| --- Log opened Fri Jun 08 00:00:57 2018 |
| 00:05 | | Kindamoody is now known as Kindamoody[zZz] |
| 00:37 | | Derakon[AFK] is now known as Derakon |
| 01:09 | <&[R]> | I just obtained an old netbook |
| 01:09 | <&[R]> | It's runing Vista on Atom with 1 GB of RAM D: |
| 01:12 | <&McMartin> | That sounds like a candidate for a very slimmed-down Linux |
| 01:13 | | celticminstrel [celticminst@Nightstar-jocbi5.dsl.bell.ca] has joined #code |
| 01:14 | | mode/#code [+o celticminstrel] by ChanServ |
| 01:14 | <&[R]> | Yup |
| 01:33 | | m4rjo [NSkiwiirc@Nightstar-9cmf82.se.alltele.net] has quit [[NS] Quit: http://www.kiwiirc.com/ - A hand crafted IRC client] |
| 02:08 | | Degi [Degi@Nightstar-otqivl.dyn.telefonica.de] has joined #code |
| 02:27 | <@Alek> | can you even browse youtube with such a machine? |
| 02:27 | <@Alek> | or netflix? |
| 02:35 | <&[R]> | Maybe youtube. |
| 02:36 | <&[R]> | Unfortunately, Canadian Neflix is pretty balls so even if I had an account it might not even be the machine's fault if it's slow/ugly. |
| 02:40 | | Degi [Degi@Nightstar-otqivl.dyn.telefonica.de] has quit [Connection closed] |
| 02:48 | | Vornotron [Vorn@Nightstar-sjaki9.res.rr.com] has quit [Ping timeout: 121 seconds] |
| 04:25 | | macdjord is now known as macdjord|slep |
| 05:22 | | celticminstrel [celticminst@Nightstar-jocbi5.dsl.bell.ca] has quit [[NS] Quit: And lo! The computer falls into a deep sleep, to awake again some other day!] |
| 05:26 | | Derakon is now known as Derakon[AFK] |
| 06:02 | | Vornotron [Vorn@Nightstar-sjaki9.res.rr.com] has joined #code |
| 06:02 | | mode/#code [+qo Vornotron Vornotron] by ChanServ |
| 07:10 | | Vornotron [Vorn@Nightstar-sjaki9.res.rr.com] has quit [Ping timeout: 121 seconds] |
| 07:14 | | Vorntastic [uid293981@Nightstar-6br85t.irccloud.com] has joined #code |
| 07:18 | | Vornotron [Vorn@Nightstar-sjaki9.res.rr.com] has joined #code |
| 07:18 | | mode/#code [+qo Vornotron Vornotron] by ChanServ |
| 07:23 | | Vornotron [Vorn@Nightstar-sjaki9.res.rr.com] has quit [Ping timeout: 121 seconds] |
| 08:15 | <@abudhabi> | TheWatcher: Yeah, I ran postmap on it after updating it. |
| 08:36 | <@abudhabi> | I think I found the problem. |
| 08:36 | <@abudhabi> | The darned thing wants me to send mail from foo@mail.domain.com and rejects foo@domain.com as some sort of hacking attempt. |
| 08:59 | | Kindamoody[zZz] is now known as Kindamoody |
| 09:28 | <@TheWatcher> | I assume that domain.com is listed in mydestination ? |
| 09:45 | <@abudhabi> | TheWatcher: It's not. myhostname = domain.com; mydestination = localhost, localhost.domain.com |
| 09:47 | <@TheWatcher> | Okay, so I haven't had enough tea, give me a few |
| 09:48 | <@TheWatcher> | mydomain = domain.com too? |
| 09:48 | <@TheWatcher> | and myorigin = $mydomain ? |
| 09:50 | <@abudhabi> | myorigin = /etc/mailname |
| 09:50 | <@abudhabi> | Which is just "domain.com" |
| 09:51 | <@abudhabi> | Where is mydomain supposed to be? |
| 09:51 | <@abudhabi> | It's not in main.cf |
| 09:54 | <@TheWatcher> | in my main.cf I have, one after the other |
| 09:54 | <@TheWatcher> | myhostname = mail.starforge.co.uk |
| 09:54 | <@TheWatcher> | mydomain = starforge.co.uk |
| 09:54 | <@TheWatcher> | myorigin = $mydomain |
| 09:55 | <@TheWatcher> | mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, ... a few others that don't matter... |
| 10:11 | <@abudhabi> | TheWatcher: Would that break if myhostname was just "starforge.co.uk"? |
| 10:13 | <@TheWatcher> | No, should work fine. |
| 10:20 | <@abudhabi> | Hmmm. Now it's back to an earlier error - that I shouldn't duplicate stuff in mydestination and virtual mailbox domains. |
| 10:25 | <@abudhabi> | Perhaps this is more closely a roundcube issue. |
| 11:32 | <@abudhabi> | Maybe I'll just ease off the webmail for now. |
| 11:32 | <@abudhabi> | What I really need is a web administration interface for the mail server. |
| 11:33 | <@abudhabi> | So users can change their damn passwords themselves. |
| 13:16 | | macdjord [macdjord@Nightstar-grpbnp.mc.videotron.ca] has joined #code |
| 13:16 | | mode/#code [+o macdjord] by ChanServ |
| 13:18 | | macdjord|slep [macdjord@Nightstar-grpbnp.mc.videotron.ca] has quit [Ping timeout: 121 seconds] |
| 13:21 | | Degi [Degi@Nightstar-otqivl.dyn.telefonica.de] has joined #code |
| 14:51 | <@abudhabi> | OK, bleep this crap. I'm going to find some easy-to-install bundle that works. I'm done with configuring every damn thing myself. |
| 15:00 | | abudhabi is now known as AnnoDomini |
| 15:23 | | * AnnoDomini finds one that looks promising, but requires ubuntu upgrade. |
| 15:23 | <@AnnoDomini> | Can do, I think. |
| 15:23 | <@AnnoDomini> | Otherwise I'll have to ask the tech support boys to wipe everything and reinstall. :V |
| 15:29 | | Kindamoody [Kindamoody@Nightstar-eubaqc.tbcn.telia.com] has quit [Ping timeout: 121 seconds] |
| 15:32 | | Vornotron [Vorn@Nightstar-sjaki9.res.rr.com] has joined #code |
| 15:32 | | mode/#code [+qo Vornotron Vornotron] by ChanServ |
| 16:06 | <@AnnoDomini> | Why did upgrading remove aptitude? ._. |
| 16:09 | <@AnnoDomini> | I should count myself lucky that the system is still up and accessible. |
| 16:19 | | * AnnoDomini grumps a bit at not being able to just point at an existing web server, or tell this installer that there's an existing database, so it can use those. |
| 16:20 | <@AnnoDomini> | I hope it doesn't just exterminate everything and go on its merry way. |
| 16:51 | <@AnnoDomini> | Hrm. Dafuq is wrong with you, php? |
| 16:51 | <@AnnoDomini> | Why didn't you get upgraded to the version supported by the new OS version? |
| 17:01 | | Vornotron [Vorn@Nightstar-sjaki9.res.rr.com] has quit [Ping timeout: 121 seconds] |
| 17:23 | <@gnolam> | Just because the OS version supports it doesn't mean the latest version is actually in the repo. |
| 17:25 | <@AnnoDomini> | Well, removing php7.0 and then reinstalling it (via iRedMail installer) worked to solve the problem. |
| 17:26 | <@AnnoDomini> | Near as I can tell, some php7.0 add-ons were left in versions for ubuntu 14. |
| 17:26 | <@AnnoDomini> | Which somehow conflicted with something else. |
| 17:45 | <@AnnoDomini> | Do I need separate certificates for sub-domains? |
| 17:45 | <@AnnoDomini> | Like, domain.com works fine, but mail.domain.com complains. |
| 17:46 | <&[R]> | Not really. |
| 17:46 | <&[R]> | You need a certificate that covers each domain you want to use. |
| 17:46 | <&[R]> | Which you can do with multiple certs |
| 17:47 | <&[R]> | What you likely want to do is ask for a new cert that covers domain.com AND mail.domain.com and anything else you might want it to |
| 17:47 | <@AnnoDomini> | Yes. |
| 17:47 | <@AnnoDomini> | Can I do that with certbot? |
| 17:48 | <&[R]> | Yes, it's one of the examples IIRC |
| 17:50 | <@AnnoDomini> | OK! |
| 17:51 | <&[R]> | Note that it has to validate each (sub)domain individually |
| 17:51 | <@TheWatcher> | I do that with a bit of apache trickery, works pretty well though |
| 17:52 | <@AnnoDomini> | [R]: I dunno what that means. |
| 17:52 | <@TheWatcher> | certbot needs to confirm that you own a domain to issue a cert for it |
| 17:53 | <&[R]> | I don't know how you're doing the ownership validation checks, the default is certbot mucks with your httpd configuration though, which means you'll probably be fine. |
| 17:53 | <&[R]> | HOWEVER, that doesn't mean you shouldn't know that it needs to do each domain |
| 17:53 | | mac [macdjord@Nightstar-grpbnp.mc.videotron.ca] has joined #code |
| 17:53 | | mode/#code [+o mac] by ChanServ |
| 17:53 | <&[R]> | Since you could easily end up expanding and then making it so certbot can't keep you in check. |
| 17:53 | <&[R]> | Then everything breaks |
| 17:54 | <@AnnoDomini> | OK, so just expanding the certificate with certbot didn't quite cut it. |
| 17:55 | <@AnnoDomini> | Main domain is still OK, sub-domain is still not-OK. |
| 17:55 | | macdjord [macdjord@Nightstar-grpbnp.mc.videotron.ca] has quit [Ping timeout: 121 seconds] |
| 17:56 | <@TheWatcher> | did you restart the servers to pick up the new certs? |
| 17:56 | <@AnnoDomini> | Hmm. Restarting nginx may have fixed it. |
| 17:56 | <@AnnoDomini> | I did not. |
| 17:56 | <@AnnoDomini> | Now I did. |
| 17:58 | <@AnnoDomini> | What's the proper way to set up auto-renewal of this certificate? |
| 17:58 | <@AnnoDomini> | Adding it to crontab? |
| 17:59 | <@TheWatcher> | Yep |
| 17:59 | <@AnnoDomini> | root's crontab, right? |
| 17:59 | <@TheWatcher> | Yus |
| 18:00 | <@AnnoDomini> | Hope adding to that won't break the existing items added by iRedMail. |
| 18:01 | <@TheWatcher> | Won't do, as long as you didn't fiddle with them. |
| 18:01 | <@TheWatcher> | Are you just using the certs in nginx, or are you using them in others (postfix, dovecot, etc?) |
| 18:02 | <@TheWatcher> | If so, certbot renew on its own won't be enough - you'll need to restart those services to pick up the changes |
| 18:03 | <@AnnoDomini> | Hmmm. That's a point. I am going to fiddle with them too. |
| 18:03 | <@AnnoDomini> | So I guess && service foo restart |
| 18:05 | <@TheWatcher> | https://pastebin.starforge.co.uk/22 is the script I use, dunno if it's any use to you |
| 18:11 | <@AnnoDomini> | Thanks. |
| 18:11 | <@AnnoDomini> | Would you know how to enable rewrite on ngink? |
| 18:11 | <@AnnoDomini> | *nginx |
| 18:11 | <@AnnoDomini> | For wordpress. |
| 18:12 | <@TheWatcher> | Oh, yes, if you use that script its important that you invoke it with something like `23 10 * * * /path/to/update-script > /dev/null 2>&1` or you'll find you run into problems with postfix trying to email the result from cron, but failing because the cert changed >.> |
| 18:13 | | Emmy [Emmy@Nightstar-9p7hb1.direct-adsl.nl] has joined #code |
| 18:13 | <@TheWatcher> | Not a clue, sorry - I've only used apache for anything real :/ |
| 18:13 | | Degi [Degi@Nightstar-otqivl.dyn.telefonica.de] has quit [Ping timeout: 121 seconds] |
| 18:14 | | * Emmy uses apache for the surreal |
| 18:14 | | macdjord [macdjord@Nightstar-grpbnp.mc.videotron.ca] has joined #code |
| 18:14 | | mode/#code [+o macdjord] by ChanServ |
| 18:15 | <&McMartin> | nginx does definitely normally have a rewrite module in it though |
| 18:16 | <@TheWatcher> | AnnoDomini: https://codex.wordpress.org/Nginx be of any use? |
| 18:16 | <@AnnoDomini> | Actually, I need it for both wordpress, and to stop this bastard from complaining when I navigate to domain.net (which we also own) that the certificate is for domain.com. |
| 18:16 | | mac [macdjord@Nightstar-grpbnp.mc.videotron.ca] has quit [Ping timeout: 121 seconds] |
| 18:17 | <@AnnoDomini> | That would be more helpful if I knew a thing or two about nginx to begin with. ;) |
| 18:22 | <@TheWatcher> | Well, I guess everyone has to start somewhere~ |
| 18:23 | <@AnnoDomini> | OK, postfix and dovecot went smoothly, because the nginx template file helpfully said to just symlink the existing dummy certificate files. Which are the same for all the things iRedMail set up. |
| 18:39 | <@AnnoDomini> | WTF. WTH did I do that everything refuses to connect? |
| 18:44 | <&[R]> | "Search Results |
| 18:44 | <&[R]> | Connection refused means that the port you are trying to connect to is not actually open. " |
| 18:46 | <@AnnoDomini> | Hm. |
| 18:46 | <@AnnoDomini> | Ping and SSH work. |
| 18:46 | <@AnnoDomini> | So it's not a blanket thing. |
| 18:48 | | Emmy [Emmy@Nightstar-9p7hb1.direct-adsl.nl] has quit [Ping timeout: 121 seconds] |
| 18:48 | <@AnnoDomini> | fail2ban doesn't seem to be banning my IP. |
| 18:50 | <&[R]> | netstat -lntp |
| 18:50 | <&[R]> | Or: ss -lntp | cat |
| 18:50 | <&[R]> | (Yes, the | cat does something) |
| 18:51 | <@AnnoDomini> | Linebreaks? |
| 18:52 | <@AnnoDomini> | http://pastebin.starforge.co.uk/23 |
| 18:52 | <&[R]> | ss tabulates its output, except it assume that your terminal has 50% more width than it does. |
| 18:52 | <&[R]> | It also dynamically figgures out the width to get the fuck-up, so you can't even just make your terminal bigger |
| 18:53 | <&[R]> | You can't feed it a smaller $COLUMNS either |
| 18:53 | <@AnnoDomini> | It *seems* that nginx is listening on HTTP and HTTPS. |
| 18:55 | <&[R]> | On what IP? |
| 18:55 | <@AnnoDomini> | OTOH, I may be banned. I just tried from my shell account in Germany, and it got the damned thing. |
| 18:55 | <&[R]> | If it's 0.0.0.0 then it's listening on all IPv4 addresses |
| 18:55 | <&[R]> | If it's 127.0.0.1 then it's only listening on localhost |
| 18:55 | <@AnnoDomini> | I think I may have tripped fail2ban somehow by trying and failing to assense the mail settings in thunderbird. |
| 18:56 | <@AnnoDomini> | [R]: It looks like every address. |
| 18:57 | <&[R]> | Check the firewall |
| 18:57 | <@AnnoDomini> | How? |
| 18:57 | <&[R]> | iptables -L |
| 18:57 | <&[R]> | Chain OUTPUT (policy ACCEPT) |
| 18:57 | <&[R]> | target prot opt source destination |
| 18:58 | <&[R]> | Should see three sets of that and nothing else if the firewall is completely off |
| 18:58 | <@AnnoDomini> | Aha! I think I got it. |
| 18:58 | <@AnnoDomini> | REJECT all -- <my hostmask> anywhere reject-with icmp-port-unreachable |
| 19:01 | | Degi [Degi@Nightstar-otqivl.dyn.telefonica.de] has joined #code |
| 19:04 | | Vorntastic [uid293981@Nightstar-6br85t.irccloud.com] has quit [[NS] Quit: Connection closed for inactivity] |
| 19:05 | | Degi [Degi@Nightstar-otqivl.dyn.telefonica.de] has quit [Ping timeout: 121 seconds] |
| 19:07 | <@AnnoDomini> | Pfew. Unbanned myself. |
| 19:14 | <@AnnoDomini> | Even got the nginx rewriting to work enough for wordpress. |
| 19:20 | <@AnnoDomini> | Now I need to know what to google. |
| 19:21 | <@AnnoDomini> | domain.net is set to redirect to domain.com |
| 19:21 | <@AnnoDomini> | Previously, on apache with rewrite rules, it simply changed the address to domain.com when you navigated to domain.net |
| 19:22 | <@AnnoDomini> | Now it tries to stay domain.net, which yields problems with certificates. |
| 19:23 | <@AnnoDomini> | What's the name of what I want? This address-changing? |
| 19:31 | <&[R]> | You want a redirect instead |
| 19:32 | <&[R]> | Make a 404 page that triggers a PHP script, have that do: header('Location: domain.com' . $_SERVER['REQUEST_URI']); exit(); |
| 19:32 | | Degi [Degi@Nightstar-otqivl.dyn.telefonica.de] has joined #code |
| 19:32 | <&[R]> | Then that 404 script is the only thing that domain.net can serve |
| 19:33 | <@AnnoDomini> | domain.net has no server of its own, it just has an A record with the IP of the server that domain.com uses. |
| 19:33 | <@AnnoDomini> | Does this change anything? |
| 19:34 | <&[R]> | That doesn't matter |
| 19:34 | <&[R]> | That's DNS stuff |
| 19:34 | <&[R]> | That won't help you here |
| 19:35 | <@AnnoDomini> | OK, so how I make this script? |
| 19:35 | <@AnnoDomini> | Should I, I dunno, modify the index.php that already sits in the main www folder, and is part of wordpress? |
| 19:36 | | Degi [Degi@Nightstar-otqivl.dyn.telefonica.de] has quit [Ping timeout: 121 seconds] |
| 19:36 | <&[R]> | So domain.net has its own files to serve. It has ONE file to serve, the 404.php file, which is the 404 handler. |
| 19:37 | <@AnnoDomini> | OK... this means I'll have to configure up another site with nginx, yes? |
| 19:37 | <&[R]> | Yes |
| 19:37 | <@AnnoDomini> | :( |
| 19:38 | <&[R]> | Or you fix the cert to include domain.net |
| 19:39 | <@TheWatcher> | Which is probably a good idea anyway, in case someone goes to https://domain.net/ |
| 19:39 | <@AnnoDomini> | I was about to say I did and it didn't work, but then I remembered that I needed to restart/reload the web server. |
| 19:39 | <@TheWatcher> | because without that being on your cert, they'll get a browser error |
| 19:39 | <@AnnoDomini> | Now it works. |
| 19:39 | <@AnnoDomini> | And it even works in the way that I wanted. |
| 19:39 | <@TheWatcher> | Okay |
| 19:40 | <@AnnoDomini> | OK, sweet. Now everything works - the wordpress website, the admin panel, the netdata thingy... except the mail server stack. |
| 19:41 | | Degi [Degi@Nightstar-otqivl.dyn.telefonica.de] has joined #code |
| 19:41 | <@TheWatcher> | Progress! |
| 19:41 | <@AnnoDomini> | It's a sine-wave kind of progress. :) |
| 19:45 | | Degi [Degi@Nightstar-otqivl.dyn.telefonica.de] has quit [Ping timeout: 121 seconds] |
| 19:46 | <@AnnoDomini> | Should I be worried that I don't actually feel all that impostery while being a cargo cult admin? <_< |
| 19:51 | <@AnnoDomini> | Hmm. Failure of mail could be the problem of improperly configured DNS records. I think I can fix that. |
| 20:00 | | m4rjo [NSkiwiirc@Nightstar-9cmf82.se.alltele.net] has joined #code |
| 20:04 | | m4rjo is now known as M4rjo |
| 20:04 | | M4rjo [NSkiwiirc@Nightstar-9cmf82.se.alltele.net] has quit [[NS] Quit: http://www.kiwiirc.com/ - A hand crafted IRC client] |
| 20:05 | | M4rjo [NSkiwiirc@Nightstar-9cmf82.se.alltele.net] has joined #code |
| 20:38 | | Degi [Degi@Nightstar-otqivl.dyn.telefonica.de] has joined #code |
| 20:43 | | Degi [Degi@Nightstar-otqivl.dyn.telefonica.de] has quit [Ping timeout: 121 seconds] |
| 21:19 | <@macdjord> | [R]: Shouldn't it be an HTTP 301, not a 404? |
| 22:16 | | KiMo|autorejoin [Kindamoody@Nightstar-rfpfgp.mobileonline.telia.com] has joined #code |
| 22:16 | | mode/#code [+o KiMo|autorejoin] by ChanServ |
| 22:16 | | Kindamoody|autojoin [Kindamoody@Nightstar-rfpfgp.mobileonline.telia.com] has joined #code |
| 22:17 | | mode/#code [+o Kindamoody|autojoin] by ChanServ |
| 22:49 | | KiMo|autorejoin is now known as Kindamoody |
| 22:49 | | Kindamoody|autojoin [Kindamoody@Nightstar-rfpfgp.mobileonline.telia.com] has quit [Client exited] |
| 23:07 | | Kindamoody is now known as Kindamoody[zZz] |
| 23:17 | | Kindamoody[zZz] [Kindamoody@Nightstar-rfpfgp.mobileonline.telia.com] has quit [Connection closed] |
| 23:18 | <&[R]> | macdjord: it's not sending a 404 |
| 23:18 | <&[R]> | It's the 404 handler |
| 23:19 | <&[R]> | There aren't any files, and file accessed will trigger the 404 handler... |
| 23:19 | <@macdjord> | Ah, right. |
| 23:19 | <&[R]> | Easy cheap way to make every URL on a domain go to one file :p |
| 23:19 | | Kindamoody|autojoin [Kindamoody@Nightstar-rfpfgp.mobileonline.telia.com] has joined #code |
| 23:20 | | mode/#code [+o Kindamoody|autojoin] by ChanServ |
| 23:59 | | M4rjo [NSkiwiirc@Nightstar-9cmf82.se.alltele.net] has quit [[NS] Quit: http://www.kiwiirc.com/ - A hand crafted IRC client] |
| --- Log closed Sat Jun 09 00:00:59 2018 |