Search Results

Search found 11092 results on 444 pages for 'apache commons codec'.

Page 345/444 | < Previous Page | 341 342 343 344 345 346 347 348 349 350 351 352 | Next Page >

Shibboleth: found encrypted assertions, but no CredentialResolver was available

- by HorusKol

I've gotten a Shibboleth Server Provider (SP) up and running, and I'm using the TestShib Identity Provider (IdP) for testing. The configuration appears to be all correct, and when I requested my secured directory I was sent to the IdP where I logged in and then was sent back to https://example.org/Shibboleth.sso/SAML2/POST where I am getting a generic error message. Checking the logs, I am told: found encrypted assertions, but no CredentialResolver was available I have rechecked the configuration, and there I have: <CredentialResolver type="File" key="/etc/shibboleth/sp-key.pem" certificate="/etc/shibboleth/sp-cert.pem"/> Both of these files are present at those locations. I've restarted apache and retried, but still get the same error. I don't know if it makes a difference - but only a subdirectory of the site has been secured - the documentroot is publicly available.

Read the article
MySQL-5.5.10 - Lost connection to MySQL server during query (Both Web Clients and MySQL Slaves)

- by kwiksand

We've just upgraded our existing MySQL5.1 DB servers to newer (much better) hardware with MySQL 5.5, and things have been going mostly smoothly for almost 6 weeks. Just the last few days, I've noticed a few errors, such as: From a MySQL Slave: [ERROR] Error reading packet from server: Lost connection to MySQL server during query ( server_errno=2013) Or From Apache/Other: Lost connection to MySQL server at 'reading initial communication packet', system error: 110 At one point this evening, many webnodes reported this error for a three minute period (many such reports as this was in a busy period). However, the issues don't appear to correspond with any times of extreme load. For all intents and purposes, the connection/thread load on MySQL is at a normal rate (between about 10 and 40 connected threads), and Web load has been a LOT higher at times over the last few weeks. Could there bee other reasons for these connection errors, that I'm not seeing?

Read the article
Could not establish a secure connection to server with safari

- by pharno

Safari tells me that it couldnt open the page, because it couldnt establish a secure connection to the server. However, other browsers (opera, firefox) can open the page. Also, theres nothing in the apache error log. The certificate is selfsigned, and uses standart values. (seen here: http://www.knaupes.net/tutorial-ssl-zertifikat-selbst-erstellen-und-signieren/ ) ssl config: SSLEngine on #SSLInsecureRenegotiation on SSLCertificateFile /home/gemeinde/certs/selfsigned/gemeinde.crt SSLCertificateKeyFile /home/gemeinde/certs/selfsigned/gemeinde.key #SSLCACertificateFile /home/gemeinde/certs/Platinum_G2.pem #SSLOptions +StdEnvVars <Location "/"> SSLOptions +StdEnvVars +OptRenegotiate SSLVerifyClient optional SSLVerifyDepth 10 </Location>

Read the article
ubuntu-10.04-desktop-i386 does not work with HTTP preseed?

- by netvope

Installation media: ubuntu-10.04-desktop-i386.iso I tried a lot of different boot parameters, but either the installer ignored the preseed configuration, or it boot itself directly as LiveCD. An example of the boot parameters I've tried: auto url=http://mydomain.com/path/preseed.cfg boot=casper only-ubiquity initrd=/casper/initrd.lz quiet splash -- If I remove only-ubiquity, it boots as a LiveCD. If I remove boot=casper, it won't boot. If I add vga=normal locale=en_US console-setup/layoutcode=us console-setup/ask_detect=false interface=auto, it still can't do automatic install. If I remove auto, it's the same. What is the correct boot parameters for launching such an installation? From the apache log of the server hosting preseed.cfg, I see that the installer has no problems fetching the preseed file. My preseed file is almost identical to the one at https://help.ubuntu.com/10.04/installation-guide/example-preseed.txt. Moreover, I have run debconf-set-selections -c preseed.cfg to ensure that the preseed file is correct.

Read the article
Mac OS X Server add server user

- by Meltemi

What's the recommended way to add a user to Mac OS X Server that doesn't need all the hoopla associated with Workgroup Manager? There are many users pre-configured in Mac OS X Server (www, root, ldapadmin, etc.) that don't have "Full Name" or mail accounts, etc. I'd like to create a 'svn' user to be the owner of our Subversion Repository as per this tutorial: If you've decided to use either Apache or stock svnserve, create a single svn user on your system and run the server process as that user. Be sure to make the repository directory wholly owned by the svn user as well. From a security point of view, this keeps the repository data nicely siloed and protected by operating system filesystem permissions, changeable by only the Sub- version server process itself. Wondering if there's a way outside of WorkgroupManager and OpenDirectory as this account will be entirely server based. Is this still sound advice under OS X Server? If so what's the easiest way to create the user (Mac OS X Server doesn't seem to respond to useradd).

Read the article
Setting Mercurial with Active Directory authentication and authorisation

- by jbx

I am evaluating the possibilities of moving my organisation to Mercurial, however I am stumbling on 2 basic requirements which I can't find proper pointers to. How do I set up Mercurial's central repository to authenticate users with the central active directory and only allow them to push or pull if they have the right credentials? How do I set up a Mercurial project repository to only allow users pertaining to a specific group to push / pull source code? We need this to have per-project authorisation. On which HTTP servers (IIS or Apache etc.) are the above 2 requirements supported? Apologies if I am asking something obvious or if I am missing something fundamental about how authentication and authorisation works. Thanks.

Read the article
cassandra node discovery

- by eQuiNoX__

I just set up a 3 node system with ip addresses "192.168.0.101", "192.168.0.102", "192.168.0.103". I have set the seeds value on the configuration of all three machines as seeds: "192.168.0.101,192.168.0.102,192.168.0.103" However, on running nodetool on any of them, only the 103 machine gets discovered. node101:/opt/cassandra/apache-cassandra-0.8.5/bin# ./nodetool ring -h 192.168.0.101 Address DC Rack Status State Load Owns Token 192.168.0.103 datacenter1 rack1 Up Normal 151.96 KB 100.00% 38174485210079977599903748344879358256 Could someone tell me where the problem lies?

Read the article
sendmail user unknown - debian lenny

- by Rimian

My php's mail() function just stopped working a short while ago. It's started returning FALSE. I am not much of a sysadmin so please forgive my ignorance. I set my php.ini send_path option to: "sendmail_path = /usr/sbin/sendmail -t -i" and restarted apache. Then, I learnt how to test sendmail like so: sudo /usr/sbin/sendmail -bv [email protected] [email protected]... deliverable: mailer esmtp, host example.com., user [email protected] The example email is a real mail box. I have also seen unknown user messages in the mail log. Can anyone please help me debug this? Cheers, Rim

Read the article
What's wrong with Lotus Notes / Lotus Domino?

- by user20242

I have a client who is using Lotus Domino for their web application/server platform. The client has two "web developers" who are more comfortable with Lotus Domino than more mainstream tools and technologies and are not enthusiastic about making a switch. I have been asked to provide an assessment of why it may be prudent to migrate to a different web application platform. I would be particularly interested in understanding deficiencies related to the platform as I have very little knowledge of Domino but am very familiar with other platforms. In addition to the fact that Apache has over 70% of web server market, IIS over 21%, and Lotus almost 0%, what other reasons would you give for moving away from this platform?

Read the article
Permission settings for apache2 web content directories with several users?

- by John

Hi there. I've got a Debian VPS set up with a LAMP-stack. My apache2 instance runs on the user account 'www-data'. In addition to the root account and the service accounts I have several user accounts belonging to friends, family and myself that includes FTP-access. This is to allow the users to drop files to the root of their domain which is located in their home folder. I am having issues with setting the correct permissions so that Apache is able to serve the content ("403 Forbidden"). I could just do a 'chmod -R 755 *' on the entire www-directory for each domain, but from what I gather that's not a good idea. Here's an example of the structure: apache2 is run by 'www-data' User 'john' has this home folder structure /home/john/domains/somedomain.com/www /home/john/domains/sub.somedomain.com/www How can I keep things safe while still allowing users to upload content via FTP, and allow for file-uploads in lets say Wordpress?

Read the article
Performance difference between compiled and binary linux distributions/packages

- by jozko

I was searching a lot on the internet and couldn't find an exact answer. There are distros like Gentoo (or FreeBSD) which does not come with binaries but only with source code for packages (ports). The majority of distros uses binary backages (debian, etc.). First question: How much speed increase can I expect from compiled package? How much speed increase can I get from real world packages like apache or mysql? i.e. queries per second? Second question: Does binary package means it does not use any CPU instructions that was introduced after first AMD 64bit CPU? With the 32bit packages does it mean that the package will run on 386 and basically does not use most of the modern CPU instructions? Additional info: - I am not talking about desktop, but server environment. - I dont care about compile time - I have more servers, so speed increase more than 15% is worth for using source code packages - Please no flamewars. Thank you very much

Read the article
Modeling RBAC actors using LDAP (Core X.5xx)

- by Tetsujin no Oni

Mirrored from stackoverflow... When implementing an RBAC model using an LDAP store (I'm using Apache Directory 1.0.2 as a testbed), some of the actors are obviously mappable to specific objectClasses: Resources - I don't see a clear mapping for this one. applictionEntity seems only tangentially intended for this purpose Permissions - a Permission can be viewed as a single-purpose Role; obviously I'm not thinking of an LDAP permission, as they govern access to LDAP objects and attributes rather than an RBAC permission to a Resource Roles - maps fairly directly to groupOfNames or groupOfUniqueNames, right? Users - person In the past I've seen models where a Resource isn't dealt with in the directory in any fashion, and Permissions and Roles were mapped to Active Directory Groups. Is there a better way to represent these actors? How about a document discussing good mappings and intents of the schema?

Read the article
how do i set index priorty on nginx in order to load index.html before wordpress' .php files

- by orbitalshocK

hello there, gents. I'm an absolute beginner in linux, the CLI, as well as nginx and wordpress. i'm trying to make a 'coming soon' landing page that will take priority over the main wordpress installation i just set up. I want to make .html load before php, or get information on the Best Practices approach to this. I just now realized i could easily use the wordpress' generic "under construction" page and modify it. I'm sure it has one; i'm sure there's a plugin. Stats linode 1024 ubuntu 12.04 nginx 1.6.1 single wordpress installation (for now) set up using easyengine, but going to restart and configure nginx for my linode specifically probably. I managed to find one piece of instruction on how to change the httpd file to specify priority for apache 2, but did not find the same documentation for nginx. If it's not on the first page of google, then serverfault needs the question answered! Viva la Server Fault first page results!

Read the article
ssh all machines behind a router

- by Luc

Hello, I have several machines on my lan. One is used as a http proxy to target web sites located on the others (that's working fine now thanks to ServerFault). On my router, Port 22 is NATed to this proxy machine. I would like to be able to access the other machines, within internet, with something like: ssh user@first_machine.my_domain.tld ssh user@second_machine.my_domain.tld Could I use the proxy machine to 'filter' the incoming ssh request and to route them to the correct machine ? (in the same way it's possible to do so for web sites using a mix of mod_proxy and namevirtualhost in Apache) Thanks a lot, Luc

Read the article
Rewrite URL before passing to proxy Lighttpd

- by futureelite7

Hi, I'm trying to setup a reverse proxy in lighttpd, such that all requests (and only those requests) under /mobile/video is redirected to the / directory of a secondary web server. This is pretty easy in apache, but I can't for the life of me figure out how to do so in lighttpd. $HTTP["url"] =~ "^/wsmobile/video/" { url.rewrite-once = ( ".*" => "/test/" ) proxy.server = ( "" => ( ( "host" => "210.200.144.26", "port" => 9091 ) ) ) } I've tried using the http["url"] directive, but lighttpd simply ignore those requests and continue to pass the full url to the secondary server, which of course chokes and throws 404s. However, if I do a global rewrite then everything gets forwarded to the secondary server, which is also not what I want. How do I go about this task?

Read the article
SSL Proxy: Forwarding without the encryption

- by John

I have a python application listening on port 9001 for HTTP traffic. I'm trying to configure Apache (or anything, really) to listen on port 443 for HTTPS connections, and then forward the connection, sans encryption, to port 9001 on the same machine. My application would then reply via the proxy, where the encryption would be reapplied, and returned to the client transparently. I'm not doing anything crazy with the site names and SSL certs, I have one public IP, one hostname, and one SSL cert. Stripping the encryption at the proxy doesn't seem to be a common requirement. Is what I'm asking for a normal requirement? Are there other concerns with this sort of configuration?

Read the article
Possible to get IIS on Windows Server 2008 R2 to "port-forward" port 80 for certain domains to other

- by Lasse V. Karlsen

I have IIS set up on my server, but also Apache x2 (other products which comes with their own servers, cannot be integrated into IIS.) Is it possible for me to "port-forward" certain domains on port 80 (that IIS handles) to those other ports? For instance: www.vkarlsen.no - IIS svn.vkarlsen.no - port 81 on same machine teamcity.vkarlsen.no - port 82 on same machine Or do I just need to set up those domains and redirect to the correct port? I'd like the domain name and url to be transparent to the user, but perhaps that won't work. Can anyone shed some light on this?

Read the article
Alerting system for Munin

- by akirk

I am very satisfied with munin as a monitoring tool (as I only have a simple 2-server setup) but its alerting system is very annoying as you can only configure it to send an e-mail upon every check which generates a warning or an error. It seems like the only option is to use Nagios but in Debian it has Apache as a dependency and I already use nginx on my monitoring machine. All I want is to have the possibility to silence/acknowledge the alarm while I am working on a fix, so that I don't get bombarded with e-mails. Nagios seems like an oversized solution for that anyway. Is there any simple solution for that or am I the only one who feels like he needs such a tool?

Read the article
site timing out when under heavy load

- by naunu

My client sends out eblasts at 8am monday/wed/friday. Between 8:15-8:45 the site becomes extremely slow and many users sessions timeout. My setup: Mediatemple VE 2gb dedicated ram (3 burst) Ubuntu 9.10 Apache2-mpm-worker PHP5.3-fcgi MySQL 5 I recently tried to remedy the problem by switching from apache2-mpm-prefork to mpm-worker, but am still having the same issues. My apache settings are: Timeout 100 KeepAlive On MaxKeepAliveRequests 100 <IfModule mpm_worker_module> StartServers 12 MinSpareThreads 25 MaxSpareThreads 96 ThreadLimit 96 ThreadsPerChild 25 MaxClients 225 MaxRequestsPerChild 0 </IfModule> The site is only getting ~10,000 page views during the 8am-9am hour, which I dont think should be stressing the server too badly. Maybe it is an error with the PHP settings, or bandwidth per unit time, or the site outgrew the server? Any suggestions would be very helpful - as you can see i've given it a good go before looking for help (installed mpm-worker). Also, can anyone suggest to me some free load testing software, or a tutorial on mod_status? Thank you

Read the article
Protect me from this perl syn flood script [closed]

- by Luka

Possible Duplicate: How to best defend against a “slowloris” DOS attack against an Apache web server? As everybody here I was interested in hacking in a period of time, using a perl scripts. CSF is protecting me from every perl script which can make damage. But not from this one here: http://pastebin.com/CfRiSVkQ It's Syn Flood script, when I attack my dedicated server from another dedicated with 100MBPS link csf is detecting the attack and he always block attackers address but I am flooded and sites are down, I get email from csf, but attack is still damaging sites! Then I need to restart httpd, csf and sites are online again...

Read the article
securing server to server http post

- by ad-inf

Website is developed on JSF, Servlet, using apache web server. In my website, I accept data submission from few restricted websites using HTTP POST method. We exchange some secure key to ensure that correct source is sending data. But is there any way to ensure that the data is submitted from specific domain / IP address only? In application level I can check request.header('Referer') , but some proxy or firewall might hide the referer. Can this configuration done on firewall or webserver level to authenticate server to server communication? Eg. Say my website is a payment gateway website, integrated with www.abc.com. I want only abc.com to submit data. So a user using abc.com should be able to submit data to my website only through abc.com, and not any other website.

Read the article
Changing memory allocator to Jemalloc Centos 6

- by Brian Lovett

After reading this blog post about the impact of memory allocators like jemalloc on highly threaded applications, I wanted to test things on a larger scale on some of our cluster of servers. We run sphinx, and apache using threads, and on 24 core machines. Installing jemalloc was simple enough. We are running Centos 6, so yum install jemalloc jemalloc-devel did the trick. My question is, how do we change everything on the system over to using jemalloc instead of the default malloc built into Centos. Research pointed me at this as a potential option: LD_PRELOAD=$LD_PRELOAD:/usr/lib64/libjemalloc.so.1 Would this be sufficient to get everything using jemalloc?

Read the article
Apache2 conditional section based on port

- by Waleed Hamra

I don't know much about if statements in apache configuration, and I'm wondering if I can have a section of the configuration applied only if the request is received on a certain port. In short, this is about SSL. I have name based virtual hosts, I can make a configuration for port 80, then duplicate it all for port 443, and add the relevant SSL configurations. But this seems redundant. I was wondering if i can have something like: <VirtualHost *:80 *:443> and then I can put: <IfModule mod_ssl.c> SSLEngine on SSLCertificateFile ... SSLCertificateKeyFile ... SSLCACertificateFile ... </IfModule> inside an if statement that checks if connection is on port 443... or is such thing impossible? the server supports SNI, and I don't have any worries from non-SNI compliant browsers.

Read the article
Creating Multiple Users on Single PHP-FPM Pool

- by Vince Kronlein

Have PHP-FPM/FastCGI up and running on my cPanel/WHM server but I'd like have it allow for multiple users off of a single pool. Getting all vhosts to run off a single pool is simple by adding this to the Apache include editor under Global Post Vhost: <IfModule mod_fastcgi.c> FastCGIExternalServer /usr/local/sbin/php-fpm -host 127.0.0.1:9000 AddHandler php-fastcgi .php Action php-fastcgi /usr/local/sbin/php-fpm.fcgi ScriptAlias /usr/local/spin/php-fpm.fcgi /usr/local/sbin/php-fpm <Directory /usr/local/sbin> Options ExecCGI FollowSymLinks SetHandler fastcgi-script Order allow,deny Allow from all </Directory> </IfModule> But I'd like to find a way to implement php running under the user, but sharing the pool. I manage and control all the domains that run under the pool so I'm not concerned about security of files per account, I just need to make sure all scripting can be executed by the user who owns the files, instead of needing to change file permissions for each account, or having to create tons of vhost include files.

Read the article
application/x-httpd-php opening rather than pages?

- by GuyNoir

For some reason, no matter what page I try to open (.php, .html, .html, etc) my server trys to save it, rather than displaying the page. However, I do get the "It Works!" page for the main domain, it's only when I try to display a page on a sub-directory that it fails. I researched the problem, and I placed a .htaccess file in the directory of the pages that I'm attempting open with the code: AddType application/x-httpd-php5 .php .html .htm AddHandler applicaton/x-httpd-php5 .php .htm .html .my I'm running the latest version of apache and php5 which is installed as the "php5" module. Any help? http://i.stack.imgur.com/fh6dj.png

Read the article

< Previous Page | 341 342 343 344 345 346 347 348 349 350 351 352 | Next Page >