We run nginx as a reverse proxy with TLS termination.

We moved from a 4 core machine to a 1 core machine recently, by mistake, and noticed under load that our "request queuing" metric shot up (from normal of ~10ms up to around 10 seconds on average). When we realised the sizing error and upgraded to 4 cores, the problem went away, but I'd like to understand exactly what was responsible for the sl ...

I have a site running on localhost:8001 and I would like it to be accessible on different paths. I need to extract part of the path using regex.

This does work:

server {
    location /user/amy/ {
        proxy_pass http://localhost:8001/;
    }
}

(but it breaks if I remove the slash after 8001).

However, the username can be dynamic, for example:

mydomain.com/user/amy/ --> localhost:8081/
mydoma ...

We have a server (running PHP-FPM 7.4 on Apache) that hosts various scripts, frameworks and applications like DokuWiki. It's grown to a pretty complex beast. We would like to apply an open_basedir restriction. Just setting a best guess open_basedir is bound to cause problems. Is there a way to find out the minimal set of the paths that are actually required?

If an open_basedir restriction could be mad ...

Using a swanctl config, is there a way to make strongSwan accept any certificate for an IKEv2 connection as long as it is signed by a specific CA? What I mean is, without having to install the public keys of all possible certs on the server, after all the certs are sent by the client in reply to a cert request sent by stongSwan.

I tried something like this:

    local {
        auth = pubkey
        ...

I want to have a wildcard CNAME, but to capture the value of the wildcard:

As an example, a record like this on d1.com:

* CNAME $1.example.com

Would create these mappings:

a.s1.d1.com => a.s1.example.com
a.s2.d1.com => a.s2.example.com

etc

The general issue I have is that CNAME wildcard values only map to one concrete target, but I want the CNAME to map to the same wildcard-matching-subdomain ...

For security reasons, I want to close port 22 (ssh) of my VM that is on GCP. Currently, if I execute the command telnet xx.xx.xxx.xxx 22 the server responds to me:

Trying xx.xx.xxx.xxx...
Connected to xx.xx.xxx.xxx.
Escape character is '^]'.
SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.5

I tried configuring correctly the firewall rules that are in contact with the VM: Remove "apply to all" from the target ...

My new Mac Mini M2 has Ventura 13.3.1 pre-installed. Unfortunately, that MacOS version is notorious for the mouse stuttering/lagging. Both my bluetooth mouse and my Logitech mouse with dongle are nearly unusable. Only a wired mouse works normally.

I tried to install Monterey, but the installer hangs. Apparently there is no hardware support for the M2.

Going by the many reports on Internet, Ventura 1 ...

I have Jenkins Master running on an EC2 in AWS. I then created a pipeline in EKS. Both the Jenkins Master and the pipeline are running in the same VPC. It is from the Jenkins Master that I create the EKS cluster via the CLi.

The EKS cluster is configured for clusterEndpoints: privateAccess: true and privateNetworking: true. (I did not do privateCluster: enabled: true).

My problem is I am trying  ...

When I load a website on an apache2 with ssl and look at the settings of the certificate in the browser, it is always a 128-bit key length, only want 256-bit and above to be allowed.

I have that in virtualhost and try different:

<VirtualHost *:443>
  SSLEngine on
  # Allow only TLS 1.3
  SSLOpenSSLConfCmd Protocol "-ALL,+TLSv1.3"
  ##
  # TRY THIS ONE BY ONE NOT ALL AT ONCE !
  SSLCipherSuite HIG ...

I've been having problems with my network on this laptop for ever amen, it was only today whilst troubleshooting an unrelated issue that I ran dmesg -w and saw this constantly repeating:

[437075.730012] device vethbb6f6b7 left promiscuous mode
[437075.730015] br-4afae7cda0db: port 1(vethbb6f6b7) entered disabled state
[437078.163874] br-4afae7cda0db: port 1(veth4ba1c2c) entered blocking state
[437078.1638 ...

On my domain controller which is Running Windows Server 2016, whenever I check for updates, the updates start downloading and get stuck at 7% or sometimes stuck at checking for updates. I see that the Windows Update service goes from running to stopping. I rebooted multiple times.

net stop wuauserv /yes
net stop cryptSvc /yes
net stop bits /yes
net stop msiserver /yes
ren C:\Windows\SoftwareDistrib ...

Problem: Our network deployed printers are set to default to print in black & white for cost savings. A few users want to print in color all the time, and are very annoyed at having to manually override the printer defaults every time.

Question: Is there a way to configure certain users with different default printing preferences (for color), while still forcing everyone else to use the print ...

I was reading about IPv6 address structure and it has two portions one for the network (Network portion/Network ID) and another for host (Interface ID/Node Part) something like IPv4 has regardless of the size difference.

Most of the references stated that the address is divided into 64 bits for the network (/64 prefix) and 64 bits for the Host , and we can use the last 16 bits of the network part ...

we have configured Azure MFA in our Exchange on-prem 2016. Unfortunately, the MFA control can easily bypass by using an old email client (Outlook 2010 for example). This is a known issue and the upgrade is the natural path. until we walk that path, I wondered if it would be a way to detect those basic authentication attempts.

many thanks

I have a mysql replication with two servers. There are actually 3 databases on it.

On master :

server-id               = 1
log_bin                 = /var/log/mysql/mysql-bin.log
expire_logs_days        = 4
max_binlog_size         = 1G
bind-address            = 0.0.0.0
port                    = 3306

binlog_do_db            = database1
binlog_do_db            = database2
binlog_do_db            = datab ...

Hi i’m searching for a way to reverse proxy a Website with Websocket with apache2 but the Website and the Reverse Proxy are running on different Isolated servers.

I’ve tried the normal way to configure it but my setup is not working.

<VirtualHost *:443>

    ServerName domain
 
    ProxyPreserveHost On
    ProxyRequests off

    <Location />
    ProxyPass  http://ip:80/
    ProxyPassRe ...

This is a very strange issue related to one (and only) particular PC in our network running Windows 10.

These two web pages cannot be opened on this PC: https://www.chces-soutezit.cz and https://toulcuvdvur.cz (timeout)

Why is it strange?

1. Both URLs work just fine everywhere else.
2. They do work on the very same UTP cable when connected to other PC.
3. The problem is independent on logged-in user (same  ...

About 9 days ago I migrated my Cloudflare hosted site to StablePoint's cPanel cloud hosting. The last step I took was removing my CloudFlare's NS records and adding StablePoint's in GoDaddy's dashboard. Also srv.yiu.ch is still resolvable; I don't know what it may the reason why this is happening.

What I did:

before:

yiu.ch with cloudflare NS

• NS srv [stablepoint nameservers]
• CNAME www yiu.ch
• etc.. ...

we have few DELL machines ( with RHEL 7.6) , and as we replaced the DIMM cards on machines because the Erros that we seen from kernel messages

after some time we checked again the kernel messages and we found the following and we can see the errors about the RAM memory ( also related to RHEL case - https://access.redhat.com/solutions/6961932 )

[Mon May  8 21:08:01 2023] EDAC sbridge MC0: PROCES ...

I run two containers of an app behind an Haproxy and use sticky sessions. I configured it with a cookie as follow :

cookie SERVER insert indirect nocache
server app1 app-1:443 check ssl verify none cookie srv1
server app2 app-2:443 check ssl verify none cookie srv2

The cookie is attached to the requests of the frontend but when I check in the browser console in the network panel, most of the time, the ...

I installed recently a Log Analytics agent on one of my Windows on-premise servers. The agent has a healthy heartbeat and I am able to query logs.

I would like to visualize certain properties of the server, i.e. the available disk space, the memory, etc. To do this I thought of using "Monitoring" - "Metrics". When I select 'Heartbeat' I get a time chart.

When I however select free space, memory consumpti ...

I have a working Postfix setup where I can deliver incoming mails to both a Dovecot mailbox, and forward on those mails to an external address. However, this doesn't feel right, and I'd appreciate a sanity check.

The Postfix main.cf includes both virtual_alias_maps and virtual_mailbox_maps. Assume that I'm handling mails for [email protected], and that

1. These emails have to be delivered to Dovecot mailbox  ...

I have configured a Bind9 DNS Server Forward Zone according to the code below. The way is configured, I only can do SSH using the server name <geoportal.geoint.lan>. I tried adding to the code the line <www IN A 192.168.2.210> in order to have the HTTP request working, but it did not work and I would like to know how to amend the code to have the DNS or request geoportal.geoint.lan or

I am using Sendmail to handle emails for my domain, which has properly configured SPF records. When I send emails to external addresses, everything works correctly and the SPF check passes without any issues. However, when I receive emails in the Gmail client, fetched via POP3, Gmail marks the email from our domain as SPAM because failed SPF check.

The sender connects to our Sendmail server from an  ...

When configuring an Apache server to use a Handler to run PHP code, I'm familiar with adding a line similar to below in httpd.conf or .htaccess:

AddHandler application/x-httpd-php81 .php

This tells Apache to use the named handler to interpret .php files. It's straightforward enough, but on different hosting services, and locally, I'm seeing differences in the specific name used for the handler,  ...

I have the same scenario described in this question. I have a client connecting to an nginx reverse proxy with multiple backend services and need to set up certificates.

                             client
                               |
                             nginx
                       https://example1.com
                       https://example2.com 
                       https://example3 ...

I have a bunch of indexed pages that start with the same word and they are all 404 so I want to redirect them all to the homepage of the site. The server is Apache, so I would like to use the .htaccess file. But the problem is that "the word" is not always just after de main domain. This was a hacked prestashop with injection of pages, already cleaned, and I'm trying to clean up google's index.

A ...

I upgraded Ubuntu 18.04 to 20.04

The process upgraded MySQL 5.7 to 8.0

It instantly started to throw errors in error logs

[ERROR] [MY-013379] [Server] Server upgrade started with version 80033, but server upgrade of version 50700 is still pending.
[ERROR] [MY-010020] [Server] Data Dictionary initialization failed.

Then I removed MySQL 8.0 and installed 5.7. It started to throw:

2023-05-10T09:39:18.5733 ...

I'm using filebeat to retrieve log files to Elastic cloud. I'd like to put errors and java exception in one document instead of multiple for each line. I managed to make it work on text log files but it does not seem to work on containers logs.

Here's the configuration for docker on my filebeat.yml :

...
filebeat.inputs:
- type: container
  enabled: true
  paths:
    - '/var/lib/docker/containers/*/*. ...

is there a bash shorcut for /dev/stdout like there is "-" for /dev/stdin ?

One of the use cases is to get bash history without line numbers. There is simply no option for that in the history builtin. We can do 'history -w /dev/stdout'. But that's typing 11 characters (/dev/stdout) and I am looking to shorten it to 1 if possible.