=== chris14_ is now known as chris14
Liver_KHey before I file this as a bug, and I have already done a search on launchpad for similar bugs with no results, is the problem with the nvidia-headless-390 package's nvidia-uvm kernel module component known? Or any workarounds to fix the package?05:33
Liver_KIt's a pretty specific problem so I'm not expecting much of anything05:34
tomreynLiver_K: for what it's worth (in case you're wondering why you're not getting a reply): i just spent 3 minutes trying to understand what "the problem with the nvidia-headless-390 package's nvidia-uvm kernel module component" is, that you're referring to, and failed.11:31
inscw00tableSo, I am having a surprising amount of difficulty dropping into a shell once an autoinstall is kicked off, I have tried any number of things.  What is the right way to do this?  Basically I just want to get in a shell and spelunk around with strace and network tools to debug why it is stalling out for ten minutes.11:34
wingarmacHi everyone !<wingarmac> Can someone help me setup my linux home server with Apache2 and Bind. I have SSL configured, but I would like to access webmin from outside. I have trouble to understand the routing in NAT.12:00
wingarmacI've a fixed public IP on my ISP router and my index page shows up on my domain name in https.12:00
wingarmacI do not get how to routing should be set: In bind dns server or in the NAT router ?12:01
wingarmacI also can't access my webhosting on th LAN network12:01
wingarmaconly from WAN the page shows up12:01
tomreyninscw00table: according to bug 1879284 you'd just need to press enter to spawn a shell12:17
-ubottu:#ubuntu-server- Bug 1879284 in Ubuntu on IBM z Systems "Cannot access shell in subiquity installer during automatic installation" [High, Fix Released] https://launchpad.net/bugs/187928412:17
tomreynwingar: you're saying "my index page shows up on my domain name in https". is this the domain name you want webmin to be accessible at, or would a different domain name (or a subdomain of that) be better?12:20
tomreynwingarmac: ^12:20
inscw00tableIt does seem that way... though, it doesn't work now.  Thanks for the bug link though...12:21
tomreyninscw00table: which ubuntu server installer version are you using?12:22
wingarmactomreyn If it works, does it realy matter what way (I should also understand it). The point, when I go on my smartphone (GPRS www) I get my page view when I enter my domain name. It even shows up in https auto12:22
wingarmacbut when I do it from lan, he doesn't find the address after a long search12:23
wingarmacI would also like to be able to access webmin from a computer on WAN12:23
wingarmacI think I should enter these routes in my ISP router, but I'm not sure what or how12:23
tomreyninscw00table: hmm i guess that would be newer, should have the fix. you can also ssh in if you brought the system up with networking configured (by passing kernel command line parameters)12:24
inscw00tableYeah, I configured ssh keys in the autoinstall, that didn't immediately work, but I was able to hack them in there with an early-command;  though, that ssh shell just gets me to the same subiquity process I can't interrupt/kill.12:25
tomreynokay, that's all i know. the server team is probably going to be back tomorrow, and might respond.12:26
inscw00tableThanks for you efforts.12:26
wingarmactomreyn I didn't change the webmin's default port yet. I will as soon as I now how to route it to be accessible from outside. Could you advise me what ports I can set webmin. I presume some ports are reserved.12:26
tomreyninscw00table: you could search community.ubuntu,com in the server section for similar topics in the meantime12:27
tomreynwingarmac: i know too little about webmin to know how it can be cnfigured.12:27
tomreynwingarmac: you can use    sudo ss -l    on the server to see which ports are in use12:29
wingarmactomreyn Let's say I have to set an application to be accessible from WAN, what prots can be set instead of default ?12:29
tomreyn... or    sudo ss --tcp -l12:29
wingarmactomreyn what is that for exactly ? Could you explain. I'm realy newb @ this12:30
tomreynwingarmac: any ports which aren't already in use can be used. some ports can only be used by root, that's ports 1 to 102412:30
wingarmacAnd what about the routing of my NAT to be able to access address:port from the outside ?12:31
tomreynwingarmac: the above command list ports which are in use (a daemon / service is binding to them). you are looking for ports which are not yet in use and which you can use for webmin, from what i understood.12:31
tomreynthat's not routing, that's NAT and port forwarding.12:31
wingarmactomreyn I thought so, but I wasn't sure, that's a verry long output.12:31
tomreyntry the last command i provided, it's shorter, onlylists tcp ports12:32
tomreynbetter yet: sudo ss --tcp -l -n12:32
tomreyneven better :)   sudo ss -alnpt12:35
tomreynon the Local Address:Port   column you'll see which address and port a service is listening on12:36
wingarmactomreyn Can you send me the link to the page to share command outputs with you. I forget to save it last time with all wat was opened in my browser12:36
tomreynand on the last column you'll see which service is listening there12:36
tomreynwingarmac: the easiest thing you can do is pipe into     nc termbin.com 999912:36
tomreynso for example:   sudo ss -alnpt | nc termbin.com 999912:37
tomreynalternatively, you can use https://dpaste.com12:37
wingarmacport forwarding and routing are different things. Could you elaborate the difference. I didn't understand it, I thought it was the same to be honest.12:37
wingarmacsome kind of routing of ports instead of IP12:37
wingarmacSo I took it.12:38
wingarmacsudo ss -alnpt | nc termbin.com 9999 should I enter this in the terminal, so the outputs comes here as a link ? AM I correct ?12:39
tomreynyou should type it in your terminal, and would get a short url there, which you can copy or type and post here12:40
wingarmachttps://termbin.com/piev Nice thing ! Thanks 12:40
tomreynso we see some command output, it's always good to also explain what command you ran12:43
wingarmactomreyn It's the command you told me to enter to show the used/available ports. The question: wat port could be used for an application I would like to access from outside. And how to set the port forwarding ?12:44
tomreynon the "Local Address:Port" column, lines with "[::]" or "[::1]" are ipv6, and the others with four numbers seperated by dots are ipv412:45
tomreynmost routers support asymmetric NAT, so you can configure on your router that traffic arriving from the internet (WAN) at port 80 can be forwarded to a different port than 80 on the internal computer (your "server")12:46
wingarmacI follow it this far. what meens peer address ?12:46
tomreynthat's a different port number, so it'S aymmetric. there's also routers which only support symmetric (for example: port 8000 external can only go to internal port 8000) NAT12:47
tomreynpeer address is the remote address connected or allowed to connect to this "Local Address:Port"12:47
tomreyn0.0.0.0 is a way of saying "everyone" in ipv412:48
wingarmac"most routers support asymmetric NAT, so you can configure on your router" What settings do I need to enter? Can you give an example of such ? Lets say the default port of webmin is 10000, I would like to access it from outside in https is it 443 or 80 I must use, is also not clear to me 12:48
tomreyn[::] is the same for ipv612:48
tomreyndepends, does webmin send encrypted traffic on port 10000?12:49
tomreynif it's using tls there, then you orobably want that to be 443 outside12:49
tomreynbecause that's the default https port (when no port is given in the url)12:50
wingarmacSo I should do the same for this app, as I did for apache 2 into the router (I've 2 rules 80 in to 80 out and 443 in to 443 out) I should make another that does 80 in and 10000 out, AM I right ?12:52
wingarmacor 443 in the case of hhtps, of course12:52
wingarmactomreyn https://ibb.co/pzjL85y (router settings for port forwarding 12:54
tomreyni.e. if your internet domain name is example.org and you want people to access your internal webmin server (internal IPv4 address is and the HTTP port is 10000 and the HTTPS port is 10443) to be reachable at https://example.org then you'd need to configure your router to do port forwarding for external / WAN port 80 (default http port) to internal / LAN system on port 10000, and to do port forwarding for 12:54
tomreynexternal / WAN port 443 (default httpS port) to internal / LAN system on port 1044312:54
wingarmacwhy 10443, as it is 10000 internal ? Is there a reason to that ?12:55
tomreynthis was an example12:56
tomreyni don't know which ports webmin uses by default12:56
wingarmacok. I'll try this. And what about the fact I can't access my domain name from lan computers ?12:56
tomreyni think know it uses port 10000 for HTTP (unencrypted) by default.12:56
wingarmacI mean, my apache2 index page doesn't show up from http(s)://domain.com if entered on local computer12:57
tomreynmany routers get "confused" or just diallow you from sending traffic to their WAN ip address from internal systems (on your LAN)12:58
wingarmacI thing this should be set in the virtual host or bind, but how ?12:58
wingarmaci've read on the net I should be able to make it work with Bind, but they do not elaborate how. It seems complicated.12:59
tomreynnormally, when accessing your service from inside your LAN, you should be using your LAN IP address directly, not your WAN IP address, to contact the internally hosted service12:59
wingarmacAnd that works like a charm12:59
wingarmacbut it points to another index (documentroot html instead of public_html)13:00
tomreynyou could work around this with split horizon dns, but that's somewhat complicated to understand and to setup13:00
wingarmacthat was what I tried to setup, but do not get it how13:00
wingarmacsplit horison, to make one domein see the other, AM I right ?13:01
wingarmacSo I need to create a subdomain or not to set this up?13:01
tomreynanother way you could work around it is to just fake / override the name resolution ony our local desktop computer, by setting a fixed name -> ip address mapping in /etc/hosts13:01
wingarmacI've no zones defined yet in bind. No client view neider13:02
tomreyni'm not willing to guide through split horizon, sorry. it would most likely take more steps to set up in your environment than you think.13:02
tomreynright, just setting up bind on some computer in your LAN achieves noting13:03
wingarmacCould you only explain how it work? I will try to do it 13:03
wingarmacNo need a step by step guide13:04
tomreyntry the client configuration for now, it's a lot easier13:04
wingarmacThanks anyway. I'll see if I can find the answer I'm looking for another way.13:04
wingarmacCheers !13:05
tomreynmaybe you can also convince your router to allow addressing services in the LAN through its WAN address, i'm just not sure how this option would be called.13:08
tomreynthat'd be the easiest13:08
wingarmacfor the webmin I succeeded, but it's on http, not https13:11
wingarmacwhen trying to setup the webmin internal port to external 443, it says the other rule for appache2 already is using the port13:12
wingarmacI set the same port for internal and external for now13:13
wingarmacfor the split horizon, I need to study its mechanics lots more, to understand it. It's complicated. But I'll find it out. 13:14
wingarmacYou've been of great help till now. I do totaly understand you can't help for such complicate and specific configuration. This takes lots of time.13:15
wingarmacSo be sure I'm greatfull !13:15
tomreynyou're welcome, wingarmac. i need to step away from my computer for now. if you have more networking / internet gateway / router related questions, try the #networking channel. for apache httpd questions, try #httpd. i think there may also be a webmin related channel, here's how you can find more channels:13:20
ubottuAlis is an IRC service to help you find channels. For help on using it, see «/msg Alis help list» or ask in #libera - Example usage: «/msg Alis list http»13:20
wingarmactomreyn to make the application(webmin port 10000) avaible in SSL (https) can I just add Listen 10000 under 80 in nano /etc/apache2/ports.conf ?13:27
wingarmacreference: https://askubuntu.com/questions/916923/apache-config-how-to-enable-additional-ports13:28
wingarmacapache2.service: Main process exited, code=exited, status=1/FAILURE13:28
wingarmactomreyn FYI https://forum.virtualmin.com/t/from-webmin-port-to-ssl-443-on-wan-domain-name/11906513:53
tomreynwingarmac: i think webmin is served through apache httpd, right? if so, you want to make apache httpd listen on some port (does not really matter which, could be 80) for http traffic and have a port 80 virtualhost for the computers' LAN ip address and servername, and just redirect all requests to https there. and you want apache httpd to listen on another port (could be 443), and have another virtualhost with this port, with the same 14:01
tomreynservername and use this for webmin, with tls.14:01
tomreynthen, on the router, you point external (WAN) port 80 to the first internal port, and external WAN port 443 to the second internal port, both on the apache httpd servers' LAN IP address.14:02
tomreynthat way, when someone accesses your example.org domain from the internet over http (port 80), traffic is redirected to the internal apache httpd server, which responds with a https redirect, which the web browser accessing it receives and then requests your example.org domain via httpS, thus arriving on WAN port 443 and getting redirected to the internal apache httpd on the second port, which you configured to speak TLS (previously 14:05
tomreyncalled "SSL") with a valid (letencrypt?)  key + certificate and which serves content from webmin14:05
tomreynand *this* is what we call a simple setup ;)14:06
tomreyn(just to give you a hint on what i call a complex setup for split horizon dns)14:06
wingarmactomreyn I'll try thus. I did it for appache, do I need a specific command to rerun the SSL creation ?14:17
wingarmacOr should I do like the first time exactly ?14:17
=== JanC_ is now known as JanC
wingarmactomreyn I think I should use certbot certonly --webroot 14:19
wingarmacRight ?14:19
wingarmac"Please enter the domain name(s) you would like on your certificate" should I enter the FQDN with the port for the app or without ?14:20
tomreynwingarmac: sorry, i'm afraid i can't guide through the single steps. if you're looking for help with letsencrypt, i bet they have a channel, too15:43
wingarmactomreyn this guy will not help. He do not want to help. :(16:12
wingarmactomreyn letsencrypt ... I will never ask for help there again16:12
Liver_Ktomreyn: That was directed at anyone who would already know the bug, I thought it would be enough for those people to know what I was talking about19:40
Liver_KBut as I said, I wasn't expecting many if any people to be already aware of it so I was not wondering why I wasn't getting a reply :D19:40
wingarmacI want to thank you for all your help so far. Here is more info of what I'am intend to:20:18
tomreynLiver_K: alright ;-) just wanted to make sure you won't be disappointed21:31
Liver_KI can't report the bug anyway without making some account, so I guess I will just uninstall that package and maybe switch distros or something21:33
tomreynthat, or you could register an account, which is something you need to do on almost any bugtracker nowadays21:40
tomreyn(and where you don't need to, you receive a lot of spam)21:41
Liver_KYeah I see the need for it and everything, but I just don't want to make an account to file a single bug report21:42
rbasakSo you're going to switch distros? Sounds like a good plan if you enjoy distro hopping :-P21:54
Liver_KWell the whole point of the machine was for GPU computing, and if this distro's packaging simply doesn't have a functional ocl icd for this nvidia card then I will have to use something else 21:58
arraybolt3ocl icd?22:07
Liver_Karraybolt3: apt show ocl-icd-libopencl122:17
arraybolt3If it's a bug significant enough to require a distro switch, it might be worth it to make a bug report since others might have the same problem.22:18
arraybolt3Though I don't know what problem you're running into so I'm not sure.22:19
arraybolt3(I personally have no problem doing GPU compute on Ubuntu 22.04 for running Stable Diffusion and another AI tool, but then again I've never run into any ocl-icd anything in the process.)22:19
rbasakIt's not really my area, but I was under the impression that Nvidia specifically supported Ubuntu for GPGPU. Hence stuff like https://askubuntu.com/a/1244878. But I could be mistaken.22:20
Liver_Karraybolt3: Feel free to report it yourself, if you have a test platform of ubuntu jammy 22.0422:23
arraybolt3Liver_K: What is the problem? I missed it :P22:24
Liver_KJust try getting nvidia's nvidia-headless-390 package to load its icd 22:24
Liver_KYou know what, it might actually be helpful for me to just make a pastebin of the conversation I had when I found this bug, that has all the information about it22:25
Liver_KIf you want it I could do that instead of making some ubuntu 1 account or whatever22:25
arraybolt3Sure, I'll look at a pastebin.22:25
Liver_KOk gimme a minute22:26
Liver_Karraybolt3: It's a big one.....22:31
arraybolt3Liver_K: Perhaps I've misunderstood, but isn't the problem that your card is too old?22:37
Liver_KNo, the package is still baing maintained22:37
Liver_KA new version of that driver was recently released22:37
arraybolt3It looks like supposedly nvidia-uvm isn't even a thing for cards that old, lemme look it up...22:37
arraybolt3Hmm... still looking...22:41
arraybolt3OK, I see it. I'll report a bug soon-ish.22:42
Liver_KIt is specifically with the nvidia-headless-dkms-390 package22:43
Liver_Karraybolt3: ^22:44
Liver_K(nvidia-headless-390 is just a metapackage)22:45

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!