I have noticed this super weird behaviour of my webmail installation. I was composing message and clicking send. The message was constantly displayed on the screen, webmail kept displaying “Sending message” info in the bottom right hand corner of the UI and it wasn’t really a mail server’s issue because e-mails were delivered to the recipient few seconds after I’ve clicked send…
It looked like something was “blocking” roundcubemail from “moving forward” after the message was sent.
Thanks to dx I’ve stopped concentrating on roundcube logs and I’ve looked into browser’s error console just to find this:
Timestamp: 15/03/15 09:51:30
Error: Load denied by X-Frame-Options: https://andrzejl.eu:30303/mail/?_task=mail&_unlock=loading1426413090689&_lang=en_US&_framed=1 does not permit framing.
So… Lets say You have folder Dupa in Your home folder and inside that folder – chaos… ;). Files with spaces in the file and folder names. You want to sanitize them and rename them so that they all contain _ instead of space? Do this:
Run:
cd ~/Dupa/
And then run:
find . -depth -name '* *'
| while IFS= read -r f ; do mv -i "$f" "$(dirname "$f")/$(basename "$f"|tr ' ' _)" ; done
This is a ONE command. Both lines.
Repeat until all the files and directories are renamed properly. I had to run this command several times before the chaos got whipped into a sensible shape.
If You want to check if there are any files or folders with spaces in the name left run:
[19:10] MrRee | wget https://byte-unixbench.googlecode.com/files/UnixBench5.1.3.tgz
[19:10] MrRee | tar xzf UnixBench5.1.3.tgz
[19:10] MrRee | cd UnixBench
[19:10] MrRee | make
[19:10] MrRee | ./Run -c X
[19:10] MrRee | where X is number of cores on your board.
By default xvkbd starts with the US layout. I’ve been searching for some sort of a command line switch so that I could edit the .desktop file but the only thing that I’ve found was a “clickable” layout change from the xvkbd gui after the keyboard has already started. That’s not good enough and so I’ve decided to find a way to change the layout to UK by default before keyboard before it starts. Its not pretty but it works.
After a reboot I like to run couple of commands just to find out if everything is fine. One of those commands is:
journalctl -b -l -x --no-pager -p 3
Most of the time everything is fine but sometimes…
[root@server andrzejl]# journalctl -b -l -x –no-pager -p 3
— Logs begin at Sat 2015-01-17 18:31:30 CET, end at Mon 2015-02-02 00:09:14 CET. —
Feb 01 23:51:42 server.loc kernel: microcode: no support for this CPU vendor
Feb 01 23:51:42 server.loc kernel: mce: Unable to init device /dev/mcelog (rc: -5)
Feb 01 23:51:44 server.loc kernel: longhaul: Option “enable” not set. Aborting. Feb 01 23:51:51 server.loc logger[286]: ERROR:Shorewall start failed:Firewall state not changed
Feb 01 23:51:51 server.loc systemd[1]: Failed to start Shorewall IPv4 firewall.
— Subject: Unit shorewall.service has failed
— Defined-By: systemd
— Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
—
— Unit shorewall.service has failed.
—
— The result is failed.
The first few messages are fine. Its not a intel or amd cpu so microcode wont work and its not gonna enable the longhaul option. However the firewall not starting… Well thats something to be concerned about.
Why didn’t it start…?
systemctl status -l shorewall
● shorewall.service – Shorewall IPv4 firewall
Loaded: loaded (/usr/lib/systemd/system/shorewall.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since nie 2015-02-01 23:51:51 CET; 11min ago
Process: 178 ExecStart=/usr/bin/shorewall $OPTIONS start $STARTOPTIONS (code=exited, status=143)
Main PID: 178 (code=exited, status=143)
lut 01 23:51:51 server.loc shorewall[178]: Starting Shorewall…. lut 01 23:51:51 server.loc shorewall[178]: ERROR: Can’t determine the IP address of enp0s9: Firewall state not changed
lut 01 23:51:51 server.loc logger[286]: ERROR:Shorewall start failed:Firewall state not changed
lut 01 23:51:51 server.loc shorewall[178]: /usr/share/shorewall/lib.common: linia 113: 259 Zakończony $SHOREWALL_SHELL $script $options $@
lut 01 23:51:51 server.loc systemd[1]: shorewall.service: main process exited, code=exited, status=143/n/a
lut 01 23:51:51 server.loc systemd[1]: Failed to start Shorewall IPv4 firewall.
lut 01 23:51:52 server.loc systemd[1]: Unit shorewall.service entered failed state.
lut 01 23:51:52 server.loc systemd[1]: shorewall.service failed.
It didn’t start because it started to fast and the network was not connected at this point.
and after a lot of reading and brain-storming / testing with a friend got myself a working openvpn setup.
Here is the server config:
cat /etc/openvpn/server.andrzejl.eu.conf
dev tun
port 40404
proto tcp
cipher AES-256-CBC
server 10.8.0.0 255.255.255.0
ca server.andrzejl.eu.crt
cert client.andrzejl.eu.crt
key client.andrzejl.eu.key
dh server.andrzejl.eu.dh8192.pem
push "redirect-gateway def1 bypass-dhcp"
client-to-client
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
#push "route 192.168.0.0 255.255.255.0"
push "route 192.168.1.0 255.255.255.0"
script-security 3 system
client-connect /etc/openvpn/Client_Connected.sh
keepalive 10 60
user nobody
group nobody
Here is the script that is sending me e-mail each time somebody connects:
cat /etc/openvpn/Client_Connected.sh
#!/bin/bash
#Send an email when a client connects with today's time and date
NOW="$(date +"%H:%M:%S - %d-%m-%Y")"
sendmail openvpn@andrzejl.eu <<EOF
FROM: openvpn@andrzejl.eu
TO: andrzejl@andrzejl.eu
SUBJECT: $NOW: Client connected to the AndrzejL.eu OpenVPN server: $common_name
At $NOW, $common_name connected to the AndrzejL.eu OpenVPN server.
Client's IP: $trusted_ip
Client's PORT: $trusted_port
Client's MTU: $tun_mtu
.
EOF
exit 0
Here is the example of the message that script would send:
Subject:
09:14:09 - 02-02-2015: Client connected to the AndrzejL.eu OpenVPN server: andrzejl
Body:
At 09:14:09 - 02-02-2015, andrzejl connected to the AndrzejL.eu OpenVPN server.
Client's IP: 86.44.168.4
Client's PORT: 59213
Client's MTU: 1500
Here is the list of the server files with permissions:
client
dev tun
proto tcp
remote andrzejl.eu 40404
resolv-retry infinite
nobind
persist-key
persist-tun
ca server.andrzejl.eu.crt
cert client.andrzejl.eu.crt
key client.andrzejl.eu.key
remote-cert-tls server
cipher AES-256-CBC
verb 3
Here is the list of the client side files with permissions:
IF You do not use systemd based distro You can start the OpenVPN client with this set of commands:
su
modprobe tun
cd /etc/openvpn/
openvpn ./andrzejl.eu.conf
It will work fine too.
So I had the openvpn server up and running… However then I’ve ran into a little snag… I have rebooted the server and went about my business just to realize that I have no idea how to generate keys for clients. Turns out its not JUST enter the directory and run the ./build-key newclient command…
[easy-rsa]# ./build-key newclient
Please edit the vars script to reflect your configuration,
then source it with “source ./vars”.
Next, to start with a fresh PKI configuration and to delete any
previous certificates and keys, run “./clean-all”.
Finally, you can run this tool (pkitool) to build certificates/keys.
[easy-rsa]# ls keys/
cd /etc/openvpn/easy-rsa/ . ./vars ./build-key newclient
After many years of tempting and failed reasoning attempts with Rafal finally I can say that I’ve managed to convince him to do a little housekeeping on his server and since last night I can proudly say Rsanti has a blog. Not a static image gallery. Not some lighttpd / sqlite weirdness… but a proper WordPress blog, powered by a proper LAMP server. I mean Apache, MySQL, PHP, SSL… You name it. It took me a long long long time but it was all worth it. We are ALMOST there. Why almost? Well we are still working with a no-ip domain so there is no chance for a proper SSL cert but in this case self signed SSL certificate is really enough.
Sooo… Where can You find it? Here. Its still a little “bare” at the moment. Sure… The Krakow was not built in one day… But I expect many good posts from Rafal.
Piwigo overrides the displays_errors directive from the /etc/php/php.ini. If You want to disable it go to the include folder in Your Piwigo installation and edit (as root) file common.inc.php.
