aioobe's questions

I have two services, both neatly dockerized, each with their own docker-compose.yml.

Each services has its own domain name.

Both services uses HTTPS and have Lets Encrypt certificates.

Both services are completely self contained and listen on 80 and 443.

.--[http]-[https]--.    .--[http]-[https]--.
|                  |    |                  |
|    Service A     |    |    Service B     |
|                  |    |                  |
'------------------'    '------------------'

How do I set up a reverse proxy so that I can launch both services on the same host?

.--------------[http]-[https]--------------.
|                                          |
|              REVERSE PROXY               |
|                                          |
'---+--------+---------------+--------+----'
    |        |               |        |
   http     https           http     https
   req.     req.            req.     req.
   domainA  domainA         domainB  domainB
     |        |              |        |
     V        V              V        V
.--[http]-[https]--.    .--[http]-[https]--.
|                  |    |                  |
|    Service A     |    |    Service B     |
|                  |    |                  |
'------------------'    '------------------'

I would like to keep the services self contained. I.e. I would like to avoid extracting the certificates from the service containers.

From my experiments, it seems like nginx can't forward HTTPS requests without the certs, although it seems like it should be possible to achieve this. Perhaps with some other reverse proxy software?

I have control over both services docker-compose.yml. I can change ports and so on if needed.

Ideally I would like to find a simple daemon that accepts a config that looks something like

[service a]
domain: domainA.tld
localPort: 8080

[service b]
domain: domainB.tld
localPort: 8081

I've searched like crazy but haven't found any such tool.

Apparently DigitalOcean blocks outbound SMTP on IPv6.

I can confirm this with telnet as follows:

⟫ telnet smtp.gmail.com 465
Trying 2607:f8b0:400d:c07::6c...
        > Waits for about 2 minutes before it continues <
Trying 173.194.204.108...
Connected to smtp.gmail.com.
Escape character is '^]'.

So it seems it falls back to IPv4 after a while.

Using telnet -4 works instantaneously:

⟫ telnet -4 smtp.gmail.com 465
Trying 173.194.204.108...
Connected to gmail-smtp-msa.l.google.com.
Escape character is '^]'.

I found that ssmtp has a -4 option too:

-4
      Forces ssmtp to use IPv4 addresses only.

For some reason however, I get the same result with and without -4. ssmt times out (or sometimes succeeds in sending the email after ~2 minutes).

My question: Why doesn't -4 work, even though telnet -4 can connect?

Alternatively: How do I best debug this? Is there some netcat command or something that I can use to confirm that ssmtp is really trying to connect over IPv4?

I've discovered that if I go into "copy mode" or "scrollback mode" in a byobu screen, detach from it and leave it running, the buffer will fill up and eventually block the process I'm running in the screen. (Presumably because the process is prevented from writing to stdout, since there's no one to consume the bytes.)

This behaviour is kind of devastating. Is it possible to for instance

1. Automatically exit copy / scrollback mode upon detaching from the screen,

   or

2. Let the position of the view which is in copy / scrollback mode move forward once the buffer is full, to allow for the process to continue executing

Happy to hear of any advice on this.

I have a dynamic webpage which I want to create a "frozen" copy of.

Typically I would do something like wget -m http://example.com, and then put the files in the document root of the web-server.

This site however has some dynamic content, including dynamically generated images, for instance

http://example.com/company/123/logo

This means that in order to mirror the page, I need to

1. Save whatever headers the server currently serves for each URL (at least which MIME types it reports).

   This can be done using the wget option --save-headers.

2. Serve the static pages and serve the proper headers (at least the content type headers) for each file.

   (This I have no idea of how to do.)

What is the best way to solve this? Any suggestions are welcome.

Put differently: How can I serve files without an extension with the correct MIME type header? (Where the original webserver defines what the correct MIME type really is.)

I'm about to remove an old backup directory, but before doing so I'd like to make sure that all these files exist in a newer directory.

Is there a tool for this? Or am I best off doing this "manually" using find, md5sum, sorting, comparing, etc?

Clarification:

If I have the following directory listings

/path/to/old_backup/dir1/fileA
/path/to/old_backup/dir1/fileB
/path/to/old_backup/dir2/fileC

and

/path/to/new_backup/dir1/fileA
/path/to/new_backup/dir2/fileB
/path/to/new_backup/dir2/fileD

then fileA and fileB exists in new_backup (fileA in its original directory, and fileB has moved from dir1 to dir2). fileC on the other hand is missing in new_backup and fileD has been created. In this situation I'd like the output to be something like

fileC exists in old_backup, but not in new_backup.

I have an application that tries to connect to 10.0.0.172. I would like these connections to be redirected to localhost. What is the best way to achieve this?

(I've just learned that /etc/hosts only works for DNS requests, and not for IP addresses.)

I think I need to write some iptables commands but I've never used those before.

I have a simple command that I want to be able to perform as a user, but it requires root permissions. I suspect that this is a case for the "SUID"-bit, but I've never used it.

This is what I've tried:

aioobe@e6510:~/bin$ sudo -s
root@e6510:~/bin# cat -> spindown_baydrive
#!/bin/bash
/sbin/hdparm -Y /dev/sdb
root@e6510:~/bin# chmod +x spindown_baydrive 
root@e6510:~/bin# chmod ug+s spindown_baydrive 
root@e6510:~/bin# exit
aioobe@e6510:~/bin$ ./spindown_baydrive 
/dev/sdb: Permission denied
aioobe@e6510:~/bin$


aioobe@e6510:~/bin$ ls -la spindown_baydrive 
-rwsr-sr-x 1 root root 37 2011-01-31 09:59 spindown_baydrive

Any suggestions?

Have a strange problem with my wired network interface. Here goes:

1. I plug in the cable.

2. Both diodes light up (one green / one orange) and dmesg gives

   [   66.847512] tg3: eth0: Link is up at 1000 Mbps, full duplex.
   [   66.847516] tg3: eth0: Flow control is off for TX and off for RX.
   

3. nm-applet (network-management gnome applet) icon starts spinning, but gives up after a while.

4. I terminate the nm-applet and try dhclient eth0 instead. This gives:

   $ sudo dhclient eth0
   Internet Systems Consortium DHCP Client V3.1.2
   Copyright 2004-2008 Internet Systems Consortium.
   All rights reserved.
   For info, please visit http://www.isc.org/sw/dhcp/
   
   Listening on LPF/eth0/00:16:d3:30:9e:73
   Sending on   LPF/eth0/00:16:d3:30:9e:73
   Sending on   Socket/fallback
   DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 4
   DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 10
   DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 14
   DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 13
   DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 13
   ...
   

5. I thought it might be a hardware problem so I booted on a BSD usb-stick and I can ping fine back and forth.

6. Back in Linux I tried with a USB-ethernet dongle, same result. Tried three different ethernet-connections. Same issue everywhere.

This is what ifconfig eth0 gives when I've plugged in the cable:

$ ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:16:d3:30:9e:73  
          inet6 addr: 2001:6b0:1:1de0:216:d3ff:fe30:9e73/64 Scope:Global
          inet6 addr: fe80::216:d3ff:fe30:9e73/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1056 errors:0 dropped:0 overruns:0 frame:0
          TX packets:19 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:244082 (244.0 KB)  TX bytes:4998 (4.9 KB)
          Interrupt:16 

What could the problem be?

Update: Some extra information that may or may not be useful:

$ sudo mii-tool -v
eth0: negotiated 1000baseT-FD flow-control, link ok
  product info: vendor 00:08:18, model 24 rev 0
  basic mode:   autonegotiation enabled
  basic status: autonegotiation complete, link ok
  capabilities: 1000baseT-HD 1000baseT-FD 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
  advertising:  1000baseT-FD 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
  link partner: 1000baseT-HD 1000baseT-FD 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD

...and...

$ sudo ethtool eth0
Settings for eth0:
    Supported ports: [ TP ]
    Supported link modes:   10baseT/Half 10baseT/Full 
                            100baseT/Half 100baseT/Full 
                            1000baseT/Half 1000baseT/Full 
    Supports auto-negotiation: Yes
    Advertised link modes:  10baseT/Half 10baseT/Full 
                            100baseT/Half 100baseT/Full 
                            1000baseT/Half 1000baseT/Full 
    Advertised auto-negotiation: Yes
    Speed: 1000Mb/s
    Duplex: Full
    Port: Twisted Pair
    PHYAD: 1
    Transceiver: internal
    Auto-negotiation: on
    Supports Wake-on: g
    Wake-on: g
    Current message level: 0x000000ff (255)
    Link detected: yes

PS: Wireless works just fine.

I thought /bin/sh was a symlink to my shell of choice. I've always used bash, so I assumed that /bin/sh would point to /bin/bash. It turns out, though, that it points to /bin/dash.

It gets funnier. I start dash and do echo $SHELL and it prints /bin/bash (so they're basically the same?). However, the man page of dash is completely different from the man page of bash (so they're not the same?).

Is there a way to figure out which user it is that executes a php-script in a webserver using php-commands? (I don't have shell access to the server running httpd, so I cant use ps.)

What is the most stable way of mounting an FTP filesystem? curlftpfs doesn't work very reliably for me :/ is there a better way?

Edit: I'm on ubuntu!

Edit 2: I tried version 0.9.2. I did a mount, and then a cp ../index.html . and I get cp: closing './index.html': Input/output error. (This is the third ftp-server I'm having trouble with, and I've reinstalled the system in between.)

If it's of any help, I do curlftpfs -o user=xxx:yyy ftp.example.com ftpdir

I'm following a tutorial on setting up a dns-tunnel.

I've run into the following instruction:

Now you need to enable forwarding on this server. I use iptables to implement masquerading. There are many HOWTOs about this (a simple one, for example). On Debian, the configuration file for iptables is in /var/lib/iptables/active. The relevant bit is:

*nat
:PREROUTING ACCEPT [6:1596]
:POSTROUTING ACCEPT [1:76]
:OUTPUT ACCEPT [1:76]

-A POSTROUTING -s 10.0.0.0/8 -j MASQUERADE
COMMIT

Restart iptables:

/etc/init.d/iptables restart

The problem is that I don't have any /var/lib/iptables/active. (I'm on ubuntu.)

How can I accomplish this? I suspect that I should just interact with the iptables command somehow but I have no clue what to write. Best would probably be if I could put the commands in a script somehow I suppose.

(A side-note. If I execute a few iptables-commands it wont be there for ever, right? The rules will be discarded on reboot?)