Re: apache & apache-ssl
Matthew Joyce wrote: -Original Message- From: Roberto Sanchez [mailto:[EMAIL PROTECTED] Sent: Friday, 17 December 2004 11:49 AM To: debian-user@lists.debian.org Subject: Re: apache & apache-ssl Matthew Joyce wrote: Dear debian-users, I have 2 woody boxes, one has apache+php and the other has apache-ssl+php. Physical space is tight, and neither of these boxes are ever very busy, I'd like to combine them. Are there any problem with these apps co-existing ? Do they need to have the same hostname ? Certificates aside, are there any pitfalls I should watch for ? thanks You can either use apache-ssl or apache + libapache-mod-ssl. These are two different things, but I have used both and they work. As a matter of preference, I would choose the mod-ssl route. That is primarily because then there is only one apache config to mess with. With apache and apache-ssl, there are two configs, two services, and so on. -Roberto Sanchez If I want HTTP and HTTPS have different host names, does this lend preference to either apache-ssl or the mod-ssl ? thnaks I have been trying to do something similar on my woody box. I believe it should be possible to do by using virtual hosts so long as you do not set up the virtual hosts as named hosts ie use different IP addresses when using SSL. This I believe is due to SSL certificates being possibly IP based? I succeeded with apache in setting this up but not with apache-ssl as I had problems with the certificates. Ivan -- ,###' *##/ Ivan Wills ,*##' Home Page : .*##)Email : [EMAIL PROTECTED] ,###' l##* ,. __ _. _ .*##' /%# ;*##*_*###*#' .*#\ ./###&;. /##* /##' ,#*' '#*' '#* *%## *#*" '*##* *##. .##' .*#/ |#*# &# ##o#''#*#, ,##**##__*#* .#*, ,#*_*# *##' '*#|; *##'`*###*' '###*'##*' ,##'\#*. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: binding 2 or more IP addresses to one interface?
Ivan Wills wrote: Hi I want to set up apache with some virtual hosts with different IP addresses and only have one NIC in the machine. Does any know how to bind more than one IP address to a NIC? Thanks Ivan Thanks all for the help it works a treat Ivan -- ,###' *##/ Ivan Wills ,*##' Home Page : .*##)Email : [EMAIL PROTECTED] ,###' l##* ,. __ _. _ .*##' /%# ;*##*_*###*#' .*#\ ./###&;. /##* /##' ,#*' '#*' '#* *%## *#*" '*##* *##. .##' .*#/ |#*# &# ##o#''#*#, ,##**##__*#* .#*, ,#*_*# *##' '*#|; *##'`*###*' '###*'##*' ,##'\#*. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
binding 2 or more IP addresses to one interface?
Hi I want to set up apache with some virtual hosts with different IP addresses and only have one NIC in the machine. Does any know how to bind more than one IP address to a NIC? Thanks Ivan -- ,###' *##/ Ivan Wills ,*##' Home Page : .*##)Email : [EMAIL PROTECTED] ,###' l##* ,. __ _. _ .*##' /%# ;*##*_*###*#' .*#\ ./###&;. /##* /##' ,#*' '#*' '#* *%## *#*" '*##* *##. .##' .*#/ |#*# &# ##o#''#*#, ,##**##__*#* .#*, ,#*_*# *##' '*#|; *##'`*###*' '###*'##*' ,##'\#*. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: exim problem
Vineet Kumar wrote: I bounced your message back to the list, to continue the discussion in the public forum. This way, others may be able to provide input into the discussion, and still others may benefit from reading the discussion now and in the public list archives. * Ivan Wills ([EMAIL PROTECTED]) [040302 10:59]: Vineet Kumar wrote: * Ivan Wills ([EMAIL PROTECTED]) [040229 20:49]: Recently the server has started to take about 30s before sending a email message. (It never did this before) It does not matter what the size of the message is. It seems like the server is waiting for the 30s before listening to the client. I'd guess exim is trying to do an ident lookup with the client, but the client is silently dropping the ident requests. (Bad packet filter!) "30 seconds" smells like a timeout; either ident or reverse DNS. This happens with every client? Is there a packet filter on the server side? Or a DNS misconfiguration? The 30 seconds wait happens for all clients, and all the clients are behind a NAT firewall. So they are seen as one IP address ( which has an entry in the /etc/hosts file ) Okay, well, that's not really a good test for "all clients" -- by asking that, I was trying to narrow down the problem to either the server or the client. If they're all going through the same connection, it doesn't help narrow it down. The firewalls name appears in the log files so it appears that exim is able to do a reverse look up. Right, it sounds like your DNS lookup is probably fine in this instance. I'd check that the NAT box isn't dropping inbound ident requests. It should instead be responding with TCP RST, as for all closed ports. I'd bet that's where your problem is. good times, Vineet P.S. Your sig is very large. This can be considered bad netiquette. Consider reducing its size; a good guideline is that it shouldn't exceed 4 lines (though I'm often guilty of exceeding this myself). In any case, aim for something that can be measured on the order of lines rather than a half-page. Any suggestions on how to check if the firewall is sending a TCP RST? Ivan -- / [EMAIL PROTECTED] / _ _ / \ / | | | | /\/ \_| | | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: exim problem
Vineet Kumar wrote: * Ivan Wills ([EMAIL PROTECTED]) [040229 20:49]: Recently the server has started to take about 30s before sending a email message. (It never did this before) It does not matter what the size of the message is. It seems like the server is waiting for the 30s before listening to the client. I'd guess exim is trying to do an ident lookup with the client, but the client is silently dropping the ident requests. (Bad packet filter!) "30 seconds" smells like a timeout; either ident or reverse DNS. This happens with every client? Is there a packet filter on the server side? Or a DNS misconfiguration? good times, Vineet The 30 seconds wait happens for all clients, and all the clients are behind a NAT firewall. So they are seen as one IP address ( which has an entry in the /etc/hosts file ) The firewalls name appears in the log files so it appears that exim is able to do a reverse look up. There is not packet filter running on the server either. Thank you for the suggestion though. Ivan -- ,###' *##/ Ivan Wills ,*##' Home Page : .*##)Email : [EMAIL PROTECTED] ,###' l##* ,. __ _. _ .*##' /%# ;*##*_*###*#' .*#\ ./###&;. /##* /##' ,#*' '#*' '#* *%## *#*" '*##* *##. .##' .*#/ |#*# &# ##o#''#*#, ,##**##__*#* .#*, ,#*_*# *##' '*#|; *##'`*###*' '###*'##*' ,##'\#*. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
exim problem
Hi I am using Exim 3.35-1woodie2 under Debian Stable. Recently the server has started to take about 30s before sending a email message. (It never did this before) It does not matter what the size of the message is. It seems like the server is waiting for the 30s before listening to the client. Does any one have any suggestions as to why this might occur or suggestions on how to solve the problem? Thanks Ivan -- ,###' *##/ Ivan Wills ,*##' Home Page : .*##)Email : [EMAIL PROTECTED] ,###' l##* ,. __ _. _ .*##' /%# ;*##*_*###*#' .*#\ ./###&;. /##* /##' ,#*' '#*' '#* *%## *#*" '*##* *##. .##' .*#/ |#*# &# ##o#''#*#, ,##**##__*#* .#*, ,#*_*# *##' '*#|; *##'`*###*' '###*'##*' ,##'\#*. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
exim questions: Filtering extensitons with version 3.35 or How tomove from exim 3.35 to 4.2
Hi I need to implement mail filters for attachments with dangerous file extensions in exim. Does any one know how to do this with the version of exim 3.35 which comes with Debian Woody? How hard is it to move exim to version 4.2x under Debian Woody? (Do any deb's exist for Woody?) Any help would be greatly appreciated. Thanks Ivan -- ,###' *##/ Ivan Wills ,*##' Email : [EMAIL PROTECTED] .*##) ,###' l##*/ ,. __ _. _ .*##' /%# ;*##*_*###o#' .*#/ ./###&;. /##* /##' ,#*' '#*' %#/ *%## *#*" '*##* *##. .##' .*#/ |#*# &# ##o#''#*#, ,##**##__*#* .#*, ,[EMAIL PROTECTED] *##' '*#|; *##'`*###*' '###*'##*' ,##'\#*. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
ftpd
Hi I have just installed the ftpd package on a Debian testing system which I need to access from my windows box. If I try to ftp there using either cygwins or windows command line ftp programs I can but no graphical ftp client (in particular my text editor Komodo or Jext) both seem to hang when I try to connect to the server. Does any one have any suggestions on how to solve this problem? Is it a settings issue with ftpd as I have left it with the default settings? Thanks Ivan -- ,###' *##/ Ivan Wills ,*##' Email : [EMAIL PROTECTED] .*##) ,###' l##*/ ,. __ _. _ .*##' /%# ;*##*_*###o#' .*#/ ./###&;. /##* /##' ,#*' '#*' %#/ *%## *#*" '*##* *##. .##' .*#/ |#*# &# ##o#''#*#, ,##**##__*#* .#*, ,[EMAIL PROTECTED] *##' '*#|; *##'`*###*' '###*'##*' ,##'\#*. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: help apache-ssl does not show any pages
Ivan Wills wrote: Hi I have installed the apache-ssl package but every time I try to connect to it I get an error. In my browser if I try to connect to the server I get a message about the ssl certificiate not being signed by a recoognised authority (which is fine as it was created during the install process) then I get messages about the document containing no data or that the session prematurly ended. The apache-ssl error log complains about not being able to bind to port 443. [Tue Jul 22 19:46:41 2003] [crit] (98)Address already in use: make_sock: could not bind to port 443 Failed to connect to socket: /var/run/gcache_port connect: Connection refused apache-ssl: gcacheclient.c:118: OpenServer: Assertion `!"couldn't connect to socket"' failed. [Tue Jul 22 19:46:45 2003] [notice] child pid 24715 exit signal Aborted (6) Failed to connect to socket: /var/run/gcache_port I have searched google and found this error serveral times but I have not found any solutions. Does any one know what might be the cause? Thanks Ivan Problem solved I changed the SSLCacheServerPort from /var/run/gcache_port to 1234 in /etc/apache-ssl/http.conf then restarted apache-ssl (if any one ever wants to know) Ivan -- ,###' *##/ Ivan Wills ,*##' Email : [EMAIL PROTECTED] .*##) ,###' l##*/ ,. __ _. _ .*##' /%# ;*##*_*###o#' .*#/ ./###&;. /##* /##' ,#*' '#*' %#/ *%## *#*" '*##* *##. .##' .*#/ |#*# &# ##o#''#*#, ,##**##__*#* .#*, ,[EMAIL PROTECTED] *##' '*#|; *##'`*###*' '###*'##*' ,##'\#*. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
help apache-ssl does not show any pages
Hi I have installed the apache-ssl package but every time I try to connect to it I get an error. In my browser if I try to connect to the server I get a message about the ssl certificiate not being signed by a recoognised authority (which is fine as it was created during the install process) then I get messages about the document containing no data or that the session prematurly ended. The apache-ssl error log complains about not being able to bind to port 443. [Tue Jul 22 19:46:41 2003] [crit] (98)Address already in use: make_sock: could not bind to port 443 Failed to connect to socket: /var/run/gcache_port connect: Connection refused apache-ssl: gcacheclient.c:118: OpenServer: Assertion `!"couldn't connect to socket"' failed. [Tue Jul 22 19:46:45 2003] [notice] child pid 24715 exit signal Aborted (6) Failed to connect to socket: /var/run/gcache_port I have searched google and found this error serveral times but I have not found any solutions. Does any one know what might be the cause? Thanks Ivan -- ,###' *##/ Ivan Wills ,*##' Email : [EMAIL PROTECTED] .*##) ,###' l##*/ ,. __ _. _ .*##' /%# ;*##*_*###o#' .*#/ ./###&;. /##* /##' ,#*' '#*' %#/ *%## *#*" '*##* *##. .##' .*#/ |#*# &# ##o#''#*#, ,##**##__*#* .#*, ,[EMAIL PROTECTED] *##' '*#|; *##'`*###*' '###*'##*' ,##'\#*. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
APIC error
Hi I am running Debian Woody running on a old dual Pentium 166 computer. I keep getting the following error's like APIC error on CPU0: 08(00) The CPU number varies and the 08 varies. Does any one know what this error means and does any one know how to stop it writing to screen and make it write to a log file instead? Thanks Ivan -- ,###' *##/ Ivan Wills ,*##' Email : [EMAIL PROTECTED] .*##) ,###' l##*/ ,. __ _. _ .*##' /%# ;*##*_*###o#' .*#/ ./###&;. /##* /##' ,#*' '#*' %#/ *%## *#*" '*##* *##. .##' .*#/ |#*# &# ##o#''#*#, ,##**##__*#* .#*, ,[EMAIL PROTECTED] *##' '*#|; *##'`*###*' '###*'##*' ,##'\#*. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bugzilla on Sarge is very slow
Hi I just upgraded my Debian install from Woody to Sarge. I am just running Bugzilla on this computer, but since the upgrade bugzilla is deathly slow. It takes 5 or more seconds to open any cgi page. Does any know if the likely cause is the move from Bugzilla 1.14.2 to 1.16.3 or is it Perl moving from 5.6 to 5.8 or is there some other possibility that could be causeing this slow down? Any suggestions on how to improve speed would be welcomed (I have cut the system down to bare bones, no X and only apache and sshd running) Thanks Ivan -- ,###' *##/ Ivan Wills ,*##' Email : [EMAIL PROTECTED] .*##) ,###' l##* ,. __ _. _ .*##' /%# ;*##*_*###*#' .*#\ ./###&;. /##* /##' ,#*' '#*' '#* *%## *#*" '*##* *##. .##' .*#/ |#*# &# ##o#''#*#, ,##**##__*#* .#*, ,#*_*# *##' '*#|; *##'`*###*' '###*'##*' ,##'\#*. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
vfat and ordinary users
Hi I am trying to use a windows win32 (vfat) partition as an ordinary user but the permissions do not allow me to read it or write to it unless I am root. I have tried to chmod the mount location (with the partition mounted and unmounted) with no success. I also tried adding user to the options column in the fstab file but also with no success. Does any one any suggestions on how to acheve this? Thanks Ivan -- ,###' *##/ Ivan Wills ,*##' Email : [EMAIL PROTECTED] .*##) ,###' l##* ,. __ _. _ .*##' /%# ;*##*_*###*#' .*#\ ./###&;. /##* /##' ,#*' '#*' '#* *%## *#*" '*##* *##. .##' .*#/ |#*# &# ##o#''#*#, ,##**##__*#* .#*, ,#*_*# *##' '*#|; *##'`*###*' '###*'##*' ,##'\#*. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Remotly changing emil users passwords
Hi I am setting up a Debian system (Woody) as primarily as mail server (exim). Is there a way I can allow users to remotly change their passwords with out using ssh (or any other shell) I world also like the majority of users, not to be able to login through a terminal (I don't trust their passwords and I cannot enforce strong passwords, particularly for the CEO) Any suggestions on how to acheive this? Thanks Ivan -- ,###' *##/ Ivan Wills ,*##' Email : [EMAIL PROTECTED] .*##) ,###' l##* ,. __ _. _ .*##' /%# ;*##*_*###*#' .*#\ ./###&;. /##* /##' ,#*' '#*' '#* *%## *#*" '*##* *##. .##' .*#/ |#*# &# ##o#''#*#, ,##**##__*#* .#*, ,#*_*# *##' '*#|; *##'`*###*' '###*'##*' ,##'\#*. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]