lee/hpr-knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d37a9aca4e5f4a4d91222fe0249fac456ce5cdc2
hpr-knowledge-base/hpr_transcripts/hpr1206.txt
Lee Hanken 7c8efd2228 Initial commit: HPR Knowledge Base MCP Server 
- MCP server with stdio transport for local use
- Search episodes, transcripts, hosts, and series
- 4,511 episodes with metadata and transcripts
- Data loader with in-memory JSON storage

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-26 10:54:13 +00:00

1224 lines
53 KiB
Plaintext
Raw Blame History

Episode: 1206
Title: HPR1206: Resolving Issues (The Vhost Config File)
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr1206/hpr1206.mp3
Transcribed: 2025-10-17 21:39:07
---
Hello, this is Dan Weibill, and this is Windigo.
And I am having trouble with webpages, and I think you might be my go-to guy, so I'm
going to ask you some questions.
Which means you are in trouble, sir.
Well, you've got to know better.
You've been running them longer than I have.
How long have you been doing webpages?
I would like, well, there's lots of different parts of that.
I've been hosting my own servers for the past couple of years, maybe, since 2008.
But they've never been really professional grade.
But I've been coding HTML and even PHP now for quite a while.
Yeah, and you do this for your job, too, as well, right?
Yeah, although, you know, full disclosure, we're stuck on IIS at our place of employment.
Okay.
Well, I'm just, this part is just hobby for me.
Like last year, well, it's over a year now.
I never really had, I just consumed the web the whole time, just bringing stuff in or maybe
using a forum or email or stuff.
I never really, like, wanted to have a blog or a web page or anything.
But back when we started doing the status net stuff, it seemed like fun.
So, that was my first outward-facing presence on the web, I guess you can say.
Yeah, once you find out that with a pretty minimal machine and an internet connection,
you can host all your own applications and your own communication tools, it gets kind
of addictive.
Yeah, yeah, that's, well, we're going to go into that in a minute, but yeah, I'm back
back then.
It was an old Pentium M12-inch Dell laptop behind my router, and it was just a server.
And, you know, I got to set up status net, I got a domain point to domain to my outward-facing
IP from my ISP.
They say they have dynamic IPs here, but I get the same IP, unless I change routers and
the MAC address changes.
So, this might go into some of that, they're watching what you're doing and the six-strike
stuff.
Yeah.
I have the same situation.
I have a static DNS entry just pointing at my house for when I need to not VPN SSH in.
Yeah.
I was a little bit worried at first that I needed to update it all the time, but no, not
so much.
Oh, yeah.
So, back then, it got me learning about domains and, you know, pointing them to your IP and
got me learning about, you know, putting in the LAMP stack and I had my own status net.
I had a web page.
And then I kept saying to you guys, like, it's slow, it's slow, I'm going to get a VPS,
I'm going to get a VPS, and how long did that take me?
Like, over a year, maybe.
Yeah, it's been a while, but it's understandable.
VPS is, they're incredibly nice in certain aspects.
You get, especially with Leno, do you get a complete machine in the cloud that you can
do whatever you want on.
Yeah, that's fun.
Yeah, it's handy.
They use their bandwidth, their hardware, you don't have to worry about anything except
the monthly recurring cost and what if the company goes under?
That's so, but you and A-Sphere have been using them forever and you said it was like
minimal downtime and that, that's worth the money for me.
However, the strangest thing is that what drove me to get it was T-MUX in a RISI, those
those simple little IRC things because, like, I've always, I've always hopped into IRC,
but I used to just start up XChat and then you can't really, you're at the beginning
of whatever conversation is going on and it takes a while for the conversation to go
by until you can figure out if you can, you know, if you want to say something.
So, it was hard to get into IRC in that way, but then on my desktop, desktop 4 would
always be 4XChat windows and they'd be going 24-7 and I could click over and look at them,
but I could only be in IRC if I was sitting in front of my desk.
Yeah.
So, there's something to be said for chat omnipotence.
Right.
So, when I started messing around with, I started messing around with screen and T-MUX and
RISI and WeChat, figuring out how I was going to do it and then once I figured out you
can just reattach to your screen or T-MUX session from it, whatever computer you're on,
and see the backlog of IRC going by, I was like, yep, this is exactly what I wanted.
Yeah, it's wonderful.
Then I was like, okay, 20 bucks a month for, I guess I'm doing IRC basically for 20 bucks
a month on a linoid, but so I got that all set up and then I moved my status net instance
up.
So I basically replaced everything, the server laptop was doing in my house and put it
up in the crazy clouds there.
Yeah, and let's back up for a little bit because you didn't just jump from a machine
in your house to a machine in the cloud.
You jump from a Debian machine in your house to an arch server in the cloud, which is crazy
in my opinion.
I'm getting more used to arch these days, so yeah, it wasn't, that step wasn't it big,
but yeah, for the last year or year and a half, I've been a mix of Debian and arch stuff,
and then just every once in a while I'll get on my Debian machines and I'm typing Pac-Man,
so why am I fighting this, but anyways, oh, I lost my train of thought.
Oh, I got my status net up there and everything's working.
You guys started to resub me.
And then some people were complaining like on a friendika.
Navigame was saying that webfinger will not go into subfolders.
Does this make, yeah, there's a lot of different protocols at work.
I don't know how any of those other applications work.
I know status networks on something called O status, but it has all sorts of other supported
protocols, like something called friend of a friend, FOAF, and there's probably some
more stuff in there, but I think they work a little bit differently on the friendika side
of things, and there's always diaspora, I think.
I'm not sure if they can subscribe to status net instances or not, but there's a lot of
different things going on, so it's understandable that things like this, like different tiny
compatibility issues will come up.
That was the first being fairly new to putting up any type of web page at all.
That was the first time someone said subfolder and then someone said subdomain.
So that got me looking into subdomains.
That's where I'm stuck right now.
Oh, maybe you should explain to everyone what a subdomain is.
I don't know yet.
I don't have my head around this crap.
Okay, so the difference between a subfolder and a subdomain is subfolders are file system
base.
If you have, for instance, gunmonkeynet.net, you can add a folder underneath the web
route, which is usually slash, slash, slash, www, and that'll make a subfolder on your
website.
So you'll have gunmonkeynet.net slash status net and subdomains, yeah, and that's fine,
honestly.
I didn't realize there were problems with friendika, but apparently friendika requires a subdomain,
which is a DNS entry and while it will still be like status.gunmonkeynet.net, it will
be its own separate web server or web site as far as a page is concerned.
And that often the way you do that is through this virtual host directive and let you make
your own virtual web sites based on what domains are getting sent to your server.
That's right where I'm stuck at, so this, what we're recording here right now came about
because I'm stuck with the, some of this might be old hat to some of the people listening.
So if you want to just click ahead, that's fine, but I figured if there's, I'm no newcomer
to computers, but there's a lot of stuff here that I don't know about.
So I figured maybe if I could just bounce some questions off you, it might help some other
people that are thinking about getting into some web pages and stuff.
Or it's just going to hopelessly confuse everyone, so you've been warned.
If eight records and C names and virtual hosts and stuff sound as strange to you as they
do me, I suppose you can, you might get something out of this.
I feel like we should put an aha note in the show notes when we figure everything out
and then say, if you just want the solutions, go to too long didn't really.
Exactly.
Okay.
We'll do that then.
Oh, and then the other thing I should mention is the trouble that I'm getting into,
I was fine up until I wanted to do multiple things with my server.
So I'm starting to think about doing, besides the status net, doing a media goblin instance,
possibly an own cloud.
My wife wants me to look into WordPress and then, oh, wow, and then this is a lot of my
play, huh?
And then the status net guy seemed to be working towards this pump IO thing, so we might
all start fooling around with that.
So I have to figure out how to do multiple things with my server.
Yeah.
And that's, it's, it's got benefits and drawbacks to using subdomains over subfolders.
So for instance, I do not have any room on my VPS right now for node.js or MongoDB, because
it would just, it would crush the thing.
It's only got 512 or 640 megs of RAM in it.
And Apache and MySQL eats that pretty regularly.
So if I loaded another server software on there, there's a pretty good chance that everything
would just fall over.
So since I'm using, yeah, yeah.
And that's, I think you should be better on Arch because you can fine tune stuff a lot.
And I've, I just recently tweaked Apache and MySQL so that they'll use less memory.
But you have to be really careful about overloading your system with things.
And that's usually adding virtual host doesn't cause any problems because it's just using
the same MySQL or Apache service.
But loading up extra server software could get me in trouble.
And since I use subdomains for everything, I don't necessarily have to keep them on
the same server.
You could point what, like I can point pump.fragdev.com at my computer home.
And I can point status or micro.fragdev.com at the VPS.
And since that's all handled in DNS, I don't have to worry about where things are.
Whereas if they were subfolders, they would all have to be on the server, the same server.
I'm the same machine I see.
Yeah.
What was I going to get at the subdomains?
Something really important to do the subdomains.
Oh, yeah.
I bet it was insightful too.
What the hell was I going to say?
Subdomains.
Subdomains.
Subdomains.
Subdomains.
Subdomains.
Overloaded VPS.
It was, oh, it was the multiple sites.
So it seems like when you're hosting yourself or doing any kind of hosting really or programming
or developing whatever, the trick is going from one to two, like two to three and three
to four is always easy.
If you wanted to have like move from using one SQL server to shared SQL servers, if you
had like an extreme load or something like a very high traffic website, that jump to
two servers is always difficult.
And I think it's the same thing with this, with the virtual hosts.
Because if you're just, if you're just doing one website, you install Apache, drop everything
in var, www, and you're set.
It's a website.
It's 100% complete as soon as you install it.
But once you get into this virtual host thing, just making that next step is so difficult
because you need to configure it to use virtual hosts.
And you need to get the first one set up and listening.
But once you have that second virtual host set up, creating the third, fourth, fifth,
I think I actually have 15 going on my VPS.
Oh, boy.
And it's really just copy and paste from that.
So once you get this up, adding additional applications is so much fun.
I am adding virtual hosts and it just keeps failing harder and harder.
I think I want you to take me from step one to step two.
Well, this is only your first one, right?
And I-
Well, the first time I tried to do two things with a server.
So.
Yeah.
I want two different addresses to come to the same IP address and then get sorted out, you
know, through the file system, pointed it in the directions here.
So I looked, because I'm running on Debian, things are a little bit different.
We use separate files for each virtual host where it looks like Arch stores all of the
virtual host directives in the same file as a httpd.conf, maybe?
Let me look up the ArchWiki.
httphttpd.conf Okay, that's the standard Apache configuration
file.
Yep.
But then you can say include your virtual host.
Yeah.
And while it's running through that, it can go grab that.
Yeah.
Okay, so they have, they have a single virtual host file called httpd-vhost.conf.
Yeah.
And that's an extras.
So.
Yeah.
Debian makes it so that you have one file per virtual host and it just includes the entire
directory.
I see.
And again, there's, you know, there's going to be drawbacks and benefits to doing it that
way.
But this way, it should work fine.
Yeah.
I rented some PHP differences to it between Debian and Arch.
That's when.
Oh, very much so.
I'd imagine.
John Cope couldn't sub me and I figured out that PHP needed to look in a few more folders
and it wasn't set up to do that in Arch.
So I just have to get into the config there.
So yeah, there is some of the lenses.
Yeah.
Well, Arch since Arch has bleeding edge everything and Debian's, you know, that they're still
using whatever.
Stable grade.
Exactly.
Yeah.
You know, I've been using this version of PHP for years and it hasn't given me any trouble.
But you can see.
And yeah, these distros with their bleeding edge software.
It's so yeah, I think that that might cause some differences, especially with some of
the included extensions, but you have status up and running.
So I don't think PHP is going to give you too much trouble.
The virtual host is all at the Apache level.
Yes.
The virtual host is where I'm stuck right now, so I don't know where the first place we
should look is probably in the, uh, my registrar in the zone file.
We should maybe talk about that about, yeah, regular, you can see names and, okay, so
I just pulled mine up.
Okay.
So you've got your zone file in front of you?
Yes.
And I changed it in the morning and I think I probably know what I did wrong because everything
is broken right now.
So.
Okay.
Well, what we should do is explain some of the stuff we just said.
So first of all, a zone file is a list of all of the records you have in your DNS server
for your domain.
So any of your, um, your subdomains, any of that stuff will be you, will be stored in
this zone file.
And you mentioned A names or A records and C names?
Yes.
So an A record is, it's just a pointer basically that points to an IP address.
So your main record will always be an A record so that people know, you know, if someone
sends a request for gun monkey, not gun monkey net.net, they will be able to your DNS host
will be able to return your IP address and get them there.
And a C name is just a pointer to another A record.
So I have, yeah, it's like a simlink, really.
This is working, Jake, because as you're saying, you're, you're teaching me, yeah, I was
getting confused with C names because I'm looking right now and, you know, it's saying like
blog C name and then the value is blog dot VIP dot, well, I use gun, it's, yeah, it seems
like it points to another address.
Yeah.
And it's, it's not a full address.
It has to be another DNS record.
So for instance, it would be really nice if you could make a C name that pointed to gun
monkey net.net slash status net, but they don't work that way.
They're, they're strictly, um, but you can bet I tried that a couple days ago.
It would be really nice.
You were joking, uh, an identical earlier, how on some, something you were working on,
you would get in the config, you could change it, you would restart it.
Does it work now?
Does it work now?
You know, just changing the, that's, that's what I've been doing these days, just change
it.
Does it work now?
And I was waiting for the hazam moment, but it hasn't come yet.
Yeah.
And the problem with these kind of situations is it's so hard to test because there's so
many different pieces of software in play.
Exactly.
Yeah.
You've got the DNS records that could be out of date.
You've got the, um, the Apache, like, did it reload its config?
Did it reload it and use its config?
So I was wondering about, wondering about permissions when I'm pointing things to different
folders.
Yeah.
Does someone from the web have permissions to look at what I have here?
Yeah.
There's a lot, a lot of different directions to look at.
Yeah.
It's a good thing we're not doing a mail server because that's 10 times worse.
That's part two, I think, of this one.
Oh, God.
Yeah.
You and Jezre, I hope.
Oh, right.
Got that put in our lab.
So, um, so anyways, what I'll probably do is I will set up an, uh, entry in my slash
X, Etsy slash hosts file, so that I'll just bypass the whole DNS problem.
And, uh, if I can verify that your virtual host is working that way, then we can remove
that and start testing the DNS and the things.
Okay.
So, could you, all right, I wanted to ask you a question about the, the zone file here,
if I messed it up.
Yeah.
So, so my A record, it asks for a name and the ones that Gandhi put in there are like
blog, IMAP, pop, SMTP, mm-hmm.
So then I made an A record because I want micro for my status net.
So I made an A record name, micro dot gun monkey dot net or net dot net and then put the value
with my IP.
Did I just need to put micro there?
Usually.
Yes.
Okay.
So that's what things broke today.
Yeah.
And there's some tricks, um, since you're using a, uh, a registrar to do, to edit your
zone file, their interface might have some differences because like I've been able to
do things on GoDaddy that I haven't on Gandhi and I've been able to do things on Gandhi
that I haven't on hover, uh, so yeah, but just wondering if now that I put the gun monkey
on the end of micro, if it's redundant here in this own file, and I need a goblin
above it with, with gun monkey also, so I'm going to change this to just, so you may have
made a subdomain that was, um, micro dot gun monkey dot, oh, yeah, so just change it all
together.
I'm going to try it.
It might resolve.
That would be stupid.
All right.
We can cut this out because I'm typing.
I'm trying it too.
I'm interested.
You've got my attention.
It's way too many dots.
It works.
Doesn't it?
Just keep putting dots in it.
That's exactly what you do.
Yeah.
Uh, you slash, uh, well, maybe we can leave this in it and let, you know, people can hear
I did things wrong.
Good.
No, I like this because I didn't know that was possible.
So I am totally making a buffalo, buffalo, buffalo, buffalo, buffalo, buffalo, buffalo.
Don't worry.
When somebody squatting on something that you want, you can just, you'd make it as long
as you want.
Hmm.
Somebody squatting on Ford cars.
I'll just make Ford dot cars, dot Ford, dot cars.
Well, the problem is you have to have control of the original domain.
So that's good.
Oh, that's good.
Done.
That was good.
Fire up.
What is it?
Backtrack that you've got?
Oh, Jake.
Oh, Jake, we might be able to make this like a two or three part or we're getting up to
22 minutes and we haven't even gotten into my problem yet.
Oh, Ken Fallon will be pleased.
Here's our four-pinered partner to go with 150 in a hookah.
We're set till 2017.
Thank you very much.
Oh, can we stack them up?
I think he washes them all the way at the beginning of the year.
It's for all your credit.
We can hold back.
Okay.
We'll get a lawyer and we'll have these in a safe deposit box somewhere.
There you go.
Okay.
We'll worry.
All right.
I got this really wacky zone file.
Yeah.
So I need to change this.
Mm-hmm.
So, yeah.
I just visited micro dot gun monkey net dot net dot gun monkey net dot net and this is
how the net works.
Yeah.
I don't know what you guys are using.
All right.
So, and then, oh, another thing you can explain while I'm doing this is the T.T.L.
Time to live.
So, DNS is a very hierarchical system where when you make a DNS request, it goes to your
server and if they don't have a copy of that record, it goes to the next server up and
if they don't have a copy of that record, it goes to the root servers and if everybody
did that every time the internet would just explode.
So, DNS has the crap cashed out of it where if one server does a DNS look up for google.com
or gun monkey net dot net, it saves that for as long as it can and that T.T.L.
value that time to live says how long it should be valid.
So if your Google and your IP address isn't going to change all that often, you can set
it to a couple hours, you can set it to a day, you can have it cashed quite a bit and
that's not a bad idea because that helps improve the performance of your site.
And that happens on your computer as well.
So if you've looked up a record that has a time to live of 10 hours and you visit that
site all day, you'll only do that look up once.
Hmm.
So I'm messing with my T.T.L. right now trying to get it to go faster while we're recording,
but it won't let me do one minute.
I try.
Yeah.
So what is so is it?
It was three hours default.
So yeah, you can knock that down to the lowest value you can just in case you need to troubleshoot
things like that.
Yeah, that's that's.
I'll set it back up to three hours after it.
Yeah, it won't let me even set three minutes.
Try five minutes.
That's usually a pretty low default.
When the ghost says five minutes, Gandhi.
Submit.
Oh, don't make me come to France.
Wow, you are the go-to.
You know all about this stuff.
Five minutes.
Yeah, I think to five minutes.
I suppose while we're waiting for that to change, we can go into the other problems I had
with the virtual hosts.
Okay, dokey.
All right, I got a switch to it.
So I'm looking at your virtual host file.
Oh, yeah.
We took a pause there and I had to send him my virtual host files.
Yeah.
Plus, you know, root access, whatever.
Anyway.
So what I did with the virtual host, there's a generic virtual host file that you can copy in here.
Yeah.
In Architz, Etsy, HTTPD, slash comp, slash extra, HTTPD.
This is one of those things.
It'll be better in the show.
Yeah.
It will be written out.
slashvhost.conf.
So that's where I am right now.
And this is for the last two days I've been changing things in here and restarting Apache and crossing my fingers and family.
Yeah.
And each one of these virtual hosts is in its own configuration block kind of thing made out of virtual host tags.
So I'm comparing the two.
You've got the document root.
There's a lot of stuff in here, most of which can be ignored.
It's just like preferences as to how your site will react when it hits a Simlink or something like that.
But the most important thing is the server name that tells Apache which subdomain this will respond to.
So when you request us a web page at micro.gunmonkinet.net, if it's got a bunch of virtual hosts, it needs a way to sort out which one you're trying to get at.
So it takes that request header and then matches it against the server name directive of each of these virtual hosts.
And it let's see.
So that was a question I had yesterday when I was following around this.
If you can see from what you're reading there, there is server name and there is server alias.
And yesterday I was doing server name.
WWW gunmonkinet.net, which is my VPS.
And then I was doing alias as micro dot such as such.
So that's not necessarily what I was looking for like local host basically on server name.
And then that's not alias. So that's where I got wrong there.
Yeah, what it's looking for there.
The server name is the primary address of the website.
So server name should be micro dot gunmonkinet.net.
Which is what we should say is a subdomain of this is going to get confusing isn't it?
Yeah, but the thing is it doesn't have to be a subdomain.
Most of the sites I have on my VPS are for different people and different customers.
So server name could be if I wanted you to host my pump.io instance,
you could have pump.fragdev.com as well.
On my VPS I see.
Yeah, it doesn't have to be tied to gunmonkinet.net.
Server name has nothing to do with the name of your VPS or the primary address.
All server name is what that virtual host should respond to.
Server alias, why would you even have this field?
Server alias is just like an alias for the virtual host where...
Oh, I don't know.
If you had micro.fragdev.net set up by accident.
Which never happened.
Yeah, that's never happened.
I deny everything.
So you could set that as a server alias to micro.fragdev.com.
So the primary address is micro.fragdev.com.
And that's what that virtual host should respond to most of the time.
Server alias is for additional names that you wanted to respond to.
Okay, all right, I didn't know that.
Yeah, you can leave that directive out, honestly.
So basically, I'm going to go down right now and just take out the...
I don't need the alias at all.
Yeah.
And I should probably mention at this point that I use these virtual hosts an awful lot.
But this is absolutely not a definitive explanation.
This is just what I understand.
If anybody has any corrections they want to make, please let us know.
But server name is most definitely what it should be responding to.
Okay, so now I just made three virtual host blocks.
The top one is...
Oh yeah, another question.
The server admin.
What are they looking for there?
This is at the top of the block when you first start.
Yeah, that is...
That's an Apache specific config that really doesn't come into play much while it's serving the web page.
What happens is if you hit a 404 message and don't have a custom 404 page designated,
Apache generates its own default one and it says, you know, 404 page not found.
If this...
If you feel this is an error, please contact the site admin at...
Ah.
And it wrote at local hell in there.
Which I have here.
So anybody looking at any of my future pages and they want to complain,
you can just send an email to root at localhost.
Exactly.
And I bet if you did a Google search for that particular email address,
you'd get a lot of sloppy servers.
Nice.
Did you just call my server sloppy?
Oh, it is at the moment, but we're working on that.
It's going to be, you know, ironclad.
I actually am paying extra on Leno to have a day, week, and month backups.
Just so when this all falls apart, I can just step back a little.
It's only five bucks, so.
See that...
That would be a smart thing to do,
whereas I just made it very clear whenever somebody starts using my server that I don't have backups.
You should probably make that.
I'm getting much better.
I do semi-regular backups manually,
and I'm about to set it up so that my server will automatically SSH to my house
and dump all of the important stuff onto my hard drive.
Oh, nice.
But I haven't quite gotten there yet.
So you are ahead of me in that respect.
Well, I'm just...
I'm waiting for this to all fall apart.
So, I mean, maybe if I get more comfortable in a year,
I can do like some rsync stuff,
and I won't have to have them doing it.
Well, that's the thing, though.
That waiting for your server to fall apart is the right attitude to have.
That is a brilliant, sissed-man technique, you know, expecting the worst.
That's the way you should do it.
You would think that it's almost a blessing and a curse that Linode has this uptime
that's just amazing.
I've never really had my site go down more than once in the couple of years
that I've been hosting with them.
And that's like, this has been through Hurricane Sandy.
And I'm in the New Jersey data center.
Yeah, me as well.
And that would scare me into making backups, but no.
Not yet.
So, actually, maybe while we're doing this, I should start a backup.
You're getting me all freaked out.
I'll start it for you.
I'm in your system.
There you go.
Okay, so...
Okay, you take care of backups.
I'll work out.
Yeah, you're backed up.
Believe me.
I got you on a tape drive.
All right.
So virtual host.
We just go way off track.
Right.
You're just converting crash.
Mine is the important one right now.
So I have three entries in my virtual host.
And from reading the server.
Yeah.
Okay, server admin.
It's not really important.
But I suppose I could put my real email address in there.
Yeah.
What I do is I have an alias that I use for all of that stuff
that's going to be public.
Like all my who is data, all of my server admin values
are all set to this random.
I think it's like net admin at a number.
So if that ever starts getting spammed to hell,
I just increment the number.
Okay.
I'm just going to leave my net root at localhost for now.
It'll go to somebody.
Yeah.
From what I read.
You're a problem.
From what I read, I don't know if this is an arch-specific thing,
or if that being does it.
From what I read in the top of the virtual host file,
it says, even though you have a entry for your server,
you need to put it back in over here.
So you see my, you see a generic block at the top.
So that one is served out of document root slash bar slash
www.
Mm-hmm.
Yeah.
The document root, that configuration value,
just sets where the root of your web page is going to be served from.
Yeah.
So that's what I've always had ever since I first started doing this.
It started doing this was www.
And that's where you saw that my PGP key and that monkey thing.
So that's just, it's always monkeys.
I don't know why.
I didn't even start this.
So that's the index.html is in www.
Yeah.
So then when we set up status net,
we would do var slash www slash status net,
which came out of a read made that a lot of us read.
So that's how I currently have it set up on the VPS.
And this is where people are saying they're having trouble getting to that subfolder.
Yeah.
So what you can do is you can just point one of these virtual hosts document root at that subfolder
and it'll be available in both places.
That's where I'm going neck.
Okay.
We're on the same track here.
So then my next question was the media goblin
reading through a read me wants wants to be served out of slash serve slash HTTP.
So I think those are just default values of whatever platform you're on.
So every every Linux distribution changes the the directory structure a little bit like.
I noticed that all the Apache configs are in HTTP D dot conf in arch,
but in Debbie and their Apache two dot com.
Okay.
Yeah.
So this is so this may be arch specific because I was getting using blogs from a J Pope and Chimo
who are both arch guys setting up media goblin.
Yeah.
So however, let's say I want to use serve HTTP.
Does this become an issue using two different.
I mean, I can shoot people to different subfolders, right?
Yeah.
It shouldn't make any difference as long as you have the permissions correct.
All right.
So as long as your WWW dash data user can access all of those because that's Apache runs under a second account.
And there's something you might want to check on arch as well because they might have an HTTP D user.
Okay.
Whereas on Debbie and it's a WWW dash data.
It's set up a WWW dash data account and it's running status net just fine.
But then for media goblin, I set up another user.
I set up low-privileged users.
Oh.
So I have a media goblin user who has permission, you know,
everything's a chone media goblin colon media goblin over in this serve slash HTTP slash media goblin.
Oh, that might be causing problems.
Actually, this is what I'm saying.
I'm just fooling around here and I could be digging a hole.
Well, one of the, so you would have to somehow get Apache to impersonate that user because right now,
if Apache is running as this as their own user,
that that process needs to be able to get to these files as well.
So this might be where I'm running into trouble.
I never even considered Apache being a user.
I pictured this user that I can make up.
You know, I made up media goblin or I made up WWW.
As long as they have permission to see the folder and they start the process of the server,
I thought I was fine.
Well, that's they can, they can start the pro.
I don't know if there's any server processes in media goblin,
but there's less data than things in status net.
So you can, you can do that.
But you'd have to make sure that the Apache service account,
whatever Apache runs as, is in the group of those users you're creating.
Okay.
This might be one of those HPRs where I confuse people more than...
Don't do it my way, first of all.
I'm the student here.
That will make things a little bit more complicated.
It might, I guess it could silo you a little bit so that if something goes wrong
and your media goblin installation gets hacked,
I guess they won't be able to navigate around.
Although a lot of that should be prevented by Apache anyways.
Okay.
Apache will silo each of these different virtual hosts inside their own directory,
inside their document route.
So for instance, a user wouldn't be able to like,
like, recurse through the direct directories a little bit
and get access to your Etsy folder or something like that.
Okay.
I was just under the assumption that every time you set up a server,
you set up a user to start the server and a low-privileged user.
Okay.
This is the learning steps of me going from one server type thing to having two now.
So if I just stick with my www-data account,
I will set up all my servers and have this, have that user start them.
Yeah.
If that's what Apache is running at.
I believe it is.
Because, yeah.
Because Apache is the server.
These are just applications running under them, I guess.
Okay.
I think I just figured out what the problem is with my multiple servers.
Even though they're started having falling over a little bit.
But I need to get past the virtual host stuff first.
Because part of my troubleshooting was I put index.html in each one,
in each folder I'm pointing to.
And this would just say, you know, like, the HTML would only say,
holding place for media goblin, holding place for micro.
Just to see if the resolving was happening and something would pop up on my browser.
Which is a good approach.
It still hasn't.
So I'm still having trouble with this virtual host folder.
Okay.
So, well, the first thing you're going to want to do is see if you can just
chown.
However you say that.
Command C H own.
Change owner.
Change owner.
Yeah.
Change owner.
You're going to want to change the owner of all those files to www-data,
just so we can see if it'll get up and running.
So what I usually do because I've had to kind of create some best practices
because I just have a pile of websites and web applications running on my VPS.
I usually make subfolders inside slash bar slash www.
So there really isn't a website on my server at slash bar slash www.
I think I might have an index.html just in case something gets directed there.
Okay.
But usually what I do is I'll make a subfolder for each subdomain.
And I will name that folder the subdomain.
It's a really good practice to get into because it.
I've done it the other way too where I've had folders named one thing
and then I'll change the subdomain or I'll move something around and it'll all be wrong.
So usually I just.
I name the whatever it is.
The address that it resolves to just so I can keep everything straight.
It also makes it easy to do a search and replace in VIM with those virtual host blocks.
All right.
I'm going to throw you for a loop here.
Okay.
I'm ready.
Slash bar slash www is owned by Bill Bill.
Yeah.
Slash.
Serve slash HTTP media goblin is owned by media goblin.
Maybe I'd never even set up a user www here.
I'm thinking of my Debian box and I'm thinking of my arch box.
Oh, that's true.
Oh, and you've got the two servers to keep track of.
Well, actually the Debian one that.
That laptop is shut down and over in the corner now.
It's it's not coming back, but.
So.
Well, you've got this two server experiences to keep trade straight.
Yeah, I'm trying to figure out which direction I'm going.
Well, I would I'd say the first the first thing you have to do is make sure.
You know what what user account is being used to run Apache.
If you mean by doing like.
So do system control start stop HTTP that service.
I'm doing that as Bill.
No, no, no, that's not what I mean.
Okay.
I mean, doing like the PS command to list processes.
Okay, let me.
Grapping for Apache and finding out what user account Apache is using to spawn its processes.
Whatever that user account is, that's what you need to give access to.
Okay.
Let me try that.
PS.
Yes.
I know they all read how they all popped up.
Okay.
So I'm taking my old Debian stuff and mixing it with arch stuff.
Yeah.
So the new user here is HTTP.
Okay.
So the process is running as the HTTP user.
Yes.
So that's what you give access to all those folders.
So I need to chown all these folders.
Yeah.
And if what I do on my VPS to make sure me and the other people that host with me have access to our files.
I chown, I change the owner of the folder to the user that manages those files.
So status net is me.
Some of the other folders are for other people.
And then the group is always in your case, it'd be HTTP.
Got you.
Okay.
So I can still have my media goblin user group HTTP.
Yeah.
And then I'll have my.
Okay.
All right.
I can do that.
Yeah.
Any Damon's or something?
Yeah.
It's a Python environment.
Is it?
Oh.
And it uses like the lazy cell re server.
Oh, it's it's stuff I've never heard of.
Yeah.
That's another problem.
Every web application I look at has a different set of technology that it runs on.
Like pump IO is node.js and MongoDB.
And I didn't realize media goblin was Python.
It might not be I'm trying to get over to the brand.
I'm even newer to this than the virtual host stuff.
I'm just I got a VPS and I was like, all right, let's put on all the things.
And here I am.
So serve.
Yeah.
Well, that's.
Honestly, you get pretty far thinking that way too.
Okay.
So here I'm in the media goblin folder.
Everything is media media goblin media goblin.
So what I need to do is tone media goblin HTTPD.
Yeah.
So I'll do.
So that way.
And make sure that the media goblin or the HTTPD has read.
Let me just show this.
And if it all dies, I've already restarted media goblin three times.
Because one time I had a mix of installing as root and as the media goblin.
I would I would I would do sudo dash SU media goblin.
Then I could use my own password but have media goblin do whatever install was going on.
And I ended up with that.
That's good.
Yeah, but I ended up mixing some actual sudo stuff was owned by root and some of it was owned.
So.
So then I just I just got rid of the whole folder and I started over this.
Sometimes that's best.
I scrapped it.
I realized what I did and I scrapped it.
Also, if you do, um, is it shown.
This dash capital R that'll just do what I'm doing that right.
Whitewash of all the permissions.
That's a that's a handy.
I was just I just laughed because here we are doing an HPR to tell people how to do stuff.
And we're saying how we did it all wrong.
Showing minus or that media episode three hiding the bodies.
In valid group, no HTTPD.
Really.
Well.
We're going to call this episode two guys messing around with their Linux boxes.
So maybe the group things, a devian thing too.
You could do us groups.
You have to cat the Etsy slash groups folder or file.
HTTPD.
Okay, that seemed to work.
Let me go in there media goblin.
Less minus LA.
Okay, media goblin owns everything and the group is HTTP.
Awesome.
And the group.
The group's going to need read permissions, especially.
Okay.
Everybody has read.
Good.
All right.
Let's see if this resolves now.
So you think my V-host is correct.
My V-host file.
Now.
I let me switch back.
Where am I looking here?
Um, document room.
So you only have these four lines in your in each V-host block.
Or, oh, wait.
I probably am not seeing a lot of that.
So let me get back to mine because there should be a directory block as well.
We can fix this all in post.
Yeah, I took those out because it seemed extraneous.
Seems like stuff I would never use.
Get rid of this stuff.
They are not extraneous actually.
Okay.
Damn it.
I'll come like computers don't work the way my brain does.
If you look at the one at the top where it says directory index.
Okay.
Okay.
Okay.
Now, my big long password again.
Password password password password one two three fours.
It's the repetition that gets you.
You don't know how many password you put in.
That's right.
I hope no one was counting.
Okay.
So I'm back in here.
So I do need this directory.
There's some important stuff in there.
Okay.
Let's see what it all is because I think it's all godly.
Yeah.
So directory index where it says it gives two different file names index.htm in index.html.
What that means is when you visit a folder on this website.
So when you visit like slash status net or even slash like the root.
That says well, there's no, you can't just visit a folder.
We better find you a document to serve up.
Okay.
And that's what that directory index does.
So otherwise it'll give you the directory listing or an error.
So in the case of status net, it wants to find index.php.
So maybe on my micro one, I'm going to have to get rid of the index.htm index.html and do index.ht.
Okay.
Or PHP.
Yeah.
What I would do is I would just add index.php in front of the other two.
Okay.
Because that's in, it'll check those in order.
And you definitely want those as a backup just in case.
Okay.
Because why not?
So then there's the add handler.
And it looks like yours is adding CGI scripts in Perl.
And you don't really care about that as much.
But some of that might be required.
Like you might need an add handler for PHP.
Mm-hmm.
Let me look that up.
Okay.
So I've just copy pasted the whole directory chunk
down into my three.
Yeah.
Got monkey net.
So media goblin and micro.
Good. Good.
And I can't see it.
But so there's the directory block starts with like bracket directory and then a slash.
Yeah.
So that's talking about.
So that's far slash.
Oh, okay.
Sorry.
Yeah.
So that's talking.
That's just talking about your document root.
So that'll apply all of those settings to that folder.
And you can actually set different options for different folders if you want.
So you could secure a folder or.
Remove PHP access to one of your uploads folder.
That kind of thing.
Next step was options.
Oh, yeah.
I don't know what a lot of that stuff means.
Those are just options.
So I guess like that.
Some cubicle monkey is keeping his job by putting these options in.
Well, nobody knows what they are.
Some of them.
We can kind of work through like exec CGI the first one we see here.
That probably means that it'll execute CGI applications that you have in those directories.
So if like I said, if you had an uploads directory that was accepting files from the public,
you don't want them to be able to upload an executable into your images directory and then execute it by visiting it.
Because that would basically own your system.
So you could remove that option from that.
But since.
Since this is just your web application route, you probably want that kind of stuff.
What else is there indexes that's I think that hand that implements that directory index.
So that it'll say, okay, I need to check this.
Next one makes sense.
Follow some links.
Yeah.
Follow some links makes sense.
And multi views does not.
So someone else can do an HPR on what all this stuff means and tell us.
Yeah, if you know what multi views means in Apache configs, you should talk to Ken fell.
Somebody out there is going to do a three hour one on multi views.
And I'm going to make you listen to it.
No, what what's going to happen is we're going to release these episodes of us troubleshooting this stuff.
And someone is going to flip a table and say these people have no idea what the hell they're talking about.
And then it's like he's a super nice guy, but Kevin grenade is sitting here.
Head in hands just saying what the hell is wrong with these people?
People used to once in a while, like if if we if they're friends online, you meet them at a conference or something.
Oh, yeah, you're you, you're you.
Now they'll just stare at us like you.
Oh, it's him.
Oh, God, we're going to wake up in a dumpster with multi views tattooed on our backs.
And then plus includes that that's another one that I don't understand.
Most of this stuff seems like it's in the sensible default range.
Yeah, this didn't come out of a default folder.
So it shouldn't be you're going to get all hacked using it.
Allow override.
I don't know.
Oh, now that one that one I should know, but I don't remember it all what it means.
So the problem with all these Apache directives is the Apache documentation is kind of scattered.
Like it's all I've had a hard time looking through it in different cases because it'll explain what a single property means, but not in the context of everything else or maybe it's all written by smart people.
And I just don't don't quite get it in the way that they're trying to get across.
So okay, here's the directory click.
Okay, well next HP are we do it can be us rewriting Apache the way we want it.
If I was making the Apache config.
Okay, the next one is allow from all.
So it looks like allow override has to do with the dot ht access files.
Now those files are you could do an entire series of podcasts about those things like that's when you see the fancy URLs where you'll visit.
Like on status net it's slash lights slash sites slash all and it'll magically remap to a file that isn't there.
That's all done with the ht access files.
Okay, yeah, that's that's not for today.
Honestly, I'm not the person to talk to because I don't understand any of that yet.
HP are just give us another two days and we just skim this stuff and we'll do another episode.
Yeah, so let's see.
Yeah, so that's what allow override is.
I think that's like remapping visits a little bit.
So that what is it set to in your file?
Overwrite none.
If you want to set up the fancy URLs in any of these applications, you may have to enable that.
But for right now, just to get it working, we'll leave it at none.
All I want is just this stuff to resolve.
Yeah, I don't need anything fancy right now.
Nothing, it's all just worked.
So in the order allowed, deny, allow from all those two lines, that's, I think you can set up IP based.
And this is again, talking out of my ass, don't mind me.
I think that I just got to not say for work rating that.
Oh, damn, you're right.
You should edit that out.
Hang on, I'm going.
Oh, you're actually going to redo it so we can edit it.
No, no, I'm going to just say like the word unicorn.
And you can edit it in like the old one.
I want to leave this whole entire conversation in.
So I don't know if that's going to work or not.
So that you can control access to a website based on those.
But since it's a public website, that should be good to allow from all.
I don't think you need anything else from that.
Well, as long as you have all of those, I think that should get you most of the way there to at least resolving a site.
As long as we have those permissions in place.
So, how do we sum this up for the virtual host thing?
You were taking me through what this virtual host file is.
Yeah, well, what I know, most of it I probably just made up.
Well, some of it I was guessing at.
Well, the moral of the story is copy one of those default configurations that comes with your distribution.
So I've made some changes here.
And we want to try.
Well, before you give it a try, you have to remember to restart HTTP.d or.
Yes.
You have to restart Apache.
So how was it?
I'm even forgetting what it was in devian.
Oh, it's in it.
Yeah, so in in devian based systems, we're all still on the init system.
So it's a you slash Etsy.
Yeah, us in our devian cave.
It's it's slash Etsy slash init dot D slash Apache to in my case.
And then space in restart or.
I think restart is the one to go with.
There's a reload.
But I like to bring it all the way down and then let it just start back up just to make sure.
On install Apache, reinstall it to make sure it's completely out of there.
Yeah, you just want to make sure that you get your configurations reloaded one way or the other.
I do a purge.
I do it.
Yeah, get purge.
Get a brand new VPS.
It's getting insane.
So arch is a you're going to sue or you're going to sue do and then system control stop HTTP D dot service.
And then you can start it again.
They're very they're they're quite similar.
Sudo I like pseudo because it gives you root privileges without using a root password or enabling the root user.
And which is kind of a good thing to do, especially on a VPS.
If you're going to be SSH into it.
Turn off the root user.
I feel.
Yeah, turn off.
Don't even allow root to SSH and you go in as an unprivileged user.
You got your sudo.
You can use certificates.
No, that's that's right.
And even if you do need to log in as root, don't don't do it from SSH.
Don't SSH as root.
Most distros that I know don't even enable that.
They won't let you SSH in as root for good reasons.
It's just a real juicy target for all those scriptkitties.
So don't do it.
I like pseudo.
If you do need an interactive prompt like being root, pseudo dash I gives you that.
But I use su or switch user the SU command a lot because that lets you like you were saying run different processes or applications as different users.
So I have, I don't know if I have a status net user or if I run my status net demons as www dash data.
But I don't run them as myself and I don't run them as root.
So I think they both have their place.
Sudo is absolutely the way to go for a system administration as far as I'm concerned.
It's for me.
Seems safer.
Yeah.
It's just another obstacle of somebody got into your system.
They have to figure out another password, another password, another yeah.
Yeah.
Exactly.
Security through obscurity.
Not really.
No, that was just joking.
Yeah, everything's, it's security through good practices.
I think you should be commended bill.
Okay.
The tinfoil hat way.
Yeah.
Yeah.
So again, back to what we were talking about.
We've talked about like root privileges and stuff.
Where were we using these?
Oh.
On restarting Apache.
Aha.
Full circle.
So, um, have you restarted Apache?
I just did.
Yes.
Good.
While you were off on your tangent.
Yeah.
Meanwhile.
Back at mine.
All right.
Yes.
I did.
So is it resolving this?
Well, um, oh, it is resolving.
So basically where I was getting hung up.
Was that Vhost file and what all those fields met, which I think you.
You've nailed down like some that I didn't need and some that I did.
And another, another thing I need to look into is how I'm starting my.
Server processes, what under what name and what Apache goes.
So there's, there's.
Two, two directions I can go in and for homework and I can get back to you.
Cool, cool.
Yeah.
And I think, um, one of the ways you can avoid getting into trouble is just copying that default file and just changing.
The bits that make sense because that's the way I've been going so far where I really only change.
Server name and document root in a couple of their things like different places to put them on.
Yeah, the server alias really threw me to.
So that in my brain, it was going server name is your server.
And then that, which makes it.
Aliens is that micro or that, you know, something you want to change other than WWW.
So, okay.
So that's.
Yeah.
So this was learning with Bill.
Yeah.
And, uh, I'm assuming that through the feedback we'll have learning with win to go.
Oh, everyone tells me how very wrong.
He was wrong.
No, cool man.
It's, uh, it's.
I pick up a lot quicker when I can, you know, you tell me something that I can bang questions off you that they might be oddball questions.
And you just have to say, you know, no, you're going down the wrong train of thought there.
Yeah.
I picked up a lot quickly.
I shouldn't say quickly because we've been talking for about three hours.
Well, a lot of this is, um, like I've run into these same problems and I've just spent hours on the internet.
Yeah.
And luckily, you know, I've, I've been able to hit some of them and there's, there's still some stuff where none of it makes sense.
So, um, I imagine at some point, one of those is going to cause problems like that.
That whole access list thing is probably going to bite me at some point.
Well, I, I know a lot more about it than I was just poking around and guessing.
So.
Yeah, awesome.
I'll fool around with this a little bit more and I'll see if my, uh, my different, uh, well, what are they called?
My different URLs are resolving in the morning.
That sounds great.
Get your subdomains resolving.
And, um, do you want to give out feedback details or do you want to run and hide?
No.
No.
If you find anything wrong with this contact when to go at.
No, it's what is it?
Podcast, podcast at fragdev.com.
That local host.
Yeah.
There you go.
Send all, uh, complaints, corrections.
Yeah.
No.
I am.
And we both go ahead.
We both have the status net, uh, instances as well.
Yep.
So, um, micro.fragdev.com slash when to go.
Well, you know what?
I'm not going to give this out right now because I just changed.
We're going to figure that out.
No, I just changed.
I moved it all up and I'm changing the URLs.
So, find me an identity.
I'm not leaving there until all this is working.
Or.
There you go.
So.
And email is NY Bill at gunmonkeynet.net.
Sounds good.
Okay, man.
Thanks for, uh, rambling for a really long time with me.
Anytime.
All right, luck with your homework.
Yeah.
It's, it's quite a bit.
All right.
See you, man.
See you.
You have been listening to Hacker Public Radio.
Hacker Public Radio does our.
We are a community podcast network that releases shows every weekday Monday through Friday.
Today's show, like all our shows, was contributed by a HBR listener by yourself.
If you ever considered recording a podcast, then visit our website to find out how easy it really is.
Hacker Public Radio was founded by the digital dog pound and the infonomicum computer club.
HBR is funded by the binary revolution at binref.com.
All binref projects are crowd-responsive by lunar pages.
From shared hosting to custom private clouds, go to lunarpages.com for all your hosting needs.
Unless otherwise stasis, today's show is released under a creative comments,
attribution, share a line, lead us our lives.
Reference in New Issue View Git Blame Copy Permalink