IRC logs for #aegir, 2015-01-30 (GMT)

2015-01-29
2015-01-31
TimeNickMessage
[11:01:16]* dman_nz has quit (Quit: dman_nz)
[11:03:18]* josh_k has quit (Remote host closed the connection)
[11:03:28]* josh_k has joined #aegir
[11:06:07]* drakythe is now known as zz_drakythe
[11:44:55]* hestenet has joined #aegir
[11:47:09]* josephleon has quit (Quit: Linkinus - http://linkinus.com)
[11:53:24]* realityloopAFK is now known as realityloop
[11:53:44]* blainelang__ has joined #aegir
[11:56:04]* fatguylaughing has joined #aegir
[11:56:22]* blainelang_ has quit (Ping timeout: 255 seconds)
[12:02:12]* blainelang__ has quit (Ping timeout: 244 seconds)
[12:11:35]* maestrojed has quit (Quit: Computer has gone to sleep.)
[12:26:53]* josh_k has quit (Remote host closed the connection)
[12:59:40]* gandhiano has quit (Read error: Connection reset by peer)
[13:06:19]* maestrojed has joined #aegir
[13:23:05]* glennpra_ has joined #aegir
[13:26:17]* glennpratt has quit (Ping timeout: 256 seconds)
[13:27:45]* josh_k has joined #aegir
[13:32:47]* josh_k has quit (Ping timeout: 245 seconds)
[13:51:45]* fatguylaughing has quit (Quit: fatguylaughing)
[13:58:33]* gusaus has quit (Quit: gusaus)
[14:00:57]* gusaus has joined #aegir
[14:11:25]* hestenet has quit (Remote host closed the connection)
[14:15:54]* berniecram has joined #aegir
[14:23:15]* hestenet has joined #aegir
[14:37:34]* glennpratt has joined #aegir
[14:39:24]* glennpra_ has quit (Ping timeout: 245 seconds)
[14:50:55]* fatguylaughing has joined #aegir
[15:25:24]* zz_cdracars is now known as cdracars
[15:26:44]* cdracars is now known as zz_cdracars
[15:28:06]* zz_cdracars is now known as cdracars
[15:31:14]* FatherShawn has quit (Quit: (null))
[15:42:12]<hefring>community => Manual installation stops at common.inc_6.28.patch error => http://community.aegirproject.org/discuss/manual-installation-stops-comm...
[15:47:15]* hestenet has quit (Remote host closed the connection)
[15:51:11]* fatguylaughing has quit (Quit: fatguylaughing)
[16:07:20]* beautifulmind has joined #aegir
[17:09:05]* berniecram has quit (Quit: berniecram)
[17:15:49]* beautifulmind has quit (Ping timeout: 244 seconds)
[17:25:18]* gusaus has quit (Quit: gusaus)
[17:26:37]* maestrojed has quit (Quit: Textual IRC Client: www.textualapp.com)
[17:30:30]* beautifulmind has joined #aegir
[17:33:52]* ngnp has joined #aegir
[17:39:03]* realityloop is now known as realityloopAFK
[17:42:55]* gusaus has joined #aegir
[17:50:14]* David_Hernandez has joined #aegir
[17:55:19]* gusaus has quit (Quit: gusaus)
[18:11:09]* gusaus has joined #aegir
[18:31:58]* boshtian has joined #aegir
[18:41:59]* jerryitt has quit (Quit: Connection closed for inactivity)
[19:18:13]* beautifulmind has quit (Quit: Leaving.)
[19:24:15]* kristofferw has quit (Read error: Connection reset by peer)
[19:29:06]* zorki has joined #aegir
[19:34:44]* kristofferw has joined #aegir
[19:40:02]* zorki has quit (Quit: My Mac has gone to sleep. ZZZzzz…)
[19:40:12]* boshtian has quit (Quit: boshtian)
[19:53:18]* zorki has joined #aegir
[19:55:37]* gusaus has quit (Quit: gusaus)
[20:47:22]* boshtian has joined #aegir
[20:54:09]* gandhiano has joined #aegir
[21:24:06]<hefring>community => Manual Aegir cluster - poor man's pack => http://community.aegirproject.org/discuss/manual-aegir-cluster-poor-mans...
[21:35:28]* beautifulmind has joined #aegir
[21:47:27]* gandhiano has quit (Ping timeout: 264 seconds)
[21:48:39]* gandhiano has joined #aegir
[22:12:49]* ratioweb has joined #aegir
[22:17:05]* David_Hernandez has quit (Quit: Saliendo)
[22:31:24]* omega8cc has joined #aegir
[22:32:37]<omega8cc>hefring: botsnack
[22:32:37]<hefring>*burp*
[22:32:37]<hefring>omega8cc: 1 week 2 days ago <realityloop> tell omega8cc https://bradleyf.id.au/nix/shaving-your-rtt-wth-tfo/
[22:37:36]<omega8cc>hefring: tell realityloop: this https://bradleyf.id.au/nix/shaving-your-rtt-wth-tfo/ stuff seems too edgy, imho, at the moment
[22:37:36]<hefring>omega8cc: I'll pass that on when realityloop is around.
[22:38:26]* e-anima has joined #aegir
[22:48:36]* beautifulmind has quit (Quit: Leaving.)
[22:49:03]* Egyptian[Home] has joined #aegir
[23:23:26]* zorki has quit (Quit: My Mac has gone to sleep. ZZZzzz…)
[23:26:27]* gandhiano has quit (Ping timeout: 264 seconds)
[00:00:32]* noecc has joined #aegir
[00:04:56]* jerryitt has joined #aegir
[00:55:01]* zombiebeard has joined #aegir
[00:56:07]* cdracars is now known as zz_cdracars
[00:58:43]* blainelang__ has joined #aegir
[01:02:00]* zz_drakythe is now known as drakythe
[01:35:57]* gandhiano has joined #aegir
[01:38:53]* blainelang__ is now known as blainelang
[01:42:25]* zorki has joined #aegir
[02:14:02]* zz_cdracars is now known as cdracars
[02:14:25]* fatguylaughing has joined #aegir
[02:18:54]* fatguylaughing has quit (Ping timeout: 272 seconds)
[02:31:41]* omega8cc has quit (Quit: zzzzzz...)
[02:33:32]* fatguylaughing has joined #aegir
[02:37:39]<blainelang>I've not been able to get a Aegir provisioned SSL site to work. Kept getting "Invalid method in request \x16\x03\x03" in apache error.log and all online SSL checkers reported SSL not enabled yet openssl is installed and all tests pass like "lsof -i :443" showed that port 443 https was listening. I changed the sites vhost file in /var/aegir/config/server_master/.... Changed <VirtualHost ipaddress:443> TO <VirtualHost _default_ ipaddress:443> and now th
[02:38:35]<blainelang>But why did I need to do this? Something must not be right
[02:40:46]* hestenet has joined #aegir
[02:40:47]<blainelang>When I restart apache at the cmd line, I see warnings like: NameVirtualHost 104.193.172.117:443 has no VirtualHosts .. Saw these before the change as well.
[02:41:05]* omega8cc has joined #aegir
[02:42:07]<blainelang>Tired the site setup for SSL as enabled and required - no diff. Only thing I've changed to finally get it working was the manual edit to the site conf file and I'm not really comfortable with that change
[02:42:25]<blainelang>Tired = Tried
[02:43:57]* volkan has joined #aegir
[02:44:52]* jojakim has joined #aegir
[02:50:22]* zorki has quit (Quit: My Mac has gone to sleep. ZZZzzz…)
[02:51:04]* zorki has joined #aegir
[02:54:31]<bgm>blainelang: what version of Apache are you running?
[02:54:52]<bgm>and presumably aegir 2.x?
[02:57:18]<blainelang>thanks +bgm, yes should be latest aegir. Running: Server version: Apache/2.2.22 (Debian)
[02:59:00]<bgm>it should definately be <VirtualHost ipaddress:443>, and you should have " NameVirtualHost ipaddress:443" in /etc/apache2/conf.d/aegir.conf
[02:59:15]<bgm>(they removed NameVirtualHost from apache 2.4)
[02:59:33]<bgm>"apache2ctl -S" as root might give more info
[02:59:48]<bgm>can you anonymise/copy-paste to paste.debian.net ?
[03:00:14]<blainelang>It was <VirtualHost ipaddress:443> and no worky. Will past my -S and my conf file - thanks!
[03:01:33]<bgm>also, do you have only one https site, or multiple on that machine?
[03:01:46]<bgm>(i have constant headaches with https on aegir 2.x)
[03:02:02]<blainelang>http://paste.debian.net/143087/
[03:02:06]<bgm>(it works well for 1 site, 1 IP, 1 cert.. but for SNI, wildcards, etc.. arg)
[03:02:18]<bgm>(and i won't get into ipv6 ;-)
[03:02:19]<blainelang>Still testing Aegir and process out - only have the one site right now enabled
[03:02:35]<bgm>(actually, with a small hack, and custom tpl for vhosts, ipv6 works fine)
[03:03:15]<bgm>"_default_:* " => can you remove this?
[03:03:29]<blainelang>Luckily I only need SSL enabled for 1 client site that I need to write a salesforce API module for.
[03:03:47]<blainelang>Siure, that's the change I made to finally get the site https to work
[03:03:49]<bgm>the default:* means you probably have a non-ssl vhost responsing to requests
[03:03:52]<bgm>oh
[03:03:56]<bgm>still, kind of suspicious
[03:04:21]<bgm>ah, but you should https-all-the-things :-)
[03:04:34]<bgm>(offtopic ramblings.. most of my sites have personnal data)
[03:05:26]<blainelang>broken now: https://adpronex1.nextide.ca/
[03:06:19]<blainelang>I have 3 IP addresses for this server :116, :117 and :12
[03:06:39]<bgm>can you re-paste a new apache2ctl -S ?
[03:06:46]<bgm>it's responding as http, on the https port
[03:06:51]<bgm>"wget -O /dev/null -S https://adpronex1.nextide.ca/"
[03:07:02]<bgm>erm no
[03:07:13]<bgm>"wget -O /dev/null -S http://adpronex1.nextide.ca:443"
[03:07:18]<bgm>(to see that it's clear text)
[03:07:23]<blainelang>http://paste.debian.net/143088/
[03:08:09]<bgm>" NameVirtualHost 127.0.0.1:443 has no VirtualHosts" => suspicious, can you grep for that in /etc/apache2 ?
[03:08:31]<blainelang>wget response: http://paste.debian.net/143089/
[03:08:34]<bgm>adpronex1.nextide.ca has address 104.193.172.116
[03:08:40]<bgm>104.193.172.12:443 is a NameVirtualHost
[03:08:55]<bgm>ok ok.. so you need to add the IP in the server's config
[03:09:10]<bgm>in aegir, find the servers, edit the http one, and add the IP
[03:09:17]<bgm>or change the base IP, if you only need 1 on that server
[03:09:35]<blainelang>yeh, did that as soon as the new IP's were assigned. 1 sec
[03:11:01]<blainelang>http://snag.gy/HHxoA.jpg
[03:11:26]<bgm>you only need to assign the IPs that are really used
[03:11:45]<bgm>and aegir does this weird thing, where it assigns IPs to https, first come, first serve
[03:11:56]<bgm>so either you enter them in the order that you create site, or you change your DNS
[03:12:15]<bgm>(you can test locally by editing your /etc/hosts)
[03:13:27]<blainelang>So the default http sites should use :116 and I was expecting the SSL site to use :117
[03:13:30]<blainelang>or :12
[03:13:56]<bgm>aegir won't assign an IP to non-https sites
[03:13:59]<bgm>(i think)
[03:14:03]<blainelang>uh
[03:14:14]<bgm>non-https will use *:80 in their vhost declaration
[03:14:19]<blainelang>so I don't need 127.0.0.1 in here either
[03:14:19]<bgm>only https vhosts will use an IP
[03:14:26]<bgm>exact
[03:15:00]<blainelang>well, that a big Ah Hah
[03:15:04]<bgm>hopefully, as pretty much everyone has moved to SNI, we'll stop binding certificates to IPs..
[03:15:14]<bgm>(damm you Windows XP)
[03:15:22]<blainelang>SNI = over my head right now
[03:15:37]<bgm>SNI makes it possible to support multiple certificates on the same IP address
[03:15:48]<blainelang>Do I need to reverify sites and restart apache?
[03:15:55]<bgm>aegir should automatically do it
[03:16:07]<bgm>although you might need to edit/save your sites
[03:16:09]<blainelang>looks like Aegir spawned a bunch of verify tasks
[03:16:14]<bgm>yep :)
[03:16:23]<bgm>not sure if it will change the IP for your site, though
[03:17:48]<blainelang>may take a few min for these verify tasks to get scheduled. Big thanks bgm
[03:18:02]<bgm>np :)
[03:24:25]<blainelang>So only the 1 ip (:12) now defined in the aegir server config. https: for the site is still not working. Here is the updated apachectl -S and the site vhost conf file: http://paste.debian.net/143096/ -- looks to be correct mapped to :12 ip.
[03:24:32]<blainelang>Do I need to restart apache
[03:25:37]<blainelang>I edited and saved the site (selected generate a new encryption key) and site was verified ok.
[03:27:22]<blainelang>Site comes up for http: but not https://adpronex1.nextide.ca/
[03:27:59]<blainelang>did a apachectl restart - no change.
[03:30:09]* josh_k has joined #aegir
[03:33:03]* volkan has quit (Quit: volkan)
[03:35:22]<blainelang>re-verified server, no change. Getting that Invalid Method in request message in the apache error.log again. Points to an IP miss config still I believe.
[03:37:47]* josh_k has quit (Remote host closed the connection)
[03:38:01]* josh_k has joined #aegir
[03:38:44]<bgm>blainelang: ok but your DNS does not match the IP
[03:38:49]<bgm>$ host adpronex1.nextide.ca
[03:38:49]<bgm>adpronex1.nextide.ca has address 104.193.172.116
[03:39:01]<bgm>where as your apache2ctl -S says 104.193.172.12:443 is a NameVirtualHost
[03:39:19]<bgm>you can test by putting "104.193.172.12 adpronex1.nextide.ca" in your /etc/hosts
[03:39:57]<blainelang>Uh, I see. So what does one do if the site should support http and https. For me, I can get away with just using https.
[03:40:12]<blainelang>will edit local host and try that.
[03:42:25]<blainelang>tada :)
[03:43:14]<blainelang>life is good again. +bgm++
[03:43:20]<blainelang>bgm++
[03:43:33]<blainelang>I tried :)
[03:44:10]<bgm>personally, i don't like mixing http/https, and usually require https
[03:44:37]<bgm>you can be more secure by using things like STS (https://github.com/mlutfy/provision_sts)
[03:44:49]<bgm>to reduce risks of attacks on https traffic
[03:45:10]<bgm>but in any case, you probably will still have a vhost for port :80, to redirect users to https
[03:45:33]<bgm>well, it won't be a problem, just make sure your DNS reflects the IP that aegir has assigned to your https site
[03:46:16]<bgm>fwiw, STS makes sure that if a browser was in https last time, they will remember to use https next time, even if the user types "http://example.org"
[03:46:22]<bgm>but it also means you can't switch https off ;)
[03:46:35]<blainelang>I will try the required option and the redirect. DNS change now made. Adding to my notes as I will have a nice blog article or 2 after this.
[03:50:48]* blainelang has quit (Ping timeout: 244 seconds)
[03:50:48]* blainelang_ has joined #aegir
[03:52:23]* ratioweb has quit (Quit: Leaving)
[03:53:05]<bgm>cool :)
[03:54:06]* blainelang_ is now known as blainelang
[03:54:19]* zorki has quit (Quit: My Mac has gone to sleep. ZZZzzz…)
[04:53:30]* josh_k has quit (Remote host closed the connection)
[04:55:58]* josh_k has joined #aegir
[04:57:26]<mvc>bgm: cool, hadn't heard of that http header
[05:05:45]* drakythe is now known as zz_drakythe
[05:08:02]* iribarne_ has joined #aegir
[05:08:19]* realityloopAFK has quit (Ping timeout: 252 seconds)
[05:08:41]* batfastad has quit (Ping timeout: 252 seconds)
[05:09:03]* spyd_ has quit (Ping timeout: 252 seconds)
[05:09:03]* helmo has quit (Ping timeout: 252 seconds)
[05:09:03]* danquah has quit (Ping timeout: 252 seconds)
[05:09:35]* batfastad has joined #aegir
[05:09:46]* spyd has joined #aegir
[05:10:07]* helmo has joined #aegir
[05:10:53]* iribarne_ is now known as iribarne
[05:12:43]* danquah has joined #aegir
[05:13:15]* realityloopAFK has joined #aegir
[05:13:40]* realityloopAFK is now known as realityloop
[05:26:14]* zombiebeard has quit (Quit: zombiebeard)
[05:30:22]* iribarne_ has joined #aegir
[05:31:15]* ngnp has quit (Ping timeout: 265 seconds)
[05:33:06]* iribarne has quit (Ping timeout: 276 seconds)
[05:33:06]* iribarne_ is now known as iribarne
[05:42:00]* gusaus has joined #aegir
[05:46:38]* iribarne has quit (Quit: iribarne)
[05:47:19]* boshtian has quit (Ping timeout: 245 seconds)
[05:51:48]* zz_drakythe is now known as drakythe
[05:52:10]* zombiebeard has joined #aegir
[06:02:02]* iribarne has joined #aegir
[06:13:11]* hestenet has quit (Remote host closed the connection)
[06:15:31]* blainelang_ has joined #aegir
[06:18:12]* blainelang has quit (Ping timeout: 245 seconds)
[06:19:21]* iribarne has quit (Quit: iribarne)
[06:20:16]* hestenet has joined #aegir
[06:26:34]* zorki has joined #aegir
[06:27:27]* iribarne has joined #aegir
[06:37:35]* zorki has quit (Quit: My Mac has gone to sleep. ZZZzzz…)
[06:46:29]* noecc has quit (Quit: pax)
[06:54:58]* drastik-jw has quit (Quit: No Ping reply in 180 seconds.)
[06:59:13]* drastik-jw has joined #aegir
[07:04:12]* drakythe is now known as zz_drakythe
[07:11:59]* jerryitt has quit (Quit: Connection closed for inactivity)
[07:22:23]* boshtian has joined #aegir
[07:57:55]* gandhiano has quit (Read error: Connection reset by peer)
[08:01:15]* Egyptian[Home] has quit (Ping timeout: 264 seconds)
[08:03:47]* Egyptian[Home] has joined #aegir
[08:16:47]* blainelang__ has joined #aegir
[08:19:23]* blainelang_ has quit (Ping timeout: 246 seconds)
[08:28:12]* blainelang__ has quit (Ping timeout: 245 seconds)
[08:28:56]* blainelang__ has joined #aegir
[08:43:49]* zz_drakythe is now known as drakythe
[08:45:56]* du5k has joined #aegir
[08:50:28]* du5k has quit (Client Quit)
[09:09:10]* cdracars is now known as zz_cdracars
[09:10:05]* zz_cdracars is now known as cdracars
[09:16:50]* gusaus has quit (Quit: gusaus)
[09:27:23]* gusaus has joined #aegir
[09:40:21]* iribarne has quit (Read error: Connection reset by peer)
[09:51:57]* blainelang___ has joined #aegir
[09:53:06]* blainelang__ has quit (Ping timeout: 276 seconds)
[09:53:29]* cdracars is now known as zz_cdracars
[09:54:47]* drakythe is now known as zz_drakythe
[09:58:53]* fatguylaughing has quit (Quit: fatguylaughing)
[09:59:22]* boshtian has quit (Ping timeout: 240 seconds)
[10:00:56]* zombiebeard has quit (Quit: zombiebeard)
[10:17:17]* blainelang____ has joined #aegir
[10:20:14]* blainelang___ has quit (Ping timeout: 272 seconds)
[10:38:43]* e-anima has quit (Quit: reallife not found)
[10:47:26]* hestenet_ has joined #aegir
[10:48:39]* blainelang____ has quit (Ping timeout: 264 seconds)
[10:49:27]* hestenet has quit (Ping timeout: 245 seconds)
[10:49:48]* blainelang____ has joined #aegir
[10:50:58]* fatguylaughing has joined #aegir