Jonathan's questions

I'm looking for a way to run multiple python/php apps on one server. Each app in it's own /bob_app folder.

I need for users not to be able to run sth like:

>>> import glob
>>> glob.glob("/*")
['/boot', '/cdrom', '/dev', '/lib64', '/run', '/initrd.img', '/sys', '/media', '/var', '/etc', '/srv', '/initrd.img.old', '/root', '/sbin', '/tmp', '/opt', '/vmlinuz', '/usr', '/home', '/lost+found', '/bin', '/proc', '/lib', '/mnt', '/vmlinuz.old']

Or the php etc equivalent. The apps should only see the contents of the folder they are running in and nothing above that.

Edit: The apps are in docker containers and using a chroot environment within docker is not something I'm sure is the right thing to do.

I'm creating resources using terraform and I have a node in the subnet 172.1.0.0 with no security group or rules assigned to the node; the node has two endpoints 22 and 80.

I used nmap to confirm that the ports are open and they are:

nmap -Pn -sT -p T:11 some-ingress.cloudapp.net

Starting Nmap 6.47 ( http://nmap.org ) at 2016-07-08 19:02 EAT
Nmap scan report for some-ingress.cloudapp.net (1.2.3.4
Host is up (0.31s latency).
PORT   STATE SERVICE
22/tcp open  ssh

Nmap done: 1 IP address (1 host up) scanned in 1.34 seconds


nmap -Pn -sT -p T:80 some-ingress.cloudapp.net

Starting Nmap 6.47 ( http://nmap.org ) at 2016-07-08 19:02 EAT
Nmap scan report for some-ingress.cloudapp.net (1.2.3.4)
Host is up (0.036s latency).
PORT   STATE SERVICE
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds

I've installed nginx on the node and running curl 172.1.0.4 and curl 127.0.0.1 and curl 0.0.0.0 gets me the default nginx page.

However running curl <public ip> or curl <dns name> hangs and I get a

curl: (56) Recv failure: Connection reset by peer

My iptables rules are:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootpc
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bootps
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination  

Why can't I possibly access nginx at the node's public ip?

The node is in a virtual network 172.1.0.0/16 and a subnet of 172.1.0.0/24 I can post the terraform configs if needed.

I'm running wordpress on a Digitalocean VPS with cloudflare installed. My ssl was working perfectly till a few days ago when a buch of clients informed me they received the following error when visiting the site (on chrome, it works on mozilla):

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

A secure connection cannot be established because this site uses an unsupported protocol.

I've disabled sslv3 and sslv2 to no avail, and making changes to my cloudflare dash doesn't affect anything.

I've analyzed the site via ssl labs and everything is seemingly okay https://www.ssllabs.com/ssltest/analyze.html?d=saharacluster.com .

This error is very cryptic, you can see in the report that one simulated connection recreates the same error (via anndroid) however chrome seems to connect fine.

This has me very worried and I've disabled ssl on the site temporarily.