Search Results

Search found 18092 results on 724 pages for 'matt long'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 676/724 | < Previous Page | 672 673 674 675 676 677 678 679 680 681 682 683  | Next Page >

  • Joining the same model twice in a clean way, but making the code reusable

    - by Shako
    I have a model Painting which has a Paintingtitle in each language and a Paintingdescription in each language: class Painting < ActiveRecord::Base has_many :paintingtitles, :dependent => :destroy has_many :paintingdescriptions, :dependent => :destroy end class Paintingtitle < ActiveRecord::Base belongs_to :painting belongs_to :language end class Paintingdescription < ActiveRecord::Base belongs_to :painting belongs_to :language end class Language < ActiveRecord::Base has_many :paintingtitles, :dependent => :nullify has_many :paintingdescriptions, :dependent => :nullify has_many :paintings, :through => :paintingtitles end As you might notice, I reference the Language model from my Painting model via both the Paintingtitle model and Paintingdescription model. This works for me when getting a list of paintings with their title and description in a specific language: cond = {"paintingdescription_languages.code" => language_code, "paintingtitle_languages.code" => language_code} cond['paintings.publish'] = 1 unless admin paginate( :all, :select => ["paintings.id, paintings.publish, paintings.photo_file_name, paintingtitles.title, paintingdescriptions.description"], :joins => " INNER JOIN paintingdescriptions ON (paintings.id = paintingdescriptions.painting_id) INNER JOIN paintingtitles ON (paintings.id = paintingtitles.painting_id) INNER JOIN languages paintingdescription_languages ON (paintingdescription_languages.id = paintingdescriptions.language_id) INNER JOIN languages paintingtitle_languages ON (paintingtitle_languages.id = paintingtitles.language_id) ", :conditions => cond, :page => page, :per_page => APP_CONFIG['per_page'], :order => "id DESC" ) Now I wonder if this is a correct way of doing this. I need to fetch paintings with their title and description in different functions, but I don't want to specify this long join statement each time. Is there a cleaner way, for instance making use of the has_many through? e.g. has_many :paintingdescription_languages, :through => :paintingdescriptions, :source => :language has_many :paintingtitle_languages, :through => :paintingtitles, :source => :language But if I implement above 2 lines together with the following ones, then only paintingtitles are filtered by language, and not the paintingdescriptions: cond = {"languages.code" => language_code} cond['paintings.publish'] = 1 unless admin paginate( :all, :select => ["paintings.id, paintings.publish, paintings.photo_file_name, paintingtitles.title, paintingdescriptions.description"], :joins => [:paintingdescription_languages, :paintingtitle_languages], :conditions => cond, :page => page, :per_page => APP_CONFIG['per_page'], :order => "id DESC" )

    Read the article

  • How to avoid my script to freeze

    - by jemz
    I have socket server script that continuously running listening for the GPS device that runs in PHP CLI,my problem is that my socket will freeze if it executes long time,how do I prevent this so that my script will not freeze.I have no idea on this socket.this is the first time that I use socket connection. I appreciate someone can help my problem. <?php error_reporting(-1); ini_set('display_errors', 1); set_time_limit (0); $address_server = 'xxx.xxx.xx.xx'; $port_server = xxxx; $isTrue = true; socketfunction($address_server,$port_server,$isTrue); function socketfunction($address,$port,$done){ $sock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP); socket_set_option($sock, SOL_SOCKET, SO_REUSEADDR, 1); socket_bind($sock, $address, $port); socket_listen($sock); $clients = array($sock); while ($done ) { $file = fopen('txt.log','a'); $read = $clients; $write = NULL; $except = NULL; $tv_sec = 0; if (socket_select($read, $write , $except, $tv_sec) < 1){ continue; } // checking client if (in_array($sock, $read)) { $clients[] = $newsock = socket_accept($sock); $key = array_search($sock, $read); unset($read[$key]); } //handle client for reading foreach ($read as $read_sock) { $data = @socket_read($read_sock, 1024, PHP_NORMAL_READ); if ($data === false) { $key = array_search($read_sock, $clients); unset($clients[$key]); echo "client disconnected.\n"; echo "Remaining ".(count($clients) - 1)."client(s) connected\r\n"; continue; } $data = trim($data); if (!empty($data)) { echo("Returning stripped input\n"); fwrite($file,$data."\n"); } } // end of reading foreach fclose($file); }//end while socket_close($sock); } ?> Thank you in advance.

    Read the article

  • Need advice about pointers and time elapsed program. How to fix invalid operands and cannot convert errors?

    - by user1781382
    I am trying to write a program that tells the difference between the two times the user inputs. I am not sure how to go about this. I get the errors : Line 27|error: invalid operands of types 'int' and 'const MyTime*' to binary 'operator-'| Line |39|error: cannot convert 'MyTime' to 'const MyTime*' for argument '1' to 'int DetermineElapsedTime(const MyTime*, const MyTime*)'| I also need a lot of help in this problem. I don't have a good curriculum, and my class textbook is like cliffnotes for programming. This will be my last class at this university. The C++ teztbook I use(my own not for class) is Sam's C++ One hour a day. #include <iostream> #include<cstdlib> #include<cstring> using namespace std; struct MyTime { int hours, minutes, seconds; }; int DetermineElapsedTime(const MyTime *t1, const MyTime *t2); long t1, t2; int DetermineElapsedTime(const MyTime *t1, const MyTime *t2) { return((int)t2-t1); } int main(void) { char delim1, delim2; MyTime tm, tm2; cout << "Input two formats for the time. Separate each with a space. Ex: hr:min:sec\n"; cin >> tm.hours >> delim1 >> tm.minutes >> delim2 >> tm.seconds; cin >> tm2.hours >> delim1 >> tm2.minutes >> delim2 >> tm2.seconds; DetermineElapsedTime(tm, tm2); return 0; } I have to fix the errors first. Anyone have any ideas??

    Read the article

  • Chrome is creating duplicate sessions with the same id

    - by dlwiest
    I encountered an issue while I was revising my session library today, and this might be the first time I've ever seen a browser-specific problem on a back end script. I hope somebody can shed some light. Basically how the session library works is: when instantiated, it checks for a cookie called 'id' (in the form of a uniqid result) on the client machine. If a cookie is found, the script checks that and a hashed copy of the user agent string against entries in a session table. If a matching entry is found, the script resumes the session. If no cookie named 'id' is found, or if no matching entry exists in the sessions table, the script creates both. Fairly standard, I think. Now here's the weird part: in Firefox, everything works as predicted. The user gets one session, which he'll always resume upon connection, as long as 24 hours of inactivity has not elapsed. But when I visit the page in Chrome, even though it looks the same and appears to be executing queries in the same order, I see two entries in the session table. The sessions share an agent string, but the ids are different, and timestamp logs indicate that the ghost session is being created shortly (within a second) after the one created for the user. For debugging purposes, I've been printing queries to the screen as they're executed, and this is an example of what I'm seeing when Chrome should be opening one session and is somehow opening two instead: // Attempting to resume a session SELECT id FROM sessions WHERE id = '4fd24a5cd8df12.62439982' AND agent = '9bcd5c6aac911f8bcd938a9563bc4eca' // No result, so it creates a new one INSERT INTO sessions (id, agent, start, last) VALUES ('4fd24ef0347f26.72354606', '9bcd5c6aac911f8bcd938a9563bc4eca', '1339182832', '1339182832') // Clear old sessions DELETE FROM sessions WHERE last < 1339096432 And here's what I'm seeing in the database afterward: id, agent, start, last 4fd24ef0347f26.72354606, 9bcd5c6aac911f8bcd938a9563bc4eca, 1339182832, 1339182832 4fd24ef0857f94.72251285, 9bcd5c6aac911f8bcd938a9563bc4eca, 1339182833, 1339182833 Am I missing something obvious? The only thing I can think of is that Chrome might be creating a hidden session in the background, possibly to crawl the page. If that's the case though, it could become a problem later, when I begin associating active sessions with entries in the users table. I've been looking for possible bugs in my script, but I haven't found anything so far, and everything works as expected in Firefox.

    Read the article

  • Java Sorting "queue" list based on DateTime and Z Position (part of school project)

    - by Kuchinawa
    For a school project i have a list of 50k containers that arrive on a boat. These containers need to be sorted in a list in such a way that the earliest departure DateTimes are at the top and the containers above those above them. This list then gets used for a crane that picks them up in order. I started out with 2 Collection.sort() methods: 1st one to get them in the right XYZ order Collections.sort(containers, new Comparator<ContainerData>() { @Override public int compare(ContainerData contData1, ContainerData contData2) { return positionSort(contData1.getLocation(),contData2.getLocation()); } }); Then another one to reorder the dates while keeping the position in mind: Collections.sort(containers, new Comparator<ContainerData>() { @Override public int compare(ContainerData contData1, ContainerData contData2) { int c = contData1.getLeaveDateTimeFrom().compareTo(contData2.getLeaveDateTimeFrom()); int p = positionSort2(contData1.getLocation(), contData2.getLocation()); if(p != 0) c = p; return c; } }); But i never got this method to work.. What i got working now is rather quick and dirty and takes a long time to process (50seconds for all 50k): First a sort on DateTime: Collections.sort(containers, new Comparator<ContainerData>() { @Override public int compare(ContainerData contData1, ContainerData contData2) { return contData1.getLeaveDateTimeFrom().compareTo(contData2.getLeaveDateTimeFrom()); } }); Then a correction function that bumps top containers up: containers = stackCorrection(containers); private static List<ContainerData> stackCorrection(List<ContainerData> sortedContainerList) { for(int i = 0; i < sortedContainerList.size(); i++) { ContainerData current = sortedContainerList.get(i); // 5 = Max Stack (0 index) if(current.getLocation().getZ() < 5) { //Loop through possible containers above current for(int j = 5; j > current.getLocation().getZ(); --j) { //Search for container above for(int k = i + 1; k < sortedContainerList.size(); ++k) if(sortedContainerList.get(k).getLocation().getX() == current.getLocation().getX()) { if(sortedContainerList.get(k).getLocation().getY() == current.getLocation().getY()) { if(sortedContainerList.get(k).getLocation().getZ() == j) { //Found -> move container above current sortedContainerList.add(i, sortedContainerList.remove(k)); k = sortedContainerList.size(); i++; } } } } } } return sortedContainerList; } I would like to implement this in a better/faster way. So any hints are appreciated. :)

    Read the article

  • MEF C# Service - DLL Updating

    - by connerb
    Currently, I have a C# service that runs off of many .dll's and has modules/plugins that it imports at startup. I would like to create an update system that basically stops the service, deletes any files it is told to delete (old versions), downloads new versions from a server, and starts the service. I believe I have coded this right except for the delete part, because as long as I am not overwriting anything, the file will download. If I try to overwrite something, it won't work, which is why I am trying to delete it before hand. However, when I do File.Delete() to the path that I want to do, it gives me access to the path is denied. Here is my code: new Thread(new ThreadStart(() => { ServiceController controller = new ServiceController("client"); controller.Stop(); controller.WaitForStatus(ServiceControllerStatus.Stopped); try { if (um.FilesUpdated != null) { foreach (FilesUpdated file in um.FilesUpdated) { if (file.OldFile != null) { File.Delete(Path.Combine(Utility.AssemblyDirectory, file.OldFile)); } if (file.NewFile != null) { wc.DownloadFile(cs.UpdateUrl + "/updates/client/" + file.NewFile, Path.Combine(Utility.AssemblyDirectory, file.NewFile)); } } } if (um.ModulesUpdated != null) { foreach (ModulesUpdated module in um.ModulesUpdated) { if (module.OldModule != null) { File.Delete(Path.Combine(cs.ModulePath, module.OldModule)); } if (module.NewModule != null) { wc.DownloadFile(cs.UpdateUrl + "/updates/client/modules/" + module.NewModule, Path.Combine(cs.ModulePath, module.NewModule)); } } } } catch (Exception ex) { Logger.log(ex); } controller.Start(); })).Start(); I believe it is because the files are in use, but I can't seem to unload them. I though stopping the service would work, but apparently not. I have also checked the files and they are not read-only (but the folder is, which is located in Program Files, however I couldn't seem to get it to not be read-only programmatically or manually). The service is also being run as an administrator (NT AUTHORITY\SYSTEM). I've read about unloading the AppDomain but AppDomain.Unload(AppDomain.CurrentDomain); returned an exception as well. Not too sure even if this is a problem with MEF or my program just not having the correct permissions...I would assume that it's mainly because the file is in use.

    Read the article

  • Function to get the font and calculate the width of the string not working on first instance

    - by user3627265
    I'm trying to calculate the width of the string based on the font style and size. The user will provide the string, the font style and the font size, and then after giving all the data the user will hit the submit button and the function will trigger. Basically this script works but only when the submit button is hit twice or the font is selected twice,. I mean if you selec DNBlock as a font, it will not work for first time, but the second time you hit submit, it will then work. I'm not sure where is the problem here, but when I used the default font style like Arial, times new roman etc it works perfectly fine. Any Idea on this? I suspected that the font style is not being rendered by the script or something. Correct me if I'm wrong. Thanks //Repeat String String.prototype.repeat = function( num ) { return new Array( num + 1 ).join( this ); } //Calculate the width of string String.prototype.textWidth = function() { var fntStyle = document.getElementById("fntStyle").value; if(fntStyle == "1") { var fs = "DNBlock"; } else if(fntStyle == "2") { var fs = "DNBlockDotted"; } else if(fntStyle == "3") { var fs = "DNCursiveClassic"; } else if(fntStyle == "4") { var fs = "DNCursiveDotted"; } else if(fntStyle == "5") { var fs = "FoundationCursiveDots-Regul"; } var f = document.getElementById("fntSize").value.concat('px ', fs), o = $('<div>' + this + '</div>') .css({'position': 'absolute', 'float': 'left', 'white-space': 'nowrap', 'visibility': 'hidden', 'font': f}) .appendTo($('body')), w = o.width(); o.remove(); return w; } //Trigger the event $("#handwriting_gen").submit(function () { var rptNO = parseInt($('#rptNO').val()); $("[name='txtLine[]']").each(function(){ alert(this.value.repeat(rptNO).textWidth()); if(this.value.repeat(rptNO).textWidth() > 1000) { $(this).focus(); $(this).css({"background-color":"#f6d9d4"}).siblings('span.errorMsg').text('Text is too long.'); event.preventDefault(); } }); });

    Read the article

  • jQuery.post not working when using data type json

    - by swift
    I have been trying to utilize json in this jQuery.post because I need to return two values from my executed php. The code was working when I was not implementing json. I need to see if a promo code entered is valid for a particular broker. The two variables I need back are the instant message whether or not it's valid (this is displayed to the user) and I need to update a hidden field that will be used later while updating the database. The jQuery.post does not seem to be firing at all, but the code directly above it (the ajax-loader.gif) is working. I did re-write the whole thing at one point using jQuery.ajax, and had issues there too. Granted, I have probably been looking at this too long and have tried to re-write too many times, but any help is greatly appreciated!! Here's the jQuery.post <!-- Below Script is for Checking Promo Code Against Database--> <script type="text/javascript"> jQuery(document).ready(function() { jQuery("#promocode").keyup(function (e) { //removes spaces from PromoCode jQuery(this).val(jQuery(this).val().replace(/\s/g, '')); var promocode = jQuery(this).val(); var brokerdealerid = document.getElementById("BrokerDealerId").value; if(promocode.length > 0 ){ jQuery("#promo-result").html('<img src="../imgs/ajax-loader.gif" />'); jQuery.post( '../check_promocode.php', {promocode:promocode, brokerdealerid:brokerdealerid}, function(data) { $("#promo-result").html(data.promoresult); $("#promo-result-valid").html(data.promovalid); }, "json"); } }); }); </script> <!-- End Script is for Checking Promo Code Against Database--> Here's relevant code from check_promocode.php: //sanitize incoming parameters if (isset($_POST['brokerdealerid'])) $brokerdealerid = sanitizeMySQL($_POST['brokerdealerid']); $promocode = sanitizeMySQL($promocode); //check promocode in db $results = mysql_query("SELECT PromotionCodeIdentifier FROM PromotionCode WHERE PromotionCodeIdentifier='$promocode' AND BrokerDealerId='$brokerdealerid' AND PromotionCodStrtDte <= CURDATE() AND PromotionCodExpDte >= CURDATE()"); //return total count $PromoCode_exist = mysql_num_rows($results); //total records //if value is more than 0, promocode is valid if($PromoCode_exist) { echo json_encode(array("promoresult"=>"Promotion Code Valid", "promovalid"=>"Y")); exit(); }else{ echo json_encode(array("promoresult"=>"Invalid Promotion Code", "promovalid"=>"N")); exit(); }

    Read the article

  • Large Data Table with first column fixed

    - by bhavya_w
    I have structure as shown in the fiddle http://jsfiddle.net/5LN7U/. <section class="container"> <section class="field"> <ul> <li> Question 1 </li> <li> question 2 </li> <li> question 3 </li> <li> question 4 </li> <li> question 5 </li> <li> question 6 </li> <li> question 7 </li> </ul> </section> <section class="datawrap"> <section class="datawrapinner"> <ul> <li><b>Answer 1 :</b></li> <li><b>Answer 2 :</b></li> <li><b>Answer 3 :</b></li> <li><b>Answer 4 :</b></li> <li><b>Answer 5 :</b></li> <li><b>Answer 6 :</b></li> <li><b>Answer 7 :</b></li> </ul> </section> </section> </section> Basically its a table structure made using divs. The first column contains a long list of questions and the second column contains answers/multiple answers which can be quite big ( there has to be horizontal scrolling in the second column.) The problem i am facing is when i scroll downwards the second column which has the horizontal scroll bar is also scrolling downward. I want horizontal scrollbar to be fixed there. as in it should be always fixed there no matter how much i scroll vertically. Much Like Google Spreadsheets: where the first column stays fixed and there's horizontal scrolling on rest of the columns with over vertical scrolling for whole of the data. I cannot used position fixed in the second column. P.S : please no lectures on using div's for making a table structure. I have my own reasons. and its kinda urgent. Thanks in advance.

    Read the article

  • Else without if

    - by user2808951
    I'm trying to write a code for my computer programming class for a project due Monday, and I'm pretty new to Java, but I'm trying to write a program that will first determine if a number the user inputs is even or odd and then determine if the number is prime or not. I'm not sure if I did the algorithm right or not, so if anyone has any corrections on the program to my algorithm or anything else please say so, but my real issue is that the program is refusing to compile. Every time I try, it says it's having an else without if problem. Here's a link to my command box: http://s1341.photobucket.com/user/Emi_Nightshade/media/Capture_zps45f9a2ea.png.html Here's my code: import java.io.*; import java.util.*; public class Lesson9p1_ThuotteEmily { public static void main(String args[]) { Scanner kbReader0=new Scanner(System.in); System.out.print("\n\nPlease enter an integer. An integer is whole number, and it can be either negative or positive. Please enter your number: "); long num=kbReader0.nextLong(); if(num%2==0) //if and else with braces { System.out.println("Your integer " + num + " is even."); } else { System.out.println("Your integer " + num + " is odd."); } Scanner kbReader1=new Scanner(System.in); System.out.print("\n\nWould you like to know if your number is prime? Please enter yes or no: "); String yn=kbReader1.nextLine(); if(yn.equals.IgnoreCase("Yes")) { System.out.println("Okay. Give me a moment."); { if(num%2==0) { System.out.println("Your number isn't prime."); } else if(num==2) { System.out.println("Your number is 2, which is the only even prime number in existence. Cool, right?"); } for(int i=3;i*i<=n;i+=2) { if(n%1==0) { System.out.println("Your number isn't prime."); } } else { System.out.println("Your number is prime!"); } } } if(yn.equals.IgnoreCase("No")) { System.out.println("Okay."); } } } If anyone could help me out with this and also any problems I may have made elsewhere in the program, I'd be very grateful! Thanks.

    Read the article

  • aligning divs in <td> to top of <td>

    - by twitter
    update: added jsfiddle: http://jsfiddle.net/WgzgF/11/ I have a table with a bunch of <td>. Each td has a div .tdcont which is like a wrapper of all content in that td. In .tdcont, I have 2 groups of divs .alwaystop and .below-at. <td class="table-td"> <div class="tdcont"> <div class="alwaystop"> <div class="at1">at1</div> <div class="at2">at2</div> <div class="at3">at3</div> </div> <div class="below-at"> <div class="bat1">bat1</div> <div class="bat2">bat2</div> <div class="bat3">bat3</div> </div> </div> </td> The problem I'm having is that alwaystop is supposed to align itself to the top border of the cell and below-at is supposed to come right under it like this _____________________________________________________ at1 at2 at3 | at1 at2 at3 | at1 at2 at3 | bat1 bat2 bat3 | bat1 bat2 bat3 | bat1 bat2 bat3 | small image here | big image here | | | is taking lots | | | of space | | __________________|_________________|________________| What I'm finding is that alwaystop and below-at center themselves vertically like you see in this fiddle http://jsfiddle.net/WgzgF/11/ so if one of the adjacent cells in this row is long, alwaystop centers itself to this row's height like this _____________________________________________________ | at1 at2 at3 | | | bat1 bat2 bat3 | | at1 at2 at3 | big image here | at1 at2 at3 | bat1 bat2 bat3 | is taking lots | bat1 bat2 bat3 | small image here | of space | | __________________|_________________|________________| What I want to do is make alwaystop always start from the top of the cell regardless of adjacent cells' heights, then the below-at comes under it. How can I do this? I should add that I have the content of alwaystop is floated left, so is the content of below-at, so they're supposed to be like 2 rows inside that td. .at1, .at2, .at3{ float:left; } .bat1, .bat2, .bat3{ float:left; } The css for alwaystop and below-at is empty. I tried a whole bunch of stuff like vertical-align and absolute positioning, but nothing worked and I just gave up and deleted them. .alwaystop{ } .below-at{ }

    Read the article

  • app-engine-rest-server to raise KeyError("name %s already used" % model_name)

    - by fx
    I'm playing with the project appengine-rest-server to create the REST webservices for all the existing models. I got a strange error, the first time I query the browser: http://localhost:8080/rest/metadata/user, it gives me the result: <xs:schema> - <xs:element name="user"> - <xs:complexType> - <xs:sequence> <xs:element maxOccurs="1" minOccurs="0" name="key" type="xs:normalizedString"/> <xs:element maxOccurs="1" minOccurs="0" name="surname" type="xs:string"/> <xs:element maxOccurs="1" minOccurs="0" name="firstname" type="xs:string"/> <xs:element maxOccurs="1" minOccurs="0" name="ages" type="xs:long"/> <xs:element maxOccurs="1" minOccurs="0" name="sex" type="xs:boolean"/> <xs:element maxOccurs="1" minOccurs="0" name="updatedDate" type="xs:dateTime"/> <xs:element maxOccurs="1" minOccurs="0" name="createdDate" type="xs:dateTime"/> </xs:sequence> </xs:complexType> </xs:element> </xs:schema> But refreshing the page, gives me this error: Traceback (most recent call last): File "/Users/foo/Documents/AppEngine/GoogleAppEngineLauncher.app/Contents/Resources/GoogleAppEngine-default.bundle/Contents/Resources/google_appengine/google/appengine/tools/dev_appserver.py", line 3185, in _HandleRequest self._Dispatch(dispatcher, self.rfile, outfile, env_dict) File "/Users/foo/Documents/AppEngine/GoogleAppEngineLauncher.app/Contents/Resources/GoogleAppEngine-default.bundle/Contents/Resources/google_appengine/google/appengine/tools/dev_appserver.py", line 3128, in _Dispatch base_env_dict=env_dict) File "/Users/foo/Documents/AppEngine/GoogleAppEngineLauncher.app/Contents/Resources/GoogleAppEngine-default.bundle/Contents/Resources/google_appengine/google/appengine/tools/dev_appserver.py", line 515, in Dispatch base_env_dict=base_env_dict) File "/Users/foo/Documents/AppEngine/GoogleAppEngineLauncher.app/Contents/Resources/GoogleAppEngine-default.bundle/Contents/Resources/google_appengine/google/appengine/tools/dev_appserver.py", line 2387, in Dispatch self._module_dict) File "/Users/foo/Documents/AppEngine/GoogleAppEngineLauncher.app/Contents/Resources/GoogleAppEngine-default.bundle/Contents/Resources/google_appengine/google/appengine/tools/dev_appserver.py", line 2297, in ExecuteCGI reset_modules = exec_script(handler_path, cgi_path, hook) File "/Users/foo/Documents/AppEngine/GoogleAppEngineLauncher.app/Contents/Resources/GoogleAppEngine-default.bundle/Contents/Resources/google_appengine/google/appengine/tools/dev_appserver.py", line 2195, in ExecuteOrImportScript script_module.main() File "/Users/foo/Documents/AppEngine/helloworld/main.py", line 48, in main rest.Dispatcher.add_models({"user": UserModel}) File "/Users/foo/Documents/AppEngine/helloworld/rest/__init__.py", line 845, in add_models cls.add_model(model_name, model_type) File "/Users/foo/Documents/AppEngine/helloworld/rest/__init__.py", line 863, in add_model raise KeyError("name %s already used" % model_name) KeyError: 'name user already used' Can someone give me the explanation on why it happens? Restarting the server, run on the browser again I get the xml result, but refreshing causes the error. Is it a bug in the appengine-rest-server application or it is in my code? My helloworld application is available for download here.

    Read the article

  • Apache SSO through Kerberos using Machine Account

    - by watkipet
    I'm attempting to get Apache on Ubuntu 12.04 to authenticate users via Kerberos SSO to a Windows 2008 Active Directory server. Here are a few things that make my situation different: I don't have administrative access to the Windows Server (nor will I ever have access). I also cannot have any changes to the server made on my behalf. I've joined Ubuntu server to the Active Directory using PBIS open. Users can log into the Ubuntu server using their AD credentials. kinit also works fine for each user. Since I can't change AD (except for adding new machines and SPNs), I cannot add a service account for Apache on Ubuntu. Since I can't add I service account, I have to use the machine keytab (/etc/krb5.keytab), or at least use the machine password in another keytab. Right now I'm using the machine keytab and giving Apache readonly access (bad idea, I know). I've already added the SPN using net ads keytab add HTTP -U Since I'm using Ubuntu 12.04, the only encoding types that get added during "net ads keytab add" are arcfour-hmac, des-cbc-crc, and des-cbc-md5. PBIS adds the AES encoding types to the host and cifs principals when it joins the domain, but I have yet to get "net ads keytab add" to do this. ktpass and setspn are out of the question because of #1 above. I've configured (for Kerberos SSO) and tested both IE 8 Firefox. I'm using the following configuration in my Apache site config: <Location /secured> AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate On KrbMethodK5Passwd On KrbAuthRealms DOMAIN.COM Krb5KeyTab /etc/krb5.keytab KrbLocalUserMapping On require valid-user </Location> When Firefox tries to connect get the following in Apache's error.log (LogLevel debug): [Wed Oct 23 13:48:31 2013] [debug] src/mod_auth_kerb.c(1628): [client 192.168.0.2] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos [Wed Oct 23 13:48:31 2013] [debug] mod_deflate.c(615): [client 192.168.0.2] Zlib: Compressed 477 to 322 : URL /secured [Wed Oct 23 13:48:37 2013] [debug] src/mod_auth_kerb.c(1628): [client 192.168.0.2] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos [Wed Oct 23 13:48:37 2013] [debug] src/mod_auth_kerb.c(994): [client 192.168.0.2] Using HTTP/[email protected] as server principal for password verification [Wed Oct 23 13:48:37 2013] [debug] src/mod_auth_kerb.c(698): [client 192.168.0.2] Trying to get TGT for user [email protected] [Wed Oct 23 13:48:37 2013] [debug] src/mod_auth_kerb.c(609): [client 192.168.0.2] Trying to verify authenticity of KDC using principal HTTP/[email protected] [Wed Oct 23 13:48:37 2013] [debug] src/mod_auth_kerb.c(652): [client 192.168.0.2] krb5_rd_req() failed when verifying KDC [Wed Oct 23 13:48:37 2013] [error] [client 192.168.0.2] failed to verify krb5 credentials: Decrypt integrity check failed [Wed Oct 23 13:48:37 2013] [debug] src/mod_auth_kerb.c(1073): [client 192.168.0.2] kerb_authenticate_user_krb5pwd ret=401 user=(NULL) authtype=(NULL) [Wed Oct 23 13:48:37 2013] [debug] mod_deflate.c(615): [client 192.168.0.2] Zlib: Compressed 477 to 322 : URL /secured When IE 8 tries to connect I get: [Wed Oct 23 14:03:30 2013] [debug] src/mod_auth_kerb.c(1628): [client 192.168.0.2] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos [Wed Oct 23 14:03:30 2013] [debug] mod_deflate.c(615): [client 192.168.0.2] Zlib: Compressed 477 to 322 : URL /secured [Wed Oct 23 14:03:30 2013] [debug] src/mod_auth_kerb.c(1628): [client 192.168.0.2] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos [Wed Oct 23 14:03:30 2013] [debug] src/mod_auth_kerb.c(1240): [client 192.168.0.2] Acquiring creds for HTTP@apache_server [Wed Oct 23 14:03:30 2013] [debug] src/mod_auth_kerb.c(1385): [client 192.168.0.2] Verifying client data using KRB5 GSS-API [Wed Oct 23 14:03:30 2013] [debug] src/mod_auth_kerb.c(1401): [client 192.168.0.2] Client didn't delegate us their credential [Wed Oct 23 14:03:30 2013] [debug] src/mod_auth_kerb.c(1420): [client 192.168.0.2] GSS-API token of length 9 bytes will be sent back [Wed Oct 23 14:03:30 2013] [debug] src/mod_auth_kerb.c(1101): [client 192.168.0.2] GSS-API major_status:000d0000, minor_status:000186a5 [Wed Oct 23 14:03:30 2013] [error] [client 192.168.0.2] gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information (, ) [Wed Oct 23 14:03:30 2013] [debug] mod_deflate.c(615): [client 192.168.0.2] Zlib: Compressed 477 to 322 : URL /secured Let me know if you'd like additional log and config files--the initial question is getting long enough.

    Read the article

  • Microsoft 2003 DNS sometimes cant query for some A pointers when their TTL expires

    - by Bq
    Warning Long question :) We have a win 2003 server with a DNS server, every now and then it cant provide us with some A pointers for a specific domain. I have a small script running which asks for SOA,NS and A records for the domain in question and sometimes when the TTL expires the DNS fails to get the A records again, a Clear Cache fixes the problem.. Have a look Here it worked when the TTL expired Thu Apr 29 15:24:20 METDST 2010 dig basefarm.net soa basefarm.net. 64908 IN SOA ns01.osl.basefarm.net. hostmaster.basefarm.net. 2010042613 86400 3600 2419200 600 ns01.osl.basefarm.net. 299 IN A 81.93.160.4 dig basefarm.net ns basefarm.net. 64908 IN NS ns01.sth.basefarm.net. basefarm.net. 64908 IN NS ns01.osl.basefarm.net. ns01.sth.basefarm.net. 299 IN A 80.76.149.76 ns01.osl.basefarm.net. 299 IN A 81.93.160.4 dig ns01.sth.basefarm.net a ns01.sth.basefarm.net. 299 IN A 80.76.149.76 The TTL expired for ns01.sth.basefarm.net and ns01.osl.basefarm.net but the DNS managed to get the new values (TTL 3600) Thu Apr 29 15:29:20 METDST 2010 dig basefarm.net soa basefarm.net. 64608 IN SOA ns01.osl.basefarm.net. hostmaster.basefarm.net. 2010042613 86400 3600 2419200 600 ns01.osl.basefarm.net. 3600 IN A 81.93.160.4 dig basefarm.net ns basefarm.net. 64608 IN NS ns01.sth.basefarm.net. basefarm.net. 64608 IN NS ns01.osl.basefarm.net. ns01.sth.basefarm.net. 3600 IN A 80.76.149.76 ns01.osl.basefarm.net. 3600 IN A 81.93.160.4 dig ns01.sth.basefarm.net a ns01.sth.basefarm.net. 3600 IN A 80.76.149.76 But then another time it fails, and we need to clear the dns cache for it to start working again... Thu Apr 29 17:24:23 METDST 2010 dig basefarm.net soa basefarm.net. 57705 IN SOA ns01.osl.basefarm.net. hostmaster.basefarm.net. 2010042613 86400 3600 2419200 600 ns01.osl.basefarm.net. 299 IN A 81.93.160.4 dig basefarm.net ns basefarm.net. 57705 IN NS ns01.sth.basefarm.net. basefarm.net. 57705 IN NS ns01.osl.basefarm.net. ns01.sth.basefarm.net. 299 IN A 80.76.149.76 ns01.osl.basefarm.net. 299 IN A 81.93.160.4 dig ns01.sth.basefarm.net a ns01.sth.basefarm.net. 299 IN A 80.76.149.76 The TTL expires but the DNS cant get the ip addresses for ns01.sth.basefarm.net and ns01.osl.basefarm.net Thu Apr 29 17:29:23 METDST 2010 dig basefarm.net soa basefarm.net. 57405 IN SOA ns01.osl.basefarm.net. hostmaster.basefarm.net. 2010042613 86400 3600 2419200 600 ns01.osl.basefarm.net. 3600 IN A 81.93.160.4 dig basefarm.net ns basefarm.net. 57405 IN NS ns01.sth.basefarm.net. basefarm.net. 57405 IN NS ns01.osl.basefarm.net. dig ns01.sth.basefarm.net a Lookup failed I'm really lost on this one and have tried asking Google but to no avail..

    Read the article

  • SSL certificates and types for securing your websites and applications

    - by Mit Naik
    Need to share few information regarding SSL certificates and there types, which SSL certificates are widely used etc. There are several SSL certificates available in the market today inorder to secure your domains, multiple subdomains, your applications and code too. Few of the details are mentioned below. CheapSSL certificates available today are Standard Rapidssl certificate, Thwate SSL 123 etc certificates which are basic level certificates. Most of these cheap SSL certificates are domain-validated only and don't provide the greatest trust for your customers. This means you shouldn't use cheap SSL certificates on e-commerce stores or other public-facing sites that require people to trust the site. EV certificates I found Geotrust Truebusinessid with EV certificate which is one of the cheapest certificate available in market today, you can also find Thwate, Versign EV version of certificates. Its designed to prevent phishing attacks better than normal SSL certificates. What makes an EV Certificate so special? An SSL Certificate Provider has to do some extensive validation to give you one including: Verifying that your organization is legally registered and active, Verifying the address and phone number of your organization, Verifying that your organization has exclusive right to use the domain specified in the EV Certificate, Verifying that the person ordering the certificate has been authorized by the organization, Verifying that your organization is not on any government blacklists. SSL WILDCARD CERTIFICATES, SSL Wildcard Certificates are big money-savers. An SSL Wildcard Certificate allows you to secure an unlimited number of first-level sub-domains on a single domain name. For example, if you need to secure the following websites: * www.yourdomain.com * secure.yourdomain.com * product.yourdomain.com * info.yourdomain.com * download.yourdomain.com * anything.yourdomain.com and all of these websites are hosted on the multiple server box, you can purchase and install one Wildcard certificate issued to *.yourdomain.com to secure all these sites. SAN CERTIFICATES, are interesting certificates and are helpfull if you want to secure multiple domains by generating single CSR and can install the same certificate on your additional sites without generating new CSRs for all the additional domains. CODE SIGNING CERTIFICATES, A code signing certificate is a file containing a digital signature that can be used to sign executables and scripts in order to verify your identity and ensure that your code has not been tampered with since it was signed. This helps your users to determine whether your software can be trusted. Scroll to the chart below to compare cheap code signing certificates. A code signing certificate allows you to sign code using a private and public key system similar to how an SSL certificate secures a website. When you request a code signing certificate, a public/private key pair is generated. The certificate authority will then issue a code signing certificate that contains the public key. A certificate for code signing needs to be signed by a trusted certificate authority so that the operating system knows that your identity has been validated. You could still use the code signing certificate to sign and distribute malicious software but you will be held legally accountable for it. You can sign many different types of code. The most common types include Windows applications such as .exe, .cab, .dll, .ocx, and .xpi files (using an Authenticode certificate), Apple applications (using an Apple code signing certificate), Microsoft Office VBA objects and macros (using a VBA code signing certificate), .jar files (using a Java code signing certificate), .air or .airi files (using an Adobe AIR certificate), and Windows Vista drivers and other kernel-mode software (using a Vista code certificate). In reality, a code signing certificate can sign almost all types of code as long as you convert the certificate to the correct format first. Also I found the below URL which provides you good suggestion regarding purchasing best SSL certificates for securing your site, as per the Financial institution, Bank, Hosting providers, ISP, Retail Merchants etc. Please vote and provide comments or any additional suggestions regarding SSL certificates.

    Read the article

  • How do I stop and repair a RAID 5 array that has failed and has I/O pending?

    - by Ben Hymers
    The short version: I have a failed RAID 5 array which has a bunch of processes hung waiting on I/O operations on it; how can I recover from this? The long version: Yesterday I noticed Samba access was being very sporadic; accessing the server's shares from Windows would randomly lock up explorer completely after clicking on one or two directories. I assumed it was Windows being a pain and left it. Today the problem is the same, so I did a little digging; the first thing I noticed was that running ps aux | grep smbd gives a lot of lines like this: ben 969 0.0 0.2 96088 4128 ? D 18:21 0:00 smbd -F root 1708 0.0 0.2 93468 4748 ? Ss 18:44 0:00 smbd -F root 1711 0.0 0.0 93468 1364 ? S 18:44 0:00 smbd -F ben 3148 0.0 0.2 96052 4160 ? D Mar07 0:00 smbd -F ... There are a lot of processes stuck in the "D" state. Running ps aux | grep " D" shows up some other processes including my nightly backup script, all of which need to access the volume mounted on my RAID array at some point. After some googling, I found that it might be down to the RAID array failing, so I checked /proc/mdstat, which shows this: ben@jack:~$ cat /proc/mdstat Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] [raid10] md0 : active raid5 sdb1[3](F) sdc1[1] sdd1[2] 2930271872 blocks level 5, 64k chunk, algorithm 2 [3/2] [_UU] unused devices: <none> And running mdadm --detail /dev/md0 gives this: ben@jack:~$ sudo mdadm --detail /dev/md0 /dev/md0: Version : 00.90 Creation Time : Sat Oct 31 20:53:10 2009 Raid Level : raid5 Array Size : 2930271872 (2794.53 GiB 3000.60 GB) Used Dev Size : 1465135936 (1397.26 GiB 1500.30 GB) Raid Devices : 3 Total Devices : 3 Preferred Minor : 0 Persistence : Superblock is persistent Update Time : Mon Mar 7 03:06:35 2011 State : active, degraded Active Devices : 2 Working Devices : 2 Failed Devices : 1 Spare Devices : 0 Layout : left-symmetric Chunk Size : 64K UUID : f114711a:c770de54:c8276759:b34deaa0 Events : 0.208245 Number Major Minor RaidDevice State 3 8 17 0 faulty spare rebuilding /dev/sdb1 1 8 33 1 active sync /dev/sdc1 2 8 49 2 active sync /dev/sdd1 I believe this says that sdb1 has failed, and so the array is running with two drives out of three 'up'. Some advice I found said to check /var/log/messages for notices of failures, and sure enough there are plenty: ben@jack:~$ grep sdb /var/log/messages ... Mar 7 03:06:35 jack kernel: [4525155.384937] md/raid:md0: read error NOT corrected!! (sector 400644912 on sdb1). Mar 7 03:06:35 jack kernel: [4525155.389686] md/raid:md0: read error not correctable (sector 400644920 on sdb1). Mar 7 03:06:35 jack kernel: [4525155.389686] md/raid:md0: read error not correctable (sector 400644928 on sdb1). Mar 7 03:06:35 jack kernel: [4525155.389688] md/raid:md0: read error not correctable (sector 400644936 on sdb1). Mar 7 03:06:56 jack kernel: [4525176.231603] sd 0:0:1:0: [sdb] Unhandled sense code Mar 7 03:06:56 jack kernel: [4525176.231605] sd 0:0:1:0: [sdb] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE Mar 7 03:06:56 jack kernel: [4525176.231608] sd 0:0:1:0: [sdb] Sense Key : Medium Error [current] [descriptor] Mar 7 03:06:56 jack kernel: [4525176.231623] sd 0:0:1:0: [sdb] Add. Sense: Unrecovered read error - auto reallocate failed Mar 7 03:06:56 jack kernel: [4525176.231627] sd 0:0:1:0: [sdb] CDB: Read(10): 28 00 17 e1 5f bf 00 01 00 00 To me it is clear that device sdb has failed, and I need to stop the array, shutdown, replace it, reboot, then repair the array, bring it back up and mount the filesystem. I cannot hot-swap a replacement drive in, and don't want to leave the array running in a degraded state. I believe I am supposed to unmount the filesystem before stopping the array, but that is failing, and that is where I'm stuck now: ben@jack:~$ sudo umount /storage umount: /storage: device is busy. (In some cases useful info about processes that use the device is found by lsof(8) or fuser(1)) It is indeed busy; there are some 30 or 40 processes waiting on I/O. What should I do? Should I kill all these processes and try again? Is that a wise move when they are 'uninterruptable'? What would happen if I tried to reboot? Please let me know what you think I should do. And please ask if you need any extra information to diagnose the problem or to help!

    Read the article

  • Dealing with HTTP w00tw00t attacks

    - by Saif Bechan
    I have a server with apache and I recently installed mod_security2 because I get attacked a lot by this: My apache version is apache v2.2.3 and I use mod_security2.c This were the entries from the error log: [Wed Mar 24 02:35:41 2010] [error] [client 88.191.109.38] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) [Wed Mar 24 02:47:31 2010] [error] [client 202.75.211.90] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) [Wed Mar 24 02:47:49 2010] [error] [client 95.228.153.177] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) [Wed Mar 24 02:48:03 2010] [error] [client 88.191.109.38] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) Here are the errors from the access_log: 202.75.211.90 - - [29/Mar/2010:10:43:15 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 392 "-" "-" 211.155.228.169 - - [29/Mar/2010:11:40:41 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 392 "-" "-" 211.155.228.169 - - [29/Mar/2010:12:37:19 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 392 "-" "-" I tried configuring mod_security2 like this: SecFilterSelective REQUEST_URI "w00tw00t\.at\.ISC\.SANS\.DFind" SecFilterSelective REQUEST_URI "\w00tw00t\.at\.ISC\.SANS" SecFilterSelective REQUEST_URI "w00tw00t\.at\.ISC\.SANS" SecFilterSelective REQUEST_URI "w00tw00t\.at\.ISC\.SANS\.DFind:" SecFilterSelective REQUEST_URI "w00tw00t\.at\.ISC\.SANS\.DFind:\)" The thing in mod_security2 is that SecFilterSelective can not be used, it gives me errors. Instead I use a rule like this: SecRule REQUEST_URI "w00tw00t\.at\.ISC\.SANS\.DFind" SecRule REQUEST_URI "\w00tw00t\.at\.ISC\.SANS" SecRule REQUEST_URI "w00tw00t\.at\.ISC\.SANS" SecRule REQUEST_URI "w00tw00t\.at\.ISC\.SANS\.DFind:" SecRule REQUEST_URI "w00tw00t\.at\.ISC\.SANS\.DFind:\)" Even this does not work. I don't know what to do anymore. Anyone have any advice? Update 1 I see that nobody can solve this problem using mod_security. So far using ip-tables seems like the best option to do this but I think the file will become extremely large because the ip changes serveral times a day. I came up with 2 other solutions, can someone comment on them on being good or not. The first solution that comes to my mind is excluding these attacks from my apache error logs. This will make is easier for me to spot other urgent errors as they occur and don't have to spit trough a long log. The second option is better i think, and that is blocking hosts that are not sent in the correct way. In this example the w00tw00t attack is send without hostname, so i think i can block the hosts that are not in the correct form. Update 2 After going trough the answers I came to the following conclusions. To have custom logging for apache will consume some unnecessary recourses, and if there really is a problem you probably will want to look at the full log without anything missing. It is better to just ignore the hits and concentrate on a better way of analyzing your error logs. Using filters for your logs a good approach for this. Final thoughts on the subject The attack mentioned above will not reach your machine if you at least have an up to date system so there are basically no worries. It can be hard to filter out all the bogus attacks from the real ones after a while, because both the error logs and access logs get extremely large. Preventing this from happening in any way will cost you resources and they it is a good practice not to waste your resources on unimportant stuff. The solution i use now is Linux logwatch. It sends me summaries of the logs and they are filtered and grouped. This way you can easily separate the important from the unimportant. Thank you all for the help, and I hope this post can be helpful to someone else too.

    Read the article

  • Roaming user profile issues on Server 2008

    - by Alicia White
    I thought I cleared a user's profile from 2008, but it keeps coming back. So, I was looking for the best way to clear a roaming profile in Server 2008, but I have been unable to find anything. But, I did see the post here: http://serverfault.com/questions/18724/user-profile-keeps-loading-temp-profile I wanted to add a comment to that post, but it was closed as not being related to sysadmin. But, I think it IS related because I dealt with precisely this same problem on our Wndows 2008 terminal server. Here was the issue: we have a user who was getting an "unable to load your roaming profile" type of error at logon in Windows 2008. Looking at the server, we could see her temp profile listed in the profile list while she was loggged (listed as a "temporary" and not a "roaming" profile). While she was logged on, a folder called C:\Users\Temp.DOMAIN existed in the users folder, but that disappeared as soon as she logged out. When this thing happened in 2003, we would clear the contents of the roaming profile folder & delete the temp folder in C:\Documents and Settings. The thing is, 2008 behaves a bit differently. Server 2008 created a new roaming profile folder in the roaming profile folder share: \SERVER\ProfileShare\UserName.V2 The local profile disappears from the profile list in System Properties, so there is no profile to clear Also the local profile folder, C:\Users\Temp.DOMAIN doesn't stay on the server when the user logs out, so we can't delete that as we would normally do when this sort of thing happens in Windows 2003 Despite all of this, every time the user logs back on, the frickin' Temp profile always comes back. One of my team-mates, who is much more experienced with 2008, said I should check the registry for the user's profile in this key (the users are listed by SID): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ProfileList I saw the user's SID listed there, but it ended in .BAK. I checked several other servers where she is having the same profile errors: in all cases, her SID ended with .BAK. For example (xxx replacing the LONG SID): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-xxxxx-xxxx.bak On the server she was logged on to, there were two keys for her profile in the registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-xxxxx-xxxx and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-xxxxx-xxxx.bak So, here is how I cleared up the issue. I had the user log off. I deleted the apparently bad profiles ending in .BAK from the ProfileList key on each server where it appeared. I made sure her roaming profile folder was empty I made sure that all the TEMP profile folders were gone The user logged back on: no more profile errors! Anyway, I wanted to make a comment on that closed question, but I didn't see any way to re-open the question so I could add it. But, I also would like to know if this is the best practice to clear out a bad roaming profile for Server 2008? I'm having a hard time finding any instructions on line on how best to do this, but this method I used seemed to work. I'd like to find some documentation to give to our Level 1 support staff so they will know how to clear user profiles on 2008 since this seems to be more involved that clearing user profiles in server 2003. Thanks, Alicia

    Read the article

  • Can't send mail from Windows Phone (Postfix server)

    - by Dominic Williams
    Some background: I have a Dovecot/Postfix setup to handle email for a few domains. We have imap and smtp setup on various devices (Macs, iPhones, PCs, etc) and it works no problem. I've recently bought a Windows Phone and I'm trying to setup the mail account on there. I've got the imap part working great but for some reason it won't send mail. mail.log with debug_peer_list I've put this on pastebin because its quite long: http://pastebin.com/KdvMDxTL dovecot.log with verbose_ssl Apr 14 22:43:50 imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [109.151.23.129] Apr 14 22:43:50 imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [109.151.23.129] Apr 14 22:43:50 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client hello A [109.151.23.129] Apr 14 22:43:50 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server hello A [109.151.23.129] Apr 14 22:43:50 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write certificate A [109.151.23.129] Apr 14 22:43:50 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server done A [109.151.23.129] Apr 14 22:43:50 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [109.151.23.129] Apr 14 22:43:50 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [109.151.23.129] Apr 14 22:43:50 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [109.151.23.129] Apr 14 22:43:50 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A [109.151.23.129] Apr 14 22:43:50 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read finished A [109.151.23.129] Apr 14 22:43:50 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A [109.151.23.129] Apr 14 22:43:50 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write finished A [109.151.23.129] Apr 14 22:43:50 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [109.151.23.129] Apr 14 22:43:50 imap-login: Warning: SSL: where=0x20, ret=1: SSL negotiation finished successfully [109.151.23.129] Apr 14 22:43:50 imap-login: Warning: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [109.151.23.129] Apr 14 22:43:51 imap-login: Info: Login: user=<pixelfolio>, method=PLAIN, rip=109.151.23.129, lip=94.23.254.175, mpid=24390, TLS Apr 14 22:43:53 imap(pixelfolio): Info: Disconnected: Logged out bytes=9/331 Apr 14 22:43:53 imap-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify [109.151.23.129] postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes config_directory = /etc/postfix debug_peer_list = 109.151.23.129 inet_interfaces = all mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 message_size_limit = 50240000 milter_default_action = accept milter_protocol = 2 mydestination = ks383809.kimsufi.com, localhost.kimsufi.com, localhost myhostname = ks383809.kimsufi.com mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname non_smtpd_milters = inet:127.0.0.1:8891,inet:localhost:8892 readme_directory = no recipient_delimiter = + smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_milters = inet:127.0.0.1:8891,inet:localhost:8892 smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes virtual_alias_domains = domz.co.uk ruck.in vjgary.co.uk scriptees.co.uk pixelfolio.co.uk filmtees.co.uk nbsbar.co.uk virtual_alias_maps = hash:/etc/postfix/alias_maps doveconf -n # 2.0.13: /etc/dovecot/dovecot.conf # OS: Linux 2.6.38.2-grsec-xxxx-grs-ipv6-64 x86_64 Ubuntu 11.10 auth_mechanisms = plain login log_path = /var/log/dovecot.log mail_location = mbox:~/mail/:INBOX=/var/mail/%u passdb { driver = pam } protocols = imap service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } ssl_cert = </etc/ssl/certs/dovecot.pem ssl_key = </etc/ssl/private/dovecot.pem userdb { driver = passwd } verbose_ssl = yes Any suggestions or help greatly appreciated. I've been pulling my hair out with this for hours! EDIT This seems to be my exact problem, but I already have broken_sasl set to yes and the 'login' auth mechanism added? http://forums.gentoo.org/viewtopic-t-898610-start-0.html

    Read the article

  • Debian, 6rd tunnel, and connection troubles

    - by Chris B
    Long story short I am having issues with IPv6 using a 6rd tunnel with my ISP, charter business. They offer a 6rd tunnel that I think I have properly set up, but the server doesn’t reply to every ipv6 request. When the server has the network interfaces idle with no traffic for about 10 minutes, then IPv6 stops accepting inbound connections. to re-allow it, I must go into the server, and make it do a outbound ipv6 connection (normally a ping) to start it back up. Whats weird though i that if I run iptraf when its not working, it still shows a inbound ipv6 packet… the server is just not replying, and I can’t figure out why. Also, if I try to access my server over IPv6 from a house about 1 mile away on the same ISP, it is never able to connect. it always times out, but again the iptraf shows a ipv6 inbound packet. Again, it just does not reply. To test if my server is accessible through IPv6 I always have to use my vzw 4g phone (they use IPv6) or ipv6proxy dot net. Here is all of the configuration information my ISP gives on there tunnel server: 6rd Prefix = 2602:100::/32 Border Relay Address = 68.114.165.1 6rd prefix length = 32 IPv4 mask length = 0 Here is my /etc/network/interfaces for ipv6 (used x's to block real addresses) auto charterv6 iface charterv6 inet6 v4tunnel address 2602:100:189f:xxxx::1 netmask 32 ttl 64 gateway ::68.114.165.1 endpoint 68.114.165.1 local 24.159.218.xxx up ip link set mtu 1280 dev charterv6 here is my iptables config filter :INPUT DROP [0:0] :fail2ban-ssh – [0:0] :OUTPUT ACCEPT [0:0] :FORWARD DROP [0:0] :hold – [0:0] -A INPUT -p tcp -m tcp —dport 22 -j fail2ban-ssh -A INPUT -m state —state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m multiport -j ACCEPT —dports 80,443,25,465,110,995,143,993,587,465,22 -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m tcp —dport 10000 -j ACCEPT -A INPUT -p tcp -m tcp —dport 5900:5910 -j ACCEPT -A fail2ban-ssh -j RETURN -A INPUT -p icmp -j ACCEPT COMMIT and last here is my ip6tables firewall config filter :INPUT DROP [1653:339023] :FORWARD DROP [0:0] :OUTPUT ACCEPT [60141:13757903] :hold – [0:0] -A INPUT -m state —state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m multiport —dports 80,443,25,465,110,995,143,993,587,465,22 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m tcp —dport 10000 -j ACCEPT -A INPUT -p tcp -m tcp —dport 5900:5910 -j ACCEPT -A INPUT -p ipv6-icmp -j ACCEPT COMMIT So Summary: 1.iptraf always shows IPv6 traffic, so its always making it to the server 2.server stops replying on ipv6 after no traffic for awhile (10 minutesish) until a outbound connection is made, then the process repeats. 3.server is NEVER accessable vi same ISP (yet iptraf still shows ipv6 request) Notes: When I try to access it from the same ISP from across town, even with iptables and ip6tables allowing ALL inbound traffic, this is what iptraf shows. IPv6 (92 bytes) from 97.92.18.xxx to 24.159.218.xxx on eth0 ICMP dest unrch (port) (120 bytes) from 24.159.218.xxx to 97.92.18.xxx on eth1 its strange, like its trying to forward to LAN? (eth1 is LAN, eth0 is WAN) even with the IPv6 address being set in the hosts file to the servers domain name. With iptables set up normally with the above configurations it only says this: IPv6 (100 bytes) from 97.92.18.xxx to 24.159.218.xxx on eth0 Im REALLY stuck on this, and any help would be GREATLY appreciated.

    Read the article

  • Rsync: how to mount truecrypt on-the-fly on the receiving side?

    - by deepc
    The short version: how can I keep an rsync backup on a truecrypt volume? The hard part is to mount/unmount this volume on the fly when it is needed for rsync. Details This is my current backup configuration (which works fairly well for the most part): backup source is on Win7 64 bit, destination is a remote Linux box (Debian) actual data transfer is done by rsync via ssh (cwRsync with cygwin) rsync daemon is started on demand via ssh On the Linux box the backup is protected by file permissions only. I want to increase security here and put the backup into a truecrypt volume. I can fuse-mount that volume manually in the shell. The question is now how can I make rsync not only open an ssh connection and starting the rsync daemon, but also to mount the truecrypt volume before (and unmount it after)? My money is on option --rsync-path which can be used to pass a command line to ssh - provided that stdin and stdout still work the same. I guess that command would have to be a shell script. Is this possible, and what would the script look like? For reference, here's a quote of that option: --rsync-path=PROGRAM Use this to specify what program is to be run on the remote machine to start-up rsync. Often used when rsync is not in the default remote-shell's path (e.g. --rsync-path=/usr/local/bin/rsync). Note that PROGRAM is run with the help of a shell, so it can be any program, script, or command sequence you'd care to run, so long as it does not corrupt the standard-in & standard-out that rsync is using to communicate. One tricky example is to set a different default directory on the remote machine for use with the --relative option. For instance: rsync -avR --rsync-path="cd /a/b && rsync" host:c/d /e/ This is the full rsync man page. Truecrypt volume auto-mount Solved! Turns out this option is actually key to auto-mounting the truecrypt volume on the remote side. The following command line does the trick (one line!): rsync $options -e "ssh -p $port -i ../.ssh/id_dsa" --rsync-path="/usr/local/bin/truecrypt -d && /usr/local/bin/truecrypt --fs-options=rw,sync,utf8,uid=$UID,umask=0007 --non-interactive -p $password $pathToVolume $remoteMountDir && rsync" $localSourceDir $user:$remoteMountMountDir Truecrypt volume auto-dismount Still open: how can I unmount the volume when rsync is done? Not sure if the following makes sense to anyone but I give it a try... Right now I am unmounting (truecrypt -d), then mounting again, then continuing with rsync. At this time rsync needs to do its thing but I dont know when its done. Adding ... rsync && truecrypt -d to the command line does not work because then the rsync daemon does not start. This is because rsync starts the daemon with parameter --server on the remote side and that parameter would go to the final truecrypt -d.

    Read the article

  • Sometimes this script fails to update the iptables

    - by AlJo
    It does not happen often, but sometimes after running the below script, checking the iptables with service iptables status shows that they weren't updated and the script doesn't output any error. The iptables is structured as look-up tree (long repeated sections snipped): #!/bin/sh iptables -t nat -F iptables -t nat -X iptables -F iptables -X iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -s 93.225.0.0/16 -j ACCEPT iptables -A INPUT -s 15.102.0.0/16 -j ACCEPT iptables -A INPUT -s 47.122.0.0/16 -j ACCEPT iptables -N MY_CHAIN_L1-0 iptables -N MY_CHAIN_L1-1 iptables -N MY_CHAIN_L1-2 iptables -N MY_CHAIN_L1-3 iptables -N MY_CHAIN_L1-4 iptables -N MY_CHAIN_L1-5 iptables -N MY_CHAIN_L1-6 iptables -N MY_CHAIN_L1-7 iptables -N MY_CHAIN_L1-8 iptables -N MY_CHAIN_L1-9 iptables -N MY_CHAIN_L1-10 iptables -N MY_CHAIN_L1-11 iptables -N MY_CHAIN_L1-12 iptables -N MY_CHAIN_L1-13 iptables -N MY_CHAIN_L1-14 iptables -N MY_CHAIN_L1-15 iptables -N MY_CHAIN_L1-16 iptables -N MY_CHAIN_L1-17 iptables -N MY_CHAIN_L1-18 iptables -N MY_CHAIN_L1-19 iptables -N MY_CHAIN_L1-20 iptables -N MY_CHAIN_L1-21 iptables -N MY_CHAIN_L1-22 iptables -N MY_CHAIN_L1-23 iptables -N MY_CHAIN_L1-24 iptables -N MY_CHAIN_L1-25 iptables -N MY_CHAIN_L1-26 iptables -N MY_CHAIN_L1-27 iptables -N MY_CHAIN_L1-28 iptables -N MY_CHAIN_L1-29 iptables -N MY_CHAIN_L1-30 iptables -N MY_CHAIN_L1-31 iptables -N MY_CHAIN_L1-32 iptables -N MY_CHAIN_L1-33 iptables -N MY_CHAIN_L1-34 iptables -N MY_CHAIN_L1-35 iptables -N MY_CHAIN_L1-36 iptables -N MY_CHAIN_L1-37 iptables -A INPUT -m iprange --src-range 1.54.96.0-5.133.179.255 -j MY_CHAIN_L1-0 iptables -A INPUT -m iprange --src-range 5.133.180.0-24.113.159.255 -j MY_CHAIN_L1-1 [snip] iptables -A INPUT -m iprange --src-range 195.13.45.0-198.11.255.255 -j MY_CHAIN_L1-29 iptables -A INPUT -m iprange --src-range 198.12.64.0-199.19.215.255 -j MY_CHAIN_L1-30 iptables -A INPUT -m iprange --src-range 199.21.96.0-200.31.3.255 -j MY_CHAIN_L1-31 iptables -A INPUT -m iprange --src-range 200.31.11.0-202.171.255.255 -j MY_CHAIN_L1-32 iptables -A INPUT -m iprange --src-range 203.130.134.192-206.212.255.255 -j MY_CHAIN_L1-33 iptables -A INPUT -m iprange --src-range 206.214.64.0-211.155.95.255 -j MY_CHAIN_L1-34 iptables -A INPUT -m iprange --src-range 212.19.128.0-216.176.191.255 -j MY_CHAIN_L1-35 iptables -A INPUT -m iprange --src-range 216.189.0.0-218.23.255.255 -j MY_CHAIN_L1-36 iptables -A INPUT -m iprange --src-range 218.30.96.0-223.255.231.255 -j MY_CHAIN_L1-37 iptables -A MY_CHAIN_L1-0 -s 1.54.96.0/20 -j DROP iptables -A MY_CHAIN_L1-0 -s 1.208.0.0/12 -j DROP iptables -A MY_CHAIN_L1-0 -s 1.224.0.0/11 -j DROP [snip] iptables -A MY_CHAIN_L1-0 -s 5.133.178.0/23 -j DROP iptables -A MY_CHAIN_L1-0 -j ACCEPT iptables -A MY_CHAIN_L1-1 -s 5.133.180.0/22 -j DROP iptables -A MY_CHAIN_L1-1 -s 5.135.0.0/16 -j DROP iptables -A MY_CHAIN_L1-1 -s 5.153.232.0/21 -j DROP [snip] iptables -A MY_CHAIN_L1-1 -s 24.113.128.0/19 -j DROP iptables -A MY_CHAIN_L1-1 -j ACCEPT . . . iptables -A MY_CHAIN_L1-29 -s 195.13.45.0/24 -j DROP iptables -A MY_CHAIN_L1-29 -s 195.20.224.0/19 -j DROP iptables -A MY_CHAIN_L1-29 -s 195.31.216.0/26 -j DROP iptables -A MY_CHAIN_L1-29 -s 195.58.245.0/24 -j DROP iptables -A MY_CHAIN_L1-29 -s 195.60.164.0/23 -j DROP iptables -A MY_CHAIN_L1-29 -s 195.60.240.0/22 -j DROP iptables -A MY_CHAIN_L1-29 -s 195.62.10.0/23 -j DROP iptables -A MY_CHAIN_L1-29 -s 195.110.30.0/23 -j DROP iptables -A MY_CHAIN_L1-29 -s 195.154.0.0/16 -j DROP iptables -A MY_CHAIN_L1-29 -s 195.190.13.0/24 -j DROP iptables -A MY_CHAIN_L1-29 -s 195.211.152.0/22 -j DROP iptables -A MY_CHAIN_L1-1 -j ACCEPT [snip more of same to end of script] Can anyone see why this script would silently fail to update the iptables sometimes? Maybe it's not the script? Thanks

    Read the article

  • Is there really a need for encryption to have true wireless security? [closed]

    - by Cawas
    I welcome better key-wording here, both on tags and title. I'm trying to conceive a free, open and secure network environment that would work anywhere, from big enterprises to small home networks of just 1 machine. I think since wireless Access Points are the most, if not only, true weak point of a Local Area Network (let's not consider every other security aspect of having internet) there would be basically two points to consider here: Having an open AP for anyone to use the internet through Leaving the whole LAN also open for guests to be able to easily read (only) files on it, and even a place to drop files on Considering these two aspects, once everything is done properly... What's the most secure option between having that, or having just an encrypted password-protected wifi? Of course "both" would seem "more secure". But it shouldn't actually be anything substantial. That's the question, but I think it may need more elaborating on. If you don't think so, please feel free to skip the next (long) part. Elaborating more on the two aspects ... I've always had the feeling using any kind of the so called "wireless security" methods is actually a bad design. I'm talking mostly about encrypting and pass-phrasing (which are actually two different concepts), since I won't even consider hiding SSID and mac filtering. I understand it's a natural way of thinking. With cable networking nobody can access the network unless they have access to the physical cable, so you're "secure" in the physical way. In a way, encrypting is for wireless what building walls is for the cables. And giving pass-phrases would be adding a door with a key. But the cabling without encryption is also insecure. If someone plugin all the data is right there. So, while I can see the use for encrypting data, I don't think it's a security measure in wireless networks. It's wasting resources for too little gain. I believe we should encrypt only sensitive data regardless of wires. That's already done with HTTPS, so I don't really need to encrypt my torrents, for instance. They're torrents, they are meant to be freely shared! As for using passwords, they should be added to the users, always. Not to wifi. For securing files, truly, best solution is backup. Sure all that doesn't happen that often, but I won't consider the most situations where people just don't care. I think there are enough situations where we actually use passwords on our OS users, so let's go with that in mind. I keep promoting the Fonera concept as an instance. It opens up a free wifi port, if you choose so, and anyone can connect to the internet through that, without having any access to your LAN. It also uses a QoS which will never let your bandwidth drop from that public usage. That's security, and it's open. But it's lacking the second aspect. I'll probably be bashed for promoting the non-usage of WPA 2 with AES or whatever, but I wanted to know from more experienced (super) users out there: what do you think?

    Read the article

  • iptables not allowing mysql connections to aliased ips?

    - by Curtis
    I have a fairly simple iptables firewall on a server that provides MySQL services, but iptables seems to be giving me very inconsistent results. The default policy on the script is as follows: iptables -P INPUT DROP I can then make MySQL public with the following rule: iptables -A INPUT -p tcp --dport 3306 -j ACCEPT With this rule in place, I can connect to MySQL from any source IP to any destination IP on the server without a problem. However, when I try to restrict access to just three IPs by replacing the above line with the following, I run into trouble (xxx=masked octect): iptables -A INPUT -p tcp --dport 3306 -m state --state NEW -s 208.XXX.XXX.184 -j ACCEPT iptables -A INPUT -p tcp --dport 3306 -m state --state NEW -s 208.XXX.XXX.196 -j ACCEPT iptables -A INPUT -p tcp --dport 3306 -m state --state NEW -s 208.XXX.XXX.251 -j ACCEPT Once the above rules are in place, the following happens: I can connect to the MySQL server from the .184, .196 and .251 hosts just fine as long as am connecting to the MySQL server using it's default IP address or an IP alias in the same subnet as the default IP address. I am unable to connect to MySQL using IP aliases that are assigned to the server from a different subnet than the server's default IP when I'm coming from the .184 or .196 hosts, but .251 works just fine. From the .184 or .196 hosts, a telnet attempt just hangs... # telnet 209.xxx.xxx.22 3306 Trying 209.xxx.xxx.22... If I remove the .251 line (making .196 the last rule added), the .196 host still can not connect to MySQL using IP aliases (so it's not the order of the rules that is causing the inconsistent behavior). I know, this particular test was silly as it shouldn't matter what order these three rules are added in, but I figured someone might ask. If I switch back to the "public" rule, all hosts can connect to the MySQL server using either the default or aliased IPs (in either subnet): iptables -A INPUT -p tcp --dport 3306 -j ACCEPT The server is running in a CentOS 5.4 OpenVZ/Proxmox container (2.6.32-4-pve). And, just in case you prefer to see the problem rules in the context of the iptables script, here it is (xxx=masked octect): # Flush old rules, old custom tables /sbin/iptables --flush /sbin/iptables --delete-chain # Set default policies for all three default chains /sbin/iptables -P INPUT DROP /sbin/iptables -P FORWARD DROP /sbin/iptables -P OUTPUT ACCEPT # Enable free use of loopback interfaces /sbin/iptables -A INPUT -i lo -j ACCEPT /sbin/iptables -A OUTPUT -o lo -j ACCEPT # All TCP sessions should begin with SYN /sbin/iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP # Accept inbound TCP packets (Do this *before* adding the 'blocked' chain) /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow the server's own IP to connect to itself /sbin/iptables -A INPUT -i eth0 -s 208.xxx.xxx.178 -j ACCEPT # Add the 'blocked' chain *after* we've accepted established/related connections # so we remain efficient and only evaluate new/inbound connections /sbin/iptables -N BLOCKED /sbin/iptables -A INPUT -j BLOCKED # Accept inbound ICMP messages /sbin/iptables -A INPUT -p ICMP --icmp-type 8 -j ACCEPT /sbin/iptables -A INPUT -p ICMP --icmp-type 11 -j ACCEPT # ssh (private) /sbin/iptables -A INPUT -p tcp --dport 22 -m state --state NEW -s xxx.xxx.xxx.xxx -j ACCEPT # ftp (private) /sbin/iptables -A INPUT -p tcp --dport 21 -m state --state NEW -s xxx.xxx.xxx.xxx -j ACCEPT # www (public) /sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT /sbin/iptables -A INPUT -p tcp --dport 443 -j ACCEPT # smtp (public) /sbin/iptables -A INPUT -p tcp --dport 25 -j ACCEPT /sbin/iptables -A INPUT -p tcp --dport 2525 -j ACCEPT # pop (public) /sbin/iptables -A INPUT -p tcp --dport 110 -j ACCEPT # mysql (private) /sbin/iptables -A INPUT -p tcp --dport 3306 -m state --state NEW -s 208.xxx.xxx.184 -j ACCEPT /sbin/iptables -A INPUT -p tcp --dport 3306 -m state --state NEW -s 208.xxx.xxx.196 -j ACCEPT /sbin/iptables -A INPUT -p tcp --dport 3306 -m state --state NEW -s 208.xxx.xxx.251 -j ACCEPT Any ideas? Thanks in advance. :-)

    Read the article

  • nginx: How can I set proxy_* directives only for matching URIs?

    - by Artem Russakovskii
    I've been at this for hours and I can't figure out a clean solution. Basically, I have an nginx proxy setup, which works really well, but I'd like to handle a few urls more manually. Specifically, there are 2-3 locations for which I'd like to set proxy_ignore_headers to Set-Cookie to force nginx to cache them (nginx doesn't cache responses with Set-Cookie as per http://wiki.nginx.org/HttpProxyModule#proxy_ignore_headers). So for these locations, all I'd like to do is set proxy_ignore_headers Set-Cookie; I've tried everything I could think of outside of setting up and duplicating every config value, but nothing works. I tried: Nesting location directives, hoping the inner location which matches on my files would just set this value and inherit the rest, but that wasn't the case - it seemed to ignore anything set in the outer location, most notably proxy_pass and I end up with a 404). Specifying the proxy_cache_valid directive in an if block that matches on $request_uri, but nginx complains that it's not allowed ("proxy_cache_valid" directive is not allowed here). Specifying a variable equal to "Set-Cookie" in an if block, and then trying to set proxy_cache_valid to that variable later, but nginx isn't allowing variables for this case and throws up. It should be so simple - modifying/appending a single directive for some requests, and yet I haven't been able to make nginx do that. What am I missing here? Is there at least a way to wrap common directives in a reusable block and have multiple location blocks refer to it, after adding their own unique bits? Thank you. Just for reference, the main location / block is included below, together with my failed proxy_ignore_headers directive for a specific URI. location / { # Setup var defaults set $no_cache ""; # If non GET/HEAD, don't cache & mark user as uncacheable for 1 second via cookie if ($request_method !~ ^(GET|HEAD)$) { set $no_cache "1"; } if ($http_user_agent ~* '(iphone|ipod|ipad|aspen|incognito|webmate|android|dream|cupcake|froyo|blackberry|webos|s8000|bada)') { set $mobile_request '1'; set $no_cache "1"; } # feed crawlers, don't want these to get stuck with a cached version, especially if it caches a 302 back to themselves (infinite loop) if ($http_user_agent ~* '(FeedBurner|FeedValidator|MediafedMetrics)') { set $no_cache "1"; } # Drop no cache cookie if need be # (for some reason, add_header fails if included in prior if-block) if ($no_cache = "1") { add_header Set-Cookie "_mcnc=1; Max-Age=17; Path=/"; add_header X-Microcachable "0"; } # Bypass cache if no-cache cookie is set, these are absolutely critical for Wordpress installations that don't use JS comments if ($http_cookie ~* "(_mcnc|comment_author_|wordpress_(?!test_cookie)|wp-postpass_)") { set $no_cache "1"; } if ($request_uri ~* wpsf-(img|js)\.php) { proxy_ignore_headers Set-Cookie; } # Bypass cache if flag is set proxy_no_cache $no_cache; proxy_cache_bypass $no_cache; # under no circumstances should there ever be a retry of a POST request, or any other request for that matter proxy_next_upstream off; proxy_read_timeout 86400s; # Point nginx to the real app/web server proxy_pass http://localhost; # Set cache zone proxy_cache microcache; # Set cache key to include identifying components proxy_cache_key $scheme$host$request_method$request_uri$mobile_request; # Only cache valid HTTP 200 responses for this long proxy_cache_valid 200 15s; #proxy_cache_min_uses 3; # Serve from cache if currently refreshing proxy_cache_use_stale updating timeout; # Send appropriate headers through proxy_set_header Host $host; # no need for this proxy_set_header X-Real-IP $remote_addr; # no need for this proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # Set files larger than 1M to stream rather than cache proxy_max_temp_file_size 1M; access_log /var/log/nginx/androidpolice-microcache.log custom; }

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 672 673 674 675 676 677 678 679 680 681 682 683  | Next Page >