2004/08/11
IRC [03:19] * tekbasse sets up a local server to test nsopenssl3b27
IRC [03:21] <tekbasse> so far, no problems to report --too bad. back to testing on the production server.
IRC [03:27] <tekbasse> ah. the test server is running oacs5.1, whereas the one breaking is using 4.6.3... hmm tcl related?
IRC [05:00] * tekbasse stuck trying to exec nsd in gdb. keeps trying.
IRC [06:02] *** tekbasse parted the chat.
IRC [06:05] *** tekbasse joined the chat.
IRC [06:15] <tekbasse> Okay, got gdb to work with nsd8x. (gdb) file nsd8x
IRC [06:15] <tekbasse> Reading symbols from nsd8x...Deprecated bfd_read called at /usr/src/gnu/usr.bin/binutils/gdb/../../../../contrib/gdb/gdb/dbxread.c line 2627 in elfstab_build_psymtabs
IRC [06:16] <tekbasse> Deprecated bfd_read called at /usr/src/gnu/usr.bin/binutils/gdb/../../../../contrib/gdb/gdb/dbxread.c line 933 in fill_symbuf
IRC [06:19] <tekbasse> (gdb) run (shows usual config.tcl ns_log notice messages).. debug messages in error logfile continues to loading nssock.so then consumes cpu% >90 with no further changes, no error messages in gdb.
IRC [06:20] <tekbasse> sorry not more conclusive. goodnight.
IRC [06:20] *** tekbasse parted the chat.
IRC [09:44] *** erph joined the chat.
IRC [09:45] <erph> hello... :)
IRC [09:45] <Dossy> morning.
IRC [09:46] <erph> i'm thinking about giving my users access to .adp
IRC [09:46] <Dossy> Interesting.
IRC [09:46] <erph> is there a secure way to do this?
IRC [09:46] <Dossy> Nope.
IRC [09:46] <Dossy> AOLserver is NOT meant for hosting third-party customers.
IRC [09:47] <erph> uhm.
IRC [09:48] <Dossy> OK, i'm going to go idle for about 2 hours now
IRC [09:48] <Dossy> ttyl
IRC [09:48] <erph> bye, thanks
IRC [10:45] *** erph parted the chat.
IRC [11:06] *** frodoroot parted the chat.
IRC [11:32] *** frodoroot joined the chat.
IRC [13:06] *** bartt joined the chat.
IRC [13:28] <jhavard> dossy, you back yet?
IRC [13:35] <jhavard> I was running ab against my aolserver install. It doesn't seem to die after 64 connections now.
IRC [13:36] <jhavard> Performance wasn't that great until I remembered that the bandwidth of a t1 is less than the bandwidth of 100Mbit ethernet
IRC [13:37] <frodoroot> what ver?
IRC [13:38] <jhavard> cvs head
IRC [13:41] <jhavard> well damn
IRC [13:41] <jhavard> managed to crash it with an http/1.0 request!
IRC [13:44] <jhavard> or more correctly, an http/1.0 request without a Host header
IRC [13:45] <jhavard> or just hitting return without a request
IRC [14:19] *** erph joined the chat.
IRC [14:20] <erph> hi
IRC [14:22] <erph> can anybody tell me what would be the best way to have two sites running on the same host but as two separate nsd processes (and separate users)?
IRC [14:22] <erph> would it be nsvhr? is it ok for AOLserver 4?
IRC [14:23] <bartt> erph: I advise the use of pound
IRC [14:23] <bartt> http://apsis.ch/pound
IRC [14:23] <bartt> It is a reverse proxy
IRC [14:24] <bartt> You can then host multiple sites listening to the same external IP address and port.
IRC [14:24] <erph> bartt: have you tested it?
IRC [14:24] <erph> bartt: how big load can it handle?
IRC [14:25] <bartt> Yes, I've tested it.
IRC [14:26] <bartt> But not under big loads.
IRC [14:27] <bartt> Still, it has a small foot print.
IRC [14:27] <bartt> Easy to configure
IRC [14:28] <bartt> And can do SSL negotiations on behalf of the backend servers.
IRC [14:28] <erph> Seams to be nice.
IRC [14:29] <erph> and it is in the ports (FreeBSD). ;)
IRC [14:40] <bartt> If you don't NEED to do any virtual hosting.
IRC [14:41] <bartt> Either b/c you have more than 1 network card
IRC [14:41] <bartt> Or you have setup IP aliases
IRC [14:41] <erph> 1 IP address :)
IRC [14:41] <bartt> then you can run the nsd processes w/o pound (or any other proxy).
IRC [14:41] <bartt> Is that an IP address given my an ISP?
IRC [14:42] <bartt> Or could add a 2nd IP to the same card?
IRC [14:43] <erph> i think that reverse proxy is that, what i need :)
IRC [14:44] <erph> pound: unknown directive "BackEnd...
IRC [14:44] <erph> huh.
IRC [14:48] <erph> This is NOT recommended (I personally believe that virtual hosts should be implemented in the back-end servers - putting this in a proxy is a major security kludge) but it works.
IRC [14:48] <erph> do you know why it can be ,,a major security kludge''?
IRC [14:50] <bartt> That is bogus
IRC [14:51] <erph> hm, why?
IRC [14:51] <bartt> It is not any different than any other name based virtual hosting.
IRC [14:52] <bartt> See the bottom of http://openacs.org/forums/message-view?message_id=169655
IRC [14:53] *** tekbasse joined the chat.
IRC [14:56] <bartt> Hi tekbasse
IRC [14:56] <tekbasse> hi bartt, how goes it?
IRC [14:56] <erph> bartt: thanks.
IRC [14:56] <bartt> erph: np
IRC [14:57] <erph> now i have to deal with logging somehow.
IRC [14:57] <erph> ;)
IRC [14:57] <bartt> Not bad tekbasse. Struggling to get a fibre channel port to use the ethernet protocol instead of token ring
IRC [14:57] <bartt> erph: You mean ns_logging the original IP address?
IRC [14:57] <erph> bartt: yes
IRC [14:57] <bartt> AOLserver 4.x does that already
IRC [14:58] <tekbasse> bartt, i guess it's not plug n play =/
IRC [14:58] <bartt> AOLserver will log the X-Forwarded-For IP address it receives from Pound
IRC [14:58] <bartt> Not at all. :(
IRC [15:01] <Dossy> woo, fearsome electrical storm at the office now
IRC [15:01] <Dossy> ONE RING TO CONTROL THEM, ONE RING TO BIND THEM, AND TOKEN RING TO NETWORK THEM ALL.
IRC [15:01] <Dossy> token ring is <reply>ONE RING TO CONTROL THEM, ONE RING TO BIND THEM, AND TOKEN RING TO NETWORK THEM ALL.
IRC [15:02] * jhavard grabs the token
IRC [15:02] <Dossy> heh
IRC [15:02] * jhavard can't think of anything to say and passes left
IRC [15:03] <jhavard> so, how about that blank request or http/1.0 without host header issue?
IRC [15:03] <jhavard> should I be submitting bug requests on these?
IRC [15:03] <erph> bartt: how do you run multiple aolserver instances? do you install each in different directory or just prepare new configuration file?
IRC [15:04] <Dossy> jhavard: what issue?
IRC [15:04] <jhavard> that I mentioned earlier
IRC [15:04] <Dossy> you gonna make me scroll up? :)
IRC [15:05] <Dossy> hmm
IRC [15:05] <jhavard> jhavard:~$ telnet havpyro.com 80
IRC [15:05] <jhavard> Trying 208.148.222.29...
IRC [15:05] <jhavard> Connected to havpyro.com.
IRC [15:05] <jhavard> Escape character is '^]'.
IRC [15:05] <jhavard> GET / HTTP/1.0
IRC [15:05] <jhavard> Connection closed by foreign host.
IRC [15:05] <jhavard> jhavard:~$ telnet havpyro.com 80
IRC [15:05] <jhavard> Trying 208.148.222.29...
IRC [15:05] <jhavard> telnet: connect to address 208.148.222.29: Connection refused
IRC [15:05] <jhavard> jhavard:~$
IRC [15:05] <jhavard> and back on the server side, nsd ends with "Abort trap"
IRC [15:05] <bartt> erph: Just a new config file.
IRC [15:05] <Dossy> funny, doesn't carsh for me
IRC [15:05] <Dossy> are you using sample-config.tcl, or your own?
IRC [15:05] <jhavard> my own.
IRC [15:05] <Dossy> paha
IRC [15:05] <Dossy> i bet you have virtual servers defined.
IRC [15:05] <jhavard> yep.
IRC [15:06] <Dossy> i bet nssock/hostname isn't set to one of the exact strings of your virtual servers
IRC [15:06] <erph> Dossy: isn't it that what i asked for at mailing list today? ;)
IRC [15:07] <Dossy> erph: yup!
IRC [15:07] <erph> so...
IRC [15:07] <Dossy> erph: sounds like the same bug
IRC [15:07] <erph> jhavard: give me your email addr. i'll fwd it.
IRC [15:07] <jhavard> erph: I'm on the list.
IRC [15:07] <Dossy> or we can just tell jhavard what the fix is here
IRC [15:07] <erph> jhavard: ah, ok
IRC [15:08] <Dossy> jhavard - if you have virtual servers defined, you have to set the "hostname" param in the nssock section to the VALUE of one of the virtual server definitions
IRC [15:08] <Dossy> i'm working on the bug so that it at least doesn't crash the server if you misconfigure :)
IRC [15:08] <erph> jhavard: dossy said: The "hostname" parameter must match byte-for-byte the value in the
IRC [15:08] <Dossy> you know i think i'm going to introduce a new param for nssock
IRC [15:08] <Dossy> called "default"
IRC [15:08] <erph> servers section.
IRC [15:09] <Dossy> and if you define virtual servers but don't specify the "default" param in nssock, it'll complain at startup
IRC [15:09] <jhavard> so does it need to be an actual hostname, or just the name for the virtual?
IRC [15:09] <Dossy> hostname of one of the virtuals
IRC [15:09] <Dossy> exactly as it appears in the ns_param - under the hood, a simple strcmp() is done
IRC [15:09] <jhavard> okay, and sure enough, it isn't.
IRC [15:10] <jhavard> that's what I get for moving the config from one machine to another. :(
IRC [15:11] <jhavard> there we go, that works.
IRC [15:11] <jhavard> thanks.
IRC [15:16] <Dossy> heh
IRC [15:21] <jhavard> Of course, this wouldn't be a problem if somebody didn't write buggy code.
IRC [15:21] <Dossy> :P
IRC [15:22] <Dossy> just wait until virtual servers gets removed again :P
IRC [15:22] <erph> Dossy: hey! no! ;)
IRC [15:23] <jhavard> And I'll fork the codebase.
IRC [15:29] <Dossy> :)
IRC [15:35] <jhavard> And it doesn't matter anyways. I could run as many instances of aolserver that I want bound to any number of ip's that I require. the joys of being The Admin at an isp.
IRC [15:36] <Dossy> jhavard: right
IRC [15:36] <Dossy> virtual servers overcomplicate design for very little benefit
IRC [15:36] <Dossy> AOLserver is NOT suitable for hosting third-party clients.
IRC [15:36] <Dossy> haha.
IRC [15:36] <Dossy> thanks, bot.
IRC [15:37] <jhavard> and I have no intention of hosting third party sites on my personal machine.
IRC [15:38] <jhavard> It's quite clear that aolserver is designed for one thing... big sites.
IRC [15:39] <jhavard> virtual hosting and big sites don't mix
IRC [15:39] <Dossy> OK, backporting virtual server fix to 4.0.8a too
IRC [15:39] <Dossy> jhavard: yup
IRC [15:40] <Dossy> aolserver is meant to be run as a farm/cluster across multiple machines
IRC [15:40] <Dossy> not many virtual servers on ONE machine
IRC [15:40] <erph> is there anything for printing directory content for aolserver? sth like Indexes in Apache.
IRC [15:40] <Dossy> erph: look at _ns_dirlist
IRC [15:40] <Dossy> it's in the sample config
IRC [15:40] <erph> Dossy: thanks.
IRC [15:53] <Dossy> OK - fix is commited to HEAD and 4.0.8a
IRC [16:06] <jhavard> aolserver is meant to invoke the aim gateway's annoying 'but...' routine.
IRC [16:06] <Dossy> hehe
IRC [16:06] <jhavard> I take it that's there for the trolls that hop in and say 'aolserver teh suxx0rz!!!!!!1111two'
IRC [16:06] <Dossy> nah
IRC [16:07] <Dossy> it's standard infobot.
IRC [16:07] <Dossy> well, my version of it, at least :P
IRC [16:07] <jhavard> if it doesn't support karma, it is useless.
IRC [16:07] <Dossy> karma for javard
IRC [16:07] <Dossy> it CAN support karma, if you like :)
IRC [16:08] <Dossy> that'd be, what, 10 lines of code? :)
IRC [16:08] <jhavard> about 50 in the perl infobot.
IRC [16:08] <Dossy> hmm
IRC [16:08] <jhavard> and another 15 for topten/bottomten karma
IRC [16:09] <Dossy> yeah.
IRC [16:09] <jhavard> which isn't in the standard infobot release.
IRC [16:09] <jhavard> I'm ashamed to admit that I wrote some rather crappy perl to do it the other day for a bot in #foo
IRC [16:09] <Dossy> heh
IRC [16:37] <frodoroot> I'm ashamed of you
IRC [17:09] <tekbasse> frodoroot, there's a thread re: nsopenssl diagnostics earlier today at #openacs ..very informative!
IRC [17:11] <frodoroot> a thread on an irc channel?
IRC [17:12] <bartt> yes
IRC [17:13] <bartt> frodoroot: see http://www.openacs.org/irc/log/2004-08-11#T20-59-34
IRC [17:13] <bartt> Requires registration.
IRC [17:13] <bartt> This is at the end of the diagnostics session.
IRC [17:14] <erph> bartt: how do you deal with log files (i mean log/server.log) while running multiple aolserver instances?
IRC [17:14] <erph> bartt: can i specify somewhere where this file should be?
IRC [17:15] <tekbasse> there's a parameter to set it
IRC [17:15] <tekbasse> in config.tcl
IRC [17:15] <tekbasse> 1 moment for link
IRC [17:15] <tekbasse> http://aolserver.com/docs/admin/config.html
IRC [17:16] <tekbasse> the detailed configuration reference has it in there with example
IRC [17:16] <erph> i don't see it.
IRC [17:16] <erph> do you think about nslog configuration?
IRC [17:17] <tekbasse> yes
IRC [17:17] <erph> so that's not it i'm afraid.
IRC [17:18] <tekbasse> oh.. sorry, no ns/parameters
IRC [17:18] <tekbasse> ns_param serverlog "pathname/serverlogfilename.log"
IRC [17:19] <tekbasse> see http://aolserver.com/docs/admin/config-reference.tcl.txt
IRC [17:19] <erph> hm. i can't find anything about this parameter in the link you gave me.
IRC [17:19] <erph> :)
IRC [17:19] <erph> thanks
IRC [17:20] <tekbasse> sometimes browser find doesn't find! it's there nevertheless
IRC [17:20] <tekbasse> ServerLog (case sensitive)
IRC [17:27] <frodoroot> tekbasse: I reordered my config file
IRC [17:27] <tekbasse> great. did it stop those ssl msgs?
IRC [17:27] <frodoroot> I haven't had a chance to test it yet
IRC [17:27] <frodoroot> site usage is still high
IRC [17:27] <frodoroot> I posted it to the list
IRC [17:27] <frodoroot> though
IRC [17:28] <Dossy> ...
IRC [17:28] <frodoroot> ,,,
IRC [17:33] <tekbasse> frodoroot: voodoo? might just be magic. It's the hierarchy that's important. Looks like mine =)
IRC [17:33] <frodoroot> heh ok thanks
IRC [17:35] <tekbasse> bbl
IRC [17:44] <Dossy> neat
IRC [17:44] <Dossy> google adsense is cool :)
IRC [18:08] <frodoroot> could you be more specific?
IRC [18:10] <Dossy> well, i get free web page view counting and it earns me pennies a day :)
IRC [18:10] <Dossy> like, in the past 30 days, I've earned around $3.25 :)
IRC [18:19] <jhavard> fear.
IRC [18:20] <Dossy> man, it's great having #unix'ers on here :)
IRC [18:20] <jhavard> there's more than one?
IRC [18:20] <Dossy> there's at least two that I know of. :)
IRC [18:22] * jhavard almost made a fat joke
IRC [18:24] <jhavard> I should probably figure out the best way to say, "Didn't do anything all day" in my exit report.
IRC [18:25] <jhavard> Of course, it's not my fault. I'm waiting on brightmail to call me back.
IRC [18:26] <Dossy> hah
IRC [18:26] <Dossy> "All in-flight projects in stasis due to third-party dependencies."
IRC [18:27] <jhavard> and that's for what?
IRC [18:27] <jhavard> oh
IRC [18:27] <jhavard> yeah
IRC [18:27] <Dossy> feed that through the bullshit translator and you get: "Not doing anything because I'm waiting for other people."
IRC [18:27] <Dossy> s/waiting for/waiting on/
IRC [18:29] <jhavard> The brightmail faq doesn't have, "It's only doing 50 messages per minute, not 50 per second you wankers!" in the "Performance" section.
IRC [18:30] <Dossy> haha
IRC [18:30] <Dossy> OK, I need to upgrade from WinXP Home to WinXP Pro.
IRC [18:31] <Dossy> wonder what the upgrade costs. prolly $150. unf
IRC [18:33] <jhavard> Seriously, 50 messages per minute. One could do that by hand!
IRC [18:37] <jhavard> Going home now.
IRC [19:09] <frodoroot> well it still crashes but after reordering I don't get lots of nsopenssl errors
IRC [20:52] <tekbasse> is it possible to use *.pl files in the same way as .tcl files, ie without using nscgi?
IRC [20:53] <tekbasse> hmm maybe I just need to map nscgi differently, so it doesn't interpret images
IRC [20:54] <tekbasse> c/interpret/execute
IRC [20:55] <bartt> ?
IRC [20:56] <tekbasse> sorry for the confusion. just looking to have aolserver interpret perl files (*.pl) with similar behavior to *.tcl files
IRC [20:57] <tekbasse> right now, as I have nscgi setup, the foldering containing *.pl also contains images, and those images don't get viewed by the browser.. the server returns a server error when
IRC [20:57] <tekbasse> trying to return them.
IRC [20:58] <tekbasse> the cgi is mapped to /www/cgi, so it's browseable
IRC [20:59] <bartt> Post you nscgi config
IRC [20:59] <tekbasse> the *.pl files get executed
IRC [21:00] <bartt> And give the URL you would like to view containing the .pl files (and images?)
IRC [21:00] <tekbasse> ns_param map "GET /cgi ${serverroot}/www/cgi"
IRC [21:00] <tekbasse> map POST is same
IRC [21:00] <tekbasse> ns_param .pl "/usr/bin/perl"
IRC [21:02] <tekbasse> http://server/cgi/image.gif
IRC [21:05] <bartt> Why is image.gif there?
IRC [21:05] <bartt> Everything in /cgi will be processed by nscgi
IRC [21:05] <tekbasse> that's where they put it at sql-ledger
IRC [21:05] <tekbasse> =/
IRC [21:05] <tekbasse> maybe a way to config without nscgi?
IRC [21:06] <bartt> nope
IRC [21:06] <tekbasse> who needs images! sql-ledger works with lynx =)
IRC [21:12] <bartt> tekbasse: Try this:
IRC [21:12] <bartt> ns_param GET /cgi/*.pl ${serverroot}/www/cgi
IRC [21:13] * tekbasse trying
IRC [21:19] <tekbasse> hey, bartt, it works! =) You're worth your weight in gold!
IRC [21:19] <tekbasse> thank you
IRC [21:19] <bartt> np ;)
IRC [21:20] * bartt goes to stuff him self to increase his weight.
IRC [21:20] <tekbasse> bart's stock soars
IRC [21:21] <bartt> cya all later
IRC [21:21] *** bartt parted the chat.
IRC [21:21] <tekbasse> bon apetite