Craig Otis's questions

Using Ubuntu 16.04, curl version 7.47.0

I'm trying to debug an SSL certificate issue, and seeing odd behavior when using curl. When I just run:

ubuntu@ip-172-30-0-81:~$ curl https://myapp.com/hello
curl: (51) SSL: certificate subject name (cloud.mynameserver.com) does not match target host name 'myapp.com'

However when I attach the -v flag:

ubuntu@ip-172-30-0-81:~$ curl -v https://myapp.com/hello
*   Trying {IP REDACTED}...
* Connected to myapp.com ({IP REDACTED}) port 443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 692 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
*    server certificate verification OK
*    server certificate status verification SKIPPED
*    common name: myapp.com (matched)
*    server certificate expiration date OK
*    server certificate activation date OK
*    certificate public key: RSA
*    certificate version: #3
*    subject: CN=myapp.com
*    start date: Sat, 31 Dec 2016 22:57:00 GMT
*    expire date: Fri, 31 Mar 2017 22:57:00 GMT
*    issuer: C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3
*    compression: NULL
* ALPN, server accepted to use http/1.1
> GET /hello HTTP/1.1
> Host: myapp.com
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx/1.10.0 (Ubuntu)
< Date: Sat, 21 Jan 2017 00:25:15 GMT
< Content-Type: application/json
< Transfer-Encoding: chunked
< Connection: keep-alive
< Strict-Transport-Security: max-age=63072000; includeSubdomains
< X-Frame-Options: DENY
< X-Content-Type-Options: nosniff
<
* Connection #0 to host myapp.com left intact
{"message": "Hello World"}

Note the very end, {"message": "Hello World"}, is the expected response.

Why does curl behave differently with respect to its trust of SSL certificate details, when running in verbose mode? This is not specified in the man page, so far as I can tell.

We're working on updating one of our internal development servers (running an older version of Ubuntu, 8 or 9 I'd guess), and are encountering errors when upgrading/installing packages using apt-get. Here's the console output of an attempt to install zip:

me@server:~$ sudo apt-get install zip
Reading package lists... Done
Building dependency tree
Reading state information... Done
zip is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 36 not upgraded.
1 not fully installed or removed.
After this operation, 0B of additional disk space will be used.
Setting up libapache2-svn (1.5.1dfsg1-1ubuntu2.1) ...
Considering dependency dav for dav_svn:
Module dav already enabled
ERROR: Config file dav_svn.conf not properly enabled: /etc/apache2/mods-enabled/dav_svn.conf is a real file, not touching it
dpkg: error processing libapache2-svn (--configure):
 subprocess post-installation script returned error exit status 1
Errors were encountered while processing:
 libapache2-svn
E: Sub-process /usr/bin/dpkg returned an error code (1)
me@server:~$

The root issue appears to be:

ERROR: Config file dav_svn.conf not properly enabled: /etc/apache2/mods-enabled/dav_svn.conf is a real file, not touching it

The permissions of that file:

-rw-r--r-- 1 root root 1099 2009-09-08 16:32 /etc/apache2/mods-enabled/dav_svn.conf

Google didn't turn up much, and I'm not sure how to 'properly enable' that configuration file. (Or why that would prevent apt-get from functioning?)

I'm switching from a slower remote server to a faster one. (In a nutshell.)

Everything seems to have been migrated properly, but just incase some things didn't get transferred properly, I'd like to make a complete filesystem backup of the older server just incase. (Something I can navigate easily, like a .tar.gz. I'm estimating that compressed it will be about 10GB.)

Any recommendations on how to create a full-disk backup for a remote machine? I have SSH root access.

I'm looking for something similar to:

tar -zcvf ServerBackup08222011.tar.gz /

But my primary question is whether this will get meta... Will the backup try and backup itself?

I used to have a network setup as follows:

DomainOne.com -> Server 1 (XXX.XXX.XXX.1)

DomainTwo.com -> Server 2 (XXX.XXX.XXX.2)

Server 1 simply redirected all port 80 traffic to Server 2. It was also being used to store files and run a couple other services.

Recently, I upgraded Server 2, and eliminated Server 1. Everything now looks like:

DomainOne.com -> ???

DomainTwo.com -> Server 2 (XXX.XXX.XXX.2)

I asked my hosting provider if they could update their DNS cluster to point DomainOne.com to the same IP address as the second domain, but they require an additional fee to do so.

I'm very new to this, but I think my goal is to set up a custom nameserver on Server2, and update DomainOne.com to point to the nameserver running on Server2. Can someone maybe point me towards a good tutorial/explanatory guide showing how to accomplish this? I've Google'd a bit, but I got a bit lost. I have a good amount of Unix knowledge/experience, but very limited networking knowledge.

I recently purchased a remote server plan for a few additional services that I need to run, that my previous hosting plan just couldn't support. (JIRA, another separate Tomcat instance, etc.)

I would rate my Unix/Linux knowledge as "fair", but I'm having troubles determining why my server is so strapped for memory.

Attached is a screenshot of top running as root. The memory usage (adding the %MEM columns) is about 16%, but the total amount of memory used as displayed at the top is well over 60%.

I've been trying to configure JIRA for the past day or so, but it is bailing out with memory issues about halfway through the process.

Note: I have submitted a ticket for tech support, and the admins from who I purchased the server are extremely knowledgeable, but it would be great to fix the issue in the meantime and learn a bit as well

This is less a question about PCRE, and more a question about updating shared libraries. The distribution of CentOS I'm running only allows for yum upgrades to version 6.6, or somewhere similar.

I'm installing an issue tracker that requires PCRE version 8.0+. I cannot uninstall the current 6.6 version of PCRE, as nearly everything depends on it, and the system would break.

Thus, I compiled and installed PCRE 8.12 from source, but even though pcretest -C showed the new version, a call to php_info() on my test page indicates that the 6.6 libraries are still being loaded. I found a link to a site suggesting how to swap out the old libraries for the new ones.

In doing so, I think something's not quite right. A few commands are reporting issues:

/usr/bin/php: error while loading shared libraries: libpcre.so.0: cannot open shared object file: No such file or directory

What exactly should I do to fix the issue? I'm not very familiar with shared/dynamic libraries. I have the following files:

[root@vps tracker]# find / -name libpcre.so* -exec ls -l '{}' \;
lrwxrwxrwx 2 root root 16 Jul 14 07:53 /lib64/libpcre.so.0 -> libpcre.so.0.0.1
lrwxrwxrwx 1 root root 16 Jul 14 07:53 /usr/local/lib/libpcre.so.0 -> libpcre.so.0.0.1
-rwxr-xr-x 1 root root 116790 Jul 14 07:53 /usr/local/lib/libpcre.so.0.0.1
lrwxrwxrwx 2 root root 16 Jul 14 07:53 /usr/local/lib/libpcre.so -> libpcre.so.0.0.1
lrwxrwxrwx 1 root root 16 Jul 14 07:16 /root/pcre-8.12/.libs/libpcre.so.0 -> libpcre.so.0.0.1
-rwxr-xr-x 1 root root 116790 Jul 14 07:16 /root/pcre-8.12/.libs/libpcre.so.0.0.1
lrwxrwxrwx 1 root root 16 Jul 14 07:16 /root/pcre-8.12/.libs/libpcre.so -> libpcre.so.0.0.1