Brian Lacy's questions

I have a server running Windows Server 2012 R2. It has TLS 1.2, 1.1, and 1.0 configured. However, when making outgoing/remote connections it only seems to want to connect to other servers via TLS 1.0. If the external server supports TLS 1.1 & 1.2, but NOT TLS 1.0, then the connection is closed.

Why won't the system establish connections with third-party servers when both support TLS 1.1+?

In Visual Studio 2012 I'm working on an ASP.NET MVC application which requires a Virtual Directory under the main application directory called "Shared". This happens to point to a UNC path, so I need to also specify the username & password to access the path with.

I'm doing so with the following command:

C:\Program Files\IIS Express> AppCmd.exe SET VDir /username:"DOMAIN\user" /password:"Password"

But when I run the application, I get the following configuration error when attempting to access the Shared virtual directory:

Failed to decrypt attribute 'password' because the keyset does not exist

The error screen then highlights the corresponding <virtualDirectory> element in my applicationHost.config file:

<virtualDirectory path="/Shared" physicalPath="\\MyNAS\MyUNCPath\Shared" userName="DOMAIN\user" password="[enc:RsaProtectedConfigurationProvider:ALONGENCRYPTIONSTRINGISHERE==:enc]" />

Now, I've been Googling madly for a couple of hours, and I've seen several comments indicating that the default (correct?) encryption type for my password in this scenario should be "AesProvider" not "RsaProtectedConfigurationProvider". But there doesn't seem to be any way to explicitly declare the encryption provider to use when setting the password.

In case it's helpful, the provider list in my applicationHost.config looks like this:

<configProtectedData>
    <providers>
        <add name="IISWASOnlyRsaProvider" type="" description="Uses RsaCryptoServiceProvider to encrypt and decrypt" keyContainerName="iisWasKey" cspProviderName="" useMachineContainer="true" useOAEP="false" />
        <add name="AesProvider" type="Microsoft.ApplicationHost.AesProtectedConfigurationProvider" description="Uses an AES session key to encrypt and decrypt" keyContainerName="iisConfigurationKey" cspProviderName="" useOAEP="false" useMachineContainer="true" sessionKey="ALONGENCRYPTIONKEYSTRINGISHERE" />
        <add name="IISWASOnlyAesProvider" type="Microsoft.ApplicationHost.AesProtectedConfigurationProvider" description="Uses an AES session key to encrypt and decrypt" keyContainerName="iisWasKey" cspProviderName="" useOAEP="false" useMachineContainer="true" sessionKey="ANOTHERENCRYPTIONKEYSTRINGISHERE" />
    </providers>
</configProtectedData>

My gut says there's some misconfiguration here, but I have no idea how to identify and fix the problem. Any ideas?

I know there are several tools I can use to find out what's causing heavy network and CPU usage right now, but every so often on my server I'll check the logs and notice that there were periods of very high network/CPU activity. The most recent occurrence was on a particular day last week.

How can I "look back" and find out who or what is using those resources, without "catching them in the act"?

I'm using Ubuntu 10.04.

I need to give certain outside developers access to create Mercurial repositories on our server. However, I don't necessarily want them to have actual SSH logins to browse the server -- or at the least, I only want to create one SSH account. I like the idea that hg-ssh based solutions involve creating a single login exclusively for Mercurial usage, but I don't really understand the process of setting this up.

I know there's something about creating an authentication key for password-less authentication, but I don't really care about that; I'd just as soon have them enter a password. Regardless, I just need this setup ASAP with minimal server access?

I have a development server on which I want to keep certain data directories in sync with the live server. Any files in these directories which exist on the live server, but not on the dev server, I need to copy over.

Because I don't care about syncing from dev-to-live or have any concerns about overwriting data on Dev, I could just copy the entire directory over with SCP. The problem is, this folder is HUGE (several GB) and I want to sync it nightly. It would never finish in time.

What's the simplest/best way (via SSH) to sync/copy missing files from the remote directory to the local directory?

Note: I'd prefer not to install any new/custom tools if I can help it; I'm also looking for something I can setup/run pretty quickly & easily, without a lot of fussing or scripty-ness! :)

Our company has a co-located production web server hosting multiple websites and other applications running on Fedora 13.

We want to move everything on that server over to an internally-hosted box while our powerful Co-Located server is retrofitted as a Virtualization platform (using XenServer or ESXi/vSphere).

We have a lot of software and libraries installed on our server that support our various hosted applications. I want to minimize the turnaround time to get everything the local box setup, so I'm looking for the fastest and most stable solution possible.

Question:
What's the best way to move our server to another box quickly and with minimal fuss? Can we just install Fedora 13 on the local box, then yank the hard drive from CoLo and drop it into the local box, copy everything over? What should we NOT copy?

The more ideas and assistance I can get on this the better; I've got to ensure we're investing the minimum man-hours and downtime in this project in order to get final approval!

I have several web development projects running on Fedora 13. I generally setup Apache to serve my larger projects as Virtual Hosts, but I've got several small projects cycling through that I don't really care to setup a VirtualHost for each one. Instead I'd like them all under a subdirectory of the main VirtualHost entry. I just want Apache to serve me the directory index when I browse to the host name.

For example, the hostname projects.mydomain.com refers to /var/www/projects, and that directory contains only subdirectories (no index file).

Unfortunately when I browse to the host directly I get:

Forbidden

You don't have permission to access / on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

But my virtual host entry in my apache config looks like this:

<VirtualHost *>
    ServerName      projects.mydomain.com
    DocumentRoot        /var/www/projects
    <Directory "/var/www/projects">
        Options +FollowSymlinks +Indexes
        AllowOverride all
    </Directory>
</VirtualHost>

What am I missing here?

As lead web developer for my employer's organization, I'm responsible for configuring and maintaining an SVN repository for each of our web applications. Each has several archived versions and at least a couple of branches.

Currently, to deploy the latest version of each web site I "export" the appropriate tagged version to the directory from which Apache serves that site. For example, assuming I have a working copy checked out at /var/www/dev/app:

$ cd /var/www/dev/app/archive/1.2
$ svn export . /var/www/html/www.myapp.com

But I'd actually still like to have the live site linked to a repository version, so that I can do an "svn update" to pull over the latest updates; I just don't want any files or small modifications in the live deployment directory to be committed back to the repository.

What I'd like to do is create a read-only branch in the repository which always contains the latest production version of the application, which I can checkout to the deployment directory.

I've seen this done with a lot of open source projects, where anyone can check out a particular branch of the application but it's a read-only branch, so you can't commit back to it.

How can I accomplish this?

I'm running a LAMP server on Fedora 13 that's working fine; however, I just added an ".htaccess" file to my current site's docroot folder that is being completely ignored.

I've tried half a dozen different tests, including this one:

RewriteEngine on
RewriteBase /

RewriteRule ^.*$ index.php

But images and all other pages load fine, and non-existent files still 404. I also tried this:

order deny,allow
deny from all

But every page still loads just fine. Again the .htaccess file is simply ignored 100%.

We put our virtualhost records in /etc/httpd/conf.d/virtual.conf. It looks like this:

NameVirtualHost *

<VirtualHost *>
    ServerName              intranet
    DocumentRoot            /var/www/default
    <Directory "/var/www/default">
        Options FollowSymLinks
        AllowOverride All

        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>

<VirtualHost *>
    ServerName              ourwebsite.com
    DocumentRoot            /var/www/html/ourwebsite.com/docroot
    <Directory "/var/www/html/ourwebsite.com/docroot">
        Options FollowSymLinks
        AllowOverride All

        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>

What else could be causing our server to completely IGNORE the .htaccess file??

Edit:

I changed the .htaccess file to above to better demonstrate that my changes are being ignored. Note that I tried the exact same .htaccess file on the production server and it worked fine.

Edit 2:

OK, I have new information! Just for testing purposes, I went through and temporarily changed EVERY "AllowOverride" directive to AllowOverride All. I figured out that the very first Directory entry seems to overpower all others:

<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>

When I changed that to AllowOverride All, my .htaccess files begin taking effect. It's like all the other AllowOverride All directives in my config files are being ignored!

What Gives??

Problem

Our company's websites are all located on a high performance web server, including several development and internal-only projects.

A handful of our sites are public sites that need regular back-end updates. These updates are made by a third-party contract SEO/design firm.

I need to setup a single FTP account that the 3rd party firm can use to access ONLY those sites via FTP (or ideally, SFTP) in order to modify files there. I do NOT want them to have any access whatsoever to the rest of our server or our other websites.

Example

To illustrate my situation, let's assume for a moment I have four websites configured as Virtual Hosts in Apache:

internalsite1.com
internalsite2.com
contentsite1.com
contentsite2.com

These exist on my server in the following locations:

/var/www/html/
    /internalsite1.com
    /internalsite2.com
    /contentsite1.com
    /contentsite2.com

Now, I need the "contentsite" hosts to allow access via an FTP account to modify files. The "internalsite" hosts should be accessible only by users who are logged in (i.e. through standard SSH).

** What I've Tried **

Earlier today, I experimented with modifying my SSH configuration to create chroot'ed users using the internal-sftp and ChrootDirectory features of OpenSSH. However, the configuration was getting very complicated and I cannot risk breaking SSH access to my server, so I backed away from that approach.

Currently, I'm trying to figure out how to use vsftpd to achieve my goal; but so far I'm only able to setup a single account with access to a single directory. This would probably suffice, but vsftpd has dozens of options and no clear documentation on achieving this particular setup.

The Question

How can I enable a single ftp user account to acesss to multiple directory locations on the server, one representing each ?

Note: Links to clear tutorials are welcome.

EDIT: While I'd prefer them to login via SFTP, I'd settle for ordinary FTP access. I just need to create a single FTP Account on the server that has access to each of the three website locations in question.-

In order to test my web development work, I've setup a Linux VM on my computer. I'm using Adapter Bridging (instead of NAT) so that I don't have to worry about setting up port forwarding. It works well; the VM receives an IP Address and is able to access the network.

I mainly access the VM via SSH. However the IP Address has the potential to change since my work uses DHCP. I don't want to have to update my "hosts" file on my Windows PC every time. Instead, I'd like the Linux VM to simply "broadcast" its hostname over the local Windows network just like Windows machines do.

I thought that installing Samba would accomplish this, but either I was wrong, or there's some configuration I've yet to do before this can be accomplished.

I don't have access to the router that assigns the IP addresses, so I'm hoping to find some way to modify the Linux/Samba config to simply broadcast the hostname (or have the Linux host respond to requests for that hostname on the network).

How can I accomplish this? Thanks!

Note: I'm using Fedora 13.

I have a CD with the standard 64-bit version of Fedora 13. I want to install it on a VirtualBox VM for local web development testing. How can I install it without Gnome and all the extra content that goes along with the Gnome environment?

I want to remove all the versioned files from my repository, but KEEP the versioned directory structure. Obviously I want to leave all the .svn directories untouched.

In other words, I want to completely empty a working copy's directory structure WITHOUT harming the directory structure itself.

For example, removing the files from this structure:

dir/
    .svn/
        [files]
    svsubdir1/
        file1
        .svn/
            [files]
    subdir2/
        file2
        file3
        file4
        .svn/
            [files]
        subsubdir1/
            file5
            .svn/
                [files]

Should result in:

dir/
    .svn/
        [files]
    svsubdir1/
        .svn/
            [files]
    subdir2/
        .svn/
            [files]
        subsubdir1/
            .svn/
                [files]

I'm looking for some sort of find command or something to accomplish this, and I'm having trouble constructing the command. Thanks for the help!