Lionel_Debroux has quit [Ping timeout: 276 seconds]
<ak5>
asheesh_: hi, thanks for getting back to me. I am confused as I didn't find the permission level in davros.
<asheesh_>
Oh - it should be available in the drop-down when you do the sharing.
frigginglorious has quit [Quit: frigginglorious]
<asheesh_>
And in the "Show who has access" area within "Share access."
<ak5>
asheesh_: oh I see, there is a dropdown can view/can share
<ak5>
sorry, I am blind
<asheesh_>
And glad you're still here! I appreciate your patience.
<ak5>
thanks for the help :)
<asheesh_>
(-:
<ak5>
sandstorm.io is really great. I am not sure if you realize here in china, lots of these services that sandstorm provides FOSS services of are blocked.
<asheesh_>
I'm going to wander off for now bu feel free to ask other questions soon !
<lukexj>
i kindof want to just delete everything on my vps and start off on a clean slate and try to do everything manually
<asheesh_>
Yeah, we really hope that we can help out a lot in China.
<asheesh_>
AFK for a bit, but I do very much hope you stick around.
<ak5>
I praise sandstorm.io very highly in all the chinese tech meetups I go to :)
<ak5>
awesome, thanks again, cya around
jadewang has joined #sandstorm
<lukexj>
would it be possible to give a subdomain like wiki.lukexj.xyz instaid of having to give out a share access link?
<lukexj>
ak5: can vpn's get past the great wall of china?
<lukexj>
or i mean the firewall of china or whatever its called
<ak5>
lukexj: we just call it the GFW mostly. Yes, they can. Although popular protocols like openvpn are autodetected and blocked
<lukexj>
even using special configurations of openvpn?
<ak5>
lukexj: I haven't gone too nuts, but it's not simple default port blocking if that's what you mean
<lukexj>
oh
<ak5>
lukexj: if you ever are in china for short periods of time, I recommend "ssh -D" or a small app called "sshuttle"
<lukexj>
does freenode show my hostname?
jadewang has quit [Ping timeout: 250 seconds]
<ak5>
I don't know how to check that in weechat heh
<lukexj>
oops im not on my vpn :p
<zarvox>
lukexj: yes
lukexj_ has joined #sandstorm
<lukexj_>
what about now zarvox?
<zarvox>
now you have the vpn/privateinternetaccess/lukexj ...mask? I forget what freenode calls them
<lukexj_>
lol
<lukexj_>
i have to auth with SASL or it kicks me
<lukexj_>
so i did that xD
<zarvox>
ak5: are you running your own server, or using oasis? I'm also curious to know if you have any GFW-related issues with installing apps or if you use sandcats.io
lukexj has quit [Ping timeout: 244 seconds]
lukexj_ has quit [Client Quit]
lukexj has joined #sandstorm
<zarvox>
It's not every day we hear from users in China, so it's awesome to hear that sandstorm is serving you well :)
<lukexj>
zarvox: does sandstorm do something special with users? when i type lastb it shows way more then "root ssh:notty"
<zarvox>
lastb shows bad login attempts
<lukexj>
holy shit
<lukexj>
im sorry this channle is family friendly
<lukexj>
i mean "holy s***"
<lukexj>
:p
<zarvox>
sandstorm doesn't do anything in particular with users; it primarily runs as the user you specify in sandstorm.conf
<lukexj>
wow lastb spams me
<lukexj>
its a good thing i disabled ssh without a key
<lukexj>
and only my key will work
<zarvox>
at least not "system" users. Sandstorm has its own concept of user accounts within the Sandstorm UI, but those aren't the same as the system users in /etc/passwd
<lukexj>
alright
<lukexj>
i havent been getting much failed login attempts lately
<lukexj>
i installed fail2ban
jemc has quit [Ping timeout: 240 seconds]
<lukexj>
zarvox: would it be possible to give a subdomain like wiki.lukexj.xyz instaid of having to give out a share access link?
<zarvox>
I guess you could make that subdomain return an HTTP redirect to a share link?
<lukexj>
maybe
frankier has joined #sandstorm
ragesoss has quit [Ping timeout: 240 seconds]
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 260 seconds]
ak5 has quit [Ping timeout: 250 seconds]
ak5 has joined #sandstorm
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 240 seconds]
ak5 has quit [Remote host closed the connection]
ak5 has joined #sandstorm
[d__d] has quit [Ping timeout: 250 seconds]
[d__d] has joined #sandstorm
[d__d] has quit [Ping timeout: 276 seconds]
[d__d] has joined #sandstorm
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 260 seconds]
frankier has quit [Ping timeout: 272 seconds]
ak5 has quit [Remote host closed the connection]
leomen has joined #sandstorm
<leomen>
Hello there everyone. I'm having some troubles while configuring my wildcard DNS, is there someone who could help me?
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 260 seconds]
frankier has joined #sandstorm
<dwrensha>
leomen: I can try to help!
<dwrensha>
what kind of errors are you seeing?
<leomen>
On my admin page it shows: WARNING: This server seems to have its WILDCARD_HOST misconfigured. Until you fix it, you will not be able to use any apps. You can read more info in the Sandstorm docs and in your browser's Javascript console. You'll need to adjust DNS, SSL/TLS certificates, or edit the sandstorm.conf file. If you see no information in t
<leomen>
he JS console, or wish to test if you have fixed the problem, reload this page to re-run the test. If you're still having problems, please file an issue.
<leomen>
And on my JS console it shows: Sandstorm WILDCARD_HOST self-test failed. Details: Error: network
<leomen>
Plus a warning about a frame-src being obsolete.
jadewang has joined #sandstorm
jadewang has quit [Ping timeout: 276 seconds]
<dwrensha>
leomen: that could mean a number of things
<leomen>
i think it's something related to my DNS configuration, but I'm not sure what =/
<leomen>
I did some changes on it recently and a dig to "anything".ss.ifspmatao.edu.br @ my nameserver is gettin my a answer... So maybe if I wait it could be ok now?
<dwrensha>
what is your WILDCARD_HOST in /opt/sandstorm/sandstorm.conf?
<xet7>
WHOA! Sandstorm WordPress update fixed my webpage where 2 images did not display in Android Chrome! YEEHAWW!! YESSS !!!!
<leomen>
*.ss.ifspmatao.edu.br
<dwrensha>
$ host test.ss.ifspmatao.edu.br
<dwrensha>
Host test.ss.ifspmatao.edu.br not found: 3(NXDOMAIN)
<dwrensha>
ss.ifspmatao.edu.br resolves for me, but anything.ss.ifspmatao.edu.br does not
<leomen>
Am I interpreting it's result right and it's getting an answer?
<leomen>
I'm interpreting that since I'm getting an answer now, it means it's only a matter of time until DNS servers synchronize?
<dwrensha>
yeah, if I explicitly use ns1.ifspmatao.edu.br as the nameserver then it seems to work
<dwrensha>
$ dig NS ifspmatao.edu.br
<dwrensha>
^ gives me "ifspmatao.edu.br" in the answer section
<leomen>
The DNS resolution seems to work on the ss server (it translates a.ss.ifspmatao.edu.br to the right IP), and it's not pinging due my firewall, I believe.
<dwrensha>
and "ns1.ifspmatao.edu.br" in the additional section
<dwrensha>
I'm not sure exactly what that means
<leomen>
check mine: ;; QUESTION SECTION:
<leomen>
;ifspmatao.edu.br. IN NS
<leomen>
;; ANSWER SECTION:
<leomen>
ifspmatao.edu.br. 21599 IN NS ns2.ifspmatao.edu.br.
<leomen>
ifspmatao.edu.br. 21599 IN NS ns1.ifspmatao.edu.br.
<dwrensha>
oh, wait, I was misinterpreting mine.
<dwrensha>
yeah, looks the same as yours
<leomen>
I believe there is something odd on my DNS server, but I can't pinpoint what haha
<dwrensha>
it strikes me as somewhat odd that your nameserver is a subdomain of the addresses that it is in charge of resolving
<dwrensha>
I wonder if that circularity is problematic
<leomen>
Check my zone config file. I think I've swapped position on a defition.
<leomen>
The DNS resolution seems to work on the ss server (it translates a.ss.ifspmatao.edu.br to the right IP), and it's not pinging due my firewall, I believe.
<leomen>
; Name servers
<leomen>
ifspmatao.edu.br. IN NS ns1.ifspmatao.edu.br.
<leomen>
ifspmatao.edu.br. IN NS ns2.ifspmatao.edu.br.
<dwrensha>
what does the wildcard config look like in the zone config file?
<leomen>
I have a NXDOMAIN redirect zone configured like that:
<leomen>
TTL 300
<leomen>
@ IN SOA ns1.ifspmatao.edu.br admin.ifspmatao.edu.br (
<leomen>
1406201601 ; Serial
<leomen>
604800 ; Refresh
<leomen>
86400 ; Retry
<leomen>
2419200 ; Expire
<leomen>
604800 ) ; Negative TTL
<leomen>
@ IN NS ns1.ifspmatao.edu.br
<leomen>
;
<leomen>
;
<leomen>
; NS records do not need address records in this zone as it is not in the norma$
<leomen>
* IN A 200.133.218.174
<leomen>
And my hosts like that:
<leomen>
ss IN A 200.133.218.174
<leomen>
*.ss.ifspmatao.edu.br IN A 200.233.218.174
<leomen>
The ping to "a.ss.ifspmatao.edu.br" started to work after I've added *.ss.ifspmatao.edu.br IN A ...
<leomen>
I see a tyyyyypo!
<leomen>
*.ss.ifspmatao.edu.br was redirecting to the wrong IP, sandstorm could not see it working, right?
au has quit [Remote host closed the connection]
<dwrensha>
that still would not explain why `dig a test.ss.ifspmatao.edu.br` fails to return anything
<leomen>
I just added that *.ss.ifspmatao.edu.br (kinda of 30 minuets ago). So maybe it's still replicating through DNS servers?
frigginglorious has joined #sandstorm
jadewang has joined #sandstorm
<dwrensha>
oh, hm. interesting. It does look like your TTLs are long
<leomen>
Hmm. So let me shorten it =D
<leomen>
At least next updates wont be so long.
<dwrensha>
like on the order of weeks
jadewang has quit [Ping timeout: 250 seconds]
<leomen>
43200 should be enough :)
<leomen>
but since we are low profile... Maybe even less.
<dwrensha>
so, I think a lower TTL will help with debugging, but I don't think it explains why `dig a test.ss.ifspmatao.edu.br` doesn't return anything
<leomen>
I lowered it to a matter of minutes for now.
<leomen>
I get only an authority section, indeed.
<leomen>
;; OPT PSEUDOSECTION:
<leomen>
; EDNS: version: 0, flags:; udp: 512
<leomen>
;; AUTHORITY SECTION:
<leomen>
;; QUESTION SECTION:
<leomen>
;test.ifspmatao.edu.br. IN A
<leomen>
ifspmatao.edu.br. 119 IN SOA ns1.ifspmatao.edu.br. admin.ifspmatao.edu.br. 1606201605 604800 86400 2419200 604800
<leomen>
I believe this is because of my redirect zone?
jadewang has quit [Read error: Connection reset by peer]
daemoen_ is now known as Daemoen
Telesight has joined #sandstorm
<asheesh_>
leomen & dwrensha - looks like y'all maybe worked that out, which is nice if so.
<c-mart>
if I started using Roundcube as my IMAP client, and I log into my Sandstorm server using email authentication, then how would I log into my own email?
<asheesh_>
Howdy c-mart
<asheesh_>
Roundcube can't be an IMAP client in Sandstorm yet; instead it's a shockingly self-contained little email world.
<asheesh_>
But even so, if only email address is the one that is tied to a Roundcube grain, I guess that does create a circular dependency.
rustyrazorblade has quit [Quit: rustyrazorblade]
frankier has quit [Ping timeout: 250 seconds]
Telesight has quit [Remote host closed the connection]
amyers has joined #sandstorm
xet7 has joined #sandstorm
jadewang_ has quit [Remote host closed the connection]
uppermgmt has quit [Read error: Connection reset by peer]
<frew>
is the oasis crazy slow for anyone else?
* frew
does a hard refresh
* frew
opens firebug
<frew>
yeah something seems down
jadewang has joined #sandstorm
<asheesh_>
frew: Yeah, we're aware of it and self-healing is happening now.
asheesh_ is now known as asheesh
<asheesh>
frew: Try now!
<asheesh>
Service should be fully recovered.
<frew>
asheesh: ok, just making sure. Would be nice if there were a status.oasis.sandstorm.io or someethign
<asheesh>
Yeah, agreed.
<frew>
ok, seems back; thanks :)
<asheesh>
I'll make a note about that.
<asheesh>
You're welcome!
<asheesh>
Thank kentonv (-:
<frew>
kentonv: thanks!
<frew>
even a manually toggled status would be nice
<kentonv>
I did nothing. Except write the code which fixes itself. :P
<frew>
ah
<frew>
interesting
<frew>
kentonv: what was wrong / fixed?
<kentonv>
the thing is that by the time a human notices the system is usually mostly done fixing itself already...
* frew
is still waiting for his grain to start.
<frew>
waiting for php5-fpm to be available at /var/run/php5-fpm.sock
<frew>
hm.
<kentonv>
the basic problem is that there was a bug where large file downloads from an app could use excessive RAM to the point where a machine dies and has to be recreated -- and right now we don't shift users to other machines fast enough. We have fixed the code problem but apps need to be updated. Davros is the main one that needs to be updated, and an update was pushed yesterday, so now we need everyone to accept it
<frew>
interesting
<frew>
so it needs to use sendfile instead or what?
<frew>
I'm just curious honestly
<kentonv>
well, Sandstorm acts as a proxy between the user and the app. The problem was that the apps were pushing data to the proxy much faster than the proxy could push the data to the internet. The fix is to implement flow control on the app side.
<frew>
ok
<kentonv>
which we did in sandstorm-http-bridge last week
<kentonv>
but sandstorm-http-bridge ships with the apps, not with Sandstorm. So apps need to update.
<kentonv>
We could also perhaps buffer to disk in cases where the app isn't behaving nicely. If I get a chance I might implement that for the next release. But with any luck the problem will go away when people accept the Davros update.
<frew>
kentonv: what if the app didn't ship with the bridge, but the bridge got mounted into the app, so that the app always has the latest version?
<frew>
just seems like it would be nice for something generic like that
<kentonv>
frew: not all apps use the bridge, and even if they do, the bridge <-> app interface is not one we feel comfortable keeping 100% backwards-compatible, whereas the supervisor <-> bridge interface is.
<frew>
ok.
<kentonv>
but I agree that would have helped in this case
frigginglorious has quit [Quit: frigginglorious]
frigginglorious has joined #sandstorm
gelnior54 has quit [Remote host closed the connection]
gelnior54 has joined #sandstorm
bemasc has quit [Ping timeout: 276 seconds]
jadewang has quit [Remote host closed the connection]
amyers has quit [Ping timeout: 272 seconds]
frigginglorious has quit [Ping timeout: 250 seconds]