Search Results

Search found 12569 results on 503 pages for 'root plist'.

Page 110/503 | < Previous Page | 106 107 108 109 110 111 112 113 114 115 116 117  | Next Page >

• nginx with ssl: I get a 403 and log "directory index of '...dir...' is forbidden" log message. works fine with unencrypted connection

  - by user72464

  As mentioned in the title, I had nginx working fine with my rails app, until I tried to add the ssl server. The unencrypted connection still works but the ssl always returns me a 403 page with the following line in the error log: directory index of "/home/user/rails/" is forbidden, client: [my ip], server: _, request: "GET / HTTP/1.1", host: "[server ip]" Below my nginx.conf server block: server { listen 80; listen 443 ssl; ssl_certificate /etc/ssl/server.crt; ssl_certificate_key /etc/ssl/server.key; client_max_body_size 4G; keepalive_timeout 5; root /home/user/rails; try_files $uri/index.html $uri.html $uri @app; location @app { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_redirect off; proxy_pass http://0.0.0.0:8080; } error_page 500 502 503 504 /500.html; location = /500.html { root /home/user/rails; } } the /home/user/rails directory and it's parent have all read to all rights. and they belong to the user nginx. the certificate and key file have the following rights: -rw-r--r-- 1 nginx root 830 Nov 8 09:09 server.crt -rw--w---- 1 nginx root 887 Nov 8 09:09 server.key any clue?

  Read the article

• ubuntu 10.04 + php + postfix

  - by mononym

  I have a server I am running: Ubuntu 10.04 php 5.3.5 (fpm) Nginx I have installed postfix, and set it to loopback-only (only need to send) The problem is it is not sending. if i issue (at command line): echo "testing local delivery" | mail -s "test email to localhost" [email protected] I get the email no problem, but through PHP it does not arrive. When I send it via PHP, mail.log shows: Mar 28 10:15:04 host postfix/pickup[32102]: 435EF580D7: uid=0 from=<root> Mar 28 10:15:04 host postfix/cleanup[32229]: 435EF580D7: message-id=<20120328091504.435EF580D7@FQDN> Mar 28 10:15:04 host postfix/qmgr[32103]: 435EF580D7: from=<root@FQDN>, size=1127, nrcpt=1 (queue active) Mar 28 10:15:04 host postfix/local[32230]: 435EF580D7: to=<root@FQDN>, orig_to=<root>, relay=local, delay=3.1, delays=3/0.01/0/0.09, dsn=2.0.0, status=sent (delivered to maildir) Mar 28 10:15:04 host postfix/qmgr[32103]: 435EF580D7: removed any help appreciated, my main.cf file: smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = FQDN alias_maps = hash:/etc/aliasesalias_database = hash:/etc/aliases myorigin = /etc/mailname #myorigin = $mydomain mydestination = FQDN, localhost.FQDN, , localhost relayhost = $mydomain mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = loopback-only virtual_alias_maps = hash:/etc/postfix/virtual home_mailbox = mail/

  Read the article

• Debian x86_64 + Nginx + PHP5-FPM optimization

  - by user55859

  I used to have a VPS (512MB) from Linode and I was running nginx + php5-fpm (which comes with php5.3.3) on Debian Lenny (i686). The total memory usage was about 90-100MB. Now I have another VPS (different hosting company) and I also run nginx + php5-fpm on Debian Lenny (x86_64). The system is 64-bit, so the memory usage is higher now, about 210-230MB, which I think is too much. Here is my php5-fpm.conf: pm = dynamic pm.max_children = 5 pm.start_servers = 2 pm.min_spare_servers = 2 pm.max_spare_servers = 5 pm.max_requests = 300 That's what top command tells me: top - 15:36:58 up 3 days, 16:05, 1 user, load average: 0.00, 0.00, 0.00 Tasks: 209 total, 1 running, 208 sleeping, 0 stopped, 0 zombie Cpu(s): 0.0%us, 0.0%sy, 0.0%ni, 99.9%id, 0.1%wa, 0.0%hi, 0.0%si, 0.0%st Mem: 532288k total, 469628k used, 62660k free, 28760k buffers Swap: 1048568k total, 408k used, 1048160k free, 210060k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 22806 www-data 20 0 178m 67m 31m S 1 13.1 0:05.02 php5-fpm 8980 mysql 20 0 241m 55m 7384 S 0 10.6 2:42.42 mysqld 22807 www-data 20 0 162m 43m 22m S 0 8.3 0:04.84 php5-fpm 22808 www-data 20 0 160m 41m 23m S 0 8.0 0:04.68 php5-fpm 25102 www-data 20 0 151m 30m 21m S 0 5.9 0:00.80 php5-fpm 10849 root 20 0 44100 8352 1808 S 0 1.6 0:03.16 munin-node 22805 root 20 0 145m 4712 1472 S 0 0.9 0:00.16 php5-fpm 21859 root 20 0 66168 3248 2540 S 1 0.6 0:00.02 sshd 21863 root 20 0 66028 3188 2548 S 0 0.6 0:00.06 sshd 3956 www-data 20 0 31756 3052 928 S 0 0.6 0:06.42 nginx 3954 www-data 20 0 31712 3036 928 S 0 0.6 0:06.74 nginx 3951 www-data 20 0 31712 3008 928 S 0 0.6 0:06.42 nginx 3957 www-data 20 0 31688 2992 928 S 0 0.6 0:06.56 nginx 3950 www-data 20 0 31676 2980 928 S 0 0.6 0:06.72 nginx 3955 www-data 20 0 31552 2896 928 S 0 0.5 0:06.56 nginx 3953 www-data 20 0 31552 2888 928 S 0 0.5 0:06.42 nginx 3952 www-data 20 0 31544 2880 928 S 0 0.5 0:06.60 nginx So, the question is there any way to use less memory? Btw, I have 16 cores and it would be nice to make use of them...

  Read the article

• Shell wrong encoding

  - by csch

  Somehow I managed to screw up my shell-encoding. An example: root§server:ç£ cat --help Usage: cat ¡OPTION¿... ¡FILE¿... Concatenate FILE(s), or standard input, to standard output. -A, --show-all equivalent to -vET -b, --number-nonblank number nonempty output lines -e equivalent to -vE -E, --show-ends display $ at end of each line -n, --number number all output lines -s, --squeeze-blank suppress repeated empty output lines -t equivalent to -vT -T, --show-tabs display TAB characters as ^I -u (ignored) -v, --show-nonprinting use ^ and M- notation, except for LFD and TAB --help display this help and exit --version output version information and exit With no FILE, or when FILE is -, read standard input. Examples: cat f - g Output f's contents, then standard input, then g's contents. cat Copy standard input to standard output. Report cat bugs to bug-coreutils§gnu.org GNU coreutils home page: <http://www.gnu.org/software/coreutils/> General help using GNU software: <http://www.gnu.org/gethelp/> For complete documentation, run: info coreutils 'cat invocation' root§server:ç£ It should look like: root@server:~# cat --help Usage: cat [OPTION]... [FILE]... Concatenate FILE(s), or standard input, to standard output. -A, --show-all equivalent to -vET -b, --number-nonblank number nonempty output lines -e equivalent to -vE -E, --show-ends display $ at end of each line -n, --number number all output lines -s, --squeeze-blank suppress repeated empty output lines -t equivalent to -vT -T, --show-tabs display TAB characters as ^I -u (ignored) -v, --show-nonprinting use ^ and M- notation, except for LFD and TAB --help display this help and exit --version output version information and exit With no FILE, or when FILE is -, read standard input. Examples: cat f - g Output f's contents, then standard input, then g's contents. cat Copy standard input to standard output. Report cat bugs to [email protected] GNU coreutils home page: <http://www.gnu.org/software/coreutils/> General help using GNU software: <http://www.gnu.org/gethelp/> For complete documentation, run: info coreutils 'cat invocation' root@server:~# I have no clue what went wrong, do you have any ideas?

  Read the article

• Trouble with nginx and serving from multiple directories under the same domain

  - by Phase

  I have nginx setup to serve from /usr/share/nginx/html, and it does this fine. I also want to add it to serve from /home/user/public_html/map on the same domain. So: my.domain.com would get you the files in /usr/share/nginx/html my.domain.com/map would get you the files in /home/user/public_html/map With the below configuration (/etc/nginx/nginx.conf) it appears to be going to my.domain.com/map/map as noticed by this: 2011/03/12 09:50:26 [error] 2626#0: *254 "/home/user/public_html/map/map/index.html" is forbidden (13: Permission denied), client: <edited ip address>, server: _, request: "GET /map/ HTTP/1.1", host: "<edited>" I've tried a few things but I'm still not able to get it to cooperate, so any help would be greatly appreciated. ####################################################################### # # This is the main Nginx configuration file. # ####################################################################### #---------------------------------------------------------------------- # Main Module - directives that cover basic functionality #---------------------------------------------------------------------- user nginx; worker_processes 1; error_log /var/log/nginx/error.log; pid /var/run/nginx.pid; #---------------------------------------------------------------------- # Events Module #---------------------------------------------------------------------- events { worker_connections 1024; } #---------------------------------------------------------------------- # HTTP Core Module #---------------------------------------------------------------------- http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; keepalive_timeout 65; server { listen 80; server_name _; #access_log logs/host.access.log main; location / { root /usr/share/nginx/html; index index.html index.htm; } location /map { root /home/user/public_html/map; index index.html index.htm; } error_page 404 /404.html; location = /404.html { root /usr/share/nginx/html; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } } include /etc/nginx/conf.d/*.conf; }

  Read the article

• How do I enable additional debugging output from Ansible and Vagrant?

  - by Brian Lyttle

  I'm investigating Ansible for server and application provisioning. My application is currently provisioned with shell scripts in Vagrant. Rather than rewrite my scripts I've taken a sample and attempted to deploy it. It appears to deploy fine, but I've seeing a failure message after what looks like a series of successful steps: » vagrant provision ~/vm/blvagrant 1 ? [default] Running provisioner: ansible... PLAY [web-servers] ************************************************************ GATHERING FACTS *************************************************************** ok: [192.168.9.149] TASK: [install python-software-properties] ************************************ ok: [192.168.9.149] => {"changed": false, "item": ""} TASK: [add nginx ppa if it ubuntu 10.04 and up] ******************************* ok: [192.168.9.149] => {"changed": false, "item": "", "repo": "ppa:nginx/stable", "state": "present"} TASK: [update apt repo] ******************************************************* ok: [192.168.9.149] => {"changed": false, "item": ""} TASK: [install nginx] ********************************************************* ok: [192.168.9.149] => {"changed": false, "item": ""} TASK: [copy fixed init for nginx] ********************************************* ok: [192.168.9.149] => {"changed": false, "gid": 0, "group": "root", "item": "", "mode": "0755", "owner": "root", "path": "/etc/init.d/nginx", "size": 2321, "state": "file", "uid": 0} TASK: [service nginx] ********************************************************* ok: [192.168.9.149] => {"changed": false, "item": "", "name": "nginx", "state": "started"} TASK: [write nginx.conf] ****************************************************** ok: [192.168.9.149] => {"changed": false, "gid": 0, "group": "root", "item": "", "mode": "0644", "owner": "root", "path": "/etc/nginx/nginx.conf", "size": 1067, "state": "file", "uid": 0} PLAY RECAP ******************************************************************** 192.168.9.149 : ok=8 changed=0 unreachable=0 failed=0 Ansible failed to complete successfully. Any error output should be visible above. Please fix these errors and try again. How do I go about getting additional debug information? I've already added ansible.verbose = true to my vagrant config which results in the dictionaries being displayed within the output above.

  Read the article

• Which isn't working on linode servers (Ubuntu 10.04)?

  - by chrisjlee

  Currently trying to configure a linode server running on ubuntu 10.04. I utilized a stackscript (Default drupal profile) which seemed to run successfully. The log indicate so as well. Then ssh'd into the server (as root) to try to configure php. When i run a which php, which php5 they both return nothing. A which python returns something though. I know where the default path to php but i usually just like to use it as confirmation that php exists. Do i have to modify some configurations to enable which to work? Also tab completion doesn't seem to work for when i apt-get install? Update: Thanks for the suggestions guys. I've ran a couple commands and no luck either: [ root@ ~ ] $ dpkg -l |grep php [ root@ ~ ] $ apt-get install php5-cli Reading package lists... Done Building dependency tree Reading state information... Done Package php5-cli is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source E: Package php5-cli has no installation candidate Then i tried installing php and php cli: [ root@ ~ ] $ sudo apt-get install php5 php5-cli sudo: unable to resolve host xxxxxxx Reading package lists... Done Building dependency tree Reading state information... Done Package php5 is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source E: Package php5 has no installation candidate

  Read the article

• Rewrite a url on Nginx

  - by Ido B

  I tried to use this - location / { root /path.to.app/; index index.php index.html; rewrite ^/(.*)$ /check_register.php?key=$1 break; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /path.to.app/$fastcgi_script_name; include fastcgi_params; } And its didn't work , This is my full config - user www-data www-data; worker_processes 4; events { worker_connections 3072; } http { include mime.types; default_type application/octet-stream; access_log off; sendfile on; tcp_nopush on; tcp_nodelay off; keepalive_timeout 15; gzip on; gzip_comp_level 3; gzip_proxied any; gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript; server { listen 80; server_name localhost; location / { root html; index index.html index.htm; } location / { root /path.to.app/; index index.php index.html; rewrite ^/(.*)$ /check_register.php?key=$1 break; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /path.to.app/$fastcgi_script_name; include fastcgi_params; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } include /usr/local/nginx/sites-enabled/*; } How can i make it work?

  Read the article

• Nginx configuration leads to endless redirect loop

  - by brianthecoder

  So I've looked at every sample configuration I could find and yet every time I try and view a page that requires ssl, I end up in an redirect loop. I'm running nginx/0.8.53 and passenger 3.0.2. Here's the ssl config server { listen 443 default ssl; server_name <redacted>.com www.<redacted>.com; root /home/app/<redacted>/public; passenger_enabled on; rails_env production; ssl_certificate /home/app/ssl/<redacted>.com.pem; ssl_certificate_key /home/app/ssl/<redacted>.key; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X_FORWARDED_PROTO https; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Url-Scheme $scheme; proxy_redirect off; proxy_max_temp_file_size 0; location /blog { rewrite ^/blog(/.*)?$ http://blog.<redacted>.com/$1 permanent; } location ~* \.(js|css|jpg|jpeg|gif|png)$ { if (-f $request_filename) { expires max; break; } } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } Here's the non-ssl config server { listen 80; server_name <redacted>.com www.<redacted>.com; root /home/app/<redacted>/public; passenger_enabled on; rails_env production; location /blog { rewrite ^/blog(/.*)?$ http://blog.<redacted>.com/$1 permanent; } location ~* \.(js|css|jpg|jpeg|gif|png)$ { if (-f $request_filename) { expires max; break; } } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } Let me know if there's any additional info I can give to help diagnose the issue.

  Read the article

• Slow manipulation of netfilter rules

  - by Ole Martin Eide

  I have a script maintaining gre tunnels and firewall rules using the "ip" and "iptables" tools. Setting up hundreds of tunnels, and adresses per interface runs just fine. Takes less than 0.1 second per interface, however when I get around to do the firewall rules everything slows down spending 0.5 per insertion. Why is it running so slow? What can I do to improve the speed? It seems like I could try ipset instead, but I really feel there is something wrong with the kernel or something. The interesting thing is that the first 10 rules runs fast, then it slows down.. mybox(root) foo# iptables -V iptables v1.3.5 mybox(root) foo# uname -a Linux foo 2.6.18-164.el5 #1 SMP Tue Aug 18 15:51:48 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux mybox(root) foo# cat test.sh #!/bin/sh for n in {1..100} do /sbin/iptables -A OUTPUT -s ${n} -j ACCEPT /sbin/iptables -D OUTPUT -s ${n} -j ACCEPT done mybox(root) foo# time ./test.sh real 1m38.839s user 0m0.100s sys 1m38.724s Appriciate any help. Cheers!

  Read the article

• Combining AD permissions with FTP

  - by user64204

  We're using Windows Server 2008 with Active Directory controlling access to a network share. We've setup FTP so that people can access that share from outside (we used to use the PPTP VPN but for various reasons we need to switch to FTP). So far here is what we've managed to implement on the FTP: -The network share is used as the FTP root (defined as a UNC) and that is working fine. -AD authentication is working fine (wrong password and you stay out, good password you're in, password management in AD correctly synched with the FTP). -AD permissions are failing: the AD permissions on the content of the FTP root are ignored: it's either a user only has read or write access, but this applies to the whole FTP root, which obviously isn't suitable since that FTP root is initially our network share and files/folders have different AD permissions depending on people's groups... Whether we set the permissions through the share OR the FTP management interface, AD permissions are never enforced. Q1: Is that normal? Q2: If so what solutions exist to combine AD permissions with FTP on MS server 2008? Q3: If not, where should I look to fix the configuration?

  Read the article

• how do I fix a wrong UUID in grub.cfg?

  - by mozerella

  I run Debian Wheezy alone on my PC and I recently copied the root partition to another with rsync as I found that worked well (I also know about dd and ddrescue but they leave unusable space on the new partition). I generated a new random UUID for the new partition with sudo tune2fs -U random /dev/hda9 and also updated fstab / and /home entries. Then as I know so little about GRUB I used a gui (GRUB Customizer) to probe for the new OS and add an entry to GRUB and the MBR -it makes an /etc/grub.d entry then updates GRUB. On startup, the GRUB list contains the new OS (on sda9) but it boots the first OS (which I copied from -sda5). /boot/grub/grub.cfg contains the new debian OS but it looks like this set root='(hd0,msdos9)' search --no-floppy --fs-uuid --set=root 64662470-0e58-4dfd-90ac-43227d773556 linux /boot/vmlinuz-3.2.0-2-amd64 root=UUID=cc3bca0d-aee4-4b9c-95c2-57212cc36d4d ro quiet initrd /boot/initrd.img-3.2.0-2-amd64 the 1st uuid is of sda9, but the 2nd uuid there is of sda5. I can change the 2nd uuid at startup (with E) and it boots sda9. So how can I get grub.cfg corrected so that the sda9 GRUB list entry boots from sda9 permanently?

  Read the article

• Installing sphinx on a web hosting server

  - by fiftyeight

  I want to install sphinx search on a web-hosting server. I'm on a Linux VPS with hostgator, but I never actually installed anything on a remote server so this will be a first time for me. If there's anyone here who installed sphinx it's really help me I had some problems when using sphinx on my PC with the permissions and the MySQL files, eventually I got it working on my PC. Anyway, I'd me really grateful if anyone can help me with some questions Do i need root access to install sphinx? I have root access to the server but I'd connect to it as a normal user since doing stuff as root is always less secure. can anyone tell me by what user I need to execute the indexer and the search daemon? Should I use root access in order to this? when I did it as a normal user on my PC it gave me some trouble with the PID file and the log files. last time I executed the search deamon I executed it as a normal user and it gave me some trouble, I created the folder /var/log/ for log files and did chmod 777 on it, but still when I executed the search daemon it created the PID file "searchd.pid" file but with no permissions for some reason, any idea why? Thanx in advance. fiftyeight

  Read the article

• SSD suddenly full

  - by Daniel

  Today the hard drive of our server was suddenly full. The disk usage always stayed around 50 % in the weeks and months before (old data is regularly expunged from the server). I deleted 10 GB of files in /tmp, which strangely freed 51 GB. Here is what I did: root@***:~# df -h Dateisystem Size Used Avail Use% Eingehängt auf /dev/sda3 139G 137G 0 100% / tmpfs 3,9G 0 3,9G 0% /lib/init/rw udev 3,9G 116K 3,9G 1% /dev tmpfs 3,9G 0 3,9G 0% /dev/shm /dev/sda1 985M 25M 910M 3% /boot root@***:/var# du -hs * 3,3M backups 438M cache 9,4G lib 4,0K local 12K lock 76M log 24K mail 4,0K opt 88K run 184K spool 10G tmp 12K www root@***:/var/tmp# find -type f -print0 | xargs -0 rm root@***:/var/tmp# df -h Dateisystem Size Used Avail Use% Eingehängt auf /dev/sda3 139G 81G 51G 62% / tmpfs 3,9G 0 3,9G 0% /lib/init/rw udev 3,9G 116K 3,9G 1% /dev tmpfs 3,9G 0 3,9G 0% /dev/shm /dev/sda1 985M 25M 910M 3% /boot Any explanation as to why deleting 10 GB in /tmp gave me back 51 GB on the disk? Could this point to an SSD failure? Are there any tools for Debian to test SSD health? I already have checked syslog. The first entry relating to this incidient is a mysql message: 1:22:02 [ERROR] /usr/sbin/mysqld: Disk is full writing... So I have absolutely no idea what caused this.

  Read the article

• Linux security: The dangers of executing malignant code as a standard user

  - by AndreasT

  Slipping some (non-root) user a piece of malignant code that he or she executes might be considered as one of the highest security breaches possible. (The only higher I can see is actually accessing the root user) What can an attacker effectively do when he/she gets a standard, (let's say a normal Ubuntu user) to execute code? Where would an attacker go from there? What would that piece of code do? Let's say that the user is not stupid enough to be lured into entering the root/sudo password into a form/program she doesn't know. Only software from trusted sources is installed. The way I see it there is not really much one could do, is there? Addition: I partially ask this because I am thinking of granting some people shell (non-root) access to my server. They should be able to have normal access to programs. I want them to be able to compile programs with gcc. So there will definitely be arbitrary code run in user-space...

  Read the article

• Nginx configuration leads to endless redirect loop

  - by brianthecoder

  So I've looked at every sample configuration I could find and yet every time I try and view a page that requires ssl, I end up in an redirect loop. I'm running nginx/0.8.53 and passenger 3.0.2. Here's the ssl config server { listen 443 default ssl; server_name <redacted>.com www.<redacted>.com; root /home/app/<redacted>/public; passenger_enabled on; rails_env production; ssl_certificate /home/app/ssl/<redacted>.com.pem; ssl_certificate_key /home/app/ssl/<redacted>.key; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X_FORWARDED_PROTO https; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Url-Scheme $scheme; proxy_redirect off; proxy_max_temp_file_size 0; location /blog { rewrite ^/blog(/.*)?$ http://blog.<redacted>.com/$1 permanent; } location ~* \.(js|css|jpg|jpeg|gif|png)$ { if (-f $request_filename) { expires max; break; } } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } Here's the non-ssl config server { listen 80; server_name <redacted>.com www.<redacted>.com; root /home/app/<redacted>/public; passenger_enabled on; rails_env production; location /blog { rewrite ^/blog(/.*)?$ http://blog.<redacted>.com/$1 permanent; } location ~* \.(js|css|jpg|jpeg|gif|png)$ { if (-f $request_filename) { expires max; break; } } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } Let me know if there's any additional info I can give to help diagnose the issue.

  Read the article

• Size of modules within initrd

  - by LiKao

  I am currently trying to manually replace the kernel within ubuntu-core on an embedded device with a custom kernel. However when I try to update the initrd my initrd becomes much bigger. Here is what I did: Extract the initrd that was shipped with ubuntu Make a list of all modules within the old initrd get the same modules from the new module director at /lib/modules/new_kernel_version add these modules to the initrd and remove the old ones If I do this my initrd becomes quite bigger than the original one, so I checked the individual modules. I picked the btrfs.ko filesystem driver as an example. So by comparing these two modules I noticed the one I just picked into the initrd was much bigger, which caused the difference in size. -rw-r--r-- 1 root root 999K Nov 14 15:06 btrfs.ko For the btrfs.ko within the shipped initrd. -rw-r--r-- 1 root root 7.2M Nov 14 15:08 btrfs.ko For the new btrfs.ko. What is different between these two modules? Could this be caused by some faulty setting for the new kernel? When producing the kernel I copied /proc/config.gz and used make oldconfig to update it, so all optimisations should be the same for both kernels. Or is there something else which is being done to the modules before they are put into the initrd? Maybe is there even some better way to build a new initrd for the new kernel in ubuntu altogether. Update: I just also tested with an initrd which I created from scratch using the mkinitrfs command within ubuntu, and it has the same size difference that I found for the initrd I manually updated.

  Read the article

• LDAP groups not applying to filesystem permissions

  - by BeepDog

  System is ArchLinux, and I'm using nss-pam-ldapd (0.8.13-4) to connect myself to ldap. I've got my users and some groups in LDAP: [root@kain tmp]# getent group <localgroups snipped> dkowis:*:10000: mp3s:*:15000:rkowis,dkowis music:*:15002:rkowis,dkowis video:*:15003:transmission,rkowis,dkowis,sickbeard software:*:15004:rkowis,dkowis pictures:*:15005:rkowis,dkowis budget:*:15006:rkowis,dkowis rkowis:*:10001: And I have some directories that are setgid video so that the video group stays, and they're configured g=rwx so that members of the video group can write to them: [root@kain video]# ls -ld /srv/video drwxrwxr-x 8 root video 208 Oct 19 20:49 /srv/video However, members of that group, say dkowis cannot write into that directory: [root@kain video]# groups dkowis mp3s music video software pictures dkowis Total number of groups that dkowis is in is like 7, I redacted a few here. [dkowis@kain wat]$ cd /srv/video [dkowis@kain video]$ touch something touch: cannot touch 'something': Permission denied [dkowis@kain video]$ groups dkowis mp3s music video software pictures I'm at a loss as to why my groups show up in getent groups, but my filesystem permissions are not being respected. I've tried making a new directory in /tmp and setting it's group permissions to rwx, and then trying to write a file in there, it doesn't work. The only time it does work is if I open it wide up allowing o=rwx. That's obviously not what I want, and I'm not able to figure out what my missing piece is. Thanks in advance.

  Read the article

• Can sendmail be configured to discard routed email that has been rejected by the next hop?

  - by Guy Bolton King

  Background: We have a handful of hosts (running sendmail) acting as the MXs for a few domains each. Each domain is handled via the sendmail/cf /etc/mail/virtusertable, with a set of known recipients and a catch-all reject rule. Mail to postmaster on each host is aliased to root, and root is aliased to root+<host>@ourdomain.com. The MX for ourdomain.com is Google Apps, and [email protected] is a simple group that forwards to the admins. Google Apps will reject some emails at the SMTP stage, usually because of illegal attachments (instead of accepting them and filing them as spam). Problem: Given a particular spam email sent to a domain in a virtusertable entry: If the recipient address rejects the mail, then sendmail will try and send a DSN to the sender. If that sender also rejects the mail (because it's a falsified sender, and the MX for the sender rejects the mail as spam), then sendmail sends a DSN to the postmaster. The routing detailed above takes place, and...Google Apps rejects the mail as well. sendmail now gives up with a "savemail panic", and leaves the mail in the queue forever. Our mail queue fills up with garbage Is there any way I can get sendmail to discard messages that have been rejected by the next virtusertable hop (i.e. after step 1 in the Problem description)? Or does anyone have any other solutions to this?

  Read the article

• OpenVPN bridge network from routed clients

  - by gphilip

  I have the following setup: subnet 1 - 10.0.1.0/24 with a machine used as NAT and also running an OpenVPN client subnet 2 - 192.168.1/24 with an OpenVPN server (the server in subnet 1 connect here) subnet 3 - 10.0.2.0/24 that uses the NAT machine (subnet 1) to access the internet, so all non-local traffic is routed there to the eth0 interface The OpenVPN client creates the tun0 interface and appropriate routing so that I can access machines from 192.168.1/24 [root@ip-10-0-1-208 ~]# telnet 192.168.1.186 8081 Trying 192.168.1.186... Connected to 192.168.1.186. Escape character is '^]'. [root@ip-10-0-1-208 ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.1.1 0.0.0.0 UG 0 0 0 eth0 10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.8.0.1 10.8.0.5 255.255.255.255 UGH 0 0 0 tun0 10.8.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 169.254.169.254 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 192.168.0.0 10.8.0.5 255.255.0.0 UG 0 0 0 tun0 However, when I try the same from subnet 3, it can't reach that machine. [root@ip-10-0-2-61 ~]# telnet 192.168.1.186 8081 Trying 192.168.1.186... I suspect that it's because subnet 3 is routed to eth0 on the NAT machine in subnet 1 and it cannot jump to tun0. What's the easiest way to resolve it? I don't want to use iptables. I can't change the routing from machines in subnet 1 because it's done in AWS and so it works only with specific interfaces. Also, the NAT machine gets its IP with DHCP and so bridging is a bit complicated. IP forwarding is set on the NAT machine [root@ip-10-0-1-208 ~]# cat /proc/sys/net/ipv4/ip_forward 1 Thank you!

  Read the article

• Set primary group of file or directory on Samba share from Windows

  - by Hubert Kario

  Short version: I have such situation on a Samba share: $ ls -lha total 12K drwxr-xr-x 3 hka Domain Users 4.0K Jan 11 17:07 . drwxrwxrwt 19 root root 4.0K Jan 11 17:06 .. drwxr-xr-x 2 hka Domain Users 4.0K Jan 11 17:07 dir A -rw-r--r-- 1 hka Domain Users 0 Jan 11 17:07 file A How am I able to change this to following using only Windows SMB/CIFS client (using 3rd party applications is OK) $ ls -lha total 12K drwxr-xr-x 3 hka Domain Users 4.0K Jan 11 17:07 . drwxrwxrwt 19 root root 4.0K Jan 11 17:06 .. drwxr-xr-x 2 hka ntpoweruser 4.0K Jan 11 17:07 dir A -rw-r--r-- 1 hka ntpoweruser 0 Jan 11 17:07 file A Rationale and background info I'm using POSIX ACLs on Samba shares. Together with acl group control for Samba, it allows me to delegate management of permissions to different users based on group membership. Thing is, when I create a new file on a Samba share, I'm unable to set its primary group (the one that grants permission to change its permissions). It's being set to my primary group (Domain Users) or group set using force group option in smb.conf share definition. Removing all groups in windows except the one I want to become the new primary group doesn't work. I can change it using chgrp group folder/ as regular user though shell, but it's suboptimal (not all users are *nix users). Trying to set new owner to group from Windows file permission window makes the Samba to return permission denied with following log entry: [2012/01/05 21:13:03.349734, 3] smbd/nttrans.c:1899(call_nt_transact_set_security_desc) call_nt_transact_set_security_desc: file = projects/project A/New folder, sent 0x1 [2012/01/05 21:13:03.349774, 3] smbd/posix_acls.c:1208(unpack_nt_owners) unpack_nt_owners: unable to validate owner sid for S-1-5-21-4526631811-884521863-452487935-11025 [2012/01/05 21:13:03.349804, 3] smbd/error.c:80(error_packet_set) error packet at smbd/nttrans.c(1909) cmd=160 (SMBnttrans) NT_STATUS_INVALID_OWNER The SID is correct and belongs to group I specified in GUI.

  Read the article

• Update Grub on Squeeze - Kernel downgrade due VMware Server

  - by vodoo_boot

  I happen to run into various problems regarding grub and kernels. I don't really care about the kernel internas. All I want is VMware server in that dedicated root-server. 1.) What is a bzImage vs. vmlinuz? kaze:~# ls /boot/ System.map-2.6.32-5-amd64 bzImage-2.6.33.2 config-2.6.33.2 initrd.img-2.6.32-5-amd64 System.map-2.6.33.2 bzImage-2.6.35.6 config-2.6.35.6 vmlinuz-2.6.32-5-amd64 System.map-2.6.35.6 config-2.6.32-5-amd64 grub I updated my menu.lst (grub2): timeout 5 default 0 fallback 1 title 2.6.32.5 kernel (hd0,1)/boot/vmlinuz-2.6.32-5-amd64 root=/dev/sda2 panic=60 noapic acpi=off title 2.6.35.6 kernel (hd0,1)/boot//bzImage-2.6.35.6 root=/dev/sda2 panic=60 noapic acpi=off title 2.6.32.3 kernel (hd0,1)/boot//bzImage-2.6.33.2 root=/dev/sda2 panic=60 noapic acpi=off That doesn't do well... I think the vmlinuz file is missing initrd or so. Dunno. In fact I don't give too much about kernel boot voodoo as long as it works. update-grub(2) does not work. Does anybody know what magical trick there is to get the 2.6.32-5 booting? 2.) I thought t follow the Deban wiki.. I cannot get header-files for the installed 35.6 or 33.2 kernel in the repositories. I cannot build foreign headers because they will not match the running kernel. So how does one deal with that situtation? I'd prefer not to have to downgrade the kernel. Thanks for any answers!

  Read the article

• Debian grub2 update removed Windows boot option.

  - by Wrikken

  Since I updated grub to grub 2 I no longer get the option to boot to Windows (which is unfortunately sometimes necessary for proprietary MSIE browser plugins I need to use for work). Relevant /boot/grub/menu.lst portion: ### END DEBIAN AUTOMAGIC KERNELS LIST # This is a divider, added to separate the menu items below from the Debian # ones. title Other operating systems: root # This entry automatically added by the Debian installer for a non-linux OS # on /dev/hda1 title Windows NT/2000/XP root (hd0,0) savedefault makeactive chainloader +1 This however does not appear anymore. I do have some entries in /boot/grub/grub.cfg with entries like these: menuentry 'Debian GNU/Linux, with Linux 2.6.32-5-amd64' --class debian --class gnu-linux --class gnu --class os { insmod part_msdos insmod ext2 set root='(hd1,msdos1)' search --no-floppy --fs-uuid --set e638c434-4884-412f-a141-2c194f881fae echo 'Loading Linux 2.6.32-5-amd64 ...' linux /boot/vmlinuz-2.6.32-5-amd64 root=UUID=e638c434-4884-412f-a141-2c194f881fae ro quiet echo 'Loading initial ramdisk ...' initrd /boot/initrd.img-2.6.32-5-amd64 } Do I have to alter that file? If so, what is the correct syntax for a Windows boot? If not, what could be the problem?

  Read the article

• allow spoofing when using tun

  - by Johnny

  I have a working openvpn setup with a server and a number of clients. How would i go around allowing IP spoofing through the openvpn server? (to demonstrate security concepts)? A normal ping from client to server goes through all right: root@client: hping3 10.8.0.1 HPING 10.8.0.1 (tun0 10.8.0.1): NO FLAGS are set, 40 headers + 0 data bytes len=40 ip=10.8.0.1 ttl=64 DF id=0 sport=0 flags=RA seq=0 win=0 rtt=124.7 ms root@server:/etc/openvpn# tcpdump -n -i tun0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on tun0, link-type RAW (Raw IP), capture size 65535 bytes 10:17:51.734167 IP 10.8.0.6.2146 > 10.8.0.1.0: Flags [], win 512, length 0 But when spoofing a packet, it does not arrive at the openvpn server: root@client: hping3 -a 10.0.8.120 10.8.0.1 HPING 10.8.0.1 (tun0 10.8.0.1): NO FLAGS are set, 40 headers + 0 data bytes root@server:/etc/openvpn# tcpdump -n -i tun0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on tun0, link-type RAW (Raw IP), capture size 65535 bytes My current config files server.conf local X.Y.Z.P port 80 proto tcp dev tun ca ca.crt cert server.crt key server.key # This file should be kept secret dh dh1024.pem server 10.8.0.0 255.255.255.0 push "redirect-gateway def1 bypass-dhcp" keepalive 10 120 comp-lzo persist-key persist-tun persist-local-ip status openvpn-status.log verb 3 client.conf client dev tun proto tcp remote MYHOST..amazonaws.com 80 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client.crt key client.key ns-cert-type server comp-lzo verb 3

  Read the article

• apache segmentation error

  - by lush

  I can't start Apache with the following errors: [root@web]# /etc/init.d/httpd start Starting httpd: /bin/bash: line 1: 19232 Segmentation fault /usr/sbin/httpd [root@web]# /usr/sbin/apachectl -k start /usr/sbin/apachectl: line 102: 19919 Segmentation fault $HTTPD $OPTIONS $ARGV I use webmin control panel and I've already tried re-installing Apache from scratch. Can someone advise what else I should try to do? Many thanks. UPDATE: The only line is always written in the error logs which seems not to be very important: [Mon Nov 14 19:00:09 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) UPDATE 2: I've recently had the error below in the logs. Looks like some modules are incompatible, so I've just disabled these extensions: fileinfo and mcrypt in my php.ini. I should be able to start the web server without them. PHP Warning: PHP Startup: fileinfo: Unable to initialize module\nModule compiled with module API=20050922, debug=0, thread-safety=0\nPHP compiled with module API=20060613, debug=0, thread-safety=0\nThese options need to match\n in Unknown on line 0 PHP Warning: Module 'mcrypt' already loaded in Unknown on line 0 UPDATE 3: [root@web]# file /usr/sbin/httpd /usr/sbin/httpd: ELF 64-bit LSB shared object, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.6.9, stripped [root@web]# uname -m x86_64

  Read the article

< Previous Page | 106 107 108 109 110 111 112 113 114 115 116 117  | Next Page >