| Glusterfs on Synology NAS? Posted: 18 Jul 2021 10:03 PM PDT I run a machine-learning cluster for my small business. The cluster consists of three Ubuntu servers. The /home directory is shared across all servers and provided by Server 1. The 10TB storage of Server 1 are almost full. Server 2 and Server 3 have unused partitions, 0.5TB and 2TB respectively. I'm thinking of adding additional storage. One idea is to buy a Synology NAS. I also hope to make use of the fractional space from Server 2 and 3. Does it make sense if I use Glusterfs and combine the Synology NAS and the unused 0.5TB and 2TB into a network storage, then allocate some to the /home directory? https://lists.gluster.org/pipermail/gluster-users/2017-October/032718.html says "In theory, you can run GlusterFS on a Synology box ... In practice, you might be the first person to ever try it." Is Synology bad for Glusterfs brick? What is the intended use for Glusterfs? When I'm talking about Glusterfs, I'm open to use other distributed file systems, like BeeGfs.  |
| Setting CPU frequency to hardware minimum limit - will it harm the hardware? Posted: 18 Jul 2021 08:43 PM PDT I'm running on a Intel Celeron N4120. I can easily set the CPU governor for all 4 cores to powersave using: for n in {0..3} do sudo cpufreq-set -g powersave -c $n done
Now, using cpufreq-info I know the hardware limits of my CPU is 800 MHz - 2.60 GHz. And, cpufreq-set allows me to set the highest and lowest clock speed. My question is: if I always set the highest and lowest clock speed of my CPU to 800 MHz for all the cores, alongside setting the governor to powersave all the time, then will it affect my hardware? Information: I did this on an older (Intel Pentium Core 2 Duo) computer of mine, and had kernel crashes (not sure if they are related). I used the computer for a long time like that - and then I wasn't able to tune my CPU anymore. No cpufreq-set command worked anymore. Again, not sure if they can be related.  |
| Why do I have to use Oracle's DNS? Posted: 18 Jul 2021 08:22 PM PDT I'm not sure if this is the right forum. If not, please let me know. I currently have an account with Oracle's Cloud service (although I think this problem applies to Google and AWS too). I have setup up a small website with a static IP address. I wanted to point my domain name at it. However, it seems like I have to use Oracle's DNS server (by creating a 'zone' which is also what it's called on Google Cloud). When I decided to not use them and connect the IP address of the server via the domain name registrar (GoDaddy) by adding a simple A record, it wouldn't work. I'm not well versed in this (as this isn't my field of expertise), but from what I understand of the DNS mapping a domain name to an IP address, I don't see how Oracle is able to block GoDaddy's DNS mapping. My question is, is there a way to not have to use Oracle's DNS service?  |
| Configure Cntlm to use no proxy if none are available in 2021 Posted: 18 Jul 2021 07:16 PM PDT Found an old question (8 years ago) about this re: cntlm - and the answer was it's "on the roadmap" - so wondering if anyone has driven there yet? The problem is simple - on a corporate machine. When I connect to the vpn - I have to use the corporate proxy. When I am not connected to the vpn - I have to not use it. I want to be able to setup everything to talk to proxy in the way that it all works, all the time - and I do not want to have to do an action or anything every time I connect or disconnect from the vpn. so - really, I want to setup cntlm to point to Proxy X - but have it go directly if X isn't available. I know I can setup squid and provide it as a second proxy, but I end up having a lot of extra stuff running on my machine.  |
| DKIM on subdomain hosted by domain.com, and auto-generated DKIM key Posted: 18 Jul 2021 07:47 PM PDT I've read a few different threads on here and have tried them out, but they don't seem to be working for me, so I'm hoping one of you awesome people can help me out. Forgive me, but this will be a little long. I'm working with a non-profit who has our site DNS set up on domain.com, and our email is going through Google Workspace. Our regular email addresses all end in @ourdomain.org, and we have a subdomain @mail.ourdomain.org set up for our marketing emails through sites like Constant Contact. I'm using Dmarcian.com to analyze our DMARC reports, and I'm confused as to why a couple of things are happening. For the @ourdomain.org reports, everything is passing fine. But I'm noticing there is a second DKIM record that is showing up when it checks the DKIM records. The selector is XXXXXXXX (8 numbers), and the domain is mail-ourdomain-org.XXXXXXXX.gappssmtp.com. I know this is an auto-generated DKIM key from Google, but I'm trying to figure out how, or if it's even possible to, add this key into our DNS records. Since ourdomain.org is not listed anywhere I have no clue what I would need to list as the selector in our DNS records for it to be valid. Everything seems to be passing since Dmarcian is showing both keys, it's passing DKIM thanks to the key we put in ourselves, even though the second key isn't showing up. For our mail.ourdomain.org address though, we are running into a bigger problem. Domain.com doesn't allow us to edit DNS records for subdomains directly, we can only edit the DNS records on the main domain. So here's what we have done. Two SPF records: One with the name of @, and one named mail. This allows both the main domain, and the mail subdomain to have a SPF record, and both work perfectly. One DMARC record, with the name _dmarc and no SP tag in it, so the quarantine setting propagates down from the main domain to all subdomains, and that is working fine. Our main domain keys all seem to be working fine. For our subdomain DKIM keys, everything seems to say use the name "XXX._domainkey.mail", with XXX being whatever the selector is supposed to be. That way it applies to the subdomain mail, and not the main domain. We've done that, it's been in place for two or three days, but nothing seems to be using it. Instead it's using only the same autogenerated google DKIM key that I mentioned before, at least according the the Dmarcian reports I know this is a lot, but I wanted everyone to know what I've tried doing before I ask all my questions. 1: Is there a way to get that autogenerated google DKIM key into our DNS records? If so, what would I list as the selector, and what should I name it in our DNS settings. 2: Is there another name I should be putting in on domain.com to get it to apply to the subdomain, or do I just need to wait longer to get it to show up in the dmarcian.com reports? I'm thinking it's just wait longer, because I tried looking it up on mxtoolbox, and it finds the record fine. I just want people who are smarter and doing this then I am to chime in. EDIT: Headers added per Paul's request Delivered-To: test@gmail.com Received: by 2002:a1f:2b88:0:0:0:0:0 with SMTP id r130csp4040166vkr; Sun, 18 Jul 2021 18:16:37 -0700 (PDT) X-Received: by 2002:a7b:c762:: with SMTP id x2mr21216464wmk.21.1626657397670; Sun, 18 Jul 2021 18:16:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626657397; cv=none; d=google.com; s=arc-20160816; b=sE9smyJn9mlhmvSnyZ8bnUFCimZtimBJjX+xkuBqjaC2+vAIoUBfazzG4sIadez7Al Nno8/kYK2fbhMk9QcMUwfV40fzMzbc9lmogX0QPE4nevzi9nf1wDLL0s6gL/a45OHAc3 xTvuxllcO5fgHa3wRR5aIIOrPzGhOO/45iDadwPG0861UeM0oHQOW5QA3td3eEt5cWfG +sOy2dJF4u86H5uiVMoTj3pnJoTR09qWJ/j7H6tmHhoH2lbPaXmfXr81dH/zs0+g8bLi 3yCVM4fg97ZpC2V3qerAmv1AkjY5MwmDuNCUraRH7AI+hwofhOiMvrE9CAH1xaajNQmQ wiXg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=to:subject:message-id:date:from:mime-version:dkim-signature; bh=Wr7w3dtotvYQO/Q/74BBr61l0LbM/Z70VXQtzUDIE8k=; b=hahPTn2HQR8xqwz169O19ZqWTatdFNeQYKbnDZqe4ksWKe43oi7nskdG6OnKkVtlzQ YIc8QL8uj/vsDLMwFZGD9qYglKcjmzcfuA6gChsnL7LqkO7t0K6p2LSNDLmqY9OgVQ4B 5GAvorSkywt5KpSRvG+VpkI20M5ZqgmPT+n2B96aX36bdtLd749iWQrCDuRWgb69BAmt nIdhB4BAw0fDvLW0B5HwUr1JV+coXI2U89movkJ+ichKmok4khUhp7ev6z9aqt+4OVxm vpX1E7X4ESUO0/PTABo9sNunt2O9eg2ruUsKB3xzwSabhMuaJ82bbWqDjack0y5f8MWD twOA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@mail.ourdomain.org header.s=mail header.b=GJDcn+LO; spf=pass (google.com: domain of test@mail.ourdomain.org designates 209.85.220.41 as permitted sender) smtp.mailfrom=test@mail.ourdomain.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=ourdomain.org Return-Path: <test@mail.ourdomain.org> Received: from mail-sor-f41.google.com (mail-sor-f41.google.com. [209.85.220.41]) by mx.google.com with SMTPS id k13sor7841198wrc.37.2021.07.18.18.16.37 for <test@gmail.com> (Google Transport Security); Sun, 18 Jul 2021 18:16:37 -0700 (PDT) Received-SPF: pass (google.com: domain of test@mail.ourdomain.org designates 209.85.220.41 as permitted sender) client-ip=209.85.220.41; Authentication-Results: mx.google.com; dkim=pass header.i=@mail.ourdomain.org header.s=mail header.b=GJDcn+LO; spf=pass (google.com: domain of test@mail.ourdomain.org designates 209.85.220.41 as permitted sender) smtp.mailfrom=test@mail.ourdomain.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=ourdomain.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mail.ourdomain.org; s=mail; h=mime-version:from:date:message-id:subject:to; bh=Wr7w3dtotvYQO/Q/74BBr61l0LbM/Z70VXQtzUDIE8k=; b=GJDcn+LOYU6rF4Bk6RJ3u/4s5a7WEak0lqLJdRh5ANSObxn5MjBu8usjlJUttUQbTr l+XYv3/9hSCoCyIHlbSK1kx7QMwMIxg+dWruSggGHl4dTyl+hlD9PCrkM1dbsxfLt4PB MJOkGytdvbrSdVsL7zGPDRPYaD9t00KjxciZtqHbcxQ/bRSAc3kNAqTBnEHbSasNl7xU yeB/2oSRUcJOUe5V4hB8WECimZw9PhjWXgmyiR/2hzk84Yj0isV242ErCQfOxqvAKlJe yYjZOCZm1c5pyBlZMZG0ePCk+6EYvNqrNGG3KoeT5Ow2E5kn4i5/rTZ7YtXBLyLmL2Bv Xpnw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Wr7w3dtotvYQO/Q/74BBr61l0LbM/Z70VXQtzUDIE8k=; b=AiykOf6fowHFVS4eADfQbNAFkaF5KHVVwDC20BEFcJDewWahqlhpNShS9o1hROC3EY 5Rq6in+UTVYLKGR5qzIGCfMzfK5ufaHLv80tGh0iShrlnklNlsXs8g1pxSPc370cbLyw kkOEbHFGwfvujIqlx8+EhTD0FlH2PqbYD2u7iZ0QJiHQbHIwsuxXubG+bJcXjSloRocO mL/WZaq4eu0TZTXWFS17U18sfcH0lMow6jwXEguzj7uahQgpcCSfI26N/1oLojRe/jWs NBVzKQyfxS6jt5z5HKfIXuOZq3WYats/UxnTwpr/vc3SfAoCNnQFeYYNeZAsM2QfE1ex LppQ== X-Gm-Message-State: AOAM531McamrYiuTJbBHfcs2KJZ5BnBiyGNLLanxz4xbwLqV2mItZnVA 32CNG87MEuObv2JKNlGqTm228wUF2glphb15pWG2Hx+OfhFYjA== X-Google-Smtp-Source: ABdhPJz2gfrGpRxzwOnvBgQL4bWCZK6Ai1EYRdKP5DfILdn9FpSXaRkTochg1PDCjhAJycXGSx8QqQcYEBaGAqNVY3w= X-Received: by 2002:adf:90e2:: with SMTP id i89mr27585849wri.338.1626657396714; Sun, 18 Jul 2021 18:16:36 -0700 (PDT) MIME-Version: 1.0 From: Test Account <test@mail.ourdomain.org> Date: Sun, 18 Jul 2021 18:16:25 -0700 Message-ID: <CA+XJ9wVJCfhWGgVe2CYXeTwTvxWqBCowFiDZuOZaKQazKf_CXg@mail.gmail.com> Subject: DKIM Email Test To: test@gmail.com Content-Type: multipart/alternative; boundary="0000000000004d80d805c76fb0f2" --0000000000004d80d805c76fb0f2 Content-Type: text/plain; charset="UTF-8" DKIM Email Test --0000000000004d80d805c76fb0f2 Content-Type: text/html; charset="UTF-8" <div dir="ltr">DKIM Email Test</div> --0000000000004d80d805c76fb0f2--
 |
| Is there any risk to create an LVM group with two disks of different physical sector size? Posted: 18 Jul 2021 04:32 PM PDT I have two hard drives of different physical sector size. I would like to create an LVM volume group with them, however, when I do so with vgcreate, I get a warning telling me that the two disks have different physical sector size. Is there something to be concerned about?  |
| nginx 403 Forbidden error, no error log. New installation on existing ubuntu 20.04 system Posted: 18 Jul 2021 07:54 PM PDT Trying to understand why this new installation of nginx is not serving any files at all. I have a minimal website configuration. (rtmp was working last I checked but that has not been needed in a while. Just added the port 80 configuration. I mention only because you'll see it in the config.) When I try to access this host (by IP or by hostname), I get a "403 (forbidden)" error"displayed on the web page, and nothing at all in the /var/log/nginx/error.log file. (That file has zero bytes, even after reboot and retry.) All the other questions I've found like this on serverfault, have help in the error.log file. Since error.log is empty, I've created this new question. This happens when I try to use the default index facility, and when I try specific files, such as these examples: http://hpmicro1 http://hpmicro1.innerdomain.com http://hpmicro1.innerdomain.com/index.html http://192.168.1.5 http://192.168.1.5/index.html http://192.168.1.5/index.php
and so on. As you can see, those files exist, and are owned by www-data: # ls -l /www/htdocs total 60 -rw-rw-rw- 1 www-data www-data 35752 Jul 17 14:09 dbg-wizard.php drwxrwxr-x 2 www-data www-data 4096 Jul 16 08:15 functions drwxrwxr-x 2 www-data www-data 4096 Jul 17 12:38 GetChats -rw-r--r-- 1 www-data www-data 10918 Jul 18 16:16 index.html -rw-rw-rw- 1 www-data www-data 20 Jul 17 14:18 index.php # ls -ld /www/htdocs drwxrwxr-x 5 www-data dennis 4096 Jul 18 16:22 /www/htdocs
Here is the /etc/nginx/nginx.conf file content: # grep -v '^\s*#' /etc/nginx/nginx.conf user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; events { worker_connections 768; } http { sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; gzip on; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; } rtmp { server { listen 1935; chunk_size 4096; notify_method get; application WendellLive { on_publish http://localhost/auth; live on; record off; record_path /svr/rtmp-recordings; record_unique on; push rtmp://localhost/Wendell_YT; } application Wendell_YT { live on; record off; allow publish 127.0.0.1; deny publish all; push rtmp://a.rtmp.youtube.com/live2/<wendell_yt_stream_key>; } } }
And the /etc/nginx/sites-enabled/default configuration # grep -v '^\s*#' default server { listen 80 default_server; listen [::]:80 default_server; root /www/htdocs; # Added - Lovelady - 18-Jul-2021 index index.php index.html index.htm index.nginx-debian.html; server_name home.lovelady.com; location / { try_files $uri $uri/ =404; } location /auth { if ($arg_pwd = 'my_secret_not_yours') { return 200; } return 401; # Not authorized } }
Version information: nginx version: nginx/1.18.0 (Ubuntu) >>> cat /etc/os-release NAME="Ubuntu" VERSION="20.04.2 LTS (Focal Fossa)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 20.04.2 LTS" VERSION_ID="20.04" HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" VERSION_CODENAME=focal UBUNTU_CODENAME=focal
The content of /var/log/nginx is: # ls -ltr /var/log/nginx/ total 72 -rw-r----- 1 www-data adm 480 Apr 5 23:19 error.log.3.gz -rw-r----- 1 www-data adm 464 May 20 23:46 access.log.14.gz -rw-r----- 1 www-data adm 469 May 21 23:46 access.log.13.gz -rw-r----- 1 www-data adm 468 May 22 23:46 access.log.12.gz -rw-r----- 1 www-data adm 464 May 23 23:47 access.log.11.gz -rw-r----- 1 www-data adm 472 May 24 23:47 access.log.10.gz -rw-r----- 1 www-data adm 472 May 25 23:47 access.log.9.gz -rw-r----- 1 www-data adm 464 May 26 23:47 access.log.8.gz -rw-r----- 1 www-data adm 196 May 27 01:17 access.log.7.gz -rw-r----- 1 www-data adm 97 May 28 06:10 error.log.2.gz -rw-r----- 1 www-data adm 248 Jun 21 22:31 access.log.6.gz -rw-r----- 1 www-data adm 110 Jun 24 12:37 access.log.5.gz -rw-r----- 1 www-data adm 153 Jun 25 11:22 access.log.4.gz -rw-r----- 1 www-data adm 102 Jun 26 08:22 access.log.3.gz -rw-r----- 1 www-data adm 140 Jun 28 21:09 error.log.1 -rw-r----- 1 www-data adm 0 Jun 29 00:00 error.log -rw-r----- 1 www-data adm 275 Jul 16 08:41 access.log.2.gz -rw-r----- 1 www-data adm 216 Jul 17 12:50 access.log.1 -rw-r----- 1 www-data adm 193 Jul 18 16:07 access.log
access.log has this one line: # cat /var/log/nginx/access.log 192.168.1.203 - - [18/Jul/2021:16:07:37 -0400] "GET / HTTP/1.1" 200 20 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
Output of nginx -T upon request: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful # configuration file /etc/nginx/nginx.conf: # # HUGE help from this site: # https://www.scaleway.com/en/docs/setup-rtmp-streaming-server/ # user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; events { worker_connections 768; # multi_accept on; } http { ## # Basic Settings ## sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; # server_tokens off; # server_names_hash_bucket_size 64; # server_name_in_redirect off; include /etc/nginx/mime.types; default_type application/octet-stream; ## # SSL Settings ## ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; ## # Logging Settings ## access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; ## # Gzip Settings ## gzip on; # gzip_vary on; # gzip_proxied any; # gzip_comp_level 6; # gzip_buffers 16 8k; # gzip_http_version 1.1; # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; ## # Virtual Host Configs ## include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; } #mail { # # See sample authentication script at: # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript # # # auth_http localhost/auth.php; # # pop3_capabilities "TOP" "USER"; # # imap_capabilities "IMAP4rev1" "UIDPLUS"; # # server { # listen localhost:110; # protocol pop3; # proxy on; # } # # server { # listen localhost:143; # protocol imap; # proxy on; # } #} rtmp { server { listen 1935; chunk_size 4096; notify_method get; application love-uav { on_publish http://localhost/auth; live on; #Set this to "record off" if you don't want to save a copy of your broadcast: #record all; record off; # The directory in which the recordings will be stored record_path /svr/rtmp-recordings; record_unique on; # Restreaming stuff follows push rtmp://localhost/love-uav_YT; #push rtmp://localhost/love-uav_Twitch; #push rtmp://localhost/love-uav_Facebook; } # YouTube application application love-uav_YT { live on; record off; #only allow localhost to publish allow publish 127.0.0.1; deny publish all; # push URL with the youtube stream key push rtmp://a.rtmp.youtube.com/live2/jsqu-54jv-uw68-39tf-xxxx; } # Twitch application application love-uav_Twitch { live on; record off; #only allow localhost to publish allow publish 127.0.0.1; deny publish all; # push URL with the Twitch stream key push rtmp://live-cdg.twitch.tv/app/<love-uav__twitch_stream_key>; } application love-uav_Facebook { live on; record off; #only allow localhost to publish allow publish 127.0.0.1; deny publish all; # push URL with the Facebook stream key # push rtmps://live-api-s.facebook.com:443/rtmp/<love-uav__facebook_stream_key>; } application WendellLive { on_publish http://localhost/auth; live on; #Set this to "record off" if you don't want to save a copy of your broadcast: #record all; record off; # The directory in which the recordings will be stored record_path /svr/rtmp-recordings; record_unique on; # Restreaming stuff follows push rtmp://localhost/Wendell_YT; #push rtmp://localhost/Wendell_twitch; #push rtmp://localhost/Wendell_facebook; } # YouTube application application Wendell_YT { live on; record off; #only allow localhost to publish allow publish 127.0.0.1; deny publish all; # push URL with the youtube stream key push rtmp://a.rtmp.youtube.com/live2/<wendell_yt_stream_key>; } } } # configuration file /etc/nginx/modules-enabled/50-mod-http-image-filter.conf: load_module modules/ngx_http_image_filter_module.so; # configuration file /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf: load_module modules/ngx_http_xslt_filter_module.so; # configuration file /etc/nginx/modules-enabled/50-mod-mail.conf: load_module modules/ngx_mail_module.so; # configuration file /etc/nginx/modules-enabled/50-mod-rtmp.conf: load_module modules/ngx_rtmp_module.so; # configuration file /etc/nginx/modules-enabled/50-mod-stream.conf: load_module modules/ngx_stream_module.so; # configuration file /etc/nginx/mime.types: types { text/html html htm shtml; text/css css; text/xml xml; image/gif gif; image/jpeg jpeg jpg; application/javascript js; application/atom+xml atom; application/rss+xml rss; text/mathml mml; text/plain txt; text/vnd.sun.j2me.app-descriptor jad; text/vnd.wap.wml wml; text/x-component htc; image/png png; image/tiff tif tiff; image/vnd.wap.wbmp wbmp; image/x-icon ico; image/x-jng jng; image/x-ms-bmp bmp; image/svg+xml svg svgz; image/webp webp; application/font-woff woff; application/java-archive jar war ear; application/json json; application/mac-binhex40 hqx; application/msword doc; application/pdf pdf; application/postscript ps eps ai; application/rtf rtf; application/vnd.apple.mpegurl m3u8; application/vnd.ms-excel xls; application/vnd.ms-fontobject eot; application/vnd.ms-powerpoint ppt; application/vnd.wap.wmlc wmlc; application/vnd.google-earth.kml+xml kml; application/vnd.google-earth.kmz kmz; application/x-7z-compressed 7z; application/x-cocoa cco; application/x-java-archive-diff jardiff; application/x-java-jnlp-file jnlp; application/x-makeself run; application/x-perl pl pm; application/x-pilot prc pdb; application/x-rar-compressed rar; application/x-redhat-package-manager rpm; application/x-sea sea; application/x-shockwave-flash swf; application/x-stuffit sit; application/x-tcl tcl tk; application/x-x509-ca-cert der pem crt; application/x-xpinstall xpi; application/xhtml+xml xhtml; application/xspf+xml xspf; application/zip zip; application/octet-stream bin exe dll; application/octet-stream deb; application/octet-stream dmg; application/octet-stream iso img; application/octet-stream msi msp msm; application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; audio/midi mid midi kar; audio/mpeg mp3; audio/ogg ogg; audio/x-m4a m4a; audio/x-realaudio ra; video/3gpp 3gpp 3gp; video/mp2t ts; video/mp4 mp4; video/mpeg mpeg mpg; video/quicktime mov; video/webm webm; video/x-flv flv; video/x-m4v m4v; video/x-mng mng; video/x-ms-asf asx asf; video/x-ms-wmv wmv; video/x-msvideo avi; } # configuration file /etc/nginx/sites-enabled/default: ## # You should look at the following URL's in order to grasp a solid understanding # of Nginx configuration files in order to fully unleash the power of Nginx. # https://www.nginx.com/resources/wiki/start/ # https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ # https://wiki.debian.org/Nginx/DirectoryStructure # # In most cases, administrators will remove this file from sites-enabled/ and # leave it as reference inside of sites-available where it will continue to be # updated by the nginx packaging team. # # This file will automatically load configuration files provided by other # applications, such as Drupal or Wordpress. These applications will be made # available underneath a path with that package name, such as /drupal8. # # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. ## # Default server configuration # server { listen 80 default_server; listen [::]:80 default_server; # SSL configuration # # listen 443 ssl default_server; # listen [::]:443 ssl default_server; # # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 # # Read up on ssl_ciphers to ensure a secure configuration. # See: https://bugs.debian.org/765782 # # Self signed certs generated by the ssl-cert package # Don't use them in a production server! # # include snippets/snakeoil.conf; #root /var/www/html; # Commented - Lovelady - 18-Jul-2021 root /www/htdocs; # Added - Lovelady - 18-Jul-2021 # Add index.php to the list if you are using PHP index index.php index.html index.htm index.nginx-debian.html; server_name home.lovelady.com; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } location /auth { if ($arg_pwd = 'my_secret_not_yours') { return 200; } return 401; # Not authorized } # pass PHP scripts to FastCGI server # #location ~ \.php$ { # include snippets/fastcgi-php.conf; # # # With php-fpm (or other unix sockets): # fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; # # With php-cgi (or other tcp sockets): # fastcgi_pass 127.0.0.1:9000; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # Virtual Host configuration for example.com # # You can move that to a different file under sites-available/ and symlink that # to sites-enabled/ to enable it. # #server { # listen 80; # listen [::]:80; # # server_name example.com; # # root /var/www/example.com; # index index.html; # # location / { # try_files $uri $uri/ =404; # } #}
Failure:   |
| Rebuilding an inactive RAID5 Posted: 18 Jul 2021 05:51 PM PDT I have a 7 x 14TB RAID5 in my workstation with Centos 7. Last week one of the drives was marked as faulty by SMART (/dev/sde). I used mdadm to mark this drive as faulty and to remove it from the array and ... long story short... I ended up pulling out the wrong drive! Now I have Centos in emergency mode (my operating system resides on a drive outside the array) and I am able to run mdadm to analyze the array. It seems my /dev/md127 array is inactive with all drives marked as spares. cat /proc/mdstat Personalities : md127 : inactive sdc[6](S) sdf[9](S) sdg[10](S) sde[8](S) sdd[7](S) sdb[5](S) sdh[11](S) 95705752576 blocks super 1.2 unused devices: <none>
For some reason here it shows as raid0: mdadm -D /dev/md127 /dev/md127: Uersion : 1.2 Raid Level : raid0 Total Devices : 7 Persistence : Superblock is persistent State : inactive Wlorking Devices : 7 Name : c103950:127 UUID : a6f44e2c:352b1ea0:bd25d626:cac0177c Events : 539502 Number Major Minor RaidDevice - 8 16 - /dev/sdb - 8 32 - /dev/sdc - 8 48 - /dev/sdd - 8 64 - /dev/sde - 8 80 - /dev/sdf - 8 96 - /dev/sdg - 8 112 - /dev/sdh
And when I examine the individual drives: mdadm -E /dev/sdb /dev/sdb: Magic : a92b4efc Version : 1.2 Feature Map : 0x0 Array UUID : a6f44e2c:352blea0:bd25d626:cac0177c Name : c103950:127 Creation Time : Thu Jul 26 12:21:27 2018 Raid Level : raid5 Raid Devices : 7 Avail Dev Size : 27344500736 sectors (13038.87 GiB 14000.38 GB) Array Size : 82033502208 KiB (78233.24 GiB 84002.31 GB) Data Offset : 264192 sectors Super Offset : 8 sectors Unused Space : before-264112 sectors, after-0 sectors State : clean Device UUID : 136b95a5:1589d83d:bdb059dd:e2e9e02f Update Time : Thu Jul 15 12:47:37 2021 Bad Block Log : 512 entries available at offset 32 sectors Checksum: 4e727166 - correct Events : 539502 Layout left-symmetric Chunk Size : 512K Device Role : Active device 1 Array State : AAAA..A ('A'== active, '.' == missing, 'R' == replacing) ****** mdadm -E /dev/sdc /dev/sdc: Magic : a92b4efc Version : 1.2 Feature Map : 0x0 Array UUID : a6f44e2c:352b1ea0:bd25d626:cac0177c Name : c103950:127 Creation Time : Thu Jul 26 12:21:27 2018 Raid Level : raid5 Raid Devices : 7 Avail Dev Size : 27344500736 sectors (13038.87 GiB 14000.38 GB) Array Size : 82033502208 KiB (78233.24 GiB 84002.31 GB) Data Offset : 264192 sectors Super Offset : 8 sectors Unused Space : before-264112 sectors, after-0 sectors State : clean Device UUID : 64cac230:bc1e2bf5:65323067:5439f101 Update Time : Thu Jul 15 12:47:37 2021 Bad Block Log : 512 entries available at offset 32 sectors Checksum: ecd93778 - correct Events : 539502 Layout left-symmetric Chunk Size : 512K Device Role : Active device 6 Array State : AAAA..A ('A'== active, '.' == missing, 'R' == replacing) ****** mdadm -E /dev/sdd /dev/sdd: Magic : a92b4efc Version : 1.2 Feature Map : 0x0 Array UUID : a6f44e2c:352b1ea0:bd25d626:cac0177c Name : c103950:127 Creation Time : Thu Jul 26 12:21:27 2018 Raid Level : raid5 Raid Devices : 7 Avail Dev Size : 27344500736 sectors (13038.87 GiB 14000.38 GB) Array Size : 82033502208 KiB (78233.24 GiB 84002.31 GB) Data Offset : 264192 sectors Super Offset : 8 sectors Unused Space : before-264112 sectors, after-0 sectors State : clean Device UUID : 2dd7e6d6:6c035b33:0072796b:d3685558 Update Time : Thu Jul 15 12:47:37 2021 Bad Block Log : 512 entries available at offset 32 sectors Checksum: 2bda98d - correct Events : 539502 Layout left-symmetric Chunk Size : 512K Device Role : Active device 0 Array State : AAAA..A ('A'== active, '.' == missing, 'R' == replacing) ****** mdadm -E /dev/sde /dev/sde: Magic : a92b4efc Version : 1.2 Feature Map : 0x0 Array UUID : a6f44e2c:352b1ea0:bd25d626:cac0177c Name : c103950:127 Creation Time : Thu Jul 26 12:21:27 2018 Raid Level : raid5 Raid Devices : 7 Avail Dev Size : 27344500736 sectors (13038.87 GiB 14000.38 GB) Array Size : 82033502208 KiB (78233.24 GiB 84002.31 GB) Data Offset : 264192 sectors Super Offset : 8 sectors Unused Space : before-264112 sectors, after-0 sectors State : active Device UUID : 8e6bd6de:15483efa:82c1917d:569ee387 Update Time : Thu Jul 13 10:30:54 2021 Bad Block Log : 512 entries available at offset 32 sectors Checksum: c050eb4 - correct Events : 539489 Layout left-symmetric Chunk Size : 512K Device Role : Active device 4 Array State : AAAAAAA ('A'== active, '.' == missing, 'R' == replacing) ****** mdadm -E /dev/sdf /dev/sdf: Magic : a92b4efc Version : 1.2 Feature Map : 0x0 Array UUID : a6f44e2c:352b1ea0:bd25d626:cac0177c Name : c103950:127 Creation Time : Thu Jul 26 12:21:27 2018 Raid Level : raid5 Raid Devices : 7 Avail Dev Size : 27344500736 sectors (13038.87 GiB 14000.38 GB) Array Size : 82033502208 KiB (78233.24 GiB 84002.31 GB) Data Offset : 264192 sectors Super Offset : 8 sectors Unused Space : before-264112 sectors, after-0 sectors State : clean Device UUID : 93452dc8:3fba28ce:c7d33d00:7c1838fd Update Time : Thu Jul 15 12:47:37 2021 Bad Block Log : 512 entries available at offset 32 sectors Checksum: e995ceb8 - correct Events : 539502 Layout left-symmetric Chunk Size : 512K Device Role : Active device 2 Array State : AAAA..A ('A'== active, '.' == missing, 'R' == replacing) ****** mdadm -E /dev/sdg /dev/sdg: Magic : a92b4efc Version : 1.2 Feature Map : 0x0 Array UUID : a6f44e2c:352b1ea0:bd25d626:cac0177c Name : c103950:127 Creation Time : Thu Jul 26 12:21:27 2018 Raid Level : raid5 Raid Devices : 7 Avail Dev Size : 27344500736 sectors (13038.87 GiB 14000.38 GB) Array Size : 82033502208 KiB (78233.24 GiB 84002.31 GB) Data Offset : 264192 sectors Super Offset : 8 sectors Unused Space : before-264112 sectors, after-0 sectors State : clean Device UUID : 48fe7b1b:751e6993:4eb73b66:a1313185 Update Time : Thu Jul 15 12:47:37 2021 Bad Block Log : 512 entries available at offset 32 sectors Checksum: f81be84f - correct Events : 539502 Layout left-symmetric Chunk Size : 512K Device Role : Active device 3 Array State : AAAA..A ('A'== active, '.' == missing, 'R' == replacing) ****** mdadm -E /dev/sdh /dev/sdh: Magic : a92b4efc Version : 1.2 Feature Map : 0x0 Array UUID : a6f44e2c:352b1ea0:bd25d626:cac0177c Name : c103950:127 Creation Time : Thu Jul 26 12:21:27 2018 Raid Level : raid5 Raid Devices : 7 Avail Dev Size : 27344500736 sectors (13038.87 GiB 14000.38 GB) Array Size : 82033502208 KiB (78233.24 GiB 84002.31 GB) Data Offset : 264192 sectors Super Offset : 8 sectors Unused Space : before-264112 sectors, after-0 sectors State : clean Device UUID : 80448326:c8b82624:a8e31b97:18246b58 Update Time : Thu Jul 15 12:04:35 2021 Bad Block Log : 512 entries available at offset 32 sectors Checksum: 9800dd88 - correct Events : 539497 Layout left-symmetric Chunk Size : 512K Device Role : Active device 5 Array State : AAAA.AA ('A'== active, '.' == missing, 'R' == replacing)******
/dev/sde is the faulty drive, while the /dev/sdh is the one I pulled by mistake. Notice the difference in events and times of update. I now want to reassemble the array and wonder what is the safest way to do so. Please help! Thank you for reading.  |
| Unable to access samba user restricted share from Windows 10 Posted: 18 Jul 2021 02:15 PM PDT Server: Debian 10, SAMBA v4.9.5 Client: Windows 10 21H1 I'm trying to create two Samba shares. One is open access to any user and doesn't request a password. The shared folder is /media/NAS. The other defines a username in its settings and requests a password. It's shared folder is /media/NAS/films. So the second share points to a sub folder of the first share. It is intended to be connected to by my TV for sharing media from that folder. The user defined as having access to this second share has had its account created with the following steps: - useradd -s /sbin/nologin mediauser
- usermod -a -G mediaUsers mediauser
- usermod -g mediaUsers mediauser
- smbpasswd -a mediauser
The password for both the user account and samba are the same. With these settings I can connect to the first share with read/write access just fine, but the second keeps coming back with 'You do no have permission to access this share'. In a twist that I do not understand, if I only have the first share enabled (I comment out the second share in the conf file and restart samba) it works OK, but as soon as I add in the second Films share I can no longer access the first share. I also see a new share appear called mediauser which contains a bunch of profile stuff. Any clues why this is happening? I've provided various bits of config files and ls -l outputs below. Many thanks. Ben smb.conf: [global] workgroup = WORKGROUP interfaces = 192.168.54.0/24 enp1s0 bind interfaces only = yes log file = /var/log/samba/log.%m max log size = 1000 logging = file panic action = /usr/share/samba/panic-action %d ####### Authentication ####### server role = standalone server obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user usershare allow guests = yes #======================= Share Definitions ======================= [homes] comment = Home Directories browseable = no read only = yes create mask = 0700 directory mask = 0700 valid users = %S [NAS] comment = NAS Storage path = /media/NAS browseable = yes read only = no guest ok = yes create mask = 777 force create mode = 777 directory mask = 2777 force directory mode = 2777 [Films] comment = Film Archive path = /media/NAS/films browseable = yes read only = yes guest ok = no valid users = mediauser create mask = 775 force create mode = 775 directory mask = 2775 force directory mode = 2775
Folder Permissions: drwxrwxr-x 158 nobody mediaUsers 4096 Jun 23 22:30 films drwxrwxr-- 7 nobody nogroup 4096 Jun 24 22:11 MP3 drwxrwxr-- 14 nobody nogroup 4096 Jun 23 20:39 Pictures drwxrwxr-- 16 nobody nogroup 4096 Jun 24 21:59 Software drwxrwxrwx 25 nobody nogroup 4096 Jun 24 08:50 Video
pdbedit output: root@fileServer:/etc/samba# pdbedit -L mediauser:1001:
 |
| ntpd -g does not sync the clock Posted: 18 Jul 2021 04:38 PM PDT From ntpd man page If time is more than 1000s from the server time, ntpd assumes something must be terribly wrong and the only reliable action is for the operator to intervene and set the clock by hand. This causes ntpd to exit with a panic message to the system log. The -g option overrides this check and the clock will be set to the server time regardless of the chip time.
I have done small experiment to test -g option with ntpd. First I changed the system clock time to some old time with date command. date -s 2021.06.15-19:10:21
After that I created small /etc/ntp.conf file with below information driftfile /etc/ntp.drift logconfig =syncstatus server time.google.com minpoll 3 maxpoll 4
After that I ran ntpd with below command ntpd -g -n -4 -c /etc/ntp.conf &
Please note that my ntp.drift file was empty. I see no change in the system time , infact ntp status shows that clock is not synchronized. GW:/# ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== time2.google.co .GOOG. 1 u - 64 1 0.000 +0.000 0.000 Clock is not synchronized, stratum 16, reference is INIT frequency is +0.000 Hz, precision is -19 reference time is (no time), clock offset is +0.000000 msec, root delay is 0.000 msec root dispersion is N/A
Can someone please help me. Did I missed any configuration or some other data. Apart from this I have one small question Does ntp clock need to be synchronised for ntp authentication? If ntp clock is not synchronised then in that case will ntp server authentication pass. Edit: Below are the logs come when I start ntpd GW:~/var/log# cat ntpd.log 15 Jun 19:21:03 ntpd[14560]: Listen and drop on 0 v4wildcard 0.0.0.0:123 15 Jun 19:21:03 ntpd[14560]: Listen normally on 1 lo 127.0.0.1:123 15 Jun 19:21:03 ntpd[14560]: Listen normally on 2 srcr2 192.168.0.2:123 15 Jun 19:21:03 ntpd[14560]: Listen normally on 3 log0 1.0.0.1:123 15 Jun 19:21:03 ntpd[14560]: Listening on routing socket on fd #20 for interface updates 15 Jun 19:21:03 ntpd[14560]: kernel reports TIME_ERROR: 0x2041: Clock Unsynchronized 15 Jun 19:21:03 ntpd[14560]: kernel reports TIME_ERROR: 0x2041: Clock Unsynchronized
 |
| why is nginx timeout-ing? Posted: 18 Jul 2021 07:38 PM PDT Here is my timeout related nginx conf : http { ... proxy_read_timeout 300; proxy_connect_timeout 300; proxy_send_timeout 300; ... }
and my reverse proxy setup : upstream node { server 127.0.0.1:2200; } server { listen 80; location / { proxy_pass http://node; } }
I am posting a query to my webserver and nginx times out after 1 minute with the following message : 2021/07/16 14:35:42 [error] 881124#881124: *14744 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 172.68.144.214, server: , request: "POST /photos/download_photos HTTP/1.1", upstream: "http://127.0.0.1:2200/photos/download_photos", host: "myhost.com", referrer: "https://myhost.com/" Output of nginx -T : nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful # configuration file /etc/nginx/nginx.conf: user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; events { worker_connections 768; # multi_accept on; } http { ## # Basic Settings ## sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; # server_tokens off; # server_names_hash_bucket_size 64; # server_name_in_redirect off; client_max_body_size 100m; include /etc/nginx/mime.types; default_type application/octet-stream; ## # SSL Settings ## ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; ## # Logging Settings ## access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; ## # Gzip Settings ## gzip on; # gzip_vary on; # gzip_proxied any; # gzip_comp_level 6; # gzip_buffers 16 8k; # gzip_http_version 1.1; # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; ## # Virtual Host Configs ## include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; proxy_read_timeout 300; proxy_connect_timeout 300; proxy_send_timeout 300; } #mail { # # See sample authentication script at: # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript # # # auth_http localhost/auth.php; # # pop3_capabilities "TOP" "USER"; # # imap_capabilities "IMAP4rev1" "UIDPLUS"; # # server { # listen localhost:110; # protocol pop3; # proxy on; # } # # server { # listen localhost:143; # protocol imap; # proxy on; # } #} # configuration file /etc/nginx/modules-enabled/50-mod-http-image-filter.conf: load_module modules/ngx_http_image_filter_module.so; # configuration file /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf: load_module modules/ngx_http_xslt_filter_module.so; # configuration file /etc/nginx/modules-enabled/50-mod-mail.conf: load_module modules/ngx_mail_module.so; # configuration file /etc/nginx/modules-enabled/50-mod-stream.conf: load_module modules/ngx_stream_module.so; # configuration file /etc/nginx/mime.types: types { text/html html htm shtml; text/css css; text/xml xml; image/gif gif; image/jpeg jpeg jpg; application/javascript js; application/atom+xml atom; application/rss+xml rss; text/mathml mml; text/plain txt; text/vnd.sun.j2me.app-descriptor jad; text/vnd.wap.wml wml; text/x-component htc; image/png png; image/tiff tif tiff; image/vnd.wap.wbmp wbmp; image/x-icon ico; image/x-jng jng; image/x-ms-bmp bmp; image/svg+xml svg svgz; image/webp webp; application/font-woff woff; application/java-archive jar war ear; application/json json; application/mac-binhex40 hqx; application/msword doc; application/pdf pdf; application/postscript ps eps ai; application/rtf rtf; application/vnd.apple.mpegurl m3u8; application/vnd.ms-excel xls; application/vnd.ms-fontobject eot; application/vnd.ms-powerpoint ppt; application/vnd.wap.wmlc wmlc; application/vnd.google-earth.kml+xml kml; application/vnd.google-earth.kmz kmz; application/x-7z-compressed 7z; application/x-cocoa cco; application/x-java-archive-diff jardiff; application/x-java-jnlp-file jnlp; application/x-makeself run; application/x-perl pl pm; application/x-pilot prc pdb; application/x-rar-compressed rar; application/x-redhat-package-manager rpm; application/x-sea sea; application/x-shockwave-flash swf; application/x-stuffit sit; application/x-tcl tcl tk; application/x-x509-ca-cert der pem crt; application/x-xpinstall xpi; application/xhtml+xml xhtml; application/xspf+xml xspf; application/zip zip; application/octet-stream bin exe dll; application/octet-stream deb; application/octet-stream dmg; application/octet-stream iso img; application/octet-stream msi msp msm; application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; audio/midi mid midi kar; audio/mpeg mp3; audio/ogg ogg; audio/x-m4a m4a; audio/x-realaudio ra; video/3gpp 3gpp 3gp; video/mp2t ts; video/mp4 mp4; video/mpeg mpeg mpg; video/quicktime mov; video/webm webm; video/x-flv flv; video/x-m4v m4v; video/x-mng mng; video/x-ms-asf asx asf; video/x-ms-wmv wmv; video/x-msvideo avi; } # configuration file /etc/nginx/sites-enabled/reverse-proxy: upstream node { server 127.0.0.1:2200; } server { listen 80; # server_name tools.tryandreview.com; location / { proxy_pass http://node; } }
Why is nginx not taking my setting into account ? Or am I missing something ?  |
| STP Packet Filtering Posted: 18 Jul 2021 06:57 PM PDT I have a KVM host with guests joined to a virtual bridge for networking. Netdata on guests of this system drew my attention to packets being dropped at the network interface level (the metric reported as RX dropped by ifconfig). I tracked the dropped packets to STP (spanning tree protocol) broadcasts from outside of the host. The virtual bridge on the host has STP off, but these packets from other switches on the network are still forwarded to guests. # tcpdump -i enp2s0 stp -etn 30:23:03:27:7c:27 > 01:80:c2:00:00:00, 802.3, length 38: LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03: STP 802.1d, Config, Flags [none], bridge-id fffe.30:23:03:27:7c:27.8001, length 43 # tcpdump -i enp1s0 stp -etn 10:06:45:e6:24:0b > 01:80:c2:00:00:00, 802.3, length 38: LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03: STP 802.1d, Config, Flags [none], bridge-id 8000.10:06:45:e6:24:0b.8004, length 43
Question How can I drop STP packets being forwarded through the virtual bridge? I tried to filter by the dsap/ssap number, but this didn't work. ebtables -A FORWARD -p LENGTH --802_3-sap 0x42 -j DROP
alternatively, I'd be interested in any reasons why this is not a good idea.  |
| Pubkey SSH fails with "we did not send a packet, disable method" in freebsd jail Posted: 18 Jul 2021 03:03 PM PDT I have a FreeBSD VPS with 2 jails, each setup with ezjail (I know now that this is largely deprecated, but didn't at the time). $ jls JID IP Address Hostname Path 1 172.16.1.1 wwwserver /usr/jails/wwwserver 2 172.16.1.2 wwwgit /usr/jails/wwwgit
The host and the jails are all running 12.2-RELEASE-p2. I have key-based ssh login enabled in each jail, as well as the host. This works fine for the host and wwwserver, but not wwwgit. For that jail, I get this log: debug1: Reading configuration data /Users/chris/.ssh/config debug1: /Users/chris/.ssh/config line 3: Applying options for * debug1: /Users/chris/.ssh/config line 22: Applying options for waitstaff_git debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 47: Applying options for * debug2: resolve_canonicalize: hostname {censored-ip-address} is address debug2: ssh_connect_direct debug1: Connecting to {censored-ip-address} [{censored-ip-address}] port 22. debug1: Connection established. debug1: identity file /Users/chris/.ssh/id_ed25519_chrisdeluca_git type 3 debug1: identity file /Users/chris/.ssh/id_ed25519_chrisdeluca_git-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9 FreeBSD-20200214 debug1: match: OpenSSH_7.9 FreeBSD-20200214 pat OpenSSH* compat 0x04000000 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to {censored-ip-address}:22 as 'git' debug3: hostkeys_foreach: reading file "/Users/chris/.ssh/known_hosts" debug3: record_hostkey: found key type ECDSA in file /Users/chris/.ssh/known_hosts:7 debug3: load_hostkeys: loaded 1 keys from {censored-ip-address} debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 debug3: send packet: type 20 debug1: SSH2_MSG_KEXINIT sent debug3: receive packet: type 20 debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com,zlib debug2: compression stoc: none,zlib@openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com debug2: compression stoc: none,zlib@openssh.com debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug3: send packet: type 30 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug3: receive packet: type 31 debug1: Server host key: ecdsa-sha2-nistp256 SHA256:nhwOgcMl+Z+47Qu1VHAnjGnSbIdnjqMV60XQ9ilsCrI debug3: hostkeys_foreach: reading file "/Users/chris/.ssh/known_hosts" debug3: record_hostkey: found key type ECDSA in file /Users/chris/.ssh/known_hosts:7 debug3: load_hostkeys: loaded 1 keys from {censored-ip-address} debug1: Host '{censored-ip-address}' is known and matches the ECDSA host key. debug1: Found key in /Users/chris/.ssh/known_hosts:7 debug3: send packet: type 21 debug2: set_newkeys: mode 1 debug1: rekey out after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: receive packet: type 21 debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey in after 134217728 blocks debug1: Will attempt key: /Users/chris/.ssh/id_ed25519_chrisdeluca_git ED25519 SHA256:xUYB2rlHSwtkA515PXWHC3dN8XQkcG2dbXJg1SPikxM explicit agent debug2: pubkey_prepare: done debug3: send packet: type 5 debug3: receive packet: type 7 debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521> debug3: receive packet: type 6 debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug3: send packet: type 50 debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,keyboard-interactive debug3: start over, passed a different list publickey,keyboard-interactive debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: /Users/chris/.ssh/id_ed25519_chrisdeluca_git ED25519 SHA256:xUYB2rlHSwtkA515PXWHC3dN8XQkcG2dbXJg1SPikxM explicit agent debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,keyboard-interactive debug2: we did not send a packet, disable method debug3: authmethod_lookup keyboard-interactive debug3: remaining preferred: password debug3: authmethod_is_enabled keyboard-interactive debug1: Next authentication method: keyboard-interactive debug2: userauth_kbdint debug3: send packet: type 50 debug2: we sent a keyboard-interactive packet, wait for reply debug3: receive packet: type 60 debug2: input_userauth_info_req debug2: input_userauth_info_req: num_prompts 1 Password for git@waitstaff:
At first I thought maybe my permissions were off, but I can confirm I have the public keys uploaded to the git user's .ssh/authorized_keys file, and the permissions are correct: drwx------ 2 git git 512 Dec 29 22:07 .ssh -rw------- 1 git git 109 Dec 29 22:13 authorized_keys
The SSH config itself is nearly identical across the host and jails. Host $ grep -E -v '^$|^#' /etc/ssh/sshd_config Subsystem sftp /usr/libexec/sftp-server PermitRootLogin without-password
wwwserver $ sudo jexec wwwserver grep -E -v '^$|^#' /etc/ssh/sshd_config Port 2222 AuthorizedKeysFile .ssh/authorized_keys ChallengeResponseAuthentication no
wwwgit $ sudo jexec wwwgit grep -E -v '^$|^#' /etc/ssh/sshd_config AuthorizedKeysFile .ssh/authorized_keys Subsystem sftp /usr/libexec/sftp-server
I also have a local ssh config file, which might be helpful. Here's the relevant contents. IdentitiesOnly yes Host * AddKeysToAgent yes UseKeychain yes ... # Freebsd host Host waitstaff Hostname {censored-ip-address} Port 22 IdentityFile ~/.ssh/id_ed25519_waitstaff User freebsd # wwwserver jail Host waitstaff_deploy Hostname {censored-ip-address} Port 2222 IdentityFile ~/.ssh/id_ed25519_waitstaff_deploy User chris # wwwgit jail Host waitstaff_git Hostname {censored-ip-address} IdentityFile ~/.ssh/id_ed25519_chrisdeluca_git User git
I'm at a loss about what's wrong. Any help figuring this out would be greatly appreciated. Thanks in advance! Edit: In case it's pertinent, I changed the home directory for the git user (the user I'm trying to login as) to /git.  |
| Local admin login fails "The trust relationship between this workstation and the primary domain failed" on Windows 10 Posted: 18 Jul 2021 09:03 PM PDT After joining a 2019 (2016 equivalent) domain, domain logins are successful however local admin accounts fail with "The trust relationship between this workstation and the primary domain failed." I created a new local admin account with my domain credentials and verified this error continues, however, logins to the domain even uncached credentials succeed. What further troubleshooting steps can I perform? This kind of seems the opposite of what people typically are trying to do of getting into a machine without local admin access.  |
| Failed to enable unit: Access denied - while enabling a service on AWS RHEL instance Posted: 18 Jul 2021 08:05 PM PDT When I run this command sudo systemctl enable /home/ec2-user/my_custom.service
I get Failed to enable unit: Access denied
And When I run systemctl enable /home/ec2-user/my_custom.service
I get ==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-unit-files ==== Authentication is required to manage system service or unit files. Authenticating as: Cloud User (ec2-user) Password: ==== AUTHENTICATION COMPLETE ==== Failed to enable unit: Access denied
Now here I don't have any password to setting the new using sudo passwd ec2-user and then using that password but still the same error Here is content of my_custom.service [Unit] Description=go_responder After=network.target [Service] Type=simple User=ec2-user ExecStart=/home/ec2-user/custom_service_executable [Install] WantedBy=default.target
 |
| Docker Compose and multiple subnets Posted: 18 Jul 2021 07:01 PM PDT I'm struggling with Docker Compose (version 2 or 3). I'm trying to add multiple subnets, so various services can reach each other, but get assigned IPv4 addresses from different subnets. This is my current configuration: networks: custom: driver: "bridge" ipam: driver: default config: - subnet: 10.10.10.0/16 gateway: 10.10.10.1 - subnet: 100.100.100.0/16 gateway: 100.100.100.1
But I get the error: Creating network "docker-setup-test_custom" with driver "bridge" ERROR: Pool overlaps with other one on this address space
 |
| "No route to host" until "ping" or "route" Posted: 18 Jul 2021 10:01 PM PDT I have two computers in one WiFi network: Sometimes (once in ten times) after B reboot I am unable to ssh from A to B: $ ssh 192.168.201.128 ssh: connect to host 192.168.201.128 port 22: No route to host
When I try to ping it, I get: $ ping 192.168.201.128 PING 192.168.201.128 (192.168.201.128) 56(84) bytes of data. From 192.168.201.133 icmp_seq=1 Destination Host Unreachable From 192.168.201.133 icmp_seq=2 Destination Host Unreachable From 192.168.201.133 icmp_seq=3 Destination Host Unreachable
ARP might be the issue: $ arp Address HWtype HWaddress Flags Mask Iface _gateway ether 70:4c:a5:a7:c2:57 C wlp2s0 192.168.201.128 (incomplete) wlp2s0
I was trying to fix it like this: $ sudo arp -d 192.168.201.128 $ arping -c 10 -I wlp2s0 192.168.201.128 ARPING 192.168.201.128 from 192.168.201.133 wlp2s0 Sent 10 probes (10 broadcast(s)) Received 0 response(s)
no effect :( I can workaround the issue by plugging in monitor and keyboard to B (server) and doing either: 1) ping A (client) OR 2) typing "route" in terminal Then everything goes back to normal. Any idea why this might be happening? My guess is that B sometimes doesn't discover gateway correctly. I am unable to verify this, because when I type "route" in B terminal everything goes back to normal. Side notes: - There is no firewall on B (server)
- A (client) is Ubuntu 18.04 Desktop
- B (server) is Ubuntu 16.04 minimal (maybe missing some important package for arp/ auto gw discovery?)
- B (server) interfaces configuration:
$ cat /etc/network/interfaces auto lo iface lo inter loopback
 |
| rsync error: error in rsync protocol data stream (code 12) at io.c(600) [sender=3.0.6] Posted: 18 Jul 2021 03:43 PM PDT Recently I have been unable to rsync over ssh. Each time I get the same error bash: rsync: command not found rsync: connection unexpectedly closed (0 bytes received so far) [sender] rsync error: error in rsync protocol data stream (code 12) at io.c(600) [sender=3.0.6]
I am running sudo rsync -av /var/www/html/somedir/ myuser@999.999.99.9:Users/myuser/Desktop/ec2backup
Please note the username, IP, and directories have been changed for the purposes of this post. In the past I have ran the exact same command as verified using bash_history. What I have tried: - Ran a similar command from another server, resulting in the same error message.
- Tested rsync locally (local dir to local dir), which worked perfectly.
The only thing that has changed is I've recently installed Virtualbox and Vagrant. Is it possible I may have messed up authentication/ports/etc on my local machine? Any help is greatly appreciated.  |
| Why CloudFront does not return Access-Control-Allow-Origin? Posted: 18 Jul 2021 06:02 PM PDT I'm trying to figure out why cloudfront distribution does not cache / send through access-control-allow-origin. When I curl my website: HTTP/1.1 200 OK Date: Sat, 03 Mar 2018 07:42:01 GMT Content-Type: application/font-woff2 Content-Length: 77160 Connection: keep-alive Set-Cookie: __cfduid=dda822a428a2dddb9113bbd425dba93e91520062921; expires=Sun, 03-Mar-19 07:42:01 GMT; path=/; domain=.flexrc.com; HttpOnly Last-Modified: Fri, 02 Mar 2018 03:01:32 GMT ETag: "5a98be8c-12d68" Access-Control-Allow-Origin: * CF-Cache-Status: HIT Expires: Sat, 03 Mar 2018 11:42:01 GMT Cache-Control: public, max-age=14400 Accept-Ranges: bytes Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Server: cloudflare CF-RAY: 3f5a76ca7ddd3b50-YVR
but when I curl cloudfront file: HTTP/1.1 200 OK Content-Type: application/octet-stream Content-Length: 66624 Connection: keep-alive Date: Sat, 03 Mar 2018 03:13:25 GMT Last-Modified: Sun, 21 Feb 2016 22:02:50 GMT ETag: "56ca340a-10440" CF-Cache-Status: HIT Expires: Sat, 03 Mar 2018 07:13:25 GMT Cache-Control: public, max-age=14400 Accept-Ranges: bytes Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Server: cloudflare CF-RAY: 3f58ed5738b09668-SJC X-Cache: RefreshHit from cloudfront Via: 1.1 f42a8d19b16850af801ce5662fc9fdab.cloudfront.net (CloudFront) X-Amz-Cf-Id: HBJgB_UBz1pKdUQf-08bsZDXGE3Cv9GD6X9e3aUx_R8ejPdlQxGD8g==
In "Edit Behavior" for "Cache Based on Selected Request Headers" I've added whitelist for Origin and Access-Control-Allow-Origin I've also invalidated Object several times, as well I was waiting for the progress to finish on the distribution. I'm not using S3. I've also checked Setting Access-Control-Allow-Origin on Cloudfront but it didn't help me. Any advice is appreciated. Distribution Settings  |
| Application pool recycling takes high time Posted: 18 Jul 2021 07:01 PM PDT We have problem with Application pool recycling process. We have our production site with hosted in IIS version 10. We have used separate application pool for our production site. This application pool getting recycling every 1740 mins by default. The problem is once recycle process started our application is not responding. Seems its usual thing it takes some time to start with new process. But our case it takes around 15-20 mins to getting the palliation up or recycle process to complete. After 20 mins only our site coming up. Seems this time interval is unusual. How to troubleshoot this problem? Is there any problem in application level or server or application pool configuration level? Please help to identify the cause, we couldn't find the solution to address our site down problem. Thanks, Karthik.  |
| NGINX docker container immediately stops Posted: 18 Jul 2021 03:31 PM PDT I'm started to get to know Docker and nginx in docker. I want to use my own custom static files, and my own nginx.conf, so i've created a docker file: FROM nginx RUN rm /etc/nginx/nginx.conf COPY /nginx.conf /etc/nginx/nginx.conf COPY / /usr/share/nginx/html # Expose ports EXPOSE 80
And my nginx.conf: #user nobody; worker_processes auto; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"' '$server_name to: $upstream_addr: $request'; access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 8080; server_name 127.0.0.1; #charset koi8-r; #access_log logs/host.access.log main; location / { root /usr/share/nginx/html; index index.html index.htm; try_files $uri /index.html; include mime.types; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } }
I'm building this with: docker build --no-cache -t nginx-custom .
And running it with: docker run -d -p 8080:80 --name webserver nginx-custom
But it builds, and then runs, but stopps immediately so if i check with docker ps -a
I can see it's exited 1 second ago. I tried to use CMD /usr/sbin/nginx -g "daemon off;" or deamon off; in the nginx conf, or use CMD ["nginx", "-g", "daemon off;"] no matter what i do, it's just exits right after run.  |
| Setting cache/expire time to every element in nginx? Posted: 18 Jul 2021 10:01 PM PDT when configuring web servers (nginx) is it uncommon to set and expire time and cache every element in every directory that gets requested by the client browser? some examples of expire time i just found on the nginx site and servervault: location ~* \.(?:ico|css|js|gif|jpe?g|png)$ { expires 30d; add_header Pragma public; add_header Cache-Control "public"; } location ~* \.(?:css|gif|jpe?g|png)$ { expires max; }
how would i write the location line if i wanted to experiement with setting an expiration to every element? location ~* \.(?:*)$ { expires 2d; add_header Pragma public; add_header Cache-Control "public" }
 |
| Reset subscription or fix web app Posted: 18 Jul 2021 03:03 PM PDT I'm trying to set up a web app, but I keep on getting errors. If I try in the portal I keep on seeing that the status is "deleted" and the deployment failed because application insights is not supported in my region. I do not need application insights. In Visual Studio I get the following error --------------------------- Microsoft Visual Studio --------------------------- Following errors occured during the deployment: Error during deployment for resource 'AppInsightsComponents MySite' in resource group 'MegaSale': MissingRegistrationForLocation: The subscription is not registered for the resource type 'components' in the location 'Central US'. Please re-register for this provider in order to have access to this location.. Error during deployment for resource 'MySite' in resource group 'MegaSale': NoRegisteredProviderFound: No registered resource provider found for location 'West Europe' and API version '2.0' for type 'servers'. The supported api-versions are '2014-01-01, 2014-04-01, 2014-04-01-preview'. The supported locations are 'centralus, eastus, westus, southcentralus, eastus2, northcentralus, eastasia, southeastasia, japanwest, japaneast, northeurope, westeurope, brazilsouth, australiaeast, australiasoutheast, centralindia, westindia, southindia, canadacentral, canadaeast, westus2, westcentralus, uksouth, ukwest'.. and this occurs no matter which region I choose. I would like to use Western Europe, but can accept a different region if it would just work. I don't mind scraping my whole subscription and starting anew, though I'd rather not if possible. The resource group I certainly don't mind trashing totally.  |
| How does the captive portal redirect work behind the scenes Posted: 18 Jul 2021 04:08 PM PDT As a project I am building my own captive portal web pages for "unauthenticated" users. Those are users that have not hit a button on my captive portal page. I want this to be out of band (like a packetfence deployment option), so that my Linux machine is not acting as a router / proxy. To do this I need to know HOW the device, in my case an iPhone running iOS 8, is redirected to the captive portal page. This is what I think should happen: - iPhone connects to the Wi-Fi
- DNS points at my Linux machine which resolves all requests with the IP of itself
- The Linux machine has a web server that responds to everything on port 80, and redirects everything using the HTTP Location: header to a page with the content and a button
- The button is pressed and the user's mac address is added to "something", and from then on the DNS does proper resolution (??) or maybe iptables redirects DNS requests to another public DNS host (??)
I have been through this site and Google for a few days now have even tried to look at the Packetfence code (I'm not a perl developer), I need to confirm if my process above is correct, or a bullet point list of correct steps. I have had a look at this serverfault post, it's the detail on how the redirect happens, and more importantly how to NOT have the redirect happen once the user is "authenticated". I appreciate if anyone has this knowledge to fill in the gaps or point me at a web site that has the "how / what does the redirect - dns / dhcp / http / iptables). The problem I am trying to solve is to articulate the technical process of how this works, expanding on other posts on this site which say things like "the first request should be redirected". My question is... how / what tools do I need to do that. Thanks!  |
| Adding drivers to a non bootable drive Posted: 18 Jul 2021 02:02 PM PDT I have a server 2008 installation with a faulty motherboard. I have changed the motherboard and Windows blue screens on boot up. It is caused by the SATA drivers. I'm trying to find a method of installing the drivers manually without booting Windows. My first idea was to create a WIM and then inject the drivers when I re-mount the image, however my new company doesn't have the windows AIK for creating WIM's. Can anyone suggest a suitable method for adding the drivers using a 3rd party freeware or trial tool? I have already looked at Casper and o&o.  |
| php5-fpm invoked oom-killer Posted: 18 Jul 2021 04:08 PM PDT One of my server (Ubuntu 12.04, 16CPU, 32GB RAM) runs the app section of my website (Nginx 1.1.19, PHP5-FPM, Php 5.3.10, Symfony2 Web Framework) Suddenly, users started getting HTTP 5** Errors. When I went on the server, there was huge disk IO and the culprit was [flush]. When I went through the kernel logs using dmesg, it showed the reason for [flush] was php5-fpm invoked oom-killer Kernel Log entry from the time of Incident: Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295736] php5-fpm invoked oom-killer: gfp_mask=0x280da, order=0, oom_adj=0, oom_score_adj=0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295740] php5-fpm cpuset=/ mems_allowed=0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295743] Pid: 13310, comm: php5-fpm Not tainted 3.2.0-69-virtual #103-Ubuntu Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295744] Call Trace: Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295751] [<ffffffff8111b971>] dump_header+0x91/0xe0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295754] [<ffffffff8111bd25>] oom_kill_process+0x85/0xb0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295757] [<ffffffff8111c0ca>] out_of_memory+0xfa/0x220 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295761] [<ffffffff81121aa3>] __alloc_pages_nodemask+0x8c3/0x8e0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295764] [<ffffffff8115a853>] alloc_pages_vma+0xb3/0x190 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295768] [<ffffffff8113ae9c>] do_anonymous_page.isra.38+0x7c/0x2f0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295772] [<ffffffff8113e921>] handle_pte_fault+0x1e1/0x200 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295777] [<ffffffff8165d9be>] ? _raw_spin_lock+0xe/0x20 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295780] [<ffffffff8113c089>] ? __pte_alloc+0xa9/0x160 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295782] [<ffffffff8113fb19>] handle_mm_fault+0x269/0x370 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295785] [<ffffffff81661504>] do_page_fault+0x184/0x550 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295789] [<ffffffff81013728>] ? __switch_to+0x138/0x360 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295793] [<ffffffff8105668d>] ? set_next_entity+0xad/0xd0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295796] [<ffffffff8105682a>] ? finish_task_switch+0x4a/0xf0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295799] [<ffffffff8165b6ec>] ? __schedule+0x3cc/0x6f0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295802] [<ffffffff8165e135>] page_fault+0x25/0x30 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295804] Mem-Info: Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295805] Node 0 DMA per-cpu: Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295808] CPU 0: hi: 0, btch: 1 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295809] CPU 1: hi: 0, btch: 1 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295810] CPU 2: hi: 0, btch: 1 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295812] CPU 3: hi: 0, btch: 1 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295813] CPU 4: hi: 0, btch: 1 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295814] CPU 5: hi: 0, btch: 1 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295816] CPU 6: hi: 0, btch: 1 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295817] CPU 7: hi: 0, btch: 1 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295819] CPU 8: hi: 0, btch: 1 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295820] CPU 9: hi: 0, btch: 1 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295822] CPU 10: hi: 0, btch: 1 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295823] CPU 11: hi: 0, btch: 1 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295824] CPU 12: hi: 0, btch: 1 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295826] CPU 13: hi: 0, btch: 1 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295827] CPU 14: hi: 0, btch: 1 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295828] CPU 15: hi: 0, btch: 1 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295830] Node 0 DMA32 per-cpu: Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295831] CPU 0: hi: 186, btch: 31 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295833] CPU 1: hi: 186, btch: 31 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295834] CPU 2: hi: 186, btch: 31 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295836] CPU 3: hi: 186, btch: 31 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295837] CPU 4: hi: 186, btch: 31 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295838] CPU 5: hi: 186, btch: 31 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295840] CPU 6: hi: 186, btch: 31 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295841] CPU 7: hi: 186, btch: 31 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295842] CPU 8: hi: 186, btch: 31 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295844] CPU 9: hi: 186, btch: 31 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295845] CPU 10: hi: 186, btch: 31 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295846] CPU 11: hi: 186, btch: 31 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295848] CPU 12: hi: 186, btch: 31 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295850] CPU 13: hi: 186, btch: 31 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295851] CPU 14: hi: 186, btch: 31 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295853] CPU 15: hi: 186, btch: 31 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295854] Node 0 Normal per-cpu: Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295856] CPU 0: hi: 186, btch: 31 usd: 15 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295857] CPU 1: hi: 186, btch: 31 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295859] CPU 2: hi: 186, btch: 31 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295860] CPU 3: hi: 186, btch: 31 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295861] CPU 4: hi: 186, btch: 31 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295863] CPU 5: hi: 186, btch: 31 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295864] CPU 6: hi: 186, btch: 31 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295865] CPU 7: hi: 186, btch: 31 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295867] CPU 8: hi: 186, btch: 31 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295868] CPU 9: hi: 186, btch: 31 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295870] CPU 10: hi: 186, btch: 31 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295871] CPU 11: hi: 186, btch: 31 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295872] CPU 12: hi: 186, btch: 31 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295874] CPU 13: hi: 186, btch: 31 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295875] CPU 14: hi: 186, btch: 31 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295877] CPU 15: hi: 186, btch: 31 usd: 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295880] active_anon:7408050 inactive_anon:436 isolated_anon:0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295881] active_file:21159 inactive_file:33077 isolated_file:419 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295882] unevictable:0 dirty:36283 writeback:0 unstable:0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295882] free:47243 slab_reclaimable:20065 slab_unreclaimable:15299 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295883] mapped:15592 shmem:138 pagetables:28362 bounce:0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295885] Node 0 DMA free:15908kB min:32kB low:40kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:15652kB mlocked:0kB dirty:0kB writeback:0kB mapped:0kB shmem:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? yes Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295892] lowmem_reserve[]: 0 3760 30220 30220 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295895] Node 0 DMA32 free:114216kB min:8404kB low:10504kB high:12604kB active_anon:3651120kB inactive_anon:284kB active_file:7848kB inactive_file:38464kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:3850496kB mlocked:0kB dirty:38664kB writeback:0kB mapped:272kB shmem:0kB slab_reclaimable:8444kB slab_unreclaimable:7164kB kernel_stack:208kB pagetables:10056kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:116761 all_unreclaimable? yes Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295902] lowmem_reserve[]: 0 0 26460 26460 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295905] Node 0 Normal free:58848kB min:59144kB low:73928kB high:88716kB active_anon:25981080kB inactive_anon:1460kB active_file:76788kB inactive_file:93844kB unevictable:0kB isolated(anon):0kB isolated(file):1676kB present:27095040kB mlocked:0kB dirty:106468kB writeback:0kB mapped:62096kB shmem:552kB slab_reclaimable:71816kB slab_unreclaimable:54032kB kernel_stack:2352kB pagetables:103392kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:388409 all_unreclaimable? yes Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295912] lowmem_reserve[]: 0 0 0 0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295915] Node 0 DMA: 1*4kB 0*8kB 0*16kB 1*32kB 2*64kB 1*128kB 1*256kB 0*512kB 1*1024kB 1*2048kB 3*4096kB = 15908kB Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295922] Node 0 DMA32: 268*4kB 544*8kB 367*16kB 391*32kB 271*64kB 165*128kB 103*256kB 32*512kB 5*1024kB 0*2048kB 1*4096kB = 114240kB Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295929] Node 0 Normal: 13697*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB = 58884kB Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295937] 54555 total pagecache pages Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295938] 0 pages in swap cache Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295939] Swap cache stats: add 0, delete 0, find 0/0 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295940] Free swap = 0kB Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.295941] Total swap = 0kB Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359778] 7864304 pages RAM Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359780] 144336 pages reserved Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359781] 654931 pages shared Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359782] 7618451 pages non-shared Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359783] [ pid ] uid tgid total_vm rss cpu oom_adj oom_score_adj name Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359798] [ 445] 0 445 4800 221 4 0 0 rpcbind Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359801] [ 452] 108 452 5376 279 2 0 0 rpc.statd Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359804] [ 482] 0 482 4308 94 0 0 0 upstart-udev-br Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359807] [ 494] 0 494 5431 327 1 -17 -1000 udevd Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359809] [ 608] 0 608 5430 231 1 -17 -1000 udevd Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359812] [ 624] 0 624 5430 233 3 -17 -1000 udevd Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359815] [ 706] 0 706 3797 49 3 0 0 upstart-socket- Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359818] [ 882] 0 882 1816 213 6 0 0 dhclient3 Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359821] [ 993] 0 993 12509 499 2 -17 -1000 sshd Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359824] [ 1018] 101 1018 63430 480 4 0 0 rsyslogd Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359827] [ 1040] 102 1040 5954 155 13 0 0 dbus-daemon Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359830] [ 1048] 0 1048 7445 153 9 0 0 rpc.idmapd Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359832] [ 1151] 0 1151 3626 190 3 0 0 getty Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359835] [ 1157] 0 1157 3626 189 1 0 0 getty Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359837] [ 1162] 0 1162 3626 189 5 0 0 getty Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359840] [ 1163] 0 1163 3626 188 1 0 0 getty Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359842] [ 1165] 0 1165 3626 188 6 0 0 getty Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359845] [ 1170] 0 1170 4778 211 4 0 0 cron Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359847] [ 1171] 0 1171 4227 89 12 0 0 atd Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359850] [ 1172] 0 1172 1082 149 10 0 0 acpid Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359852] [ 1178] 0 1178 3995 173 0 0 0 irqbalance Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359855] [ 1179] 103 1179 46916 650 10 0 0 whoopsie Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359858] [ 1195] 106 1195 80805 236 5 0 0 memcached Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359861] [ 1228] 109 1228 4199 99 0 0 0 nrsysmond Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359863] [ 1230] 109 1230 62851 1327 0 0 0 nrsysmond Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359866] [ 1340] 0 1340 4164 105 9 0 0 newrelic-daemon Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359869] [ 1341] 0 1341 61114 1948 13 0 0 newrelic-daemon Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359871] [ 1381] 0 1381 3310 100 6 0 0 mdadm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359874] [ 1444] 0 1444 3626 189 0 0 0 getty Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359877] [ 1445] 0 1445 3188 177 3 0 0 getty Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359879] [ 1890] 0 1890 369259 2517 3 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359882] [ 1916] 0 1916 20056 1040 8 0 0 nginx Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359885] [ 1917] 33 1917 20473 1994 8 0 0 nginx Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359887] [ 1918] 33 1918 20399 1927 0 0 0 nginx Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359890] [ 1919] 33 1919 20454 2020 7 0 0 nginx Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359893] [ 1920] 33 1920 20201 1775 5 0 0 nginx Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359896] [ 6544] 33 6544 624267 32944 6 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359898] [ 7293] 33 7293 618265 25932 9 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359901] [ 7381] 33 7381 618555 26851 12 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359904] [ 8280] 33 8280 618008 27712 2 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359906] [ 8737] 33 8737 619699 27793 6 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359909] [ 8908] 33 8908 618037 26037 6 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359912] [ 9093] 33 9093 618471 25848 2 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359914] [ 9479] 33 9479 688805 75927 6 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359917] [ 9503] 33 9503 5636713 4312476 15 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359919] [10392] 33 10392 621196 28967 13 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359922] [10509] 33 10509 618070 26222 0 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359925] [10510] 33 10510 622084 30147 2 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359927] [10540] 33 10540 620672 29171 11 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359930] [10799] 33 10799 670237 78421 4 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359932] [11066] 33 11066 616125 23836 0 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359935] [11250] 33 11250 619613 27729 0 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359937] [11254] 33 11254 619605 27515 0 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359940] [11426] 33 11426 620759 28353 9 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359943] [11428] 33 11428 618500 24942 9 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359945] [11429] 33 11429 832300 131639 12 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359948] [11444] 33 11444 390293 26564 12 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359951] [12119] 33 12119 389579 26295 2 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359953] [12542] 33 12542 390336 27483 11 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359956] [12577] 33 12577 1770706 1177669 2 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359958] [13310] 33 13310 1559195 1166076 11 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359961] [13481] 33 13481 729336 121410 9 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359963] [14074] 33 14074 613987 21729 15 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359966] [14686] 33 14686 405943 20594 6 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359968] [14771] 33 14771 1341333 17036 10 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359971] [14814] 33 14814 375034 16151 2 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359973] [14888] 33 14888 374759 15618 9 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359976] [14917] 33 14917 382071 16366 11 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359979] [14919] 33 14919 373976 14146 2 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359981] [14982] 33 14982 373012 11466 0 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359984] [14983] 33 14983 372940 10379 0 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359986] [14984] 33 14984 374522 12917 14 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359989] [14985] 33 14985 372898 9890 7 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359991] [14986] 33 14986 373733 11996 15 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359994] [14987] 33 14987 373203 12061 2 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359996] [14988] 33 14988 373368 12404 13 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.359999] [14989] 33 14989 372407 8838 9 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.360002] [14990] 33 14990 373491 11722 0 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.360004] [14991] 33 14991 371987 8545 2 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.360007] [14992] 33 14992 372184 9768 12 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.360010] [14993] 33 14993 375221 12528 6 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.360012] [15011] 33 15011 372181 8558 11 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.360015] [15012] 33 15012 374863 13426 9 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.360018] [15013] 33 15013 372497 10278 0 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.360020] [15014] 33 15014 372489 9905 8 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.360023] [15015] 33 15015 373200 11024 0 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.360026] [15017] 33 15017 372621 9203 2 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.360028] [15018] 33 15018 371993 9152 12 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.360031] [15019] 33 15019 374082 10949 0 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.360033] [15020] 33 15020 373137 10112 11 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.360036] [15021] 33 15021 377055 14606 0 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.360038] [15027] 33 15027 372243 9148 9 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.360041] [15028] 33 15028 373802 11787 12 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.360044] [15029] 33 15029 372094 7847 11 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.360046] [15030] 33 15030 372093 7475 2 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.360049] [15031] 33 15031 372606 9650 15 0 0 php5-fpm Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.360071] Out of memory: Kill process 9503 (php5-fpm) score 564 or sacrifice child Jan 31 12:39:01 ip-10-0-0-160 kernel: [78817.363179] Killed process 9503 (php5-fpm) total-vm:22546852kB, anon-rss:17203684kB, file-rss:46220kB
Seems like the issue is with php5-fpm overcommiting the memory for some cases. How do I ensure that such cases, doesn't create HIGH DISK IO / Server Unstable?  |
| WDS Capture Image Failing to Load Posted: 18 Jul 2021 08:05 PM PDT |
| Node.js apps and wordpress on the same vps Posted: 18 Jul 2021 06:02 PM PDT So currently my linode (ubuntu 11.10) serves up three node.js apps for me using connect's vhost middleware listening on port 80. Here is an example of how vhost sets up a domain: var portfolio = require('./bootstrap-portfolio/lib/app.js'); var server = express(); server.use(express.vhost('sencedev.com',portfolio)); server.use(express.vhost('www.sencedev.com',portfolio)); server.listen(80);
However I would now like to add a wordpress installation to my vps as well. In the past for me this has meant a traditional apache installation; however I'm a bit unsure of how node.js + a different webserver (apache or nginx) should interact. Any thoughts on how I should approach hosting wordpress + node.js on the same box?  |
| Not all events appear in Nagios history (archive) Posted: 18 Jul 2021 09:03 PM PDT In the Host & Service history of my check_mk interface I can see various events, but a lot of events are missing. On the default interface at View Alert History For This Service or in the logfiles /var/log/nagios/archives/*.log the same issue: I can see many events of the last days, but not all of them. In the /etc/nagios/nagios.cfg the options log_event_handlers, log_initial_status and log_passive_checks are set to 0. The other log_... options are set to 1. I don't think that any of these options causing the problem that not all events are logged. What could cause this problem?  |
No comments:
Post a Comment