1597031462 M * Bertl_oO off to bed now ... have a good one everyone! 1597031464 N * Bertl_oO Bertl_zZ 1597042623 Q * Carpoon Ping timeout: 480 seconds 1597047469 Q * gnarface Read error: Connection reset by peer 1597047740 J * gnarface ~gnarface@108-227-52-42.lightspeed.irvnca.sbcglobal.net 1597051870 Q * gnarface Quit: Leaving 1597052227 J * gnarface ~gnarface@108-227-52-42.lightspeed.irvnca.sbcglobal.net 1597059958 N * Bertl_zZ Bertl 1597059960 M * Bertl morning folks! 1597061502 J * Ghislain ~ghislain@adsl2.aqueos.com 1597061725 Q * Ghislain 1597065051 Q * Aiken Remote host closed the connection 1597067716 J * Aiken ~Aiken@b951.h.jbmb.net 1597071718 M * Bertl off for now ... bbl 1597071719 N * Bertl Bertl_oO 1597086302 J * emanuel ~emanuel@2a02:1748:dd5e:7720:aad8:61cd:1c3a:de3f 1597086841 M * emanuel Does each VServer need it's own dummy device? 1597086982 M * emanuel I have them all on the same one with different IPs, but apache says: 1597087145 M * emanuel Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80 1597087208 M * emanuel no listening sockets available, shutting down 1597087230 M * emanuel in one of my VServers 1597087340 M * emanuel Thanks 1597087365 M * Guy- emanuel: "Does each VServer need it's own dummy device?" - no 1597087388 M * Guy- emanuel: however, if you have something bound to 0.0.0.0:80 in the host context, then guests won't be able to bind to port 80 1597087437 M * Guy- emanuel: also, if you have ip 1 in guest A and bind a webserver to port 80, you can't bind a different webserver to port 80 in guest B if guest B also has ip 1 1597087462 M * Guy- emanuel: you need to make sure that every TCP ip:port combination only has one daemon bound to it, system-wide 1597087493 M * Guy- emanuel: "0.0.0.0" is a special case *in guests* because it means "all IPs available to this guest" 1597087539 M * emanuel guest A has ip 1 and gust B has ip 2 and guest c has ip 3 1597087644 M * emanuel 0.0.0.0, mhhhh 1597087751 M * Guy- emanuel: in that case, 0.0.0.0 inside each guest should work, provided you don't bind to 0.0.0.0:80 in the host context 1597087769 M * Guy- if you do, that blocks port 80 on all IPs, including all guest IPs 1597087790 M * Guy- btw, you don't need a dummy device at all 1597087802 M * Guy- you can also assign the guest IPs to a physical ethX device, or a bridge, or whatever 1597087822 M * emanuel why are guest allowed to bind to 0.0.0.0 1597087846 M * Guy- why not? 1597087870 M * Guy- in a guest, binding to 0.0.0.0 means, like I said, "bind to all IPs available to this context" 1597087910 M * Guy- so if your guest has, say, 1.2.3.4 and 2.3.4.5, then binding to 0.0.0.0:80 will be essentially equivalent to binding to those two IPs individually (there are some technical differences which are irrelevant) 1597087928 M * emanuel i meant why can they block the host 1597087964 M * Guy- that's an artifact of vserver providing network isolation instead of virtualization by default 1597088002 M * Guy- supposedly the overhead is much lower; fwiw, I think this only matters under very high load 1597088020 M * emanuel so they can't block the host 1597088025 M * gnarface emanuel: just avoid binding stuff to 0.0.0.0 until it makes more sense. it's the default for openssh-server but easily changed 1597088038 M * Guy- emanual: if it bothers you, you can set up guests that have their own network namespace 1597088066 M * Guy- that's how lxc works, but it's an uncommon use case for vserver 1597088112 M * Guy- in practice, not relying on being able to bind to 0.0.0.0 in the host context is not a big deal, because you shouldn't run any services in the host context anyway 1597088126 M * Guy- so it really just boils down to making sure openssh binds to specific IPs, not 0.0.0.0 1597088161 M * emanuel thanks changing the IP worked 1597089220 J * fstd_ ~fstd@xdsl-78-35-81-89.nc.de 1597089683 Q * fstd Ping timeout: 480 seconds 1597096263 Q * emanuel Ping timeout: 480 seconds 1597096901 J * emanuel ~emanuel@2a02:1748:dd5e:7720:aad8:61cd:1c3a:de3f 1597099054 Q * emanuel Ping timeout: 480 seconds