pistacchio's questions

I used openssl to generate the following certificates:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.crt -subj "/C=IT/ST=Mi/L=Milan/O=MyOrg/OU=RnD/CN=localhost/[email protected]"
openssl rsa -in server.key -out server.insicure.key
cat server.insicure.key > certificate.pem
cat server.crt >> certificate.pem

I then setup nginx to client-secure a site:

server {
    listen 80 ssl;
    root /var/www/site;

    index index.html;

    ssl_certificate         /root/server.crt;
    ssl_certificate_key     /root/server.key;

    ssl_client_certificate  /root/certificate.pem;

    ssl_verify_client on;
    ssl_verify_depth 2;

     location / {
            try_files $uri $uri/ =404;
    }
}

However, when I try to get the site with curl, it doesn't work as expected:

curl --cacert certificate.pem https://localhost:80

and I get the following error page from nginx:

<html>
<head><title>400 No required SSL certificate was sent</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>No required SSL certificate was sent</center>
<hr><center>nginx/1.14.0 (Ubuntu)</center>
</body>
</html>

Anything I'm doing wrong? Thanks

I have my site on the IP 1.2.3.4

On my domain provider I have both onesite.com and anothersite.com pointing to 1.2.3.4

With Nginx, I have two sites configured:

server {
    listen 1.2.3.4:80;
    server_name www.oneserver.com;
    rewrite ^(.*) http://onserver.com$1 permanent;
}

server {
    listen 1.2.3.4:80;
    server_name onserver.com;

    location / {
        fastcgi_pass 127.0.0.1:8878;

    [..]

And:

server {
    listen 1.2.3.4:80;
    server_name myapp.anotherserver.com;

    location / {
        fastcgi_pass unix:/tmp/myapp.sock;

    [..]

When I access myapp.anotherserver.com I get redirected to oneserver.com

Any help?

I'm hosting a server on Rackspace. Generally I have some domain name that i redirect to my ip and use nginx for the internal routing. This is my default configuration:

server {
    listen MY_IP:80;
    server_name MY_DOMAIN.com;

    location / {
        fastcgi_pass 127.0.0.1:8888;
    [...]

I have my webserver running on 8888 and it works.

I now need to directly expose my ip on a given port so that I can access the site for testing on

http://MY_IP:8111

but it doesn't seem to work. I have nginx set up like this:

server {
    listen MY_SERVER:8111;
    server_name _;
    location / {
        fastcgi_pass 127.0.0.1:9892;
    [...]

The webserver is correctly running on 9892. If i wget http://MY_SERVER:8111 from the server itself it work, but from the outside it simply refuses the connection until it timeouts.

I thought it was something with my IP table, but it seems correct:

   target     prot opt source               destination
   ACCEPT     all  --  SERVER_NAME          anywhere

   Chain FORWARD (policy ACCEPT)
   target     prot opt source               destination

   Chain OUTPUT (policy ACCEPT)
   target     prot opt source               destination

Can you help? Thanks

I have an application server running on port 80. How can I check if the incoming and outgoing traffic is gzipped? Also, the application communicates with another server (also HTTP requests). I'd like to check these connections are compressed as well.

Can this be done with tcpdump? How?

Thanks

I cannot connect from my machine to a server running Postgres. I think I've configured it all correctly. No firewall are present on the server.

I'm running Postgres 9.1.9 on Ubuntu 12.04 LTS

This is from /etc/postgresql/9.1/main/pg_hba.conf

local   all             postgres                                peer

# TYPE  DATABASE        USER            ADDRESS                 METHOD

local   all             all                                     peer
host    all             all             0.0.0.0/0               md5
host    all             all             ::1/128                 md5

I have listen_addresses = '*' in /etc/postgresql/9.1/main/postgresql.conf

I've stopped and started the service multiple times.

netstat -tulnp:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:27017           0.0.0.0:*               LISTEN      19312/mongod    
tcp        0      0 0.0.0.0:28017           0.0.0.0:*               LISTEN      19312/mongod    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      978/sshd        
tcp        0      0 0.0.0.0:5432            0.0.0.0:*               LISTEN      30239/postgres  
tcp6       0      0 :::22                   :::*                    LISTEN      978/sshd        
tcp6       0      0 :::5432                 :::*                    LISTEN      30239/postgres 

My iptable is empty.

When I try to connect to the server with

psql -U postgres -h <MY_IP>

I get:

psql: could not connect to server: Operation timed out
Is the server running on host "<MY_IP>" and accepting
TCP/IP connections on port 5432?

Any help? Thanks

tcpdump on port 5432:

16:33:10.548507 7c:c3:a1:a2:d9:27 (oui Unknown) > 00:00:5e:00:01:01 (oui Unknown), ethertype IPv4 (0x0800), length 78: <MY_MAC> > <MY_SERVER>.postgresql: Flags [S], seq 95915852, win 65535, options [mss 1460,nop,wscale 4,nop,nop,TS val 1189142453 ecr 0,sackOK,eol], length 0

I can connect to postgres on the server (psql -U postgres -h localhost) but I cannot telnet on 5432 from my machine.

Can launchd on OSX (specifically Mountain Lion) be configured to work like watchdog, monitoring processes, after having launched them, to keep them alive? If so, how?

On a Ubuntu server, I have a database file under a user's home directory, specifically /home/pistacchio/lessico/mydatabase.db. Apache works under the group www-data. What is the best way to grant access to that file to Apache? Thanks

I'm trying to setup Nginx as a reverse proxy to Apache for a site running locally on :8080 and externally accesible via lessico.pistacchioso.com. The current configuration leads to a 502 - Bad Gateway error.

    #/etc/apache2/ports.conf                

    Listen 127.0.0.1:8080

    <IfModule mod_ssl.c>
        # If you add NameVirtualHost *:443 here, you will also have to change
        # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
        # to <VirtualHost *:443>
        # Server Name Indication for SSL named virtual hosts is currently not
        # supported by MSIE on Windows XP.
        Listen 443
    </IfModule>

    <IfModule mod_gnutls.c>
        Listen 443
    </IfModule>

Then

    #/etc/apache2/sites-enabled/lessico
    NameVirtualHost 127.0.0.1:8080
<VirtualHost 127.0.0.1:8080>
    ServerAdmin webmaster@localhost
    ServerName lessico.pistacchioso.com
    DocumentRoot /home/pistacchio/sites/lessico/
    <Directory />
            Options FollowSymLinks
            AllowOverride None
    </Directory>
    <Directory /home/pistacchio/sites/lessico/>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride None
            Order allow,deny
            allow from all
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
            AllowOverride None
            Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
            Order allow,deny
            Allow from all
    </Directory>
    ErrorLog /var/log/apache2/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog /var/log/apache2/access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>
</VirtualHost>

And finally

    #/etc/nginx/sites-enabled/default
    server {
    listen 80;
    server_name corpus.pistacchioso.com;

    location / {
        proxy_pass         http://127.0.0.1:9000/;
        proxy_redirect     off;

        proxy_set_header   Host             $host;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_max_temp_file_size 0;

        client_max_body_size       10m;
        client_body_buffer_size    128k;

        proxy_connect_timeout      90;
        proxy_send_timeout         90;
        proxy_read_timeout         90;

        proxy_buffer_size          4k;
        proxy_buffers              4 32k;
        proxy_busy_buffers_size    64k;
        proxy_temp_file_write_size 64k;
    }
    }

    server {
  listen  80;
    server_name lemmi.pistacchioso.com;

    access_log  /var/log/nginx/localhost.access.log;

    location / {
        proxy_pass         http://127.0.0.1:8080/;
        proxy_redirect     off;

        proxy_set_header   Host             $host;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_max_temp_file_size 0;

        client_max_body_size       10m;
        client_body_buffer_size    128k;

        proxy_connect_timeout      90;
        proxy_send_timeout         90;
        proxy_read_timeout         90;

        proxy_buffer_size          4k;
        proxy_buffers              4 32k;
        proxy_busy_buffers_size    64k;
        proxy_temp_file_write_size 64k;

    }

}

Any help on how to set this up properly? Thanks

I have an Apache instance serving a site on port 8000 of my server (whose ip is 164.177.156.36)

Listen 8000

<VirtualHost *:8000>
    ServerName lessico.pistacchioso.com
    DocumentRoot /home/pistacchio/sites/lessico/
    [..]

This works if I visit http://164.177.156.36:8000/

On my registry provider (that is not the same a my server provider) i have the following records set:

pistacchioso.com is the domain i registered and i want lessico.pistacchioso.com to point to http://164.177.156.36:8000/

Those seeweb.it servers are the domain register's ones, i'm ok leaving the mail there (MX) and I can't remove those two NS records (while I can add others).

At the moment, if I visit http://lessico.pistacchioso.com/ I still see the register's courtesy page. The DNS already updated, because pistacchio.com shows apache's standard default page. Any help? Thanks

I'm trying to delete all the files that do not start with __. This

ls | grep -v "__" | xargs -0 rm

Yields : File name too long. Any help?

EDIT:

ls | grep -v "__" | awk '{print("rm \42"$0"\42")}' | /bin/bash

solves the problem, but I'd like to know why the first is not correct. Thanks

I have zero experience with varnish. I want to setup varnish to do something very basic: I have two pages

http://mysite.com/
http://mysite.com/additem

I want to cache http://mysite.com/additem for 10 minutes and http://mysite.com/ for 1 minute but whenever http://mysite.com/additem is visited, I want to to clean the cache for http://mysite.com/. Any help?

How can I tell npm to install all packages available in its repository? I have to work offline, so I'm preparing a virtual machine to code in node.js and I don't know if I may end up needing some package in the future, so I wish I was able to install all of them beforehand.

is there any solution like LogmeIn consisting on a small client to install upon a *nix machine and hence being able to use its shell from the browser bypassing proxies because it all will work on :80? Thanks

I've sort of "lost" some files under a hidden directory in my home called .node_libraries When I ls its content from another directory, i see the wanted files and directories, but when i cd to it and then list the content, i can only see one directory. See below:

marvin:lib gu$ pwd
/Users/gu/dev/node.js/express/lib
marvin:lib gu$ ls ../../../../.node_libraries/
admin.js      crypto        gridfs        request.js    view.js
bson          cursor.js     index.js      response.js
collection.js db.js         jade          responses
commands      express       middleware    server.js
connection.js goog          public        utils.js
marvin:lib gu$ cd ../../../../.node_libraries/
marvin:.node_libraries gu$ ls
connect

What could be going on? Thanks

I've seen that setting up load-balancing with nginx is pretty easy and i'd like to give it a try. My only concern is about sessions: how can I take advantage of nginx to route all the subsequent calls from a client to the same server to achieve session stickiness?

Thanks

on a Windows 7 machine I need to switch back and forth two connections: the LAN connection (that works behind a proxy) and a wireless connection via a USB modem. This requires every time to activate / deactivate two connections in the manager and switch on / off the LAN settings.

I don't think there is some way to keep two connections alive and specify which one to use based on the program, but my question is: is there a simple little utility that makes switching the connection one-click easy and fast?

Thanks

where to find updated stats about what is the web using as servers (Windows Servers, *Nix/Apache etc) and what are the most popular (with stats and numbers) technologies used for server side programming (php vs asp.net vs python...) and data storing (sqlserver vs mysql...)?

Any source appreciated.

My team of developers has suggested a server structure for an upcoming project we are developing. Our structure is "logical", meaning that the various logical components of the application (it is a distributed one) relies on different servers. Some components are more critical than others and will be subjected to more load.

Our proposal was to have 1 server per component but the hardware guys suggested to replace the various machines with a single, bigger one with virtual servers. They're gonna use Blade Servers.

Now, I'm not an expert at all, but my question to the guys was: so if we need, for example, 3 2GHz CPU / 2GB RAM machines and you give me 1 machine with 3 2GHz CPUs and 6 GB of RAM it is the same? They told me it is.

Is this accurate? What are the advantages or disadvantages of both the solutions? What are the generally accepted best practices? Could you point out some URL reference dealing with the problem?

EDIT:

Some more info. The (internet / intranet) application is already layered. We have some servers on the DMZ that will expose pages to the internet and the databases are on their own machines. What we want to split (and they want to join) are some webservers that mainly expose webservices. One is a DAL that communicates with the database layer, one is our Single Sign On / User Profile application that gets called once per page and one is a clone of what seen on the Internet to be used on our lan.

i'd like to measure the total memory (like RAM) used by a program during its execution. Ideally, something like time that runs the program and print stats when it exits.

Is there such a standard tool in the unix / linux / bsd world? Thanks.

EDIT:

the program i'm trying to profile takes fractions of a second to execute, so anything that implies "while running check this" won't work. that's why i'm asking for a "time" like tool.

I'm zero-knowledged about Windows administration, so my question is really basic but nonetheless i wasn't able to find any reference.

If I am in a network and I have administrative privileges on the various machine, how can I remotely tweak users account settings? Like, I am Local\Administrator, how can I change Local\JohnDoe's desktop on the machine Pc13 or enable/disable audio and so on? Remote desktop is enabled on Pc13.

Thanks.