Back to Home / #linode / 2019 / 07 / Prev Day | Next Day
#linode IRC Logs for 2019-07-07

---Logopened Sun Jul 07 00:00:08 2019
---Daychanged Sun Jul 07 2019
00:00-!-Dataforce [] has quit [Remote host closed the connection]
00:00-!-Dataforce [] has joined #linode
00:00-!-Dataforce is "Shane "Dataforce" Mc Cormack" on #linode #bitlbee #oftc @#DMDirc
00:12-!-zed91 [~oftc-webi@drmons0552w-134-41-127-229.dhcp-dynamic.fibreop.ns.bellaliant.n] has joined #linode
00:12-!-zed91 is "OFTC WebIRC Client" on #linode
00:13<zed91>i want to activate my account please
00:13<dwfreed>LouWestin: the default iptables command maps iptables syntax to nftables rules under the hood
00:14<zed91>i want to activate my account sir !
00:15-!-zed91 [~oftc-webi@drmons0552w-134-41-127-229.dhcp-dynamic.fibreop.ns.bellaliant.n] has quit []
00:16-!-Dataforce [] has quit [Remote host closed the connection]
00:16<dwfreed>LouWestin: note that if you use netfilter-persistent, you'll need to blacklist iptable_filter and ip6table_filter to prevent the warning message about the legacy rules still existing
00:25<LouWestin>Dwfreed: ok thanks! I was testing out a ip rule translator. I’ll stick with setting up iptables for now, then I can always change it
00:25<LouWestin>Later on
00:26<dwfreed>there's a translator that ships with the nft-compat tools
00:27<dwfreed>iptables-restore-translate will output the nft syntax for the ruleset (but it won't apply it, so it's not a restore in that sense)
00:27<dwfreed>iptables-translate will take an iptables command line and convert it to an nft command line
00:28<dwfreed>and s/iptables/ip6tables/ for IPv6, as you might expect
00:29<LouWestin>That’s what I meant. I’ll finish up the new server tomorrow.
00:30<dwfreed>note that it doesn't handle ipsets at all
00:31<LouWestin>I mean the iptables-translate
00:33<LouWestin>I’m trying to recall what rules I have. Basically what Linode has recommended, just what ports are needed
00:33<dwfreed>sudo iptables-save
00:33<dwfreed>or sudo iptables -S
00:33<dwfreed>(assuming you don't have any non-filter rules; most people don't)
00:35<LouWestin>I don’t think so. Just allow port whatever and deny certain things
02:00-!-_eyepulp [] has quit [Ping timeout: 480 seconds]
04:03-!-thiras [~thiras@] has joined #linode
04:03-!-thiras is "Ant" on #debian #linode #tami
05:02-!-|GIG-1 [~MYOB@] has joined #linode
05:02-!-|GIG-1 is "J" on #moocows #linode
05:02-!-|GIG [~MYOB@] has quit [Remote host closed the connection]
05:29-!-Omochao is "Fenhl" on #debian
05:29-!-Omochao [] has joined #linode
05:50-!-|GIG-1 [~MYOB@] has quit [Quit: ( USA IRC )]
05:50-!-|GIG [~MYOB@] has joined #linode
05:50-!-|GIG is "J" on #linode #moocows
05:59-!-noob [~oftc-webi@2a01:7e01::f03c:91ff:fe57:de90] has joined #linode
05:59-!-noob is "OFTC WebIRC Client" on #linode
05:59-!-noob is now known as Guest6865
06:02-!-Guest6865 is now known as noobie
06:05<noobie>r there more newbs here ?
06:15-!-qwebirc70753 [~oftc-webi@2a01:7e01::f03c:91ff:fe57:de90] has joined #linode
06:15-!-qwebirc70753 is "OFTC WebIRC Client" on #linode
06:17-!-qwebirc70753 [~oftc-webi@2a01:7e01::f03c:91ff:fe57:de90] has quit [Remote host closed the connection]
06:18-!-qwebirc37399 [~oftc-webi@2a01:7e01::f03c:91ff:fe57:de90] has joined #linode
06:18-!-qwebirc37399 is "OFTC WebIRC Client" on #linode
06:19<qwebirc37399>I came via
06:19<qwebirc37399>in case ure interested...
06:19-!-qwebirc59029 [~oftc-webi@2a01:7e01::f03c:91ff:fe57:de90] has joined #linode
06:19-!-qwebirc59029 is "OFTC WebIRC Client" on #linode
06:19<qwebirc59029>I clicked this:
06:26-!-qwebirc59029 [~oftc-webi@2a01:7e01::f03c:91ff:fe57:de90] has quit [Quit: Page closed]
06:26-!-noobie [~oftc-webi@2a01:7e01::f03c:91ff:fe57:de90] has quit [Quit: Page closed]
06:39-!-darwin [] has quit [Ping timeout: 480 seconds]
07:13-!-qwebirc37399 [~oftc-webi@2a01:7e01::f03c:91ff:fe57:de90] has quit [Quit: Page closed]
07:53-!-kaare__ [] has joined #linode
07:53-!-kaare__ is "Kaare Rasmussen" on #linode
09:17-!-V-Pariah [] has quit [Ping timeout: 480 seconds]
09:31-!-V-Pariah [] has joined #linode
09:31-!-V-Pariah is "Vicious Pariah" on #linode
11:53-!-Dataforce [] has joined #linode
11:53-!-Dataforce is "Shane "Dataforce" Mc Cormack" on #linode #bitlbee #oftc @#DMDirc
12:02-!-alan [] has joined #linode
12:02-!-alan is "OFTC WebIRC Client" on #linode
12:03<alan> I'm having issues setting up this app, I haven't had this issue before with this same app
12:03<alan>even with 777 it doesn't work
12:04<millisa>as always - what do your logs say
12:04<grawity>what is the actual issue
12:05<gparent>what if I told you 777 made you lose time not save time
12:54-!-NomadJim [~Jim@2001:5b0:2d1f:6b38:8422:fc87:fd66:acf5] has quit [Read error: Connection reset by peer]
12:59<alan>sorry I got busy
13:12<kharlan11>app don't work is the issue grawity
13:18<alan>there's no errors in the log
13:18<alan>it doesn't attempt to do anything as they are not detecting the proper permissions
13:20<alan>m wordpress website is also having issues so I believe it's a server misconfiguration
13:21-!-thiras [~thiras@] has quit [Ping timeout: 480 seconds]
13:21<alan>or the permisisons aren't set properly for any web folder
13:21-!-cps [] has quit [Read error: No route to host]
13:21-!-cps [] has joined #linode
13:21-!-cps is "Chris Smolinski" on #linode
13:22-!-thiras [~thiras@] has joined #linode
13:22-!-thiras is "Ant" on #debian #linode #tami
13:23-!-descender [~heh@2406:3003:206f:397b:bd1b:645f:b723:8f30] has quit [Ping timeout: 480 seconds]
13:25<millisa>so look at the permissions/ownership. Pick one of the files/dirs it is complaining about and look at it with something like 'namei -l /path/to/fileordir'
13:25<alan>easiest is index.php
13:25<alan>it's in the root folder
13:25<alan>I gave it 777
13:25<millisa>Pick one of the files/dirs it is complaining about and look at it with something like 'namei -l /path/to/fileordir'
13:27<alan>4 -rwxrwxrwx. 1 sandbox.primitiv sftp 1736 Jul 6 15:42 index.php
13:27<LouWestin>Isn’t having 777 dangerous since that’s giving public write access?
13:29<alan>of course, for this purpose I'm trying to find out the issue
13:29<alan>in this case 777 doesn't help or make it worse
13:30<alan>so what would be my next step change ownership?
13:30-!-lex [~lex@] has joined #linode
13:30-!-lex is "Despite All My Rage.." on #linode
13:30-!-lex is now known as Guest6884
13:31<LouWestin>.... ownership/group change first, than play with the permissions
13:31<LouWestin>I mentioned this yesterday.
13:32<alan>nginx isrunning the web server
13:32<alan>if I'm not mistaken
13:32<alan>but when I tried changing the group to nginx nothing changed
13:32<millisa>what user is the php-fpm service running as
13:33-!-wheatie [] has quit [Ping timeout: 480 seconds]
13:34<alan>what command to I run same one but with php-fpm at the end?
13:34<millisa>look in your php-fpm conf for the pool you are using and/or look at the process list if you aren't running it in ondemand
13:35<alan>ps -ef|grep php-fpm?
13:35<LouWestin>777 is like sticking a fork in an outlet to see if it’s live... don’t do that! lol
13:35<LouWestin>Gotta go back to work now.
13:36<millisa>php-fpm -tt <--- that should dump out your current config
13:37<alan>is that correct
13:37<alan>sorry nginx**
13:37<millisa>that appears to be your only pool. and you have it running as nginx.
13:37<alan>user and group for www is nginx
13:38<millisa>so for php-fpm to write to those files dirs, the nginx user would have to have write access
13:38<millisa>are you using selinux?
13:38<alan>I'm not sure, if so I haven't touched it
13:38<alan>i just ran chown sandbox.primitiv:nginx -R on public_html
13:38<alan>still the same
13:39<millisa>chown nginx:nginx /path/to/that/index.php
13:39<alan>she's enabled
13:40<alan>kay so now that i ran nginx:nginx
13:40<alan>one of the files appears to be green
13:40<alan>or pass
13:41<alan>idk why
13:41<alan>the /index doesnt work still
13:41<millisa>You can try turning off selinux temporarily with 'setenforce 0'
13:42<alan>that made them all green lol
13:42<alan>letm e try something else
13:43<millisa>well, if you want to keep selinux on, you'd probably need to change the context on some of those files/dirs
13:43<alan>what do you mean by context
13:45<millisa>this talks about viewing existing and making changes
13:46<alan>would you recommend having selinux at all?
13:48<millisa>couldn't advise on that. depends on your requirements/policies. I personally don't use it in most places since it doesn't address my problems...
13:48<millisa>a proselinux person would tell you, keep it, it adds security, fix your contexts.
13:49<millisa>other side is it adds complexity, not a lot of gain over what it address in already existing methods, get off my lawn
13:49<millisa>if you want selinux on a linode, you have to run the distribution kernel...
13:49<millisa>(unless that's changed recently). so take that however you want
13:51<millisa>you have a good example of how it might save you someday. you've got your php processes running as nginx, you've gone and thrown 777's around to let anyone write to places, so someone finding a compromised package in this 'nextwhatever' thing you're trying to install
13:51<millisa>could potentially write to everywhere you've given too much permissions
13:51<millisa>unless you had selinux there to stop that from happening
13:52<alan>that' a good point
13:52<alan>I don;t understand the changing context thing though
13:53<alan>i ran id Z
13:53<alan>got that
13:53<millisa>this thread is about wordpress but gives a very similar issue:
13:56<alan>so would there be error logs in my selinux log then pertaining to the issue im having?
13:56<millisa>probably in /var/log/audit
13:57<millisa>not sure if it's the same in every distribution, recent redhat type systems would be /var/log/audit/audit.log
13:58<alan>this seems like the error in fact
13:58<alan>or one of them
13:58<millisa>would not doubt it
13:58<alan>su -c "chcon -R -h -t httpd_sys_script_rw_t /opt/nginx/html/wp/wp-content/uploads" the link you sent for wordpress suggest to run this
14:00<millisa>that's doing a recurive change context on that dir to that httpd_ type
14:00<millisa>top of the hour, garage cleaning time.
14:03<alan>it worked :P
14:03<alan>!point millisa
14:04<alan>!point millisa
14:04<alan>am I doing it work again?
14:06<alan>!point: millisa
14:06<alan>why cant i give her a point
14:07<Zr40>the bot isn't here
14:21<alan>my wordpress still fails
14:31<alan>nvm wordpress is fixed xD
14:33<alan> the login page or signup cannot be found I'm not sure why
14:38-!-Netsplit <-> quits: Louis6321, chesty, soxyfox, gko, Luckst0r_, internat, JamesTK, MrPPS, dannyAAM, wcpan, (+3 more, use /NETSPLIT to show all of them)
14:38-!-Netsplit over, joins: wcpan, wraeth, gko, dannyAAM
14:38-!-Luckst0r [] has joined #linode
14:38-!-wcpan is "wcpan" on #linode #debian #dot
14:38-!-wraeth is "wraeth" on #linode #oftc
14:38-!-Netsplit over, joins: internat
14:38-!-Luckst0r is "luckst0r" on #linode
14:38-!-Netsplit over, joins: troy
14:38-!-troy is "troy" on #linode #debian
14:38-!-Netsplit over, joins: JamesTK
14:38-!-JamesTK is "James Taylor" on #linode #bitlbee @#digitalocean #Corsair
14:40-!-md_5 [] has joined #linode
14:40-!-md_5 is "Got ZNC?" on #virt #linode
14:40-!-Netsplit over, joins: chesty
14:40-!-chesty is "chesty" on #linode #moocows
14:40-!-Netsplit over, joins: soxyfox
14:40-!-MrPPS [] has joined #linode
14:40-!-MrPPS is "MrPPS" on #oftc #linode
14:42-!-Netsplit over, joins: Louis6321
14:43-!-ronnie [] has joined #linode
14:43-!-ronnie is "OFTC WebIRC Client" on #linode
14:45<ronnie>Hello. I have a linode that I resized to an 8GB plan (was originally created on the 2GB plan).
14:46<ronnie>The system is running Ubuntu 16.04 and shows 49412400kb (approximately 50GB). How do I expand the Partition?
14:48-!-ronnie [] has quit []
16:40-!-aspis [] has quit [Ping timeout: 480 seconds]
16:45-!-aspis [] has joined #linode
16:45-!-aspis is "aspis" on #linode
16:50-!-emil [] has joined #linode
16:50-!-emil is "emil" on #linode
16:50<emil>Is this the official linode channel?
16:56-!-honestemu [] has joined #linode
16:56-!-honestemu is "OFTC WebIRC Client" on #linode
16:56-!-emil [] has left #linode []
16:57<honestemu>Anyone here have a mailserver set up through linode?
16:57<honestemu>I recently upgraded my Debian version.
16:58<honestemu>I hooked it up to my gmail. But I keep getting a SSL error: Leaf certificate is expired"
16:58<honestemu>I was able to renew the certificates successfully.
16:58<honestemu>I tried googling the error, but I couldn't find a solution.
17:10<nate>I feel like a lot more context is needed, particularly your context of "hooked it up to gmail" and what software exactly is throwing the error and if it's still doing it after you renewed the certificates. If not then I would say the issue was your certificate was expired
17:10-!-thiras [~thiras@] has quit [Remote host closed the connection]
17:12-!-thiras [~thiras@] has joined #linode
17:12-!-thiras is "Ant" on #tami #linode #debian
17:14<honestemu>nate: I added it under the "Check mail from other accounts" in gmail.
17:15<dwfreed>are you using postfix and dovecot?
17:15<dwfreed>did you reload postfix and dovecot *both* after renewing the cert?
17:16<honestemu>dwfreed: Yup.
17:16<honestemu>That's systemctl restart dovecot, right?
17:17<honestemu>This is the error I got from gmail when trying to check mail from my mail server: Server returned error: "SSL error: Leaf certificate is expired"
17:18<honestemu>Can an incorrect password throw this error?
17:18<honestemu>I'm wondering if maybe I have my password wrong.
17:21<dwfreed>that message would have nothing to do with incorrect password
17:22<dwfreed>what is your Linode's IP address?
17:24<dwfreed>Dovecot has not picked up the updated certificate; you should check its configuration to ensure it's pointing at the right files
17:25<dwfreed>if you're using certbot, the files it points at should be symlinks to the most recently generated certificate
17:26<honestemu>dwfreed: Good point.
17:26<honestemu>I see this when tailing the mail logs
17:27<honestemu>Jul 7 17:25:12 pestilence dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=2607:f8b0:4864:20::d27, lip=2600:3c03::f03c:91ff:fe73:127c, TLS: Disconnected, session=<dd179h2N/JUmB/iwSGQAIAAAAAAAAA0n>
17:27<honestemu>I'll investigate.
17:27<honestemu>Thanks for the help!
17:28-!-honestemu [] has quit [Quit: Page closed]
17:28<dwfreed>his nick reminds me of Honest Abe
18:18-!-andyzwieg103 [] has quit [Quit: andyzwieg103]
18:29<millisa>!point dwfreed
18:29<millisa>(RIP: Linbot)
18:30<dwfreed>mcintosh: ^^^ RIP linbot
18:30<Peng>linodebot is on Freenode
18:30<Peng>RIP OFTC
18:41-!-zimmedon [] has quit [Quit: Kernel panic - not syncing: Attempted to kill init!]
19:21-!-darwin [] has joined #linode
19:21-!-darwin is "Darwin of The Elves" on #linode #bitlbee
19:54-!-_eyepulp [] has joined #linode
19:54-!-_eyepulp is "eyepulp" on #linode
20:00-!-Guest6371 [~fifrdisro@2001:470:1af1:101::82e] has quit [Remote host closed the connection]
20:00-!-sm[m] [~simonmicm@2001:470:1af1:101::382b] has quit [Remote host closed the connection]
20:00-!-DennyFuchs[m] [~fuchsmatr@2001:470:1af1:101::c2f] has quit [Remote host closed the connection]
20:00-!-frailty [~frailtyma@2001:470:1af1:101::1972] has quit [Remote host closed the connection]
20:00-!-io____[m] [~iomatrixo@2001:470:1af1:101::2cc5] has quit [Remote host closed the connection]
20:00-!-mcintosh[m] [~mcintoshm@2001:470:1af1:101::4a9] has quit [Remote host closed the connection]
20:00-!-tomchen[m] [~tomchenma@2001:470:1af1:101::528] has quit [Remote host closed the connection]
20:00-!-fifr[m]1 [~fifrmatri@2001:470:1af1:101::3157] has quit [Remote host closed the connection]
20:00-!-Geezus42[m] [~geezus42m@2001:470:1af1:101::2ff] has quit [Write error: connection closed]
20:00-!-capuk[m] [~capukmatr@2001:470:1af1:101::8f1] has quit [Write error: connection closed]
20:00-!-lpalgarvio[m] [~lpalgarvi@2001:470:1af1:101::2e1] has quit [Remote host closed the connection]
20:00-!-intheclouddan[m] [~intheclou@2001:470:1af1:101::5ce] has quit [Remote host closed the connection]
20:00-!-jfred[m] [~jonterrac@2001:470:1af1:101::c] has quit [Remote host closed the connection]
20:00-!-eatonphil[m] [~eatonphil@2001:470:1af1:101::1368] has quit [Remote host closed the connection]
20:00-!-tomami[m] [~tomamimat@2001:470:1af1:101::fd] has quit [Remote host closed the connection]
20:02<alan>Ikaros: var countrytaxrate = ; is this valid?
20:06-!-_eyepulp [] has quit [Ping timeout: 480 seconds]
20:16-!-alan [] has quit [Quit: Page closed]
20:17-!-Geezus42[m] [~geezus42m@2001:470:1af1:101::2ff] has joined #linode
20:17-!-Geezus42[m] is "" on #linode #mm
20:27-!-kaare__ [] has quit [Ping timeout: 480 seconds]
20:44-!-thiras [~thiras@] has quit [Ping timeout: 480 seconds]
20:47-!-nthao414 [~oftc-webi@] has joined #linode
20:47-!-nthao414 is "OFTC WebIRC Client" on #linode
20:49-!-nthao414 [~oftc-webi@] has quit []
20:50-!-zineb [~zineb@] has joined #linode
20:50-!-zineb is "realname" on #linode
20:51<zineb>If i close my account and I have a 20$ coupon, and in my "Uninvoiced Balance" 10$ do I have to pay or the coupon is sufficient
20:53-!-zineb [~zineb@] has quit []
20:53<dwfreed>zineb: you mean you have a $20 credit on your account?
20:53<dwfreed>and gone
21:09<LouWestin>I translated iptables into NFT from linodes guide
21:09<LouWestin>I belive some of the rules could be condensed better
21:10<LouWestin>For all my hard work I'm going to setup a Pateon account with a goal of $1 billion dollars
21:22<LouWestin>and here's the NFT translation for IPv6
21:37<LouWestin>Ok for some reason any nft ip6 rules I add gives me the error, could not preocess rule: no such file or directory
21:38<LouWestin>Here's the error in full context
21:46<retro|blah>I have not worked with nftables, but I would want to verify that the filter table and INPUT chain exist for the ip6 family. (You might do something similar when troubleshooting iptables)
21:49-!-fstd [] has joined #linode
21:49-!-fstd is "fstd" on #oftc #linode #debian #kernelnewbies
21:56<LouWestin>basically I just translated the ip6table rule into nft using ip6tables-translate so it's possible there's an error in translation
21:56-!-fstd_ [] has quit [Ping timeout: 480 seconds]
21:57<retro|blah>OK, but that doesn't address what I suggested.
22:01<LouWestin>Ok, sorry responded too quickly
22:02<LouWestin>I'm looking into that
22:11-!-DarwinElf [] has joined #linode
22:11-!-DarwinElf is "Darwin of The Elves" on #linode #bitlbee
22:11-!-darwin [] has quit [Remote host closed the connection]
22:11-!-DarwinElf is now known as darwin
22:22<LouWestin>Alright, I'll have to revisit it later. I think I'll run with iptables for now like dwfreed sugguested
22:42-!-jas4711 [~smuxi@] has quit [Ping timeout: 480 seconds]
22:53-!-jas4711 is "Simon Josefsson" on #debian
22:53-!-jas4711 [~smuxi@] has joined #linode
23:08<LouWestin>I flushed out my iptables which kicked me out of the terminal, but for some reason i'm trying to add the rules back in with lish, but they're not entering in
23:14<retro|blah>I'm not sure what "they're not entering in" means.
23:17<gparent>i cant get a lock
23:18<LouWestin>I ended up rebooting the server. The rules weren't showing up
23:18<LouWestin>which the reboot fixed it.
---Logclosed Mon Jul 08 00:00:47 2019