<DocScrutinizer05>
https://ssldecoder.org/?host=neo900.org:85.10.210.203&port=443&fastcheck=0 looks absolutely fine --- except >>HTTP Strict Transport Security not set.<< :-S
<DocScrutinizer05>
ok, so this seems to be sort of common sense. and works
<DocScrutinizer05>
ticket closed - many thanks to you guys! :-)
<pigeons>
it wasnt until IE added GCM supported that it became best practice to disable CBC, even though it was none to suck for a while, but it wasn't practical because there are a lot of IE users
<DocScrutinizer05>
now I guess it's time to chill for me
lkcl has joined #neo900
<DocScrutinizer05>
I just hear "doesn't work on IPv6" - if anybody could check I'd be greatful
<DocScrutinizer05>
grrr so it's needed for all vhosts
<DocScrutinizer05>
wut?
<MonkeyofDoom>
er, nvm
<MonkeyofDoom>
curl defaults to 6 here ;)
<MonkeyofDoom>
so v4 is fine
<DocScrutinizer05>
aah ok
<DocScrutinizer05>
lemme try fix it for a few more vhosts
<DocScrutinizer05>
Aug 05 05:05:01 newbie nginx[3665]: nginx: [emerg] a duplicate default server for [::]:80 in /etc/nginx/vhosts.d/neo900.org.conf:5
<DocScrutinizer05>
:-/
<pigeons>
your vhosts don't say default_server too right?
<DocScrutinizer05>
I first edited default
<DocScrutinizer05>
hoped it would catch all
<DocScrutinizer05>
nfc what it actually does
<DocScrutinizer05>
aaaah :oP
<DocScrutinizer05>
please test neo900.org
<DocScrutinizer05>
pigeons: you need to talk straight to me, I'm in zombie mode
<DocScrutinizer05>
;-)
<pigeons>
i'm getting tired myself but don't want to leave you with something broken
<DocScrutinizer05>
my vhosts did say default_server
<DocScrutinizer05>
worked now
<pigeons>
well now that we're getting some practice they will change the syntax next release for sure
<DocScrutinizer05>
as far as restarting nginx
<DocScrutinizer05>
please check
<DocScrutinizer05>
MonkeyofDoom: ^^^
<MonkeyofDoom>
:)
<pigeons>
ok
<MonkeyofDoom>
a-ok
<DocScrutinizer05>
AAAA?
<MonkeyofDoom>
gratz!
<pigeons>
confirmed
<MonkeyofDoom>
both v6 and v4 work
<DocScrutinizer05>
ok, all vhosts patched, should work now. MANY THANKS!
<DocScrutinizer05>
and n8 folks
<MonkeyofDoom>
glad to help! nn
<pigeons>
goodnight
Satyricon has quit [Ping timeout: 276 seconds]
Sicelo has quit [Ping timeout: 276 seconds]
Satyricon has joined #neo900
Sicelo has joined #neo900
DocScrutinizer05 has quit [Disconnected by services]
DocScrutinizer05 has joined #neo900
pabspabspabs has joined #neo900
pabs3 is now known as Guest82492
Guest82492 has quit [Killed (morgan.freenode.net (Nickname regained by services))]
pabspabspabs is now known as pabs3
Oksana has quit [Read error: Connection reset by peer]
Oksana has joined #neo900
arcean has joined #neo900
freemangordon_ has joined #neo900
illwieckz has joined #neo900
illwieckz has quit [Changing host]
illwieckz has joined #neo900
illwieckz has quit [Ping timeout: 276 seconds]
chainsawbike has quit [Ping timeout: 265 seconds]
chainsawbike has joined #neo900
ds2 has quit [Ping timeout: 244 seconds]
<enyc>
DocScrutinizer05: err... unless you do the ipv6only=true thing or have set sysctl net.ipv6.bindv6only=0 listening on [::]:port listens for IPv6 AND IPv4 connections in a single socket
<enyc>
i was aware of nginx having rubbish default config not listening for IPv6 ah all by default in debian but i think this has since been fixed
pagurus has joined #neo900
SylvieLorxu has joined #neo900
paulk-collins has joined #neo900
galiven_ has quit [Ping timeout: 260 seconds]
maddagaska has quit [Ping timeout: 264 seconds]
maddagaska has joined #neo900
ossguy has joined #neo900
xes has quit [Read error: Connection reset by peer]
xes_ has joined #neo900
illwieckz has joined #neo900
jonsger has joined #neo900
freemangordon_ has quit [Quit: Leaving.]
jonwil has joined #neo900
dos1 has quit [Ping timeout: 244 seconds]
dos1 has joined #neo900
<pigeons>
thanks enyc
<pigeons>
ah he's not here
<pigeons>
~later
<infobot>
it has been said that later is now
<pigeons>
~tell
<pigeons>
~onjoin DocScrutinizer05 enyc points out you need to add ipv6only=true in each of your listen lines that have [::]:port or else nginx also listens on ipv4 on the same socket
<DocScrutinizer05>
well, that's pretty much what I want, no?
<DocScrutinizer05>
forget ~onjoin, won't work afaik
<pigeons>
oh you are here
<DocScrutinizer05>
and if it works, I hope you put your command onto a postit note, to revert it eventually, since onjoin is sticky forever
<DocScrutinizer05>
;-)
arcean has quit [Read error: Connection reset by peer]
<pigeons>
so since it doesnt work i don't have to do anything?
<DocScrutinizer05>
I'm not quite sure if it works
<DocScrutinizer05>
prolly I just suck on the right syntax
<DocScrutinizer05>
I made it work once, years ago
<DocScrutinizer05>
for infobot in #maemo
<DocScrutinizer05>
infobot told itself on joining: "docscrutinizer: infobot joined" and I had an autoresponder on that string setting infobot +V
<pigeons>
as for the dual socket. I really don't know. also default is ipv6only=true aparently starting with nginx 1.3.4
<DocScrutinizer05>
well, neo900.org works on IPv4 and 6 now
<pigeons>
yes, that's the main goal
<DocScrutinizer05>
so unless there are race conditions now, I think everything fine
<pigeons>
oh and its =on not true
<DocScrutinizer05>
((onjoin)) the nasty part is: there's _no_ way tolist existing onjoins
<DocScrutinizer05>
and you only can revert an onjoin when you know the exact parameters used to add it
<pigeons>
the only caveat i find is ipv4 addreses are translated to ipv6 addresses with a mapping if its =off for log files and such which may allow blacklist evading and similar
<pigeons>
ok well my onjoin add is logged just in case
DocScrutinizer05 has left #neo900 ["systemd breaking up recursion in dbus"]
DocScrutinizer05 has joined #neo900
<DocScrutinizer05>
and seems it failed anyway. otherwise infobot should have said something, either in chan or in query
<DocScrutinizer05>
I don't see a response in chan. Did it answer to your command in PM?
<infobot>
Currently I'm hooked up to chat.freenode.net:6667 but only for 4d 1h 34m 1s. I had to reconnect 3 times. Connectivity: 100.00 %
<DocScrutinizer05>
~+stats
<infobot>
Since Mon Aug 1 12:24:20 2016, there have been 1 modification, 98 questions, 0 dunnos, 0 morons and 65 commands. I have been awake for 4d 1h 34m 27s this session, and currently reference 119589 factoids. I'm using about 85592 kB of memory. With 0 active forks. Process time user/system 629.63/10.31 child 0/0
jnc has quit [Ping timeout: 258 seconds]
ceene has quit [Ping timeout: 258 seconds]
<DocScrutinizer05>
~piglatin many useless feature are to be found in this bot as well