Profile Details

Toggle Sidebar
Recent updates
  • Richard George
    Richard George replied to a discussion, Memory leak?

    I had similar - but that improved by turning on the virtualization bits and adding a second processor. That makes it run faster (noticably).
    The problem doesn't seem to be cpu (although I'll monitor that), it's definitely non-release of swap .. with a 2G swap partition, it starts minimal usage, then ramps up to over 1.5G used and not released. Odd. ClamAV shuts down, but the swap still isn't released.

  • Richard George
    Richard George started a new discussion, Memory leak?

    Memory leak?

    Ok, I've a COS7 server that also acts as a VirtualBox host.

    I've got two virtual machines running; a Windows 10 machine (no issues), and a COS7-based mail server.

    Now, the Windows 10 VM doesn't appear to exhibit any problems, but the COS7 mail server seems to have a memory leak, that causes the swap partition (2G) to gradually fill until there's sod all free; the first symptom of which is that mail turns up 'unchecked' as ClamAV shuts down. Reboot the VM and everything works again.

    I've got other linux vms that I run on my Windows 10 laptop (admittedly not continuously), that don't seem to exhibit the same problem. Anyone got any ideas?
    I appreciate that it could be a virtualbox issue, but as the other windows VM doesn't have the problem, my initial thought is COS.

    COS : 7.8.1 / Memory : 32G / Processor FX8350
    VirtualBox : 6.1.14

    COS : 7.8.1 / Memory : 2G

  • Richard George
    Richard George replied to a discussion, Strict-Transport-Security

    Yup. At the moment, I have to manually add it to the website site definition in flex-443 (I don't use the app; I get the original direct from NextCloud servers). NB: the redirect isn't necessary if ProxyPass is used as it already has the option to redirect http accesses to https.

    I get that I could manually add a virtual host conf file (and create the various directories separately, but it would be much cleaner to leave the site definition/configuration at webconfig level and just have the option of enabling Transport Security at the same time - and as I say, if the period is definable, it makes the mechanism portable to any other site definition that may need it at a different rate.

  • Richard George
    Richard George started a new discussion, Strict-Transport-Security


    Would it be possible to add Strict-Transport-Security to 443 definitions? (or at least the option to turn it on and define the period? It's noticeable that NextCloud installations (not sure about the app version) always complain that it's inactive whenever flex-443.conf is touched and it's a real bind having to keep adding it by hand!

  • Richard George
    Richard George replied to a discussion, Certificate not in use

    Nick Howitt wrote:

    Not so sure. I believe the app manipulates the firewall as necessary.

    True, but it does also depend on where and how Port 80 is shut .. if it's just on the server, fine - but if it's closed (eg) on a seperate router, there's a problem .. and that's what keeps being forgotten - especially if the server is setup as standalone, with port forwarding carried out in a router!

    There's a BIG difference between a COS system setup as a gateway and directly connected to the 'net, and a standalone with a seperate router and port forwarding! The question just never seems to get asked when someone complains that they can't get something to work from outside the local network.

  • Richard George
    Richard George unlocked the badge The Voice
    The Voice
    Loves collaborating with others in the forums.
  • First an observation - close port 110; it's no longer needed as it's an old protocol. Also, if you've got the SSL versions of the IMAP ports open (and configured), I wouldn't leave the non-secure versions open .. it defeats the object .. and the same goes for the POP ports.

    Now to your problem .. and a question .. you don't say how you your COS machine is physically connected to the internet .. is it via a separate router? - and if so, have you remembered to port forward port 25 to your server? If you haven't, then it matters not that your firewall has the port open, no traffic will reach it.

  • Richard George
    Richard George replied to a discussion, Certificate not in use

    Be aware - if you close port 80, the LetsEncrypt renew mechanism will fail.

  • Richard George

    Found independently ... I did - 3 of them(!)

    Reboot wasn't working - I'd was the first thing I tried (a couple of times).
    Oddly, whilst the processes had yum running (sort of), they hadn't locked the repositories as a manual run worked and updated and number of items. It was the fact that it ran manually whilst still reporting busy was what had me head-scratching. Very strange. It was the only one of three server exhibiting the problem.

  • Richard George
    Richard George started a new discussion, Webconfig stuck on 'busy' ..?

    Webconfig stuck on 'busy' ..?

    Got something odd - the 'Software Updates' page is stuck on 'busy' ...?
    I've checked from the command line and there are no updates waiting, so why would this happen and what can I do to clear it? - it suggests there's a 'variable' somewhere (lock file?) been left laying around.