's questions

I have several servers running on the same machine, some with http only, some with both http and https. There are several server blocks defined in separate files which are included from the main config file.

I have set up a "default" server for http which will serve a generic "maintenance page" to requests that don't match any of the other server_names in the other config files. The http default server works as expected, it uses the server_name "_" and it appears first in the list of includes (because I have observed that in the case of duplicate server_names across servers, the one appearing first is used). This works great.

I would expect the same exact server block (only switching "listen 80 default_server" to "listen 443 default_server" and also instead of serving page "return 444") however it does not. Instead, it appears that the new default https server is actually grabbing all incoming https connections and causing them to fail, although the other server blocks have more appropriate server_names for the incoming requests. Removing the new default https server will cause semi-correct behavior to resume: the websites with https will all load correctly; but the websites without https will all be routed to the first https server in the include files (which according to the docs, if no "default_server" appears, then the first server block to appear will be "default").

So my question is, what is the correct way to define a "default server" in nginx for ssl connections? Why is it that when I explicitly set a "default_server" it gets greedy and grabs all connections whereas when I implicitly let nginx decide the "default server" it works like I would expect (with the incorrect server set as default and the other real servers behaving correctly)?

Here are my "default servers". Http works without breaking other servers. Https breaks other servers and consumes all.

server {
    listen 443 ssl default_server;
    server_name _;

    access_log /var/log/nginx/maintenance.access.log;
    error_log /var/log/nginx/maintenance.error.log error;

    return 444;
}

server {
    listen *:80 default_server;
    server_name _;
    charset utf-8;

    access_log /var/log/nginx/maintenance.access.log;
    error_log /var/log/nginx/maintenance.error.log error;

    root /home/path/to/templates;

    location / {
        return 503;
    }

    error_page 503 @maintenance;

    location @maintenance {
        rewrite ^(.*)$ /maintenance.html break;
    }
}

Any of you see what might be wrong here?

All of my servers are currently flooded by salt water. Is it possible for each platter in a multi-platter drive to be separated, cleaned, imaged, and merged into a new virtual drive for data recovery?

I looked at the nginx documentation and it still confuses me utterly.

How does try_files work? Here is what the documentation says:

From NginxHttpCoreModule

try_files

syntax: try_files path1 [path2] uri

default: none

context: server, location

availability: 0.7.27

Checks for the existence of files in order, and returns the first file that is found. A trailing slash indicates a directory - $uri /. In the event that no file is found, an internal redirect to the last parameter is invoked. The last parameter is the fallback URI and must exist, or else an internal error will be raised. Unlike rewrite, $args are not automatically preserved if the fallback is not a named location. If you need args preserved, you must do so explicitly:

I don't understand how it checks the paths and what if I don't want an internal error but have it resume the rest of the path in an effort to find another file?

If I want to try a cached file at /path/app/cache/url/index.html and if it fails to try /path/app/index.php how would I write that? If I wrote:

try_files /path/app/cache/ $uri
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php-fastcgi/php-fastcgi.socket;
fastcgi_param SCRIPT_FILENAME $document_root/index.php;

I have index index.php index.html index.htm;. When I visit /urlname, will it try checking /path/app/cache/urlname/index.php then /path/app/cache/urlname/index.html? If we ignore everything after try_files is it possible for try_files to check the cache folder? I have been trying and have failed.

I have never had the privilege of working in an environment that required complicated routing or if it did require it, it was handled upstream of me. I've always used very simple static routing configurations and never needed to do any multipath routing -- hence my general confusion regarding this subject. I would like to understand multicasting and anycasting better.

• What is the difference between unicast, anycast, broadcast and multicast traffic?
• What situations are they generally used in and why (e.g., what applications use which method)?
• How do you calculate how much broadcast traffic is too much for a given network segment or broadcast domain?
• What are the security implications of allowing broadcast and multicast traffic?

I have file servers which are used to store files. Files might reside there for a week, or for a year. Unfortunately, when I remove files from the server, df command doesn't reflect the freed up space. So eventually, the server gets filled up (df shows 99%), and my script doesn't send any more files there, except there might be a few dozen GB of free space on there.

I got noatime flag on the mounted partitions if that makes any difference.

URLs always have this format:

<protocol>://<host>[:<port>]/[<path>][#<hash>]

The problem is that IPv6 uses colons, just like the separator of port and host, e.g:

2001:db8:1f70::999:de8:7648:6e8

But what if this is the host, and I want to connect to it with HTTP on port 100?

http://2001:db8:1f70::999:de8:7648:6e8:100/

The problem is the last colon. Since zero's are omitted with double colons (between 1f70 and 999), it's unknown if ':100' belongs to the IP or the port number. How can we know this?

I have a long-running server process inside a screen session on my Linux server. It's a bit unstable (and sadly not my software so I can't fix that!), so I want to script a nightly restart of the process to help stability. The only way to make it do a graceful shutdown is to go to the screen process, switch to the window it's running in, and enter the string "stop" on its control console.

Are there any smart redirection contortions I can do to make a cronjob send that stop command at a fixed time every day?

How can I find a Windows server's last reboot time, apart from 'net statistics server/workstation'?

How can I start/stop the iptables service on Ubuntu?

I have tried

 service iptables stop

but it is giving "unrecognized service".

Why is it doing so? Is there any other method?

I want to secure a file upload directory on my server as described beautifully here, but I have one problem before I can follow these instructions. I don't know what user Apache is running as.

I've found a suggestion that you can look in httpd.conf and there will be a "User" line, but there is no such line in my httpd.conf file, so I guess Apache is running as the default user. I can't find out what that is, though.

So, my question is (are):

• how do I find out what the default user is
• do I need to change the default user
• if the answer is yes and I change the default user by editing httpd.conf, is it likely to screw anything up?

Thanks!

If I have a server A into which I can login with my ssh key and I have the ability to "sudo su - otheruser", I lose key forwarding, because the env variables are removed and the socket is only readable by my original user. Is there a way I can bridge the key forwarding through the "sudo su - otheruser", so I can do stuff on a server B with my forwarded key (git clone and rsync in my case)?

The only way I can think of is adding my key to authorized_keys of otheruser and "ssh otheruser@localhost", but that's cumbersome to do for every user and server combination I may have.

In short:

$ sudo -HE ssh user@host
(success)
$ sudo -HE -u otheruser ssh user@host
Permission denied (publickey). 

I'd like to know if any certificates support a double wildcard like *.*.example.com? I've just been on the phone with my current SSL provider (register.com) and the girl there said they don't offer anything like that and that she didn't think it was possible anyway.

Can anyone tell me if this is possible, and if browsers support this?

Is it possible to alias a hostname in Linux?

It has been asked by jmillikin at various Ubuntu forums as follows:

Is it possible to create a hostname alias? Sort of like /etc/hosts, but with other hostnames rather than IP addresses. So that with some file like this, you could ping "fakehost1", and it would be re-mapped to "realhost", and then "realhost" would be resolved to an IP address.

# Real host        # Aliases
realhost           fakehost1 fakehost2 fakehost3

Somebody has answered about ssh, but not about ping, etc. My main purpose is to use it as an alias for a Subversion server. In my case, realhost is under a dynamic IP address. So, the "/etc/hosts" alias doesn't work. I want to access my Subversion server as svn://my_svnserver/my_repos instead of svn://realhost/my_repos.

I can't send out emails,

need to look into the logs,

but where is the log?

Basic question from a novice:

What is the difference between authentication and authorization?

I'm trying to use robocopy to transfer a single file from one location to another but robocopy seems to think I'm always specifying a folder. Here is an example:

robocopy "c:\transfer_this.txt" "z:\transferred.txt"

But I get this error instead:

2009/08/11 15:21:57 ERROR 123 (0x0000007B) Accessing Source Directory c:\transfer_this.txt\

(note the \ at the end of transfer_this.txt)

But if I treat it like an entire folder:

robocopy "c:\folder" "z:\folder"

It works but then I have to transfer everything in the folder.

How can I only transfer a single file with robocopy?

Is there a command line way to list all the users in a particular Active Directory group?

I can see who is in the group by going to Manage Computer --> Local User / Groups --> Groups and double clicking the group.

I just need a command line way to retrieve the data, so I can do some other automated tasks.

I've been picking up Linux (Fedora 10, then 11) over the past few months (and enjoying it immensely-- it's like discovering computers all over again, so many things to learn).

I've added my user to the last line of the /etc/sudoers file as shown below, so that I don't get asked for my password when I execute the sudo command:

MyUserName ALL=(ALL) NOPASSWD:ALL

Now every time I execute a command using sudo, it pauses a noticeable amount of time before actually performing the task (~10 seconds). Why might this be and how might I fix this? I'm running Sudo version 1.7.1 on Fedora 11 x86 64.

I want to copy all of the files and folders from one host to another. The files on the old host sit at /var/www/html and I only have FTP access to that server, and I can't TAR all the files. Regular connection to the old host through FTP brings me to the /home/admin folder.

I tried running the following command form my new server:

wget -r ftp://username:[email protected]

But all I get is a made up index.html file.

What the right syntax for using wget recursively over FTP?

On Windows, how do you refresh the hosts file without rebooting?