So, I’ve only been up for about three weeks and I’ve already got my first spam comment (which is why I moderate all comments ATM.) Also, it was kind of strange, I went to go here at work today and I wasn’t able to connect. So, I logged into my router. I thought that my iptables were screwy again, so I started trying to fix them by hand. Deleted a rule and BAM no more connectivity to my router (at all.) So I had to Continue reading →
Well, I think I have all the previous issues taken care of. Caching may or may not work, but it’s supposed to be happening now. So mail and DNS lookups work now (DNS only being useful from my side.) So, all-in-all I hope this beast can just run for several months and I’ll see what (if anything) needs to be done in that time. So now that my server should be stable, I’m free to work on other endevors!
Well now that the system is live, I think there’s going to be a few things I’m going to need to fix. Most all of them are from using mod_chroot. Most aren’t anything critical, but things that should be addressed (sooner rather than later.) For instance, I think DNS lookups are failing from inside WordPress. I breifly read in the mod_chroot caveates that this may happen, and I think this is happening now. Another mod_chroot straight from the caveates is PHP mail(). The last issue Continue reading →
Well, technically we’ve been live for about 4 hours, but I didn’t realize at the time that using DNAT with iptables actually caused the NATed server to become unavailable from the LAN. I was actually trying to get everything setup in FwBuilder, but I may have hit a limitation since I could not find a way to do “-A POSTROUTING -s 192.168.0.0/16 -j SNAT –to-source 126.96.36.199” I must say this was an interesting learning experience. I just now hope that I did enough to secure Continue reading →
Well, my server is pretty much ready I now. Apache is chrooted and seems to be working well. I also did a self-signed cert in hopes that’ll make my remote logins even more secure to WordPress. SSH access is limited to keyed logins. Ntpd is running in hopes of keeping the system’s clock sane. I’ve moved all my Git repos here and even have my CGit vhost running/working. Git daemon is also running. MySQL is only accepting connections on the localhost (via socket or 127.0.0.1.) Continue reading →
Ok, it looks like I just needed to add /usr/share/zoneinfo/America/Chicago to my chroot, and I think that solved that issue. Simple enough really.
As I prepare to have my server public, I’ve chrooted my server’s Apache with mod_chroot. This allows me to have the advantages of a chroot environment without as many of the draw backs. There is still some strangeness to work out. For instance “Warning: timezone_open() [function.timezone-open]: Unknown or bad timezone (America/Chicago) in /wp/wp-includes/functions.php on line 3160“ I’ll get this figured out, but honestly, it’s not a huge deal. I may have to have Apache load the zoneinfo file, or perhaps not… Really, the only Continue reading →
Well, I have my new server up and running (though it’ll probably be awhile before anyone will be able to see this since I’m not done securing it making it a dmz so people can access it.) I’m not sure why I decided to setup a blog, but I did, and I’m going to see how it goes.