Nginx with Varnish : all listen directive pointing to 808* ports but nginx still listen to 80

I’m running instances of Symfony or Drupal websites on two Debian servers, with Nginx listening to 443, Varnish listening to 80 and passing to nginx on listening custom ports 80** for each vhost.

Recently I added a new website to one of the servers. Then I began to run in this well documented error nginx: [emerg] bind() to [::]:80 failed (98: Address already in use).

Despite there is no nginx server block at all listening to :80 port, neither any server block without listen directive, Nginx began to listen on port 80 all together with the custom ports.

sudo netstat -tlpn| grep nginx
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      4191/nginx: master  
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      4191/nginx: master  
tcp        0      0 0.0.0.0:8081            0.0.0.0:*               LISTEN      4191/nginx: master  
tcp        0      0 x.x.x.x:8082            0.0.0.0:*               LISTEN      4191/nginx: master  
tcp        0      0 y.y.y.y:8083            0.0.0.0:*               LISTEN      4191/nginx: master  
tcp        0      0 z.z.z.z:8084            0.0.0.0:*               LISTEN      4191/nginx: master  
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      4191/nginx: master  
tcp        0      0 0.0.0.0:8000            0.0.0.0:*               LISTEN      4191/nginx: master  
tcp6       0      0 :::8080                 :::*                    LISTEN      4191/nginx: master  
tcp6       0      0 :::80                   :::*                    LISTEN      4191/nginx: master  
tcp6       0      0 :::8081                 :::*                    LISTEN      4191/nginx: master  
tcp6       0      0 :::443                  :::*                    LISTEN      4191/nginx: master  
tcp6       0      0 :::8000                 :::*                    LISTEN      4191/nginx: master

I also already read all the docs and posts about handling dual-stack IPv4 and IPv6 correct new syntax, and tried all possible syntaxes such as below, no way.

Working directive before crash : listen x.x.x.x:8082;
Tried adding listen [::]:8082 ipv6only=on;. No change.

I listed, and killed process many times with sudo fuser -k 80/tcp before restarting systemctl varnish, nginx, even daemon-reload…

Last, I checked my history but can’t find what could have caused this sudden behavior. The lone point I’m not sure about is I changed a couple of sysctl.conf params, but hopefully reverted them, just in case, I’m not used to this part od administration : cat /etc/sysctl.conf | grep net.ipv4.conf

#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1
#net.ipv4.conf.all.accept_redirects = 0
# net.ipv4.conf.all.secure_redirects = 1
#net.ipv4.conf.all.send_redirects = 0
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv4.conf.all.log_martians = 1

Here’s my configuration.

cat /etc/nginx/nginx.conf (relevant 2 lines, no html / server block in it)

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;

cat /etc/nginx/conf.d/default.conf

server {
        listen 8000 default_server;
        listen [::]:8000 ipv6only=on default_server;
        server_name _;

        listen 443 ssl default_server;
        listen [::]:443 ssl ipv6only=on default_server;
}

One of the sites-available vhosts (they all follow exactly same pattern) :

server { # this block only redirects www to non www
        listen x.x.x.x:443 ssl;
        server_name www.example.com;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_certificate /var/www/clients/client0/web3/ssl/example.com-le.crt;
        ssl_certificate_key /var/www/clients/client0/web3/ssl/example.com-le.key;

        return 301 https://example.com$request_uri;
        }

server {
        listen x.x.x.x:443 ssl;
        server_name example.com

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_certificate /var/www/clients/client0/web3/ssl/example.com-le.crt;
        ssl_certificate_key /var/www/clients/client0/web3/ssl/example.com-le.key;

        location / {
            # Pass the request on to Varnish.
            proxy_pass  http://127.0.0.1;
 
            # Pass some headers to the downstream server, so it can identify the host.
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 
            # Tell any web apps like Drupal that the session is HTTPS.
            proxy_set_header X-Forwarded-Proto https;
            proxy_redirect     off;
        }
        
}
server {
        listen x.x.x.x:8082;
#       listen [::]:8082 ipv6only=on;

        server_name example.com www.example.com;

        root   /var/www/example.com/web/public;

        location / {
            # try to serve file directly, fallback to index.php
            try_files $uri /index.php$is_args$args;
        }

       location ~ ^/index.php(/|$) {
            fastcgi_pass 127.0.0.1:8998;
            fastcgi_split_path_info ^(.+.php)(/.*)$;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
            fastcgi_param DOCUMENT_ROOT $realpath_root;
            internal;
        }
        location ~ .php$ {
           # return 404;
        }

        error_log /var/log/ispconfig/httpd/example.com/error.log;
        access_log /var/log/ispconfig/httpd/example.com/access.log combined;

        location ~ /. {
                        deny all;
        }

        location ^~ /.well-known/acme-challenge/ {
             access_log off;
             log_not_found off;
             root /usr/local/ispconfig/interface/acme/;
             autoindex off;
             try_files $uri $uri/ =404;
        }

        location = /favicon.ico {
            log_not_found off;
            access_log off;
            expires max;
            add_header Cache-Control "public, must-revalidate, proxy-revalidate";
        }

        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }
}

cat /etc/default/varnish relevant part

DAEMON_OPTS="-a :80 
             -T localhost:6082 
             -f /etc/varnish/default.vcl 
             -S /etc/varnish/secret 
             -s malloc,3G"

I’m wondering what could have caused a config I’m working with since years to bug ?

I carefully studied these Q&A and a bunch of doc or posts, with no success : Nginx tries to run on port 80 but the configs have been removed ; Nginx will not start (Address already in use) ; nginx – bind() to 0.0.0.0:80 failed (98: Address already in use)

Go to Source
Author: Kojo

yaml files in jenkins pipeline

Just started out working on jenkins, among other things I’m trying to understand the role of yaml in pipelines. I understand that pipelines or declarative pipeline (do other type of pipelines exist in jenkins?) are defined using a syntax that is based on an extension of groovy and that yaml can be used along with some plugins or extended library to generate an on the fly groovy-based pipeline definition. Is my understanding correct?

Go to Source
Author: whatever

MySQL shutdown unexpectedly in xampp

  • List item

here is my error log

InnoDB: using atomic writes.
2020-06-27 21:06:20 0 [Note] InnoDB: Mutexes and rw_locks use Windows interlocked functions
2020-06-27 21:06:20 0 [Note] InnoDB: Uses event mutexes
2020-06-27 21:06:20 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2020-06-27 21:06:20 0 [Note] InnoDB: Number of pools: 1
2020-06-27 21:06:20 0 [Note] InnoDB: Using SSE2 crc32 instructions
2020-06-27 21:06:20 0 [Note] InnoDB: Initializing buffer pool, total size = 16M, instances = 1, chunk size = 16M
2020-06-27 21:06:20 0 [Note] InnoDB: Completed initialization of buffer pool
2020-06-27 21:06:21 0 [Note] InnoDB: 128 out of 128 rollback segments are active.
2020-06-27 21:06:21 0 [Note] InnoDB: Creating shared tablespace for temporary tables
2020-06-27 21:06:21 0 [Note] InnoDB: Setting file 'C:xamppmysqldataibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
2020-06-27 21:06:21 0 [Note] InnoDB: File 'C:xamppmysqldataibtmp1' size is now 12 MB.
2020-06-27 21:06:21 0 [Note] InnoDB: Waiting for purge to start
2020-06-27 21:06:21 0 [Note] InnoDB: 10.4.13 started; log sequence number 47161; transaction id 9
2020-06-27 21:06:21 0 [Note] InnoDB: Loading buffer pool(s) from C:xamppmysqldataib_buffer_pool
2020-06-27 21:06:21 0 [Note] Plugin 'FEEDBACK' is disabled.
2020-06-27 21:06:21 0 [Note] InnoDB: Buffer pool(s) load completed at 200627 21:06:21
2020-06-27 21:06:21 0 [Note] Server socket created on IP: '::'.

Go to Source
Author: Abhishek Regmi

Where to find documentation for CPT block template? (PHP)

I have been searching for a day and still carn’t seem to find the right documentation for what arguments I can pass to core components when attempting to configure a CPT block template in php. This is what I have but I want to take this further by nesting buttons and custom html etc. but carnt find the docs I need.

'template' => array(
    array( 'core/columns', array(), array(
        array( 'core/column', array("width" => "60"), array(
            array( 'core/image', array() ),
        ) ),
        array( 'core/column', array("width" => "40"), array(
            array( 'core/image', array() ),
            array( 'core/heading', array(
                'placeholder' => 'Add a inner paragraph'
            ) ),
        ) ),
    )
)       

Found everything needed to create bespoke blocks in JSX but blegh, Not got the time to learn the wizardry ways of JSX just yet and I dont really want new blocks just want the existing one bound as a template to a custom post type.

A good way to example my question, how did this person find the answer on how set the width of this template columns.

How to set column widths in a CPT block template?

How did the person find this answer ? did they have to dive in to the JS scripts of the component and work it out or is there some documentation on this or am I missing something all together.

Any help would be greatly appreciated.

Go to Source
Author: Johnny

Search for email by language in Gmail

About 10 years ago, Gmail offered a way to search for email by language with the lang operator. Sadly, this doesn’t appear to be the case any longer. However, Gmail offers to translate any messages it thinks isn’t in your default language. Is there a way to incorporate this into Gmail search / filter?

Go to Source
Author: RHPT

What a malicious website can do in the worst scenario on a upgraded system [closed]

I use last Debian stable (buster as June 2020).

  • system upgraded everyday (and browser addons updated automatically)
  • Firefox 68.9.0esr (64 bits) (the one from apt package system)
  • decent hardware (less than 5 years old)
  • Debian security upgrade enabled

I’m aware of security concerns, I…

  • verify (before clicking a HTTP link) if the link looks like example.org, but are in fact example.org.random.tracker.io by example (I take care about phising and tracking)
  • take care of untrusted X509 certificates for https websites
  • avoid using non trusted Firefox addons
  • never open suspicious files in web or mails
  • don’t use weak passwords (and I don’t use the same on 2 websites)
  • never run Firefox as root (who do this ?)
  • use httpsEverywhere, uBlock-Origin, Ghostery, Decentraleyes Firefox addons

So my question:

  • what is the risk of opening a malicious website (if not in google safe browsing DB) ? What it can do, the worst way, apart phishing website ? (I guess crypto-mining at least, exploit of Firefox vulnerability…)

Go to Source
Author: Gilles Quenot

Clean Architecture use case testing

Use case interactors in the Clean Architecture consists of the application specific business rules.

Clean Architecture diagram

Interactors uses the Data Access Interface to fetch the required data from the data access layer.
Basically I see two approaches to test these interactors.

  • Using test doubles rather than the actual data access layer
  • Using the real data access layer (e.g. sql database, webservice)

I personally prefer the first approach and test the data access layer seperately.
The interactor tests uses the Data Access Interface with the test doubles and the entities in the inner circle.
An architectural boundary is crossed in both approaches.

Is the first test approach considered as Integration Testing with a narrower scope or is it just Unit Testing?

Go to Source
Author: Stefan

finds the number of fans of each team and prints them in CSharp

I have this question about Arrays, the concept is really simple but the problem is I don’t know almost anything about Csharp, I am trying to help a friend who cant understand English very will, I told him how to solve the problem but without coding, can you help me write the code? also the question wasn’t in English, I tried to write it as clear as possible:
The fan.txt file contains the name and team information (GS, FB, or BJK).
by reading this information; The program that prints the names of the GS holders in the GS.txt file, the names of the FB holders in the FB.txt file, the names of the BJK holders in the BJK.txt file, and also finds the number of fans of each team and prints them on the form.
Sample file contents are below.

Go to Source
Author: flowery

Drag’n’drop files Desktop File manager with 20.04 LTS doesn’t work ; it worked on 18.04 LTS

With Ubuntu 18.04, I can drag and drop files from Desktop to File manager and vice versa.

On my other Ubuntu 20.04 install, this is no more possible.

Has this fetaure been voluntarily removed or is it an accidental regression?

How to enable it again?

Many people seem to have noticed the same problem, see for example the 100+ voted comment about this on the video Ubuntu 20.04 LTS: What’s New?: “Love Ubuntu, but I’m still disappointed a basic feature like drag & dropping files to/from desktop into the file manager is missing.”.

Go to Source
Author: Basj

SQL Server Slowest Query is NULL

I am looking at both the SQL Server expensive queries report and the query below, but both are showing this mysterious NULL query as the slowest query on my server.

Is there any way I can find out more about this NULL query and why it might be so slow?

Is this some internal query? It doesn’t seem like this should be showing up in the report if so.

enter image description here

This is the query which is also showing NULL as the slowest query on my server:

select 
    r.session_id,
    r.status,
    r.command,
    r.cpu_time,
    r.total_elapsed_time,
    t.text
from 
    sys.dm_exec_requests as r
cross apply 
    sys.dm_exec_sql_text(r.sql_handle) as t

enter image description here

How can I find out what this query is and why it’s so slow?

Go to Source
Author: user1477388

Login names between sub domains in Active Directory

If I create two subdomains (sub1.domain.com and sub2.domain.com) to my parent domain (domain.com) can different users have the same login in the different subdomains? Or does logins need to be different across the forest.

  • jsmith@domain.com
  • jsmith@sub1.domain.com
  • jsmith@sub2.domain.com

Is this perfectly fine or will sub 1 and 2 conflict with the parent domain. Or will all 3 conflict with eachother?

Go to Source
Author: GSerrano

Sought: Online solution to anonymously report complaints and get back to users

I’m looking into organising a conference, and I’d like to offer participants a means to report breaches to the code of conduct anonymously online. Specifically, the system should:

  • Allow to file a report anonymously
  • Allow for receivers of the complaint to get back to the authors
  • Only allow for authors with a token/password to file complaints to keep it within conference attendees. Alternatively be accessed with specific link only.
  • Ideally, emails / complaints should be hosted on 3rd party server to guarantee anonymity

I’m open to suggestions for non-commercial as well as commercial services, and also for tweaking a more generic system towards this end. Many thanks!

Go to Source
Author: Chris

Key Weirdness with Dict Return Result from Lookup and Dig

Delving deeper into ansible and its has been fun (will be honest, some parts of it feel tortured as you try to get more programmatic about it. and i know that’s my issue! lol. But really nice to get up and going).

For example, while I am sure there is an easier way to do the below (waiting on a DNS update before proceeding, feel free to suggest!) I was really surprised that I had to use the command as the key here.

Is there a cleaner way to use the lookup and verify the IP in the result is my question really (with a secondary hope that there is a better way than raw output from nslookup or ?? There has to be a pattern I haven’t found.)

Thanks

    - name: Wait for Google DNS to Update
      debug:
        var: lookup('dig', '{{ fqdn }}', '@8.8.8.8')
      register: test_var
      until: new_ip == test_var["lookup('dig', '{{ fqdn }}', '@8.8.8.8')"]
#       new_ip in test_var doesn't work
#      retries: 12
#      delay: 5
    - name: and test_var is?
      debug:
        msg: "{{ test_var }}"

Here is the output:

ok: [localhost] => {
    "msg": {
        "changed": false,
        "failed": false,
        "lookup('dig', 'test.com', '@8.8.8.8')": "192.138.219.231")
    }
}

And thought that maybe query would get me the desired result. Though easier for multiple IPs to work with, still the same key ugliness…

ok: [localhost] => {
    "msg": {
        "changed": false,
        "failed": false,
        "query ('dig', 'yahoo.com', '@8.8.8.8')": [
            "98.137.246.7",
            "98.138.219.231",
            "98.137.246.8",
            "72.30.35.10",
            "98.138.219.232",
            "72.30.35.9"
        ]
    }
}

Go to Source
Author: IGotAHeadache

WPA3-Enterprise Modes

Looking at the Wi-Fi alliance document we find basically three modes:

  • WPA3-Enterprise only Mode
  • WPA3-Enterprise transition Mode
  • WPA3-Enterprise 192-bit Mode

Inside another document provided by Aruba there is another definition:

  • WPA3-Enterprise Basic Basic Opmode is essentially the same as WPA2-Enterprise with enforced PMF settings (MFPR=0, MFPC=1)
  • WPA3-Enterprise: Suite-B/CNSA top-secret security standards for Enterprise WiFi are enforced, deriving at least 384-bit PMK/MSK using Suite-B compatible EAP-TLS.

The questions are about these differences:

  • How many modes are there?
  • Is 192-bit mode mandatory for WPA3-Enterprise or not?

Go to Source
Author: Hoper