Hi,
Ubuntu 20.04 is scheduled to be released at some point today. As
things stand its kernel won't boot at BitFolk.
I think it's due to some bugs in Xen's LZ4 decompression. These
problems have since been fixed but it would mean a forced reboot to
deploy them and I'm not going to do that, for this.
I will let you know when there is a host available that will boot
these LZ4-compressed kernels, so if you are desperate to upgrade to
20.04 you can be moved there.
If you already did try to upgrade to 20.04 and now it doesn't boot,
your previous (18.04) kernel will boot, which clearly isn't ideal
but does at least regain access.
Possibly you could build a custom kernel that doesn't use LZ4 or
find a way to unpack (and optionally repack) the existing vmlinuz.
I'll follow up with more info as I experiment with that.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
_______________________________________________
announce mailing list
announce(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/announce
Hi All,
My VPN hosts a small selection of web sites. I have noticed a LOT of
attacks recently.
The errors in the log file is typically something like this.
2020/04/29 11:08:12 [error] 831#831: *99107 FastCGI sent in stderr: "PHP
message: PHP Fatal error: Reseller record not found for
in /var/www/exampleone/htsecure/Classes/ApplicationFactory.php on line
86" while reading response header from upstream, client: 209.17.96.218,
server: exampleone.co.uk, request: "GET / HTTP/1.1", upstream:
"fastcgi://127.0.0.1:9000", host: "exampletwo"
This is very puzzling because exampletwo is any website I host, (except
exampleon) - including a site that DNS points to my server, but I don't
host!
The PHP error is caused because the value in $_SERVER['HTTP_HOST'] is
not something expected. I think it may be "\n" or missing.
It would appear that I have something screwy in my configuration for php
requests to one site to be passed to another - but I can't see it.
The default configuration is:
# Statements for default virtual host
server {
listen 80 default ;
# server name is catch all for unknown names#
server_name _ ;
root /etc/nginx/html;
index index.html;
# access_log /var/www/access_log;
try_files $uri =404;
}
This would be triggered when exampletwo is the domain pointed at my
server, that I don't (yet) host.
The only file in /etc/nginx/html is index.html and reports "the domain
you requested does not exist on this server". There are no php files.
The config for exampleone is (redacted for security).
# Statements for exampleone virtual host
# switched to letsencrypt cert 30/6/2019
server {
listen 80;
server_name exampleone.co.uk www.exampleone.co.uk;
rewrite ^(.*) https://exampleone .co.uk$1 permanent;
}
server {
listen 443 ssl http2;
server_name exampleone.co.uk www.exampleone.co.uk;
## SSL Certs
ssl_certificate
/etc/letsencrypt/live/coachmaster.co.uk-0001/fullchain.pem;
ssl_certificate_key
/etc/letsencrypt/live/coachmaster.co.uk-0001/privkey.pem;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2;
ssl_ciphers
"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
ssl_session_timeout 10m;
# Aditional Security Headers
# ref:
https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Sec…
add_header Strict-Transport-Security "max-age=31536000;
includeSubDomains";
# ref:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
add_header X-Frame-Options DENY always;
# ref:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Op…
add_header X-Content-Type-Options nosniff always;
# ref:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
add_header X-Xss-Protection "1; mode=block" always;
# Enable OCSP stapling
# ref.
http://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate
/etc/letsencrypt/live/exampleone.co.uk/fullchain.pem;
root /var/www/exampleone/htsecure;
access_log /var/log/nginx/exampleone.co.uk.access.log;
error_log /var/log/nginx/error.log;
index index.php;
location = / {
rewrite ^ /index.php last;
}
location /easyrtc {
proxy_pass http://localhost:5006;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /socket.io {
proxy_pass http://localhost:5006;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
# serve php files via fastcgi if the file exists
location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi.conf;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
fastcgi_param CENTRAL_ROOT $document_root;
fastcgi_param RESELLER_ROOT $document_root;
fastcgi_param ENVIRONMENT production;
fastcgi_param HTTPS ON;
}
# serve static files
try_files $uri $uri/ /index.php;
expires 30m;
# now to configure the long polling
location /publish {
nchan_publisher;
nchan_channel_id $arg_id;
nchan_message_buffer_length 10;
nchan_message_timeout 90s;
}
# public long-polling endpoint
location /activity {
nchan_subscriber;
nchan_channel_id $arg_id;
}
}
Sorry about the extra line breaks borking the layout. SNAFU. :)
Any idea why or how, a request to a site that does not exist, gets
switched to exampleone, when default is present?
I am running fail2ban, and that locks them out for an hour at the third
attempt, so it does not matter much, except that my nightly report of
errors is so full of this junk, I can't see any real problems. :(
Thanks for any insights.
Ian
--
Ian Hobson
Tel (+351) 910 418 473
--
This email has been checked for viruses by AVG.
https://www.avg.com
Hello,
I am wanting to upgrade my server from Debian 9 to Debian 10. I have done this on other systems without problems but have a question about the Bitfolk VM and network interface name.
For Debian 10 upgrades the legacy name definition file is not supported [1] :
/etc/udev/rules.d/70-persistent-net.rules
I define eth0 here using MAC i.e.
SUBSYSTEM=="net", DRIVERS=="?*", ATTR{address}=="00:16:3e:1b:b2:db", NAME="eth0"
I have no files in /etc/systemd/network/.
Per [1], using udevadm to find the udev name :
# udevadm test-builtin net_id /sys/class/net/eth0 2>/dev/null
ID_NET_NAME_MAC=enx00163e1bb2db
ID_OUI_FROM_DATABASE=Xensource, Inc.
it is wanting to use "enx00163e1bb2db".
So, to get started I was going to :
1) Disable the 70-persistent-net.rules file
2) Change all occurrences of "eth0" to "enx00163e1bb2db" using :
grep -r eth0 /etc
3) Reboot
Is this correct? Or is their a better way that the Debian 9 to 10 upgrade can cope with (maybe with a nicer interface name)?
Once I am happy all works using this interface name, I can think about the Debian 10 upgrade itself.
Many Thanks,
[1] https://www.debian.org/releases/stable/amd64/release-notes/ch-information.e…
--
Alastair Sherringham
http://www.sherringham.net
Hi folks,
My VPS currently has Ubuntu 18.04 installed on it, and since 20.04 has
just been released, I'm considering when and whether to upgrade it.
However, I've also been looking into NixOS recently, and I thought I
might try running it on my server.
--
Josh Holland
