Oldskool's questions

I'm having a weird issue with an nginx configuration. I have the following server block:

server {
  listen 80;
  listen [::]:80;

  server_name stats.example.com;
  root /usr/share/nginx/html;

  location = /foobar {
    return 403;
  }

  # ACME challenge configuration for Letsencrypt
  location ^~ /.well-known/acme-challenge/ {
    try_files $uri =404;
  }

  return 301 https://stats.example.com$request_uri;
}

This is a simple block that should redirect any non-https traffic to it's https counterpart. I tried to create an exception for the "ACME Challenge" that the Certbot for Letsencrypt uses to validate a domain prior to issuing a certificate. I have a similar setup on various servers and it usually works without problems, but on this particular server, it doesn't seem to parse the location blocks properly. To verify the server block I also added the custom /foobar location, just to make sure that when I hit that it should throw a 403.

But both location blocks do not seem to work. Whenever I request something from one of them, it returns the 301 to the https URL as set in the last line of the server block:

% curl -I 'http://stats.example.com/foobar'
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 01 May 2017 11:25:10 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://stats.example.com/foobar

It does the same for the ACME challenge URLs, which is why I cannot issue a certificate for this domain using Certbot. What am I missing here? Why are the location blocks not returning the 403 or the actual file (or 404)? Why is the 301 enforced here for all URLs?

I have an OCFS2 cluster running on top of a dual-primary DRBD setup on Ubuntu 16.04. Yesterday, I pushed this cluster into production and it seemed to run well for a while. But today, the cluster seems to have died. I am no longer able to mount the ocfs2 filesystem after I reboot a node. When I run:

mount.ocfs2 /dev/drbd0 /mnt/drbd

It just sits there waiting and waiting, but it's not mounting. OCFS2 seems to run fine, looking at the dmesg -H output:

[ +12.308685] ocfs2: Registered cluster interface o2cb
[ +0.012233] OCFS2 User DLM kernel interface loaded
[Feb24 14:34] o2net: Connected to node edmure (num 0) at 192.168.2.11:7777
[ +4.092023] o2dlm: Joining domain CCEFD26343174950A6BEF9A2F83B6735 ( 0 1 ) 2 nodes

It connects correctly to the other node on the LAN and joins the domain. The DRBD resource is also up and running without any problems:

% cat /proc/drbd
version: 8.4.5 (api:1/proto:86-101)
srcversion: 2A6B2FA4F0703B49CA9C727 
 0: cs:Connected ro:Primary/Primary ds:UpToDate/UpToDate C r-----
    ns:403 nr:4529 dw:4932 dr:1006 al:1 bm:0 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:0

However, if I run the mount command, it just hangs. Every two minutes, I get this message in the dmesg output:

[ +23.059786] INFO: task mount.ocfs2:1788 blocked for more than 120 seconds.
[ +0.000932] Not tainted 4.4.0-64-generic #85-Ubuntu
[ +0.000681] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ +0.000697] mount.ocfs2 D ffff880035ccba08 0 1788 1787 0x00000000
[ +0.000005] ffff880035ccba08 ffff8800a9b02000 ffff88013abf0000 ffff8800a9996600
[ +0.000002] ffff880035ccc000 ffff880035ccbbb0 ffff880035ccbba8 ffff8800a9996600
[ +0.000002] 0000000000000000 ffff880035ccba20 ffffffff818384d5 7fffffffffffffff
[ +0.000002] Call Trace:
[ +0.000010] [] schedule+0x35/0x80
[ +0.000002] [] schedule_timeout+0x1b5/0x270
[ +0.000003] [] wait_for_completion+0xb3/0x140
[ +0.000004] [] ? wake_up_q+0x70/0x70
[ +0.000042] [] __ocfs2_cluster_lock.isra.34+0x415/0x750 [ocfs2]
[ +0.000011] [] ? ocfs2_add_lockres_tracking+0x59/0xb0 [ocfs2]
[ +0.000011] [] ocfs2_super_lock+0xa5/0x250 [ocfs2]
[ +0.000014] [] ocfs2_fill_super+0xbda/0x1280 [ocfs2]
[ +0.000004] [] mount_bdev+0x26d/0x2c0
[ +0.000013] [] ? perf_trace_ocfs2_initialize_super+0x210/0x210 [ocfs2]
[ +0.000003] [] ? alloc_pages_current+0x8c/0x110
[ +0.000011] [] ocfs2_mount+0x15/0x20 [ocfs2]
[ +0.000002] [] mount_fs+0x38/0x160
[ +0.000002] [] vfs_kern_mount+0x67/0x110
[ +0.000003] [] do_mount+0x25f/0xda0
[ +0.000002] [] SyS_mount+0x9f/0x100
[ +0.000002] [] entry_SYSCALL_64_fastpath+0x16/0x71

The process is in the D (uninterruptable) state, so there's nothing I can do with it and it just remains in this state. I'm not really sure what I should make of this. Other then dmesg, I didn't find any useful logs on the systems. Running an strace on the mount process also doesn't reveal anything, it just seems to be waiting, but there no clue what it's waiting for.

My cluster config looks like this:

cluster:
        node_count = 2
        name = media-ocfs2
node:
        ip_port = 7777
        ip_address = 192.168.2.11
        number = 0
        name = edmure
        cluster = media-ocfs2

node:
        ip_port = 7777
        ip_address = 192.168.2.12
        number = 1
        name = brynden
        cluster = media-ocfs2

Does anybody have any idea how I can fix or further debug this issue?

I have a MariaDB master-slave setup on 2 CentOS 7.0 servers. Today, I extended a LVM volume on the master server (because it was getting full). After extending the partition, I rebooted the server and reconnected the slave to it. All went well and the server appeared to sync any queries run on the master again.

But, in my monitoring (Cacti) I noticed a very "suspicious" freefall in the disk space usage on the slave host.

I am not sure why. Did the slave drop/rotate binlogs when reconnecting to the master maybe? Then again, almost 600GB in binlogs seems insane.

I ran the pt-table-checksum tool from the Percona Toolkit to verify integrity between the hosts, running this command returns no diffs. So everything seems well, I just can't explain the massive drop in disk space usage, does anybody have an idea?

I have a CentOS 6.5 server running Apache 2.2.15 with mod_ssl and PHP 5.3.3. My problem is that PHP does not seem to recognize the HTTPS connection.

I have the following in my /etc/httpd/conf.d/ssl.conf file:

LoadModule ssl_module modules/mod_ssl.so

Listen 443
# IPs below anonimized, they are the actual IPs of the server
NameVirtualHost 127.0.0.1:443
NameVirtualHost [::1]:443

SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin

# Anonimized IPs here too, but the actual IPs are set
<VirtualHost 127.0.0.1:443 [::1]:443>
    ErrorLog logs/ssl_error_log
    TransferLog logs/ssl_access_log
    LogLevel warn

    SSLEngine on
    SSLProtocol all -SSLv2
    SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

    SSLCertificateFile /etc/ssl/certs/my.crt
    SSLCertificateKeyFile /etc/ssl/certs/my.key
    SSLCACertificateFile /etc/ssl/certs/PositiveSSLCA2.crt

    <Files ~ "\.(cgi|shtml|phtml|php3?)$">
        SSLOptions +StdEnvVars
    </Files>
    <Directory "/var/www/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>

    SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

    CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

This config works, when I add a vhost on this IP address in my /etc/httpd/conf.d/vhosts.conf (where I defined all my vhosts for this server), everything works as expected. The site is served over HTTPS with the correct certificate, the browser shows a green lock and everything.

If I run a phpinfo script, I get unexpected outputs. For example in the Configuration/apache2handler section, the port number is zero:

Hostname:Port   example.com:0

Also under the "Apache Environment" I see weird values (keep in mind that I am actually accessing this page over HTTPS and the browser shows the green lock and all):

SCRIPT_URI  http://www.example.com/test.php
SERVER_PROTOCOL HTTP/1.1

There is no 'https' in the script URI and the protocol is just plain HTTP/1.1?

Also, none of the mod_ssl environment variables seem to be set, while my ssl.conf does have the SSLOptions +StdEnvVars option set for PHP files.

Why is PHP not recognizing that the request is made over SSL? I now have manually set at least the HTTPS environment variable in my vhost config, which is then succesfully set:

SetEnv HTTPS On

Ideally, this var should've already been set by mod_ssl, why isn't it (or why does PHP miss it)?