Latest Server related questions

Host_A tries to send some data to Host_B over TCP. Host_B is listening on port 4712. Host_A is a remote PC connected on a dedicated WAN. Host_B is a local embedded device based on embOS OS, connected to the WAN throuth a pair of redundant (HSRP) CISCO routers.

When Host A tries to establish a TCP session, even through a simple telnet command, Host B sends initially an [ACK,SYN] followed by a [RST ...

As I detect my server are very slow, I do some researches and detect in iotop a weird find command uses 80-96% disk io usage.

  TID  PRIO  USER     DISK READ  DISK WRITE  SWAPIN     IO>    COMMAND                                                                                                                  
 4992 idle nobody      7.82 M/s    0.00 B/s  0.00 % 89.69 % find / ...

the whole comman ...

I am trying to get Fail2ban to block brute force and persistent xmlrpc and wp-login attacks on a WordPress site.

I have an issue with the apache logging filenames. Getting past selinux issues was pretty fiddly, but I am quite close to getting it working.

Firstly, here is my Fail2Ban wordpress.conf file (in jail.d)

[wordpress]
enabled = true
usedns = no
port = http,https
filter = wordpress
banaction = fir ...

I wanted to print the specific line from /etc/fstab based on UUID defined in a variable. But when I'm trying with below code it is not giving proper results.

Code:

---
- name: check
  hosts: all
  become: true

  tasks:

    - name: set fact for uuid
      set_fact:
        uuid_disk: "{{ item.value.links.uuids }}"
      loop: "{{ ansible_devices | dict2items }}"
      when: ('swap' in (item.value.link ...

I'm in need of setting up multiple wg-quick interfaces on a single machine, both using the real ethernet NIC directly, independently.
The issue I appear to be hitting is that through each of these I want to access the entire internet, which I assume means AllowedIPs = ::0, but wg-quick likes to add routes locally such that all traffic going anywhere will go through this new interface; including any f ...

Is the Linux tool chroot generally usable in a Docker container running in clusters and cloud platforms?

(background) I'm developing an application where I may need to use chroot inside a Docker container. In a related question I expressed my confusion about chroot and the SYS_CHROOT Linux capability, which may or may not be required anymore to run chroot and may or may not be granted by default by Do ...

The background is we have our database data directory on an LV which is located on a VG. We want to use the LVM's snapshot function to backup our database data, but this VG has no free PEs left. We also could not shrink the LV (we use XFS). The VG has two PVs, with each PV a RAID 10 (each with 8 hard drives). We have two extra spare hard drives (for hot failover, the size is the same with that consist t ...

I'm using a gitlab runner to deploy application -shared gitlab runner and concurrent count is 4

/etc/gitlab-runner/config.toml
        concurrent = 4
        check_interval = 0
        executor = shell

All jobs run in a different stage each other.

.gitlab-ci.yml

stages:
  - build-prod-stage
  - deploy-prod-stage

BUILD_PROD_JOB:
  stage: build-prod-stage
  variables:    
    GIT_CLEAN_FLAGS: none    ...

From a subordinate Enterprise CA I want to generate a user certificate that serves as an authentication method for VPN connections. I want to install this certificate with autoenroll on the domain users with a GPO. There is an option in the certificate to prevent users from exporting the private key of this certificate. Is it more secure if I configure the certificate with this option, will it have no i ...

I need to proxy a lot of MQTT connections (over 200K) and distribute them over a number of ports at the backend server. Below is my Nginx configuration.

load_module /usr/lib/nginx/modules/ngx_stream_module.so;

user www-data;
pid /run/nginx.pid;

worker_rlimit_nofile 204800;
worker_cpu_affinity auto;
worker_processes auto;

events {
    accept_mutex on;             # Multiple workers should accept  ...

0

We have an OpenStack instance configured with multiple images, including CentOS, Redhat, and Ubuntu. When creating a new instance, the root partition attaches as SCSI without any issues. All images are correctly set to use the appropriate drivers.

However, a problem arises when generating a snapshot from a running instance and then creating a new server using this volume snapshot. In this scenario ...

We had an issue with clusterctl move (cluster api).

clusterctl -n org-foo move --to-kubeconfig=.kubeconfigs/.foo-1-kubeconfig
Performing move...
Discovering Cluster API objects
Error: failed to get object graph: failed to check for provisioned infrastructure: action failed after 9 attempts: error reading Cluster /: an empty namespace may not be set when a resource name is provided
make: *** [Makefile:167: ...

Server 1 is the Wireguard server (listening). Its Wireguard interface wg0 interface IP is 10.100.100.1.

Server 2 is a Wireguard client connecting via the Internet to server 1. Its Wireguard interface gets the IP address 10.100.100.2.

Is there any way, from server 2, to programmatically determine the IP address of the interface on server 1? i.e. from server 2, I want to programmatically get the va ...

For years I have been using GPOs to install MSIs to our Windows clients. All MSIs resided under a single \\fileserver\share, with a GPO assigned to each MSI for installation. Currently, out AD servers are Windows Server 2019 systems (DFS-R for replication).

Since we have a number of remote offices that had had local AD servers, I was wondering whether it would be better to change my approach: throw each ...

In KVM, it is possible to access the guest machine from the host machine. For example, you can SSH to the host machine and then access the guest VM by virsh console vm_name.

Is that possible in cloud? If yes, how? If not, why?

Edit: I mean if you are the cloud provider, not a customer. Or if you are the admin of your private cloud like OpenStack.

I have a MySQL with InnoDB engine on a legacy Windows, MySQL version is really old is 5.5,I have a table is really big like 90Gigabytes, it disrupted its MySQL database ,when the restful API read this table, the whole MYSQL service is downed,that's why I moved the damaged table .ibd file to out of MySQL data folder, then MySQL works fine, I tried to recovery this table in a test enviroment, I tried

Below you can se the address 172.27.28.124 being used for lo. However the address was a few hours ago 127.0.0.1, this is the good value. This should not be changed.

Could you please advice on how to investigate this issue ?

• Why would the ip addr change automatically ?
• Is there a way to log who what changing it ?

 ubuntu@xxx:~$ ip ad
    1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default q ...

I have SingleStore DB CLI (Cluster in a Box) deployed in a AWS EC2 Instance r6i.4xlarge with Almalinux 9 OS. At the moment of load data by pipelines the following error appears:

line 34: ER_MEMSQL_OOM (1712), Leaf Error (127.0.0.1:3307): The operating system failed to allocate memory (MemSQL memory use 18658.88 Mb). The request was not processed. See https://docs.memsql.com/troubleshooting/latest/m ...

I want to share it NFS share with my users just like the home-directories (traditional way), but I don't want to create the users instead I want to get the server integrated with the github or google or opnsense's VPN users database and want to have the home-directory get created for the users, for authentication I am thinking if getting the key-based authentication for mounting the home-directory is po ...

I'm attempting to map a SMB share on an Isilon server in windows 10. I have Ubuntu and Windows computers on the same network, can mount the SMB fine on the Ubuntu machine. But when trying windows with same credentials I get permission denied. When I do a capture in Wireshark my Windows client can connect to the SMB server and negotiate SMB version etc, but fails:

1141 7.886694 clientIP serverI ...

I checked the docs and conf files, but I don't see any mention of how Graphite's carbon-cache.py decides when to flush its in-RAM cache. How often does this happen, and can I control it?

Hi I am hosting a node js application on my raspberry pi. The app itself is already configured to use https. I want to setup a reverse proxy so I don't need to directly expose the node js app.

but the following setup gives me a screen with authorization required written on it.

/etc/nginx/sites-enabled/alfred.taiman.co.uk.conf

    server {
    listen 80;
    return 301 https://$host$request_uri;
}
server ...

Dedicated server noobie here.

I have a proxmox server on a new (to me) Dell T610. I have a couple of disks in a RAID array that I will expand soon, but for that I read that the Ctrl+R RAID BIOS is not capable of doing that and I will need OMSA on the server.

The server is running Proxmox, which is Debian based, but sadly I was unable to find a comprehensive tutorial/collection of instructions.

Can some ...

I installed a Windows Server 2019 core evaluation (no desktop experience).

When adding the product key it fails.

DISM /Online /Set-Edition:ServerStandardCor /ProductKey:N69G4-B89J2-4G8F4-WWYCC-J464C /AcceptEula

The above step is necessary to transform the evaluation version to retail version using the Generic Volume License Keys, but it fails with error 1168

I read there is a bug for the core version ...

I'm currently trying to create a shell script that will execute a mysqldump on a remote mysql database and then copy the output file back to my local machine. The problem I'm running into is that I don't want to hard code the password into the script. I tried using 'read' to prompt for user input, but that variable doesn't seem to be getting passed to the remote command.

For reference, my script  ...

Server 2016 windows updates are downloading and installing. But the server is never rebooting to apply the updates.

Configure automatic updating: 4 - Auto download and schedule the install Install during automatic maintenance Scheduled install day: 7 - Every Saturday Scheduled install time: 00:00 Every week Enabled First week of the month Second week of the month Third week of the month Fourth we ...

We try this:

curl -v --cacert  cert.pem https://example.com/path.asmx

on ubuntu its working, we're getting:

successfully set certificate verify locations:
*   CAfile: cert.pem
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Request CER ...

I recently created a CDN at StackPath. Everything works well, it serves files via a subdomain I created (cdn.mysite.com), which was created as a CNAME for the main site (CDN being the CNAME). However, while everything works well...I only need the CDN to serve the static files (images, css/js etc). The problem is, when I enter cdn.mysite.com in any browser, it shows the site www.mysite.com. To avoid duplic ...

I have a RAID-6 Sata SSD array running on a new HPE Smart Array P408i-a SR Gen10.

Unfortunately, two of the bays in the new server have failed, leaving us in a very precarious situation.

We have moved the SSDs into two spare bays, and they are showing up fine in the server, but the array is not rebuilding on them.

Is it possible to get the array to rebuild on the SSDs when they are in diffent bays?

I removed SUSDB.mdf and SUSDB_log.ldf(15GB+) before removing WID & WSUS roles and now that space did not free up C:. I tried the common things but none worked so far.. it is a windows 2012 R2 server.