‘Cos I always forget:
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
This just makes Apache log the IP in the X-F-F HTTP header instead of %h in reverse-proxy scenarios.
Poor old zest.lemonia.org dropped off air, apparently with a dead CPU or motherboard. Its standby box,
juice.lemonia.org was brought up with 15 hour old data (the backup sync cron’d at 0300, the failure happened at ~1800), but not before attempting to stick one half of zest’s mirror into juice. The root fs at /dev/ad1s1a was fine, but the main data fs wasn’t:
[root@ /var]# fsck /dev/ad1s1d ** /dev/ad1s1d CANNOT READ BLK: 204735648 CONTINUE? [yn] y THE FOLLOWING DISK SECTORS COULD NOT BE READ: 204735648, 204735649, 204735650, 204735651, /dev/ad1s1d: INCOMPLETE LABEL: type 4.2BSD fsize 0, frag 0, cpg 0, size 205012094 [root@ /var]# mount -o ro /mnt/ark WARNING: /mnt/ark was not properly dismounted [root@ /var]# cd /mnt/ark [root@ /mnt/ark]# ls .snap home old [root@ /mnt/ark]# ls -l panic: vrele: negative ref cnt Uptime: 28m42s Cannot dump. No dump device defined. Automatic reboot in 15 seconds - press a key on the console to abort
Is this the BIOS-y raid storing its metadata where it shouldn’t? Chipset is a Promise PDC20276.
Of course, there could be a genuine problem with this disk, but I won’t know till I’ve found a replacement CPU / mobo.
I wanted to avoid RSI checking the browser’s padlock on every site I’d just updated a SSL cert for:
[lemon@core ~ ] 0 $ for z in 4 5 6 7 8 9 10 11 12 ; do echo 'GET /' | openssl s_client -connect devgateway${z}.foo.co.uk:443 2>&1 | openssl x509 -text | grep -i 'Not Before' ; done Not Before: May 9 11:24:00 2006 GMT Not Before: May 9 11:54:05 2006 GMT Not Before: May 9 11:54:05 2006 GMT Not Before: May 9 11:24:00 2006 GMT Not Before: May 9 11:24:01 2006 GMT Not Before: May 9 11:24:01 2006 GMT Not Before: May 9 11:54:06 2006 GMT Not Before: May 9 11:24:01 2006 GMT Not Before: May 9 11:24:01 2006 GMT
Ugly, but it works. the ssl_client(1) man page contains this apology:
<strong>BUGS</strong> Because this program has a lot of options and also because some of the techniques used are rather old, the C source of s_client is rather hard to read and not a model of how things should be done. A typical SSL client program would be much simpler.
Recent articles
- Docker, SELinux, Consul, Registrator
(Wednesday, 04. 29. 2015 – No Comments) - ZFS performance on FreeBSD
(Tuesday, 09. 16. 2014 – No Comments) - Controlling Exim SMTP behaviour from Dovecot password data
(Wednesday, 09. 3. 2014 – No Comments) - Heartbleed OpenSSL vulnerability
(Tuesday, 04. 8. 2014 – No Comments)
Archives
- April 2015
- September 2014
- April 2014
- September 2013
- August 2013
- March 2013
- April 2012
- March 2012
- September 2011
- June 2011
- February 2011
- January 2011
- October 2010
- September 2010
- February 2010
- September 2009
- August 2009
- January 2009
- September 2008
- August 2008
- July 2008
- May 2008
- April 2008
- February 2008
- January 2008
- November 2007
- October 2007
- September 2007
- August 2007
- December 2006
- November 2006
- August 2006
- June 2006
- May 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005