debian – 2 Apache instances running. Can both access mariaDB?

I have 2 Apache2 instances running on my server ( Debian.)

One called Apache2 (ports 80,443,4443)
One called apache2-suiteCRM (port 8443)

The second instance is created to install suiteCRM and the problem there is that I get an error “can not load DB manager”. I can run the install and all preliminary checks are ok, I have setup a database and a user with all privileges. But one way or another it seems that this Apache instance can not access the mariaDB database. My only guess is that it is because it runs on a second instance.

Is there some simple code to check if my server on port 8443 can read and write into mariaDB?

Thanks

apache2 – Create init.d Apache service for multiple instances on debian

I am trying to install a second instance of apache on debian. I used the multiple instance script. during the installation it says:

root@nextcloudpi:/usr/share/doc/apache2/examples# sudo sh setup-instance suitecrm2
Setting up /etc/apache2-suitecrm2 ...
systemd is in use, no init script installed
use the 'apache2@suitecrm2.service' service to control your new instance
sample commands:
systemctl start apache2@suitecrm2.service
systemctl enable apache2@suitecrm2.service
Setting up symlinks: a2enmod-suitecrm2 a2dismod-suitecrm2 a2ensite-suitecrm2 a2dissite-suitecrm2 a2enconf-suitecrm2 a2disconf-suitecrm2 apache2ctl-suitecrm2
Setting up /etc/logrotate.d/apache2-suitecrm2 and /var/log/apache2-suitecrm2 ...
Setting up /etc/default/apache-htcacheclean-suitecrm2
root@nextcloudpi:/usr/share/doc/apache2/examples# sudo systemctl edit apache2.service

So systemd is in use and i don’t get a service file in init.d When i try to start the service as mentioned in the code it says there is no apache2-suitecrm2.service.

How do i create a correct init.d file to start the service, or how do i stop systemd from working so it is not in use and the script to create a second instance is allowed to place the script.

I have looked in the documentation and found that there is a script secondary-init-script, also to be found in /use/share/doc/Apache2/examples. But I don’t understand how this works ( see https://alioth-lists-archive.debian.net/pipermail/pkg-apache-commits/2010-February/000296.html

Thanks

Debian 10 cloud-init waiting for DHCP on boot with static network configuration

Running Debian 10 Buster image (created with build-openstack-debian-image --release buster) with cloud-init image created by cloud-localds -v --disk-format raw --filesystem iso9660 --network-config=network-config-v2.yaml seed.img user-data.yaml.

Problem is that boot is delayed by waiting for DHCP, although I have a valid network configuration and it’s applied after this delay.

(    3.619937) cloud-init(210): Cloud-init v. 20.2 running 'init-local' at Sun, 10 Jan 2021 10:50:20 +0000. Up 3.40 seconds.
(  OK  ) Started Initial cloud-init job (pre-networking).
(  OK  ) Reached target Network (Pre).
         Starting Raise network interfaces...
(  OK  ) Started ifup for eth0.
(     *) A start job is running for Raise network interfaces (35s / 5min 1s)

What can I do to skip this delay?

I can provide more info if needed. Thanks.

# systemd-analyze blame
     1min 2.639s networking.service
           951ms cloud-init-local.service
           773ms cloud-init.service
           657ms cloud-final.service
           540ms cloud-config.service
           421ms dev-vda1.device
           310ms ifupdown-pre.service

debian – OpenVPN configuration works under CLI but not on NetworkManager (TLS handshake failed)

sudo openvpn --config (VPN-NAME).ovpn: works
NetworkManager configuration: doesn’t work (while being the same, copypasted config)

(VPN-NAME).ovpn:

dev tun
persist-tun
persist-key
ncp-disable
cipher AES-256-CBC
auth SHA512
tls-client
client
resolv-retry infinite
remote (hostname) 1194 udp
setenv opt block-outside-dns
lport 0
verify-x509-name "(hostname)" name
auth-user-pass
remote-cert-tls server
<ca>
(CA CERTIFICATE)
</ca>
<cert>
(CERT CERTIFICATE)
</cert>
<key>
(CERT KEY)
</key>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
(TLS-KEY)
</tls-auth>

Network Manager configuration:

  • Copypasted certificates and key from .ovpn into descrete files
  • Selected “Connection type”, value “Password with Certificates (TLS)”
  • Copypasted gateway and file path(s)
  • Went to “Advanced…”
  • Copypasted (VPN-NAME) in tab “TLS Settings” and selected “Verify name exactly”
  • Selected mode “TLS-Auth”, copypasted tls-auth.key path, key direction “Client (1)”

tail -f /var/log/syslog:

debian NetworkManager(648): <info>  (1609951704.7482) audit: op="statistics" arg="refresh-rate-ms" pid=2126 uid=1000 result="success"
debian NetworkManager(648): <info>  (1609951706.1485) audit: op="connection-activate" uuid="1afd25e7-f3cd-472d-9a3b-31f1ad390479" name="VPN-NAME" pid=2126 uid=1000 result="success"
debian NetworkManager(648): <info>  (1609951706.1505) vpn-connection(0x55ce8e0d02e0,1afd25e7-f3cd-472d-9a3b-31f1ad390479,"VPN-NAME",0): Started the VPN service, PID 6763
debian NetworkManager(648): <info>  (1609951706.1554) vpn-connection(0x55ce8e0d02e0,1afd25e7-f3cd-472d-9a3b-31f1ad390479,"VPN-NAME",0): Saw the service appear; activating connection
debian NetworkManager(648): <info>  (1609951706.1591) audit: op="statistics" arg="refresh-rate-ms" pid=2126 uid=1000 result="success"
debian NetworkManager(648): <info>  (1609951706.2483) audit: op="statistics" arg="refresh-rate-ms" pid=2126 uid=1000 result="success"
debian NetworkManager(648): <info>  (1609951711.8373) vpn-connection(0x55ce8e0d02e0,1afd25e7-f3cd-472d-9a3b-31f1ad390479,"VPN-NAME",0): VPN plugin: state changed: starting (3)
debian nm-openvpn(6766): OpenVPN 2.4.7 x86_64-pc-linux-gnu (SSL (OpenSSL)) (LZO) (LZ4) (EPOLL) (PKCS11) (MH/PKTINFO) (AEAD) built on Feb 20 2019
debian nm-openvpn(6766): library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
debian nm-openvpn(6766): NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
debian nm-openvpn(6766): TCP/UDP: Preserving recently used remote address: (AF_INET)A.B.C.D:1194
debian nm-openvpn(6766): UDP link local: (not bound)
debian nm-openvpn(6766): UDP link remote: (AF_INET)A.B.C.D:1194
debian nm-openvpn(6766): NOTE: chroot will be delayed because of --client, --pull, or --up-delay
debian nm-openvpn(6766): NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
debian NetworkManager(648): <warn>  (1609951772.4259) vpn-connection(0x55ce8e0d02e0,1afd25e7-f3cd-472d-9a3b-31f1ad390479,"VPN-NAME",0): VPN connection: connect timeout exceeded.
debian nm-openvpn-serv(6763): Connect timer expired, disconnecting.
debian NetworkManager(648): <warn>  (1609951772.4316) vpn-connection(0x55ce8e0d02e0,1afd25e7-f3cd-472d-9a3b-31f1ad390479,"VPN-NAME",0): VPN plugin: failed: connect-failed (1)
debian nm-openvpn(6766): TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
debian NetworkManager(648): <info>  (1609951772.4317) vpn-connection(0x55ce8e0d02e0,1afd25e7-f3cd-472d-9a3b-31f1ad390479,"VPN-NAME",0): VPN plugin: state changed: stopping (5)
debian nm-openvpn(6766): TLS Error: TLS handshake failed
debian NetworkManager(648): <info>  (1609951772.4317) vpn-connection(0x55ce8e0d02e0,1afd25e7-f3cd-472d-9a3b-31f1ad390479,"VPN-NAME",0): VPN plugin: state changed: stopped (6)
debian nm-openvpn(6766): SIGTERM(hard,tls-error) received, process exiting

OS Environment:
Debian 10 (buster)
Kernel Linux debian 4.19.0-13-amd64 #1 SMP Debian 4.19.160-2 (2020-11-28) x86_64 GNU/Linux
Network Manager: network-manager/stable,now 1.14.6-2+deb10u1 amd64
OpenVPN Plugin: network-manager-openvpn/stable,now 1.8.10-1 amd64
OpenVPN standalone client (openvpn command):

OpenVPN 2.4.7 x86_64-pc-linux-gnu (SSL (OpenSSL)) (LZO) (LZ4) (EPOLL) (PKCS11) (MH/PKTINFO) (AEAD) built on Feb 20 2019
library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10

From the syslog it seems the OpenVPN plugin for Network Manager either uses the underlying openvpn already installed, or has a standalone client it brings with the installation of the plugin itself, which has the same features/capabilities and even version of the standalone openvpn.

Then, it doesn’t work (but only from Network Manager, standalone does)…

debian – Mullvad and OpenVPN: Options error: Unrecognized option or missing or extra parameter(s) in mullvad-.conf:1:

I’m on Debian 10 and put money into the account. Pardon the short, newbie question but I have no idea what stupid mistake I’m making.

The command I ran is sudo openvpn --config mullvad-<location>.conf like the docs say. I sent them a support email but I’m not expecting a prompt reply.

debian – Slow load nextjs (nodejs) app in apache server

Disclaimer : all the time metrics is measured via the developer tool

Context

I have a nextjs app hosted in a vps (ovh).

The nextjs app run in port 3000 on my vps via pm2.

When i deploy the app in heroku (free plan) everything works fine.

In local the production build is ok too & the site takes <1s to load.

The site is served behind an apache reverse proxy.

If my vhost is configured for serving a file (index.html for example) and not used like a reverse proxy everything works fine.

The problem

The problem is : when I load the site via a navigator the site takes +2min to load.

See that on heroku everything works (and on local too) I suspect my server configuration.

Versions informations

➜ node -v
v10.21.0
➜ yarn -v
1.22.5
➜ pm2 -v
4.5.1
Distributor ID: Debian
Description:    Debian GNU/Linux 10 (buster)
Release:        10
Codename:       buster

Apache vhost configuration

http

<VirtualHost *:80>
  ServerAdmin hello@domain.dev
  ServerName domain.dev
  ServerAlias www.domain.dev
  DocumentRoot /var/www/domain.dev/placeholder-pws
  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
  RewriteEngine on
  RewriteCond %{SERVER_NAME} =domain.dev (OR)
  RewriteCond %{SERVER_NAME} =www.domain.dev
  RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} (END,NE,R=permanent)
</VirtualHost>

https

<IfModule mod_ssl.c>
  <VirtualHost *:443>
    ProxyPreserveHost On
    ServerAdmin hello@domain.dev
    ServerName domain.dev
    ServerAlias www.domain.dev
    # DocumentRoot /var/www/domain.dev/placeholder-pws
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    ProxyPass "/" "http://localhost:3000/"
    ProxyPassReverse "/" "http://localhost:3000/"

    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/domain.dev/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/domain.dev/privkey.pem
  </VirtualHost>
</IfModule>

check that the app is running

➜ netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp6       0      0 :::3000                 :::*                    LISTEN      14383/node
➜  ps -p 14383 -o comm=
node

logs

I have 0 log in pm2 monit and .pm2/logs/nextjs-error.log is empty.

.pm2/logs/nextjs-out.log say

0|nextjs   | $ next start -p 3000
0|nextjs   | ready - started server on http://localhost:3000

The apache log doesn’t say anything interesting.

post end

I have been on this problem for 3 days, any help is welcome.

If you want more informations feel free to ask.

debian – Touchscreen area – Ask Ubuntu

I got pc connected to two touch displays. My problem is if I try double click on touch I almost never touch exactly the same spot two times (sometimes with nail) so the display registers it as two separate single clicks on a different spot. It is any possibility to set up something like a double click area? for example, if I touch in 50x50px are it is registered as the same spot?

I use screens are connected via HDMI and USB (touch)

debian – tshark : duplicate HTTP packets for no reasons, and in a HTTP POST request how get form datas in a pretty output?

I’m a teacher and I want to simulate with my students a MITM attack. The goal is to show why the https protocol must be always used.

On debian, I installed tshark. All works fine, when I run the hotspot mode and run tshark, I can get HTTP packets and, digging a little, we can see the form datas in plain text :

enter image description here

First, from the browser in the computer 10.42.0.21, when I enter the url of the server (a simple GET request) tshark shows the get request twice. I don’t understand why.. is there a way for delete deplicate or find the reason ?

secondly, when I send a POST request to the server (via a simple html form). We can see in plain text the datas of the form (it’s logic because the server uses the HTTP protocole and not the HTTPS)

The curent output is : Timestamp,POST / HTTP/1.1rn,rn,Form item : "fname" = "John"

Is it possible with tshark to get a more prettiest output containing only the items (fields) values of the form ? like this : "fname" = "John"

Thanks for any help 🙂

debian – Why does mailutils depend on mariadb-common and mysql-common and what are *-common packages in the first place?

I was about to install mailutils and postfix when I notice how many dependencies were involved.

$ apt install mailutils postfix
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
  guile-2.2-libs libgc1c2 libgsasl7 libkyotocabinet16v5 libltdl7 liblzo2-2 libmailutils5 libmariadb3 libntlm0 libpython2.7 mailutils-common
  mariadb-common mysql-common ssl-cert

Why does mailutils depend on mariadb-common and mysql-common and what are *-common packages in the first place?

I am trying to install a SMTP server that will run localhost-only and wish to be able to send emails using the mail command installing as few dependencies as possible.

debian – Domain shows wrong site in nginx, but only for HTTP

I have multiple sites configured in Nginx 1.14.2-2+deb10u3 on Debian 10.

One is a.mydomain.com, another one is b.mydomain.com.

Both domains have two server blocks each, for port 80 and for port 443.

In all server blocks, the server_name is set.

All domains work as proxy servers to web applications inside of systemd nspawn containers.

Now both sites work well with HTTPS, but for HTTP all GETs to a.mydomain.com give results from b.mydomain.com. This also breaks automatic rewrite redirects from HTTP to HTTPS.

Any idea how to debug this? Can this happen, if the upstream web application of a is too slow or has an error? (Probably not, but I’m out of ideas at the moment.) Thank you!