Open source softwarový stack ROCm (Wikipedie) pro vývoj AI a HPC na GPU od AMD byl vydán ve verzi 7.0.0. Přidána byla podpora AMD Instinct MI355X a MI350X.
Byla vydána nová verze 258 správce systému a služeb systemd (GitHub).
Byla vydána Java 25 / JDK 25. Nových vlastností (JEP - JDK Enhancement Proposal) je 18. Jedná se o LTS verzi.
Věra Pohlová před 26 lety: „Tyhle aféry každého jenom otravují. Já bych všechny ty internety a počítače zakázala“. Jde o odpověď na anketní otázku deníku Metro vydaného 17. září 1999 na téma zneužití údajů o sporožirových účtech klientů České spořitelny.
Byla publikována Výroční zpráva Blender Foundation za rok 2024 (pdf).
Byl vydán Mozilla Firefox 143.0. Přehled novinek v poznámkách k vydání a poznámkách k vydání pro vývojáře. Nově se Firefox při ukončování anonymního režimu zeptá, zda chcete smazat stažené soubory. Dialog pro povolení přístupu ke kameře zobrazuje náhled. Obzvláště užitečné při přepínání mezi více kamerami. Řešeny jsou rovněž bezpečnostní chyby. Nový Firefox 143 bude brzy k dispozici také na Flathubu a Snapcraftu.
Byla vydána betaverze Fedora Linuxu 43 (ChangeSet), tj. poslední zastávka před vydáním finální verze, která je naplánována na úterý 21. října.
Multiplatformní emulátor terminálu Ghostty byl vydán ve verzi 1.2 (𝕏, Mastodon). Přehled novinek, vylepšení a nových efektů v poznámkách k vydání.
Byla vydána nová verze 4.5 (𝕏, Bluesky, Mastodon) multiplatformního open source herního enginu Godot (Wikipedie, GitHub). Přehled novinek i s náhledy v příspěvku na blogu.
Byla vydána verze 3.0 (Mastodon) nástroje pro záznam a sdílení terminálových sezení asciinema (GitHub). S novou verzí formátu záznamu asciicast v3, podporou live streamingu a především kompletním přepisem z Pythonu do Rustu.
[root@vps html]# cat /etc/nginx/sites-available/00-default-ssl.conf # # Note: This file must be loaded before other virtual host config files, # # HTTPS server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name _; root /var/www/html/; index index.php index.html; include /etc/nginx/templates/misc.tmpl; include /etc/nginx/templates/ssl.tmpl; include /etc/nginx/templates/iredadmin.tmpl; # include /etc/nginx/templates/roundcube.tmpl; include /etc/nginx/templates/sogo.tmpl; include /etc/nginx/templates/netdata.tmpl; include /etc/nginx/templates/php-catchall.tmpl; include /etc/nginx/templates/stub_status.tmpl; include /etc/nginx/templates/nextcloud.tmpl; include /etc/nginx/templates/web.tmpl; }[root@vps html]# cat /etc/nginx/templates/misc.tmpl # Allow access to '^/.well-known/' location ~ ^/.well-known/ { allow all; access_log off; log_not_found off; autoindex off; #root /var/www/html; } # Deny all attempts to access hidden files such as .htaccess. location ~ /\. { deny all; } # Handling noisy messages location = /favicon.ico { access_log off; log_not_found off; } location = /robots.txt { access_log off; log_not_found off; } [root@vps html]# cat /etc/nginx/templates/ssl.tmpl ssl_protocols TLSv1.2 TLSv1.3; # Fix 'The Logjam Attack'. ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH; ssl_prefer_server_ciphers on; ssl_dhparam /etc/pki/tls/dh2048_param.pem; # Greatly improve the performance of keep-alive connections over SSL. # With this enabled, client is not necessary to do a full SSL-handshake for # every request, thus saving time and cpu-resources. ssl_session_cache shared:SSL:10m; # To use your own ssl cert (e.g. "Let's Encrypt"), please create symbol link to # ssl cert/key used below, so that we can manage this config file with Ansible. # # For example: # # rm -f /etc/pki/tls/private/iRedMail.key # rm -f /etc/pki/tls/certs/iRedMail.crt # ln -s /etc/letsencrypt/live/domain/privkey.pem /etc/pki/tls/private/iRedMail.key # ln -s /etc/letsencrypt/live/domain/fullchain.pem /etc/pki/tls/certs/iRedMail.crt # # To request free "Let's Encrypt" cert, please check our tutorial: # https://docs.iredmail.org/letsencrypt.html ssl_certificate /etc/pki/tls/certs/iRedMail.crt; ssl_certificate_key /etc/pki/tls/private/iRedMail.key;[root@vps html]# cat /etc/nginx/templates/iredadmin.tmpl # Settings for iRedAdmin. # static files under /iredadmin/static location ~ ^/iredadmin/static/(.*) { alias /opt/www/iredadmin/static/$1; } # Python scripts location ~ ^/iredadmin(.*) { rewrite ^/iredadmin(/.*)$ $1 break; include /etc/nginx/templates/hsts.tmpl; include uwsgi_params; uwsgi_pass 127.0.0.1:7791; uwsgi_param UWSGI_CHDIR /opt/www/iredadmin; uwsgi_param UWSGI_SCRIPT iredadmin; uwsgi_param SCRIPT_NAME /iredadmin; # Access control #allow 127.0.0.1; #allow 192.168.1.10; #allow 192.168.1.0/24; #deny all; } # iRedAdmin: redirect /iredadmin to /iredadmin/ location = /iredadmin { rewrite ^ /iredadmin/; } # Handle newsletter-style subscription/unsubscription supported in iRedAdmin-Pro. location ~ ^/newsletter/ { rewrite /newsletter/(.*) /iredadmin/newsletter/$1 last; }[root@vps html]# cat /etc/nginx/templates/sogo.tmpl # Settings for SOGo Groupware # SOGo location ~ ^/sogo { rewrite ^ https://$host/SOGo; } location ~ ^/SOGO { rewrite ^ https://$host/SOGo; } # Redirect /mail to /SOGo location ~ ^/mail { rewrite ^ https://$host/SOGo; } # For Mac OS X and iOS devices. rewrite ^/.well-known/caldav /SOGo/dav permanent; rewrite ^/.well-known/carddav /SOGo/dav permanent; rewrite ^/principals /SOGo/dav permanent; location ^~ /SOGo { include /etc/nginx/templates/hsts.tmpl; proxy_pass http://127.0.0.1:20000; # forward user's IP address proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; # always use https proxy_set_header x-webobjects-server-port $server_port; proxy_set_header x-webobjects-server-name $host; proxy_set_header x-webobjects-server-url https://$host; proxy_set_header x-webobjects-server-protocol HTTP/1.0; proxy_busy_buffers_size 64k; proxy_buffers 8 64k; proxy_buffer_size 64k; } location ^~ /Microsoft-Server-ActiveSync { proxy_pass http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync; proxy_connect_timeout 3540; proxy_send_timeout 3540; proxy_read_timeout 3540; proxy_busy_buffers_size 64k; proxy_buffers 8 64k; proxy_buffer_size 64k; } location ^~ /SOGo/Microsoft-Server-ActiveSync { proxy_pass http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync; proxy_connect_timeout 3540; proxy_send_timeout 3540; proxy_read_timeout 3540; proxy_busy_buffers_size 64k; proxy_buffers 8 64k; proxy_buffer_size 64k; } location /SOGo.woa/WebServerResources/ { alias /usr/lib64/GNUstep/SOGo/WebServerResources/; expires max; } location /SOGo/WebServerResources/ { alias /usr/lib64/GNUstep/SOGo/WebServerResources/; expires max; } location ^/SOGo/so/ControlPanel/Products/([^/]*)/Resources/(.*)$ { alias /usr/lib64/GNUstep/SOGo/$1.SOGo/Resources/$2; expires max; }[root@vps html]# cat /etc/nginx/templates/netdata.tmpl # Running netdata as a subfolder to an existing virtual host # FYI: https://github.com/firehol/netdata/wiki/Running-behind-nginx location = /netdata { return 301 /netdata/; } location ~ /netdata/(? ndpath .*) { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_pass_request_headers on; proxy_set_header Connection "keep-alive"; proxy_store off; proxy_pass http://127.0.0.1:19999/$ndpath$is_args$args; gzip on; gzip_proxied any; gzip_types *; auth_basic "Authentication Required"; auth_basic_user_file /etc/nginx/netdata.users; }[root@vps html]# cat /etc/nginx/templates/php-catchall.tmpl # Normal PHP scripts location ~ \.php$ { include /etc/nginx/templates/fastcgi_php.tmpl; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; }[root@vps html]# cat /etc/nginx/templates/stub_status.tmpl location = /stub_status { stub_status on; access_log off; allow 127.0.0.1; deny all; } location = /status { include fastcgi_params; fastcgi_pass php_workers; fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; access_log off; allow 127.0.0.1; deny all; }[root@vps html]# cat /etc/nginx/templates/nextcloud.tmpl location = /.well-known/carddav { return 301 $scheme://$host/nextcloud/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host/nextcloud/remote.php/dav; } location /.well-known/acme-challenge { } location ^~ /nextcloud { # set max upload size client_max_body_size 512M; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers gzip on; gzip_vary on; gzip_comp_level 4; gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; # Uncomment if your server is build with the ngx_pagespeed module # This module is currently not supported. #pagespeed off; location /nextcloud { rewrite ^ /nextcloud/index.php$request_uri; } location ~ ^\/nextcloud\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { deny all; } location ~ ^\/nextcloud\/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } location ~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+)\.php(?:$|\/) { fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param HTTPS on; #Avoid sending the security headers twice fastcgi_param modHeadersAvailable true; fastcgi_param front_controller_active true; fastcgi_pass php-handler; fastcgi_intercept_errors on; fastcgi_request_buffering off; } location ~ ^\/nextcloud\/(?:updater|ocs-provider)(?:$|\/) { try_files $uri/ =404; index index.php; } # Adding the cache control header for js, css and map files # Make sure it is BELOW the PHP block location ~ ^\/nextcloud\/.+[^\/]\.(?:css|js|woff2?|svg|gif|map)$ { try_files $uri /nextcloud/index.php$request_uri; add_header Cache-Control "public, max-age=15778463"; # Add headers to serve security related headers (It is intended # to have those duplicated to the ones above) # Before enabling Strict-Transport-Security headers please read # into this topic first. # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; add_header Referrer-Policy no-referrer; # Optional: Don't log access to assets access_log off; } location ~ ^\/nextcloud\/.+[^\/]\.(?:png|html|ttf|ico|jpg|jpeg)$ { try_files $uri /nextcloud/index.php$request_uri; # Optional: Don't log access to other assets access_log off; } }[root@vps html]# cat /etc/nginx/conf-available/php_fpm.conf upstream php_workers { server 127.0.0.1:9999; } upstream php-handler { server 127.0.0.1:9000; # server unix:/var/run/php/php7.4-fpm.sock; }2022/04/06 11:48:31 [error] 183326#0: *1 connect() failed (111: Connection refused) while connecting to upstream, client: xx.xx.xx.xx, server: _, request: "GET /web/index.php HTTP/2.0", upstream: "fastcgi://127.0.0.1:9999", host: "xxxxxxx.xx"
Řešení dotazu:
AbcLinuxu.cz
ITBiz.cz
HDmag.cz
AbcPráce.cz
upstream php_workers {
server 127.0.0.1:9999;
}
upstream php-handler {
server 127.0.0.1:9000;
# server unix:/var/run/php/php7.4-fpm.sock;
}
Kdepak, ten běží.
[root@vps ~]# systemctl status php-fpm.service
● php-fpm.service - The PHP FastCGI Process Manager
Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2022-04-06 10:35:33 CEST; 5h 36min ago
Main PID: 179534 (php-fpm)
Status: "Processes active: 0, idle: 6, Requests: 869, slow: 0, Traffic: 0req/sec"
Tasks: 7 (limit: 24932)
Memory: 115.6M
CGroup: /system.slice/php-fpm.service
├─179534 php-fpm: master process (/etc/php-fpm.conf)
├─190997 php-fpm: pool inet
├─191040 php-fpm: pool inet
├─191044 php-fpm: pool inet
├─191083 php-fpm: pool inet
├─191087 php-fpm: pool inet
└─191616 php-fpm: pool inet
Apr 06 14:16:23 vps php-fpm[179534]: [NOTICE] [pool inet] child 179539 exited with code 0 after 13250.376719 seconds from start
Apr 06 14:16:23 vps php-fpm[179534]: [NOTICE] [pool inet] child 191040 started
Apr 06 14:16:53 vps php-fpm[179534]: [NOTICE] [pool inet] child 179538 exited with code 0 after 13280.381147 seconds from start
Apr 06 14:16:53 vps php-fpm[179534]: [NOTICE] [pool inet] child 191044 started
Apr 06 14:17:23 vps php-fpm[179534]: [NOTICE] [pool inet] child 179536 exited with code 0 after 13310.377432 seconds from start
Apr 06 14:17:23 vps php-fpm[179534]: [NOTICE] [pool inet] child 191083 started
Apr 06 14:17:53 vps php-fpm[179534]: [NOTICE] [pool inet] child 179537 exited with code 0 after 13340.382813 seconds from start
Apr 06 14:17:53 vps php-fpm[179534]: [NOTICE] [pool inet] child 191087 started
Apr 06 14:28:53 vps php-fpm[179534]: [NOTICE] [pool inet] child 179596 exited with code 0 after 13966.336811 seconds from start
Apr 06 14:28:53 vps php-fpm[179534]: [NOTICE] [pool inet] child 191616 started
telnet 127.0.0.1 9999 curl 'http://127.0.0.1:9999/'Ten port je divný, přijde mi, že log nedpovídá konfiguraci. Vidím ho jen u
php_workers, které se použije jen u location = /status. Funguje správně reloadování?
sudo nginx -tZmění se port v logu, pokud ho změníš u
php_workers?
[root@vps ~]# ss -lntp
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 5 127.0.0.1:20000 0.0.0.0:* users:(("sogod",pid=1469,fd=4),("sogod",pid=1468,fd=4),("sogod",pid=1467,fd=4),("sogod",pid=1466,fd=4),("sogod",pid=1465,fd=4),("sogod",pid=1464,fd=4),("sogod",pid=1463,fd=4),("sogod",pid=1462,fd=4),("sogod",pid=1461,fd=4),("sogod",pid=1460,fd=4),("sogod",pid=1433,fd=4))
LISTEN 0 5 127.0.0.1:7777 0.0.0.0:* users:(("python3",pid=1505,fd=6))
LISTEN 0 128 0.0.0.0:993 0.0.0.0:* users:(("dovecot",pid=1134,fd=50))
LISTEN 0 5 127.0.0.1:7778 0.0.0.0:* users:(("python3",pid=1505,fd=7))
LISTEN 0 5 127.0.0.1:7779 0.0.0.0:* users:(("python3",pid=1505,fd=8))
LISTEN 0 100 0.0.0.0:995 0.0.0.0:* users:(("dovecot",pid=1134,fd=30))
LISTEN 0 128 127.0.0.1:9000 0.0.0.0:* users:(("php-fpm",pid=270596,fd=12),("php-fpm",pid=269997,fd=12),("php-fpm",pid=269983,fd=12),("php-fpm",pid=269949,fd=12),("php-fpm",pid=269904,fd=12),("php-fpm",pid=269865,fd=12),("php-fpm",pid=269449,fd=12),("php-fpm",pid=179534,fd=9))
LISTEN 0 128 127.0.0.1:10024 0.0.0.0:* users:(("/usr/sbin/amavi",pid=1672,fd=7),("/usr/sbin/amavi",pid=1671,fd=7),("/usr/sbin/amavi",pid=1670,fd=7),("/usr/sbin/amavi",pid=1669,fd=7),("/usr/sbin/amavi",pid=1494,fd=7))
LISTEN 0 100 127.0.0.1:10025 0.0.0.0:* users:(("master",pid=1512,fd=121))
LISTEN 0 128 127.0.0.1:10026 0.0.0.0:* users:(("/usr/sbin/amavi",pid=1672,fd=8),("/usr/sbin/amavi",pid=1671,fd=8),("/usr/sbin/amavi",pid=1670,fd=8),("/usr/sbin/amavi",pid=1669,fd=8),("/usr/sbin/amavi",pid=1494,fd=8))
LISTEN 0 100 0.0.0.0:587 0.0.0.0:* users:(("master",pid=1512,fd=104))
LISTEN 0 128 127.0.0.1:10027 0.0.0.0:* users:(("/usr/sbin/amavi",pid=1672,fd=9),("/usr/sbin/amavi",pid=1671,fd=9),("/usr/sbin/amavi",pid=1670,fd=9),("/usr/sbin/amavi",pid=1669,fd=9),("/usr/sbin/amavi",pid=1494,fd=9))
LISTEN 0 128 127.0.0.1:11211 0.0.0.0:* users:(("memcached",pid=637,fd=23))
LISTEN 0 100 127.0.0.1:10028 0.0.0.0:* users:(("master",pid=1512,fd=124))
LISTEN 0 128 127.0.0.1:9998 0.0.0.0:* users:(("/usr/sbin/amavi",pid=1672,fd=10),("/usr/sbin/amavi",pid=1671,fd=10),("/usr/sbin/amavi",pid=1670,fd=10),("/usr/sbin/amavi",pid=1669,fd=10),("/usr/sbin/amavi",pid=1494,fd=10))
LISTEN 0 100 0.0.0.0:110 0.0.0.0:* users:(("dovecot",pid=1134,fd=28))
LISTEN 0 100 127.0.0.1:7790 0.0.0.0:* users:(("uwsgi",pid=1431,fd=10),("uwsgi",pid=1430,fd=10),("uwsgi",pid=1429,fd=10),("uwsgi",pid=1428,fd=10),("uwsgi",pid=1427,fd=10),("uwsgi",pid=1049,fd=10))
LISTEN 0 128 0.0.0.0:143 0.0.0.0:* users:(("dovecot",pid=1134,fd=48))
LISTEN 0 100 127.0.0.1:7791 0.0.0.0:* users:(("uwsgi",pid=1478,fd=10),("uwsgi",pid=1477,fd=10),("uwsgi",pid=1476,fd=10),("uwsgi",pid=1475,fd=10),("uwsgi",pid=1474,fd=10),("uwsgi",pid=1061,fd=10))
LISTEN 0 128 0.0.0.0:80 0.0.0.0:* users:(("nginx",pid=183326,fd=10),("nginx",pid=183325,fd=10))
LISTEN 0 100 0.0.0.0:465 0.0.0.0:* users:(("master",pid=1512,fd=108))
LISTEN 0 128 127.0.0.1:24242 0.0.0.0:* users:(("stats",pid=1411,fd=10),("dovecot",pid=1134,fd=23))
LISTEN 0 100 127.0.0.1:12340 0.0.0.0:* users:(("dovecot",pid=1134,fd=71))
LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=644,fd=5))
LISTEN 0 100 127.0.0.1:24 0.0.0.0:* users:(("lmtp",pid=1407,fd=9),("lmtp",pid=1406,fd=9),("lmtp",pid=1405,fd=9),("lmtp",pid=1404,fd=9),("lmtp",pid=1397,fd=9),("dovecot",pid=1134,fd=38))
LISTEN 0 100 0.0.0.0:25 0.0.0.0:* users:(("master",pid=1512,fd=16))
LISTEN 0 128 0.0.0.0:443 0.0.0.0:* users:(("nginx",pid=183326,fd=8),("nginx",pid=183325,fd=8))
LISTEN 0 128 127.0.0.1:8125 0.0.0.0:* users:(("netdata",pid=251411,fd=75))
LISTEN 0 100 127.0.0.1:4190 0.0.0.0:* users:(("dovecot",pid=1134,fd=18))
LISTEN 0 128 127.0.0.1:19999 0.0.0.0:* users:(("netdata",pid=251411,fd=5))
LISTEN 0 128 [::]:993 [::]:* users:(("dovecot",pid=1134,fd=51))
LISTEN 0 100 [::]:995 [::]:* users:(("dovecot",pid=1134,fd=31))
LISTEN 0 128 *:3306 *:* users:(("mysqld",pid=832,fd=24))
LISTEN 0 100 [::]:587 [::]:* users:(("master",pid=1512,fd=105))
LISTEN 0 100 [::]:110 [::]:* users:(("dovecot",pid=1134,fd=29))
LISTEN 0 128 [::]:143 [::]:* users:(("dovecot",pid=1134,fd=49))
LISTEN 0 128 [::]:80 [::]:* users:(("nginx",pid=183326,fd=11),("nginx",pid=183325,fd=11))
LISTEN 0 100 [::]:465 [::]:* users:(("master",pid=1512,fd=109))
LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=644,fd=7))
LISTEN 0 100 [::]:25 [::]:* users:(("master",pid=1512,fd=17))
LISTEN 0 128 [::]:443 [::]:* users:(("nginx",pid=183326,fd=9),("nginx",pid=183325,fd=9))
LISTEN 0 128 [::1]:8125 [::]:* users:(("netdata",pid=251411,fd=64))
[root@vps ~]# curl 'http://127.0.0.1:9999/' curl: (7) Failed to connect to 127.0.0.1 port 9999: Connection refused
7.4.2022 13:34
Max | skóre: 72
| blog: Max_Devaine
Pardon, jsem totálně slepý.
V /etc/nginx/conf-enabled/php_fpm.conf změněn port na 9000 a všechno jede
upstream php_workers {
server 127.0.0.1:9000;
}
upstream php-handler {
server 127.0.0.1:9000;
# server unix:/var/run/php/php7.4-fpm.sock;
}
Mocrát děkuji 
7.4.2022 13:35
Max | skóre: 72
| blog: Max_Devaine
Tiskni
Sdílej:
