NeDark's questions

Is it possible to use them in the same SPF record? For example:

Value TXT: v=spf1 mx a ptr ip4:46.16.60.0/23 a:cdmon.com mx:mail.solarmora.com include:srv.cat ~all

In tutorial I found this example record for SPF, but the a and include keywords wasn't explained. I don't find accurate information about them in the internet.

v=spf1 mx a ptr ip4:46.16.60.0/23 a:cdmon.com include:srv.cat ~all

My main volume is a 20GB SSD disk mounted on /. I have a 4TB HDD mounted in /home. So to save space I want to set the mysql temporary directory to /home/mysqltmp.

However when I set to this directory mysql won't start. I get error:

mysqld: Can't create/write to file '/home/mysqltmp/ibm7cVN0' (Errcode: 13 "Permission denied")

I checked the permission and it is correct:

# ls -ld /home/mysqltmp/
drwxrwxrwx 2 mysql mysql 4096 Apr  4 03:19 /home/mysqltmp/

Running mysqld as root it starts without problem.

Server:

# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.6 LTS
Release:    16.04
Codename:   xenial

Note: Problem arose after updating to 16.04, was working on 14.04

MySQL details:

# mysql -V
mysql  Ver 15.1 Distrib 10.1.38-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2

root@nl6g:~# sudo certbot --nginx -d cienciadelgaza.com -d www.cienciadelgaza.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for cienciadelgaza.com
tls-sni-01 challenge for www.cienciadelgaza.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.cienciadelgaza.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for tls-sni-01 challenge. Requested f4ae04029f9e7fde28171a912073bd6b.6c8545d86d20ce09f8f2dda3d59db46b.acme.invalid from 185.185.40.134:443. Received 2 certificate(s), first certificate had names "cienciadelgaza.com, www.cienciadelgaza.com"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.cienciadelgaza.com
   Type:   unauthorized
   Detail: Incorrect validation certificate for tls-sni-01 challenge.
   Requested
   f4ae04029f9e7fde28171a912073bd6b.6c8545d86d20ce09f8f2dda3d59db46b.acme.invalid
   from 185.185.40.134:443. Received 2 certificate(s), first
   certificate had names "cienciadelgaza.com, www.cienciadelgaza.com"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

Server configuration:

server {
    listen       443 ssl;
ssl_certificate /etc/letsencrypt/live/cienciadelgaza.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/cienciadelgaza.com/privkey.pem; # managed by Certbot
    server_name  cienciadelgaza.com;
    return       301 https://www.cienciadelgaza.com$request_uri;
}
server {
    listen       80;
    server_name  cienciadelgaza.com www.cienciadelgaza.com;
    return       301 https://www.cienciadelgaza.com$request_uri;
}
server {
        listen       443 ssl;
ssl_certificate /etc/letsencrypt/live/cienciadelgaza.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/cienciadelgaza.com/privkey.pem; # managed by Certbot
    root /var/www/cienciadelgaza/;
    index index.html index.htm index.php;

    server_name www.cienciadelgaza.com;

    location ...(irrelevant)...

}

Letsencrypt log: http://public.t1ip.com/letsencrypt.log

Available IPv4 address blocks are exhausted and price per IPv4 address is increasing. However I read that 2/3 of IP address remains unused because they were assigned improperly at first stages.

Since looots of these assigned IP address are unused. Why organizations like IANA dont force its owners to give back unused IP address?

A lot of hosting providers are beggining to use NAT or IPv6 only for low end VPSs due to this fact.

I simply dont understand

I am using a virtual machine with OpenWRT for routing, on a Linux machine (Slackware). I am trying to configure a host only interface (eth0) as the wan interface. eth1 is Ethernet attached as a bridge interface.

I tried to test the configuration pinging to an external ip address (from OpenWRT).

# ping -I eth0 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
^C
--- 8.8.8.8 ping statistics ---
6 packets transmitted, 0 packets received, 100% packet loss

I used wireshark and i saw the system (OpenWRT side) is sending ARP request asking for the mac address of 8.8.8.8. What is going on? It looks that the gateway is being ignored.

My route:

# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.56.1    0.0.0.0         UG    1      0        0 eth0
default         192.168.56.1    0.0.0.0         UG    5      0        0 eth0
192.168.0.0     *               255.255.255.0   U     0      0        0 eth1
192.168.56.0    *               255.255.255.0   U     5      0        0 eth0

Iptables is configure to accept all packets for input, output and forward.

More tests:

# ping -I eth0 192.168.56.1
PING 192.168.56.1 (192.168.56.1): 56 data bytes
64 bytes from 192.168.56.1: seq=0 ttl=64 time=10.000 ms
64 bytes from 192.168.56.1: seq=1 ttl=64 time=0.000 ms
64 bytes from 192.168.56.1: seq=2 ttl=64 time=0.000 ms
64 bytes from 192.168.56.1: seq=3 ttl=64 time=0.000 ms
^C
--- 192.168.56.1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.000/2.500/10.000 ms

.

# ip route show
default via 192.168.56.1 dev eth0  proto static  metric 1 
default via 192.168.56.1 dev eth0  proto static  metric 5 
192.168.0.0/24 dev eth1  proto kernel  scope link  src 192.168.0.1 
192.168.56.0/24 dev eth0  proto static  scope link  metric 5 

I want to configure the server to show a maintenance page when it exist. I tried this code and works:

location / {
    try_files /maintenance.html $uri $uri/ @codeigniter;
}

But I noticed it would be served with a 200 status code, and it can cause confusion to search engines. I think the best practice would be returning a 503 status code. On google I find several relevant pages about it, like this. However, they use if to make the redirect and according to nginx documentation it isn't safe to use ifs.

Is there a way of doing it without using if? Is safe to use if in this case?

Thanks.

I am developing a deamon for my VPS. The program works perfectly in local (that has pthread-2.11.so) but in the vps (witch have pthread-2.5.so) it have a memory leak related to threads (each thread uses too much memory and that memory isn't free after thread termination), a know bug in old pthreads versions.

But CentOS repositories haven't updated their pthread version.

What is the best way of upgrade my pthread.so to version 2.11?

Thanks.

EDIT: Really it isn't a memory leak but it simply use too much more memory in 2.5 than in 2.11 (but when the thread is created its memory use is stable).

Sorry for my bad English.