Life, The Universe, and Everything

[johnf]

Doug ping !!!

[Donovan Ready]

I'm wondering as well. I sent him a PM yesterday..

[Doug Coulter]

Sorry for the delay, guys, it's been a bit hectic...I'm backing and forthing in the tender(?) clutches of various medicos....It's quite the list just now.
They backed out of my lung after taking a look .. for now. We are exploring which way they attempt to do something about the non-small-cell cancer they found there.
The good news about that is the nearby lymph node is OK, but more tests and scans are coming to make sure it's just the one place, where I might only lose half a lung or so.
Rounding things out we have what they say is likely Pheochromocytoma. Yeah, really, and that one makes some sense, as basically it's a defect that makes you high on epinephrine all the time. Check - sometimes that's nice, but it'd be nice to stop...imagine being forced to take cocaine 24/7 and it's close. But that's not new to me, just that now that I'm older, it messes things up worse. Random ventricular fibrillation drops the old BP to zero now and then. Fun.
To round things out, there's the common lower GI diverticulitis kind of crap...
All at once. I guess I'm glad the heart attack got me into the system so a lot of this other stuff got discovered early enough to be hopefully non-fatal.

The net result is testing the lack of ability of the specialists to communicate with one another, or to their vaunted computer systems so that my GP can at least do case management and see the big picture. Communication is a little problematic, as once I reveal I know a few latin roots, they just say a word and I'm suppose dto know all the non-physics uses of those roots...which I don't.
Physicist != physician! The mushroom treatment by any other name...

But I'm still on track to be hard to kill. Tuning a few of the meds ... adding supplemental O2 now and again (all not doctor approved) has helped a lot, but damn, running around to 2 different towns is taking a lot of time out of maintaining the place, which of course, also needs to be done, especially in our winter. And now they want to add a third city, this one not nearby at all.
Something is causing huge variability in all the parameters of my metabolism. Half the time, the BP meds they want me to take would put me on the wrong side of the grass - far too much. Other days, not nearly enough, things like that. So I'm doing a bit of chasing the changes here....

I am getting a little done in the shop here and there, but nothing really special to report just now, mostly I'm doing the fix-it-up on some tools to achieve higher precision or better convenience in a few things. In a bit of fun, a neighbor, probably the only guy within miles younger and healthier than I (it's become a retirement community here) has a kid who wrote a letter to Santa that got into the papers, wanting a cuckoo clock. So dad finds a mis-built old kit one that is kinda messed up, and brought it over as a project to work on ... and BTW, he doesn't mind doing a bit of heavy lifting I need done and can't always do just now, so it's a win and quite a bit of fun. Making a YT video, but it'll probably not go on my channel (he's learning and he can take the 'that's badly done" comments on).

Not sure which of the hammers will do this best ;~)

Bellows broken so the bird sound like a guy with lung cancer...gear teeth wrecked and bent over, mis depthed so the music box plays the whole tune in a quarter second, minor things like that.
He's stunned at the possibilities of a fully operational death star, errrm, shop...We'll try to keep ordnance out of the reactor vents.

[Donovan Ready]

Good to have you back, and best luck. Maybe you should leave the possibility for ordnance? You never know when it might be of some need...

[johnf]

Happy New Year and keep following the docs orders for now

[Doug Coulter]

Getting the docs to talk to each other and order consistent things is a bit of a challenge just now, John, but I'm trying.

I get to ask questions here, don't I?

Here's the deal - any web expertise and in particular NGINX stuff appreciated....

I plan to migrate this site (and upgrade it) to serve it from here. I have what I think is good hardware for it, and even have hot spares. I'm using odroid HomeCloud units, have been for awhile now for my own uses, they're about 2x a pi-4 in speeds and feeds, and each has 4 tb of spinning rust on it. Not to jinx myself, but they've had uptimes over a year, and only less because I've rebooted them on purpose. Each one easily saturates a gigibit link. At some point, I'll have gigabit to the world here - this spring/summer is what they're telling me.
Here's the poop on the odroid servers. https://www.hardkernel.com/shop/odroid- ... cloud-two/ They must be using one of their lesser products to serve that page, here they're blazing fast for that sort of thing.

I have, at the moment, 2 phpbb sites I'd like to serve from here. I already have one of the HC's port forwarded for testing. A different one already hosts one of the phpbb sites I'd like to serve from here (and this one I'd do immediately). But it's on a different HC than the one that has port forwarding. Now, I hear NGINX is super good at reverse proxying (if that's indeed the right term for what I want), but there seem to be issues.

First, yes, the port-forwarded HC works great, is blazing fast, anything on it comes right on out, served up hot and tasty, it supports php and perl, no issues at all, very satisfying.

Now, there's a phpbb site served up to my LAN from a different one. How to pass that on to the one y'all can see? Yes, with at least one of the proxy_pass directives I've tried, you get its home page - with no graphics and so on. I know what that means - the php is handing out links to the images and so on that are on that other HC that has a non routing LAN address - which is breaking this simple approach (but is not a stupid default). On the other hand, surely there's a not too hard way to make it "just work" so for example, y'all can see and use the 'doug's sysadmin notes" site? Obviously I could just move the phpbb code and the database and so on to the machine that's directly port-forwarded, but if I can keep it where it is - spreading out any load and doubling the available storage too thereby - why not? And this issue will arise again when I try to migrate this site (coultersmithing), though it can of course go directly on the machine you can now see online and the two sites still be on separate machines....which has other convenience attributes, like automatically not stepping on one another's data base tables...and so on.

So, I'm getting something really wrong in concept or just in the details of proxy_pass directives, need some magic rewrite of the secondary requests from the browser due to what the BB generates, dunno. I'm not putting the IP address up here yet as it's pretty fragile - Donovan has it, but if it gets out before I'm ready, well, I have almost 1 megabit up and I'd be too easy to DOS by accident at this point. It's not a static IP yet anyway, the ISP wants to charge me for that - around half what it costs to host here, but then again, only half, and the servers are, to me, free here - I have excess capacity to burn.

Thoughts anybody? It'd be nice to get this all laid out and working with some testing before doing the big nasty migration ... which is why I'm starting months ahead.

[Doug Coulter]

And the whack a mole begins. But it took 2 days to start getting hits like this:

64.4.160.214 - - [21/Jan/2021:18:21:49 -0500] "GET /login HTTP/1.0" 404 169 "-" "-"
64.4.160.214 - - [21/Jan/2021:18:21:49 -0500] "GET /jenkins/login HTTP/1.0" 404 169 "-" "-"
64.4.160.214 - cpVszYDE [21/Jan/2021:18:21:49 -0500] "GET /manager/html HTTP/1.0" 404 169 "-" "-"

This somehow seemed like it was up to no good...
iptables or hosts.deny, what's the scoop on which is nicer. I have a feeling something's going to get a lot of use soon, more when there's a domain name...(it'll be this domain at that point).

[Bob Reite]

Someone at a2hosting.com That IP has been abused reported a number of times.

[Doug Coulter]

Yup, I'm hitting whois on all these. Question is, do you block that ip, or the whole range you find out about on whois? Seems like you could wind up blocking most of the 'net.
OK, ones from China or Bangladesh that say right there - "don't bother us with complaints, we just provide addresses" - are probably gonna get their whole range blocked...
Some of this looks like finger fumble stuff, but some looks very much like trying to find unprotected logins for specific issues some software has. The latter - it's gonna get blocked even though I'm fortunate enough not to have that bug set (I think, hope, whatever).
All is so far, slow - a few hits an hour kind of slow, but from all over the place.
This is with a dynamic IP address in a range from my little telco that pretty much has NO other customers with open port 80 stuff...so someone is just scanning the whole range I guess and not paying attention to the fact that big ranges are all null.

Part of this AM

[Bob Reite]

I blocked everything from China. Too bad that the IPs are not all in one block. You have to do roughly 150 or 200 subnets to get them all, with out getting innocent countries.