Näytä kirjoitukset

Tässä osiossa voit tarkastella kaikkia tämän jäsenen viestejä. Huomaa, että näet viestit vain niiltä alueilta, joihin sinulla on pääsy.


Aiheet - Sami Mäntysaari

Sivuja: [1]
1
Ohjelmointi, palvelimet ja muu edistyneempi käyttö / Kaksi verkkokorttia ja automaattinen internet yhteyden vaihto
« : 04.11.15 - klo:23.46 »
Verkon lähtokohta:

Koodia: [Valitse]
Interface p2p1:
address 172.16.131.5
netmask 255.255.255.0
gateway 172.16.131.1

Interface p3p1:
address 192.168.1.3
netmask 255.255.255.0
gateway 192.168.1.1

Tämänhetkinen reititystaulu:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 p3p1
172.16.131.0    0.0.0.0         255.255.255.0   U     0      0        0 p2p1
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 p3p1


Tälläinen tarkoitus olisi saada toimimaan kun p3p1 sovittimessa oleva yhteys katkeaa niin se vaihtaa automaattisesti käyttämään p2p1 sovitinta sekä käynnistää AutoSSH Reverse tunnelit uudestaan.
AutoSSH Reverse Tunnelit on määritettynä tähän tiedostoon: /etc/rc.local.

Tunneleita on kolme. Kaikilla eri monitorointi portit, jotka ovat 10984,10985,10986.

Itselläni ei ole mitään ideaa miten tämä pitäisi saada toimimeen hyvin. Fail over periaatteessa varmaan, mutta siitäkään ei sen kummemin ole tietoa, valitettavasti.

Kiitos avusta jo etukäteen. :)

2
Laitealue / Asus H81M-K emolevy & Lämpötilojen monitoroinnin hankaluus
« : 04.11.15 - klo:01.14 »
Hei kaikille pitkästä aikaa,

Onkos tietoa mitenkäs saisi enemmän lämpötiloja ja/tai muuta tietoa ulos?

sensors:
Koodia: [Valitse]
acpitz-virtual-0
Adapter: Virtual device
temp1:        +27.8°C  (crit = +105.0°C)
temp2:        +29.8°C  (crit = +105.0°C)

coretemp-isa-0000
Adapter: ISA adapter
Physical id 0:  +35.0°C  (high = +80.0°C, crit = +100.0°C)
Core 0:         +33.0°C  (high = +80.0°C, crit = +100.0°C)
Core 1:         +32.0°C  (high = +80.0°C, crit = +100.0°C)


3
Ohjelmointi, palvelimet ja muu edistyneempi käyttö / Ubuntu 12.04.3 LTS & Apache2 Virtuaali Hostit reistailee osa 2 [RATKAISTU]
« : 17.04.14 - klo:04.52 »
Menen nyt vain suoraan asiaan, joten:


Ongelmani on tälläinen tällä hetkellä: SSL ei sitten millään tykkää vaihteen vuoksi toimia eikä mikään halua vastata eth0:n kautta.

Verkkokartta on suunnilleen tälläinen:

Serverin eth1:
Modeemi (Sillattu) -> TP-Link -> Serveri => Serverillä on IP osoite tästä alueesta: 192.168.1.0

Serverin eth0:

Modeemi (Sillattu) -> Serveri => Serverillä on suoraan ulkoverkon IP osoite Soneran verkosta.


iptables säännöt:

Koodia: [Valitse]
# Generated by iptables-save v1.4.12 on Thu Apr 17 02:14:10 2014
*nat
:PREROUTING ACCEPT [4024:580218]
:INPUT ACCEPT [360:43441]
:OUTPUT ACCEPT [9129:969796]
:POSTROUTING ACCEPT [9129:969796]
COMMIT
# Completed on Thu Apr 17 02:14:10 2014
# Generated by iptables-save v1.4.12 on Thu Apr 17 02:14:10 2014
*mangle
:PREROUTING ACCEPT [30085:4626349]
:INPUT ACCEPT [29911:4608133]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [30745:23084950]
:POSTROUTING ACCEPT [30780:23091754]
COMMIT
# Completed on Thu Apr 17 02:14:10 2014
# Generated by iptables-save v1.4.12 on Thu Apr 17 02:14:10 2014
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [29:3013]
:BLACKLIST - [0:0]
:LOGDROP - [0:0]
:SPAM - [0:0]
:THRU - [0:0]
:WEB - [0:0]
[17020:2321348] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
[24:2714] -A INPUT -i lo -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
[0:0] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
[0:0] -A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
[0:0] -A INPUT -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP
[0:0] -A INPUT -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
[0:0] -A INPUT -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP
[2:100] -A INPUT -p tcp -m tcp --dport 25 -j SPAM
[5:272] -A INPUT -p tcp -m tcp --dport 80 --tcp-flags SYN,RST,ACK SYN -j WEB
[9974:1808803] -A INPUT -j BLACKLIST
[9958:1803938] -A INPUT -j THRU
[3936:608859] -A INPUT -m limit --limit 1/sec -j LOG --log-prefix drop_packet --log-level 7
[9610:1752870] -A INPUT -j DROP
[0:0] -A INPUT -i eth0 -j ACCEPT
[0:0] -A LOGDROP -p tcp -m tcp --dport 25 -m limit --limit 1/sec -j LOG --log-prefix spam_blacklist --log-level 7
[0:0] -A LOGDROP -p tcp -m tcp --dport 80 -m limit --limit 1/sec -j LOG --log-prefix web_blacklist --log-level 7
[0:0] -A LOGDROP -p tcp -m tcp --dport 22 -m limit --limit 1/sec -j LOG --log-prefix ssh_blacklist --log-level 7
[0:0] -A LOGDROP -j REJECT --reject-with icmp-host-prohibited
[0:0] -A THRU -p icmp -m limit --limit 1/sec -m icmp --icmp-type 8 -j ACCEPT
[2:92] -A THRU -p tcp -m tcp --dport 22 -j ACCEPT
[1:40] -A THRU -p tcp -m tcp --dport 25 -j ACCEPT
[5:272] -A THRU -p tcp -m tcp --dport 80 -j ACCEPT
[0:0] -A THRU -p tcp -m tcp --dport 21 -j ACCEPT
[1:40] -A THRU -p tcp -m tcp --dport 110 -j ACCEPT
[19:988] -A THRU -p tcp -m tcp --dport 10000 -j ACCEPT
[15:780] -A THRU -s 192.168.1.103/32 -p tcp -m tcp --dport 82 -j ACCEPT
[0:0] -A THRU -p tcp -m tcp --dport 82 -j ACCEPT
[0:0] -A THRU -p tcp -m tcp --dport 81 -j ACCEPT
COMMIT
# Completed on Thu Apr 17 02:14:10 2014

Blogin virtuaalihosti:

Koodia: [Valitse]
<IfModule mod_ssl.c>
<VirtualHost 88.195.204.45:81>
        ServerAdmin webmaster@sami-mantysaari.biz
        ServerName srv.sami-mantysaari.biz:81
        DocumentRoot /usr/local/data/vhosts/www-blog/htdocs
        <Directory />
                Options FollowSymLinks
                AllowOverride All
        </Directory>
        <Directory /usr/local/data/vhosts/www-blog/htdocs>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

        ScriptAlias /cgi-bin/ /usr/local/data/vhosts/www-blog/cgi-bin/

        <Directory "/usr/local/data/vhosts/www-blog/cgi-bin">
                AllowOverride None
                Options +ExecCGI +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        Redirect permanent /owncloud/ https://srv.sami-mantysaari.biz:85

############## SSL Options Begin ##############################

        SSLEngine on

        SSLCertificateFile    /etc/ssl/certs/srv.sami-mantysaari.biz.pem
        SSLCertificateKeyFile /etc/ssl/private/srv.sami-mantysaari.biz.key

        SSLCertificateChainFile /etc/apache2/conf/sub.class1.server.ca.pem

        SSLCACertificateFile /etc/apache2/conf/ca.pem

        SSLProtocol all -SSLv2
        SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>

        # MSIE 7 and newer should be able to use keepalive
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

        ErrorLog /usr/local/data/vhosts/www-blog/logs/blog_error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        #LogLevel warn
        LogLevel debug

        #CustomLog /usr/local/data/vhosts/www-blog/logs/blog_access.log combined

        CustomLog /var/log/apache2/www-blog/debug.log combined
</VirtualHost>
</IfModule>

Firefoxin errori tälle: "Tapahtui virhe oltaessa yhteydessä osoitteeseen sami-mantysaari.biz:81. SSL vastaanotti suurimman sallitun pituuden ylittävän paketin. (Virhekoodi: ssl_error_rx_record_too_long)"


srv.sami-mantysaari.biz-ssl virtuaali hostit:
Koodia: [Valitse]
<VirtualHost *:80>
        ServerAdmin webmaster@sami-mantysaari.biz
        ServerName www.sami-mantysaari.biz

        DocumentRoot /usr/local/data/vhosts/www-redirect/not-finished
        <Directory />
                Options FollowSymLinks
                AllowOverride All
        </Directory>
        <Directory /usr/local/data/vhosts/www-redirect/not-finished/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

         Redirect permanent /blog/ https://srv.sami-mantysaari.biz:81

</VirtualHost>

<VirtualHost *:80>
        ServerAdmin webmaster@sami-mantysaari.biz
        ServerName sami-mantysaari.biz

        DocumentRoot /usr/local/data/vhosts/www-redirect
        <Directory />
                Options FollowSymLinks
                AllowOverride All
        </Directory>
        <Directory /usr/local/data/vhosts/www-redirect/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

         Redirect permanent /blog/ https://srv.sami-mantysaari.biz:81

</VirtualHost>


<IfModule mod_ssl.c>
<VirtualHost 88.195.204.45:443>
        ServerAdmin webmaster@sami-mantysaari.biz
        #ServerName srv.sami-mantysaari.biz

        DocumentRoot /usr/local/data/vhosts/www-clearnet
        <Directory />
                Options FollowSymLinks
                AllowOverride All
        </Directory>
        <Directory /usr/local/data/vhosts/www-clearnet/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

        Redirect permanent /blog/ https://srv.sami-mantysaari.biz:81

        <Directory "/usr/local/data/vhosts/www-clearnet/board">
                Options FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                Allow from all
        </Directory>

        <Directory "/usr/lib/cgi-bin/nut">
                <Files upsset.cgi>
                        deny from all
                        allow from 88.195.204.203
                </Files>

                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                allow from  88.195.204.203
        </Directory>

        <Directory /usr/local/data/vhosts/www-clearnet/gallery>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

        <Directory /usr/local/data/vhosts/www-clearnet/real/forum>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error_ssl.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg
        LogLevel warn
        #LogLevel debug

        CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined

############## SSL Options Begin ##############################

        SSLEngine on

        SSLCertificateFile    /etc/ssl/certs/srv.sami-mantysaari.biz.pem
        SSLCertificateKeyFile /etc/ssl/private/srv.sami-mantysaari.biz.key

        SSLCertificateChainFile /etc/apache2/conf/sub.class1.server.ca.pem

        SSLCACertificateFile /etc/apache2/conf/ca.pem

        SSLProtocol all -SSLv2
        SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>

CustomLog /var/log/apache2/ssl/ssl_request_log \
      "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
</IfModule>

Vielä portit:
Koodia: [Valitse]
NameVirtualHost *:80
Listen 80.222.236.77:80

NameVirtualHost 192.168.1.101:80
Listen 192.168.1.101:8080

<IfModule mod_ssl.c>
    NameVirtualHost 88.195.204.45:443
    Listen 80.222.236.77:443
</IfModule>

<IfModule mod_gnutls.c>
    Listen 80.222.236.77:443
</IfModule>

NameVirtualHost ipv6-gateway.sami-mantysaari.biz:80
Listen [2001:470:27:743::2]:81

NameVirtualHost 88.195.204.45:81
Listen *:81

Onko mitään tietoa, että missä voisi olla vika? En itse parin tunninkaan jälkeen osaa sanoa, että missä on vika, mutta debug.log tiedostoon ei tule mitään.

4
Muut käyttöjärjestelmät ja Linux-jakelut / Windows Server 2008 & VPN Hostaus maksusta
« : 10.01.14 - klo:23.01 »
Hei kaikki!

Mikä olisi paras tapa hoitaa tämä? Eli siis käyttäjä maksaa esim 5€/kk VPN:n käytöstä, siinä pitäisi olla  verkkokauppa mistä pystyy ostamaan ja kaistan käytön rajoitin.

Onko kenelläkään tietoa tästä asiasta ja millä ohjelmalla/virtityksellä tämä saattaa onnistua?

5
Ohjelmointi, palvelimet ja muu edistyneempi käyttö / IPV6 DHCP palvelin ainoastaan [tunnelbroker.net]
« : 08.12.13 - klo:18.53 »
Hei kaikile!

Tarkoitus siis olisi tehdä IPV6 dhcp palvelin, joka käyttäisi tiettyä prefixiä, jonka olen saanut tunnelbroker.net osoitteesta.


Tällä hetkellä IPV4 osoitteita jakaa TP-Link ja tarkoitus olisi saada Ubuntu palvelimeni jakamaan IPV6 osoitteita lähiverkkoon, mutta miten tämän pystyisi tekemään? (Enkä halua, että palvelimeni rupee jakamaan kaikille IP osotteita.)

TP-Linkissä on normaali firmis ja se pysyy koska takuuta on jäljellä.

6
Ohjelmointi, palvelimet ja muu edistyneempi käyttö / [RATKAISTU] Ubuntu 12.04.3 LTS & Apache2 Virtuaali Hostit reistailee
« : 26.11.13 - klo:21.25 »
Hei kaikille!

Olen nyt yrittänyt pariin otteeseen pystyttää verkko sivua, joka kuuntelee vain yksityisverkossa eli tässä tapauksessa osoitteessa: 192.168.1.105.

Se ei vain halua kuunnella oikeaassa osoitteessa. Koko ajan tulee jostain syystä:  HTTP error 404.

Ideoita?

DNS to IP table:

srv-local.omadomain.biz => 192.158.1.105
srv.omadomain.biz => 88.195.*.*

srv-local.omadomain.biz-vhost:
Koodia: [Valitse]
<VirtualHost srv-local.omadomaini.biz:80>
        ServerAdmin webmaster@srv.omadomain.biz

        DocumentRoot /var/www-localnet-only/htdocs

        <Directory />
                Options FollowSymLinks
                AllowOverride All
        </Directory>

        <Directory /var/www-localnet-only/htdocs>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

        <IfModule mod_fastcgi.c>
                FastCgiExternalServer /var/www-localnet-only/php5.external -host 127.0.0.1:9000
                AddHandler php5-fcgi .php
                Action php5-fcgi /usr/lib/cgi-bin/php5.external
                Alias /usr/lib/cgi-bin/        /var/www-localnet-only/
        </IfModule>

        ScriptAlias /cgi-bin/ /var/www-localnet-only/cgi-bin/

        <Directory "/var/www-localnet-only/cgi-bin">
                AllowOverride None
                Options +ExecCGI +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error_localnet_vhost.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog ${APACHE_LOG_DIR}/access_localnet_vhost.log combined

</VirtualHost>

000-default-vhost:
Koodia: [Valitse]
<VirtualHost 88.195.*.*:80>
        ServerAdmin webmaster@localhost

        Redirect permanent / https://srv.omadomain.biz

        ErrorLog ${APACHE_LOG_DIR}/error-default.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog ${APACHE_LOG_DIR}/access-default.log combined
</VirtualHost>

IPV6-vhost:

Koodia: [Valitse]
<VirtualHost samip-4-pt.tunnel.tserv24.sto1.ipv6.he.net:80>
        ServerAdmin webmaster@localhost

        DocumentRoot /var/www-ipv6

        <Directory />
                Options FollowSymLinks
                AllowOverride All
        </Directory>
        <Directory /var/www-ipv6/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

        <IfModule mod_fastcgi.c>
                FastCgiExternalServer /var/www-ipv6/php5.external -host 127.0.0.1:9000
                AddHandler php5-fcgi .php
                Action php5-fcgi /usr/lib/cgi-bin/php5.external
                Alias /usr/lib/cgi-bin/ /var/www-clearnet/
        </IfModule>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error_ipv6_normal.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog ${APACHE_LOG_DIR}/access_ipv6_normal.log combined

</VirtualHost>

Ports.conf:
Koodia: [Valitse]
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz

NameVirtualHost 88.195.*.*:80
Listen 88.195.*.*:80


<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to <VirtualHost *:443>
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    Listen 88.195.*.*:443
</IfModule>

#<IfModule mod_gnutls.c>
#    Listen 443
#</IfModule>

NameVirtualHost srv-local.sami-mantysaari.biz:80
Listen 192.168.1.105:80

NameVirtualHost samip-4-pt.tunnel.tserv24.sto1.ipv6.he.net:80
Listen [2001:470:27:743::2]:80


httpd.conf:
Koodia: [Valitse]
DirectoryIndex index.html index.htm default.htm index.php index.pl

LoadFile  /usr/lib/i386-linux-gnu/libxml2.so

srv.omadomain.biz-ssl vhost:
Koodia: [Valitse]
<IfModule mod_ssl.c>
<VirtualHost 88.195.*.*:443>
        ServerAdmin webmaster@srv.omadomaini.biz

        DocumentRoot /var/www-clearnet
        <Directory />
                Options FollowSymLinks
                AllowOverride All
        </Directory>
        <Directory /var/www-clearnet/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

        <Directory "/var/www-clearnet/board">
                Options FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                Allow from all
        </Directory>

        Alias /blog/ "/var/www-blog/"

        <Directory "/var/www-blog/">
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        <Directory "/usr/lib/cgi-bin/nut">
                <Files upsset.cgi>
                        deny from all
                        allow from 88.195.*.*
                </Files>

                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                allow from 88.195.*.*
        </Directory>

        <IfModule mod_php5.c>
                php_flag magic_quotes_gpc Off
                php_flag track_vars On
                php_value upload_max_filesize 1G
                php_value post_max_size 1G
                php_value memory_limit 512M
                php_value include_path .:/usr/share/php
        </IfModule>

        <Directory /var/www-clearnet/real/modpack-site>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

        <Directory /var/www-clearnet/gallery>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

        <Directory /var/www-clearnet/real/forum>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

        <Directory /var/www-clearnet/owncloud>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>


        <IfModule mod_fastcgi.c>
                FastCgiExternalServer /var/www-clearnet/php5.external-1 -host 127.0.0.1:9000
                AddHandler php5-fcgi .php
                Action php5-fcgi /usr/lib/cgi-bin/php5.external-1
                Alias /usr/lib/cgi-bin/ /var/www-clearnet/
        </IfModule>

        ErrorLog ${APACHE_LOG_DIR}/error_ssl.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined

############## SSL Options Begin ##############################

        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine on

        #   A self-signed (snakeoil) certificate can be created by installing
        #   the ssl-cert package. See
        #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
        #   If both key and certificate are stored in the same file, only the
        #   SSLCertificateFile directive is needed.
        SSLCertificateFile    /etc/ssl/certs/srv.omadomain.biz.pem
        SSLCertificateKeyFile /etc/ssl/private/srv.omadomaini.biz.key

        #   Server Certificate Chain:
        #   Point SSLCertificateChainFile at a file containing the
        #   concatenation of PEM encoded CA certificates which form the
        #   certificate chain for the server certificate. Alternatively
        #   the referenced file can be the same as SSLCertificateFile
        #   when the CA certificates are directly appended to the server
        #   certificate for convinience.
        SSLCertificateChainFile /etc/apache2/ssl.crt/sub.class1.server.ca.pem

        #   Certificate Authority (CA):
        #   Set the CA certificate verification path where to find CA
        #   certificates for client authentication or alternatively one
        #   huge file containing all of them (file must be PEM encoded)
        #   Note: Inside SSLCACertificatePath you need hash symlinks
        #         to point to the certificate files. Use the provided
        #         Makefile to update the hash symlinks after changes.
        #SSLCACertificatePath /etc/ssl/certs/
         SSLCACertificateFile /etc/apache2/ssl.crt/ca.pem

        

        SSLProtocol all -SSLv2
        SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM


        
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>

        BrowserMatch "MSIE [2-6]" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
        # MSIE 7 and newer should be able to use keepalive
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

</VirtualHost>
</IfModule>

7
Ohjelmointi, palvelimet ja muu edistyneempi käyttö / Palvelin, Kahdella verkkokortilla (LAN & WAN)
« : 24.11.13 - klo:19.56 »
Hei!

Yritän tässä säätää Ubuntu palvelintani laittamaan kaiken ulkoverkon liikenteen toisen verkkokortin läpi ja sisäverkon toisen läpi.

ISP: TeliaSonera (Kaapeli Laajakaista)
Modeemi: Thompson TCW770 (Siltaava)

eth0 => Saa IP osoitteen suoraan Soneran DHCP palvelimelta, mutta menee ensiksi Thompson TCW770 modeemin läpi.

eth1 => Saa IP osoitteen sisäverkon päätelaitteelta. (TP-Link)


traceroute sonera.fi:
Koodia: [Valitse]
traceroute to sonera.fi (194.251.244.241), 64 hops max
 1   10.20.192.1 (10.20.192.1) 4.646ms 6.153ms 5.590ms
 2   141.208.25.30 (141.208.25.30) 9.127ms 7.300ms 8.735ms
 3   194.251.244.241 (194.251.244.241) 8.868ms 8.237ms 7.405ms

Reititys pöytä:
Koodia: [Valitse]
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         cable-tku-58c3c 0.0.0.0         UG    100    0        0 eth0
88.195.192.0    *               255.255.240.0   U     0      0        0 eth0
192.168.1.0     *               255.255.255.0   U     0      0        0 eth1
192.168.122.0   *               255.255.255.0   U     0      0        0 virbr0 (<- virtuaallinen)

Näitä komentoja olen yrittänyt:
    route add -net 0.0.0.0 netmask 0.0.0.0 gw 10.20.192.1 eth0 => SIOCADDRT: No such process.
    route add -net 192.0.0.0 netmask 255.0.0.0 gw 192.168.1.1 eth1 => Success.


Keratuksena:

eth0 => WAN aka Ulkoverkko.
eth1 => LAN aka Sisäverkko.


Onko kenelläkään tietoa miten tuon pystyisi tekemään?

8
Ohjelmointi, palvelimet ja muu edistyneempi käyttö / VPN Serveri Ja Ubuntu 12.04 LTS
« : 21.11.12 - klo:20.04 »
Terve kaikille,

Olen nyt jonkin aikaa kiroillut VPN Servun kanssa koska ei halua muodostaa yhteyttä elikkäs hiukan VPN logia: (Oma ip Sensuroitu)

Koodia: [Valitse]
Nov 21 18:58:06 new-host-3 pptpd[3105]: MGR: connections limit (100) reached, extra IP addresses ignored
Nov 21 18:58:06 new-host-3 pptpd[3106]: MGR: Manager process started
Nov 21 18:58:06 new-host-3 pptpd[3106]: MGR: Maximum of 100 connections available
Nov 21 18:58:13 new-host-3 pptpd[3111]: CTRL: Client 88.*.*.* control connection started
Nov 21 18:58:13 new-host-3 pptpd[3111]: CTRL: Starting call (launching pppd, opening GRE)
Nov 21 18:58:13 new-host-3 pppd[3112]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
Nov 21 18:58:13 new-host-3 pppd[3112]: pppd 2.4.5 started by root, uid 0
Nov 21 18:58:14 new-host-3 pppd[3112]: Using interface ppp0
Nov 21 18:58:14 new-host-3 pppd[3112]: Connect: ppp0 <--> /dev/pts/5
Nov 21 18:58:14 new-host-3 pptpd[3111]: GRE: Bad checksum from pppd.
Nov 21 18:58:44 new-host-3 pppd[3112]: LCP: timeout sending Config-Requests
Nov 21 18:58:44 new-host-3 pppd[3112]: Connection terminated.
Nov 21 18:58:44 new-host-3 pppd[3112]: Modem hangup
Nov 21 18:58:44 new-host-3 pppd[3112]: Exit.
Nov 21 18:58:44 new-host-3 pptpd[3111]: GRE: read(fd=6,buffer=80504c0,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
Nov 21 18:58:44 new-host-3 pptpd[3111]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
Nov 21 18:58:44 new-host-3 pptpd[3111]: CTRL: Reaping child PPP[3112]
Nov 21 18:58:44 new-host-3 pptpd[3111]: CTRL: Client 88.*.*.* control connection finished


Elikkäs mikä ongelman nimi on?

9
Muut käyttöjärjestelmät ja Linux-jakelut / CentOS Ja SSH avaimet kirjautumiseen
« : 28.10.12 - klo:15.10 »
Eli sanoo tätä:
Unable to use key file "C:\Users\sami\Documents\Keys\id_rsa.pub" (OpenSSH SSH-2 private key)

Toi on generoitu tällä komennolla:
Koodia: [Valitse]
ssh-keygen


sshd config:
Koodia: [Valitse]
#       $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      .ssh/authorized_keys
#AuthorizedKeysCommand none
#AuthorizedKeysCommandRunAs nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes

# GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
UsePAM yes

# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS

AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem       sftp    /usr/libexec/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       ForceCommand cvs server


Elikkäs miten pystyisi sallimaan SSH avaimella kirjautumisen?

[suljettu]-teksti poistettu otsikosta, joku vastaavasta ongelmasta kärsivä saattaa luulla ettei tähän voi enää kirjoittaa -Storck

10
Ohjelmointi, palvelimet ja muu edistyneempi käyttö / PPTPD Serveri ongelma
« : 25.09.12 - klo:16.34 »
Terve kaikille!


Elikkäs tarttis pikaista apua tässä

syslog:
Koodia: [Valitse]
Sep 25 15:28:43 new-host-3 pptpd[2261]: CTRL: Client koneeni IP control connection started
Sep 25 15:28:44 new-host-3 pptpd[2261]: CTRL: Starting call (launching pppd, opening GRE)
Sep 25 15:28:44 new-host-3 pppd[2262]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
Sep 25 15:28:44 new-host-3 pppd[2262]: pppd 2.4.5 started by root, uid 0
Sep 25 15:28:44 new-host-3 pppd[2262]: Using interface ppp0
Sep 25 15:28:44 new-host-3 pppd[2262]: Connect: ppp0 <--> /dev/pts/0
Sep 25 15:28:44 new-host-3 pptpd[2261]: GRE: Bad checksum from pppd.
Sep 25 15:28:44 new-host-3 pppd[2262]: peer from calling number 88.195.192.216 authorized
Sep 25 15:28:45 new-host-3 pppd[2262]: MPPE required but peer negotiation failed
Sep 25 15:28:45 new-host-3 kernel: [ 1683.508342] PPP MPPE Compression module registered
Sep 25 15:28:45 new-host-3 pppd[2262]: Connection terminated.
Sep 25 15:28:45 new-host-3 pppd[2262]: Connect time 0.1 minutes.
Sep 25 15:28:45 new-host-3 pppd[2262]: Sent 10 bytes, received 37 bytes.
Sep 25 15:28:45 new-host-3 pppd[2262]: Exit.
Sep 25 15:28:45 new-host-3 pptpd[2261]: GRE: read(fd=6,buffer=80504c0,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
Sep 25 15:28:45 new-host-3 pptpd[2261]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
Sep 25 15:28:45 new-host-3 pptpd[2261]: CTRL: Reaping child PPP[2262]
Sep 25 15:28:45 new-host-3 pptpd[2261]: CTRL: Client Koneeni IP control connection finished

11
Ohjelmointi, palvelimet ja muu edistyneempi käyttö / [Ratkaistu] SMTP Ongelma
« : 11.09.12 - klo:17.10 »
Elikkäs yritän hostata omaa sähköposti palvelinta mutta oma SMTP palvelu ei pysty selvittämään esim gmailin sähköposti palvelimen osoitetta elikkäs saan tälläisen:

Koodia: [Valitse]
Sep 11 16:25:32 sami-server postfix/smtp[15303]: connect to mx47488.pri.secmail.com[217.112.192.16]:25: No route to host
Sep 11 16:25:32 sami-server postfix/smtp[15304]: connect to smtpin.mx.facebook.com[66.220.155.11]:25: No route to host
Sep 11 16:25:33 sami-server postfix/smtp[15304]: A6478C333C: to=<smantysaari@facebook.com>, relay=none, delay=244269, delays=244267/0.1/1.3/0, dsn=4.4.1, status=deferred (connect to smtpin.mx.facebook.com[66.220.155.11]:25: No route to host)
Sep 11 16:25:47 sami-server postfix/smtp[15303]: connect to mx47488.pri.secmail.com[217.112.192.11]:25: No route to host
Sep 11 16:25:50 sami-server postfix/smtp[15303]: connect to mx47488.pri.secmail.com[217.112.192.18]:25: No route to host
Sep 11 16:25:53 sami-server postfix/smtp[15303]: connect to mx47488.bak.secmail.com[194.197.177.11]:25: No route to host
Sep 11 16:25:56 sami-server postfix/smtp[15303]: connect to mx47488.bak.secmail.com[194.197.177.18]:25: No route to host
Sep 11 16:25:56 sami-server postfix/smtp[15303]: 9545AC3403: to=<thor.kottelin@turvasana.com>, relay=none, delay=241772, delays=241747/0.14/25/0, dsn=4.4.1, status=deferred (connect to mx47488.bak.secmail.com[194.197.177.18]:25: No route to host)

Ja kun yritän esim traceroutea tehdä niin:

Koodia: [Valitse]
sami@sami-server:~$ traceroute mx47488.pri.secmail.com
traceroute to mx47488.pri.secmail.com (217.112.192.18), 30 hops max, 60 byte packets
 1  DD-WRT (192.168.1.1)  0.578 ms  0.875 ms  1.175 ms
 2  10.20.192.1 (10.20.192.1)  72.491 ms  72.836 ms  72.877 ms
 3  tkucore02-o-2-1-0-0.datanet.tele.fi (141.208.212.149)  73.604 ms  73.444 ms  73.668 ms
 4  jklisedger01-e-1-1.datanet.tele.fi (141.208.14.94)  84.727 ms  84.573 ms  84.778 ms
 5  jklisedger01-e-1-1.datanet.tele.fi (141.208.14.94)  85.253 ms  85.000 ms  83.647 ms
 6  194.137.174.101 (194.137.174.101)  84.168 ms  79.177 ms  79.274 ms
 7  teliasonera-gw1.onlinesolutions.fi (194.142.158.58)  77.896 ms  24.574 ms  57.981 ms
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *^C

Sitten route -n:

Koodia: [Valitse]
sami@sami-server:~$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     1      0        0 eth0

Nyt route:

Koodia: [Valitse]
sami@sami-server:~$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         DD-WRT          0.0.0.0         UG    0      0        0 eth0
link-local      *               255.255.0.0     U     1000   0        0 eth0
192.168.1.0     *               255.255.255.0   U     1      0        0 eth0

uname -a:

Koodia: [Valitse]
sami@sami-server:~$ uname -a
Linux sami-server 3.2.0-30-generic-pae #48-Ubuntu SMP Fri Aug 24 17:14:09 UTC 2012 i686 i686 i386 GNU/Linux


Elikkäs mikä tässä on vikana?

P.S linkki askubuntuun: http://askubuntu.com/questions/185914/postfix-dns-problem

Sivuja: [1]