn a shell | 12:17 |
| -ubottu:#ubuntu-server- Bug 1879284 in Ubuntu on IBM z Systems "Cannot access shell in subiquity installer during automatic installation" [High, Fix Released] https://launchpad.net/bugs/1879284 | 12:17 | |
| tomreyn | wingar: you're saying "my index page shows up on my domain name in https". is this the domain name you want webmin to be accessible at, or would a different domain name (or a subdomain of that) be better? | 12:20 |
| tomreyn | wingarmac: ^ | 12:20 |
| inscw00table | It does seem that way... though, it doesn't work now. Thanks for the bug link though... | 12:21 |
| tomreyn | inscw00table: which ubuntu server installer version are you using? | 12:22 |
| wingarmac | tomreyn If it works, does it realy matter what way (I should also understand it). The point, when I go on my smartphone (GPRS www) I get my page view when I enter my domain name. It even shows up in https auto | 12:22 |
| wingarmac | but when I do it from lan, he doesn't find the address after a long search | 12:23 |
| inscw00table | ubuntu-22.04.1-live-server-amd64.iso | 12:23 |
| wingarmac | I would also like to be able to access webmin from a computer on WAN | 12:23 |
| wingarmac | I think I should enter these routes in my ISP router, but I'm not sure what or how | 12:23 |
| tomreyn | inscw00table: hmm i guess that would be newer, should have the fix. you can also ssh in if you brought the system up with networking configured (by passing kernel command line parameters) | 12:24 |
| inscw00table | Yeah, I configured ssh keys in the autoinstall, that didn't immediately work, but I was able to hack them in there with an early-command; though, that ssh shell just gets me to the same subiquity process I can't interrupt/kill. | 12:25 |
| tomreyn | okay, that's all i know. the server team is probably going to be back tomorrow, and might respond. | 12:26 |
| inscw00table | Thanks for you efforts. | 12:26 |
| wingarmac | tomreyn I didn't change the webmin's default port yet. I will as soon as I now how to route it to be accessible from outside. Could you advise me what ports I can set webmin. I presume some ports are reserved. | 12:26 |
| tomreyn | inscw00table: you could search community.ubuntu,com in the server section for similar topics in the meantime | 12:27 |
| tomreyn | wingarmac: i know too little about webmin to know how it can be cnfigured. | 12:27 |
| tomreyn | wingarmac: you can use sudo ss -l on the server to see which ports are in use | 12:29 |
| wingarmac | tomreyn Let's say I have to set an application to be accessible from WAN, what prots can be set instead of default ? | 12:29 |
| tomreyn | ... or sudo ss --tcp -l | 12:29 |
| wingarmac | tomreyn what is that for exactly ? Could you explain. I'm realy newb @ this | 12:30 |
| tomreyn | wingarmac: any ports which aren't already in use can be used. some ports can only be used by root, that's ports 1 to 1024 | 12:30 |
| wingarmac | And what about the routing of my NAT to be able to access address:port from the outside ? | 12:31 |
| tomreyn | wingarmac: the above command list ports which are in use (a daemon / service is binding to them). you are looking for ports which are not yet in use and which you can use for webmin, from what i understood. | 12:31 |
| tomreyn | that's not routing, that's NAT and port forwarding. | 12:31 |
| wingarmac | tomreyn I thought so, but I wasn't sure, that's a verry long output. | 12:31 |
| tomreyn | try the last command i provided, it's shorter, onlylists tcp ports | 12:32 |
| tomreyn | better yet: sudo ss --tcp -l -n | 12:32 |
| tomreyn | even better :) sudo ss -alnpt | 12:35 |
| tomreyn | on the Local Address:Port column you'll see which address and port a service is listening on | 12:36 |
| wingarmac | tomreyn Can you send me the link to the page to share command outputs with you. I forget to save it last time with all wat was opened in my browser | 12:36 |
| tomreyn | and on the last column you'll see which service is listening there | 12:36 |
| tomreyn | wingarmac: the easiest thing you can do is pipe into nc termbin.com 9999 | 12:36 |
| tomreyn | so for example: sudo ss -alnpt | nc termbin.com 9999 | 12:37 |
| tomreyn | alternatively, you can use https://dpaste.com | 12:37 |
| wingarmac | port forwarding and routing are different things. Could you elaborate the difference. I didn't understand it, I thought it was the same to be honest. | 12:37 |
| wingarmac | some kind of routing of ports instead of IP | 12:37 |
| wingarmac | So I took it. | 12:38 |
| wingarmac | sudo ss -alnpt | nc termbin.com 9999 should I enter this in the terminal, so the outputs comes here as a link ? AM I correct ? | 12:39 |
| tomreyn | you should type it in your terminal, and would get a short url there, which you can copy or type and post here | 12:40 |
| wingarmac | https://termbin.com/piev Nice thing ! Thanks | 12:40 |
| tomreyn | so we see some command output, it's always good to also explain what command you ran | 12:43 |
| wingarmac | tomreyn It's the command you told me to enter to show the used/available ports. The question: wat port could be used for an application I would like to access from outside. And how to set the port forwarding ? | 12:44 |
| tomreyn | on the "Local Address:Port" column, lines with "[::]" or "[::1]" are ipv6, and the others with four numbers seperated by dots are ipv4 | 12:45 |
| tomreyn | most routers support asymmetric NAT, so you can configure on your router that traffic arriving from the internet (WAN) at port 80 can be forwarded to a different port than 80 on the internal computer (your "server") | 12:46 |
| wingarmac | I follow it this far. what meens peer address ? | 12:46 |
| tomreyn | that's a different port number, so it'S aymmetric. there's also routers which only support symmetric (for example: port 8000 external can only go to internal port 8000) NAT | 12:47 |
| tomreyn | peer address is the remote address connected or allowed to connect to this "Local Address:Port" | 12:47 |
| tomreyn | 0.0.0.0 is a way of saying "everyone" in ipv4 | 12:48 |
| wingarmac | "most routers support asymmetric NAT, so you can configure on your router" What settings do I need to enter? Can you give an example of such ? Lets say the default port of webmin is 10000, I would like to access it from outside in https is it 443 or 80 I must use, is also not clear to me | 12:48 |
| tomreyn | [::] is the same for ipv6 | 12:48 |
| tomreyn | depends, does webmin send encrypted traffic on port 10000? | 12:49 |
| tomreyn | if it's using tls there, then you orobably want that to be 443 outside | 12:49 |
| tomreyn | because that's the default https port (when no port is given in the url) | 12:50 |
| wingarmac | So I should do the same for this app, as I did for apache 2 into the router (I've 2 rules 80 in to 80 out and 443 in to 443 out) I should make another that does 80 in and 10000 out, AM I right ? | 12:52 |
| wingarmac | or 443 in the case of hhtps, of course | 12:52 |
| wingarmac | tomreyn https://ibb.co/pzjL85y (router settings for port forwarding | 12:54 |
| tomreyn | i.e. if your internet domain name is example.org and you want people to access your internal webmin server (internal IPv4 address is 192.168.1.13 and the HTTP port is 10000 and the HTTPS port is 10443) to be reachable at https://example.org then you'd need to configure your router to do port forwarding for external / WAN port 80 (default http port) to internal / LAN system 192.168.1.13 on port 10000, and to do port forwarding for | 12:54 |
| tomreyn | external / WAN port 443 (default httpS port) to internal / LAN system 192.168.1.13 on port 10443 | 12:54 |
| wingarmac | why 10443, as it is 10000 internal ? Is there a reason to that ? | 12:55 |
| tomreyn | this was an example | 12:56 |
| tomreyn | i don't know which ports webmin uses by default | 12:56 |
| wingarmac | ok. I'll try this. And what about the fact I can't access my domain name from lan computers ? | 12:56 |
| tomreyn | i think know it uses port 10000 for HTTP (unencrypted) by default. | 12:56 |
| wingarmac | I mean, my apache2 index page doesn't show up from http(s)://domain.com if entered on local computer | 12:57 |
| tomreyn | many routers get "confused" or just diallow you from sending traffic to their WAN ip address from internal systems (on your LAN) | 12:58 |
| wingarmac | I thing this should be set in the virtual host or bind, but how ? | 12:58 |
| wingarmac | i've read on the net I should be able to make it work with Bind, but they do not elaborate how. It seems complicated. | 12:59 |
| tomreyn | normally, when accessing your service from inside your LAN, you should be using your LAN IP address directly, not your WAN IP address, to contact the internally hosted service | 12:59 |
| wingarmac | And that works like a charm | 12:59 |
| wingarmac | but it points to another index (documentroot html instead of public_html) | 13:00 |
| tomreyn | you could work around this with split horizon dns, but that's somewhat complicated to understand and to setup | 13:00 |
| wingarmac | that was what I tried to setup, but do not get it how | 13:00 |
| wingarmac | split horison, to make one domein see the other, AM I right ? | 13:01 |
| wingarmac | So I need to create a subdomain or not to set this up? | 13:01 |
| tomreyn | another way you could work around it is to just fake / override the name resolution ony our local desktop computer, by setting a fixed name -> ip address mapping in /etc/hosts | 13:01 |
| wingarmac | I've no zones defined yet in bind. No client view neider | 13:02 |
| tomreyn | i'm not willing to guide through split horizon, sorry. it would most likely take more steps to set up in your environment than you think. | 13:02 |
| tomreyn | right, just setting up bind on some computer in your LAN achieves noting | 13:03 |
| wingarmac | Could you only explain how it work? I will try to do it | 13:03 |
| wingarmac | No need a step by step guide | 13:04 |
| tomreyn | try the client configuration for now, it's a lot easier | 13:04 |
| wingarmac | ok | 13:04 |
| wingarmac | Thanks anyway. I'll see if I can find the answer I'm looking for another way. | 13:04 |
| wingarmac | Cheers ! | 13:05 |
| tomreyn | maybe you can also convince your router to allow addressing services in the LAN through its WAN address, i'm just not sure how this option would be called. | 13:08 |
| tomreyn | that'd be the easiest | 13:08 |
| wingarmac | for the webmin I succeeded, but it's on http, not https | 13:11 |
| wingarmac | when trying to setup the webmin internal port to external 443, it says the other rule for appache2 already is using the port | 13:12 |
| wingarmac | I set the same port for internal and external for now | 13:13 |
| wingarmac | for the split horizon, I need to study its mechanics lots more, to understand it. It's complicated. But I'll find it out. | 13:14 |
| wingarmac | You've been of great help till now. I do totaly understand you can't help for such complicate and specific configuration. This takes lots of time. | 13:15 |
| wingarmac | So be sure I'm greatfull ! | 13:15 |
| tomreyn | you're welcome, wingarmac. i need to step away from my computer for now. if you have more networking / internet gateway / router related questions, try the #networking channel. for apache httpd questions, try #httpd. i think there may also be a webmin related channel, here's how you can find more channels: | 13:20 |
| tomreyn | !alis | 13:20 |
| ubottu | Alis is an IRC service to help you find channels. For help on using it, see «/msg Alis help list» or ask in #libera - Example usage: «/msg Alis list http» | 13:20 |
| tomreyn | bbl | 13:20 |
| wingarmac | tomreyn to make the application(webmin port 10000) avaible in SSL (https) can I just add Listen 10000 under 80 in nano /etc/apache2/ports.conf ? | 13:27 |
| wingarmac | reference: https://askubuntu.com/questions/916923/apache-config-how-to-enable-additional-ports | 13:28 |
| wingarmac | apache2.service: Main process exited, code=exited, status=1/FAILURE | 13:28 |
| wingarmac | tomreyn FYI https://forum.virtualmin.com/t/from-webmin-port-to-ssl-443-on-wan-domain-name/119065 | 13:53 |
| tomreyn | wingarmac: i think webmin is served through apache httpd, right? if so, you want to make apache httpd listen on some port (does not really matter which, could be 80) for http traffic and have a port 80 virtualhost for the computers' LAN ip address and servername, and just redirect all requests to https there. and you want apache httpd to listen on another port (could be 443), and have another virtualhost with this port, with the same | 14:01 |
| tomreyn | servername and use this for webmin, with tls. | 14:01 |
| tomreyn | then, on the router, you point external (WAN) port 80 to the first internal port, and external WAN port 443 to the second internal port, both on the apache httpd servers' LAN IP address. | 14:02 |
| tomreyn | that way, when someone accesses your example.org domain from the internet over http (port 80), traffic is redirected to the internal apache httpd server, which responds with a https redirect, which the web browser accessing it receives and then requests your example.org domain via httpS, thus arriving on WAN port 443 and getting redirected to the internal apache httpd on the second port, which you configured to speak TLS (previously | 14:05 |
| tomreyn | called "SSL") with a valid (letencrypt?) key + certificate and which serves content from webmin | 14:05 |
| tomreyn | and *this* is what we call a simple setup ;) | 14:06 |
| tomreyn | (just to give you a hint on what i call a complex setup for split horizon dns) | 14:06 |
| wingarmac | tomreyn I'll try thus. I did it for appache, do I need a specific command to rerun the SSL creation ? | 14:17 |
| wingarmac | Or should I do like the first time exactly ? | 14:17 |
| === JanC_ is now known as JanC | ||
| wingarmac | tomreyn I think I should use certbot certonly --webroot | 14:19 |
| wingarmac | Right ? | 14:19 |
| wingarmac | "Please enter the domain name(s) you would like on your certificate" should I enter the FQDN with the port for the app or without ? | 14:20 |
| tomreyn | wingarmac: sorry, i'm afraid i can't guide through the single steps. if you're looking for help with letsencrypt, i bet they have a channel, too | 15:43 |
| wingarmac | tomreyn this guy will not help. He do not want to help. :( | 16:12 |
| wingarmac | tomreyn letsencrypt ... I will never ask for help there again | 16:12 |
| Liver_K | tomreyn: That was directed at anyone who would already know the bug, I thought it would be enough for those people to know what I was talking about | 19:40 |
| Liver_K | But as I said, I wasn't expecting many if any people to be already aware of it so I was not wondering why I wasn't getting a reply :D | 19:40 |
| wingarmac | I want to thank you for all your help so far. Here is more info of what I'am intend to: | 20:18 |
| wingarmac | https://forum.virtualmin.com/t/from-webmin-port-to-ssl-443-on-wan-domain-name/119065/12 | 20:18 |
| tomreyn | Liver_K: alright ;-) just wanted to make sure you won't be disappointed | 21:31 |
| Liver_K | I can't report the bug anyway without making some account, so I guess I will just uninstall that package and maybe switch distros or something | 21:33 |
| tomreyn | that, or you could register an account, which is something you need to do on almost any bugtracker nowadays | 21:40 |
| tomreyn | (and where you don't need to, you receive a lot of spam) | 21:41 |
| Liver_K | Yeah I see the need for it and everything, but I just don't want to make an account to file a single bug report | 21:42 |
| rbasak | So you're going to switch distros? Sounds like a good plan if you enjoy distro hopping :-P | 21:54 |
| Liver_K | Well the whole point of the machine was for GPU computing, and if this distro's packaging simply doesn't have a functional ocl icd for this nvidia card then I will have to use something else | 21:58 |
| arraybolt3 | ocl icd? | 22:07 |
| Liver_K | arraybolt3: apt show ocl-icd-libopencl1 | 22:17 |
| arraybolt3 | If it's a bug significant enough to require a distro switch, it might be worth it to make a bug report since others might have the same problem. | 22:18 |
| arraybolt3 | Though I don't know what problem you're running into so I'm not sure. | 22:19 |
| arraybolt3 | (I personally have no problem doing GPU compute on Ubuntu 22.04 for running Stable Diffusion and another AI tool, but then again I've never run into any ocl-icd anything in the process.) | 22:19 |
| rbasak | It's not really my area, but I was under the impression that Nvidia specifically supported Ubuntu for GPGPU. Hence stuff like https://askubuntu.com/a/1244878. But I could be mistaken. | 22:20 |
| Liver_K | arraybolt3: Feel free to report it yourself, if you have a test platform of ubuntu jammy 22.04 | 22:23 |
| arraybolt3 | Liver_K: What is the problem? I missed it :P | 22:24 |
| Liver_K | Just try getting nvidia's nvidia-headless-390 package to load its icd | 22:24 |
| Liver_K | You know what, it might actually be helpful for me to just make a pastebin of the conversation I had when I found this bug, that has all the information about it | 22:25 |
| Liver_K | If you want it I could do that instead of making some ubuntu 1 account or whatever | 22:25 |
| arraybolt3 | Sure, I'll look at a pastebin. | 22:25 |
| Liver_K | Ok gimme a minute | 22:26 |
| Liver_K | arraybolt3: It's a big one..... | 22:31 |
| Liver_K | https://dpaste.com/C9LE4ZT9C | 22:31 |
| arraybolt3 | Liver_K: Perhaps I've misunderstood, but isn't the problem that your card is too old? | 22:37 |
| Liver_K | No, the package is still baing maintained | 22:37 |
| Liver_K | *being | 22:37 |
| Liver_K | A new version of that driver was recently released | 22:37 |
| arraybolt3 | It looks like supposedly nvidia-uvm isn't even a thing for cards that old, lemme look it up... | 22:37 |
| arraybolt3 | Hmm... still looking... | 22:41 |
| arraybolt3 | OK, I see it. I'll report a bug soon-ish. | 22:42 |
| Liver_K | It is specifically with the nvidia-headless-dkms-390 package | 22:43 |
| Liver_K | *nvidia-dkms-390 | 22:44 |
| Liver_K | arraybolt3: ^ | 22:44 |
| arraybolt3 | +1 | 22:45 |
| Liver_K | (nvidia-headless-390 is just a metapackage) | 22:45 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!