Latest Server related questions

I have two Windows processes each in its own Docker container and they both publish and consume RabbitMQ messages. This is a proven app working on bare metal, but when dockerized it stops consuming messages after some idle period. Publishing still works as can be seen in RabbitMQ management, but the message is discarded after rabbit ttl of 15s.

Netstat -a inside both containers shows multiple "ea ...

With new TLDs being approved like .zip that could be extremely malicious, it seems prudent to have the ability to block entire TLDs on tap. What is the proper way to do this in iptables?

I had a look on my Windows Server 2022 template and figure out the following things:

• If I run ipconfig /all, i can see there's 'test.local' as Global Suffix Search List and there's gael-test.net as interface specific suffix search list.

• Then, if i look at my DNS configuration from GUI, it seems that DNS suffixes for this connection is having Global DNS suffix.

After some researches and tests, it  ...

I have a react app running on nginx(443) and spring server application(8443). Both are SSL secured. In local everything is working well. The problem is after deploying to dev - thats why I'm pretty sure it;s nginx config issue. Here's my file :

server {
          listen 443 ssl;
   server_name 193.xxx.xx.xxx;

    ssl_certificate nginx.crt;
    ssl_certificate_key nginx.key;
    ssl_protocols TLSv1 ...

I'm trying to confiugre SSH 2FA on a Debian 11 server with Google Authenticator.

I have password login disabled,only publickey-login is allowed.

I already followed this and this guide, but without success.

The fact is, that when I try to connect to my server, it doesn't ask for the 2fa code, but just for the public key's password.

I also found out that, for some reasons, when I put AuthenticatioMethods ...

I am aware that it is possible to add timestamps to bash_history.

The examples I've seen so far it always uses the current system time. And here is the problem for me: On the one hand, I like to keep logs in UTC because it makes it way easier to correlate stuff. On the other hand I'm working in a non-UTC timezone so my system time is not set to UTC.

Is there a way to have your system set to e.g., UT ...

I'd like to setup a DKIM record on GoDaddy shared hosting with cPanel (I don't want to move the DNS server). Normally cPanel makes creating DKIM records trivial, but in cPanel on GoDaddy shared plan Email > Authentication is not available. Can I instead use public and private keys created using Email > Encryption, would these keys work for DKIM? This poster seems to think so.

After creating the ...

I'm polling the system clock on a couple dozen Windows machines ranging from Win8 to Win11. I'm using a "net time" call from a RHEL7 Linux box using net version 4.10.16. This has been running pretty smoothly for about five years now.

Every now and then the net time call will produce an error which doesn't bother me much because I just use the time from the previous call. But now there is one mach ...

I am provisionning a simple GKE cluster thank to terraform with the more basic config and it is stuck at "Deploying"

"64% - Cluster is being deployed..."

And in my terminal

google_container_cluster.katon_main_cluster: Still creating... [17m1s elapsed]

Here is a screenshot

Is it something related to google at the moment ?

Thanks

authentication-method pre-shared-keys dh-group group14 authentication-algorithm sha1 encryption-algorithm aes-256-cbc lifetime-seconds 28800

protocol esp authentication-algorithm hmac-sha1-96 encryption-algorithm aes-256-cbc lifetime-seconds 3600

Error that occurs: <right_ip_address>:500: initial Main Mode message received but no connection has been authorized with policy PSK We most likely do ...

I have done this in a fresh Debian installation on the server.

sudo apt install nginx
sudo systemctl start nginx
sudo systemctl status nginx

curl -sSL https://packages.sury.org/php/apt.gpg -o sury-php.gpg
sudo mv sury-php.gpg /etc/apt/trusted.gpg.d/
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/php.list

sudo apt update
sudo apt upgrade

sudo apt in ...

I have two version of a WebApp, running on two different servers (prod and dev). Prod version is available on exemple.com, and dev version on exemple.com/dev. However, when I set the proxy to load dev version, only the index.html file is loaded, JS and CSS are not loaded.
If I check the request url in devtools, I see that index.html comes from https://exemple.com/dev while main.bundle.js comes from

I have a "CA1" server with Windows 2019 that has the CA root Enterprise service. Additionally I have another server "CA-Subordinate" with Windows 2019 with the CA subordinate service of "CA1". The CA root server "CA1" I am going to decommission it and install a new CA root server "CA-Root". When I shut down the "CA1" server, will the "CA-Subordinate" certificates and CA service still work on this server ...

1. I have a web application hosted on local server. Which we have opened for public use by masking this local IP to public IP provided by ISP. So now website is accessible with public IP.

2. We required to make it used by https, so I generated the SSL Certificate on public IP from zero SSL. This is working without any issue.

3. Now there is need to use this web application with URL with domain name instead of ...

I'm trying to learn how to use puppet query, but I'm finding it difficult to target a particular fact path using regex.

If I use the following query, I get exactly what I'm looking for:

puppet-query 'inventory[certname, facts.os.family, facts.mountpoints./nfs/systems.filesystem] { facts.os.family = "RedHat" and facts.os.release.major <= "6" and facts.mountpoints./nfs/systems.filesystem = "nfs" }'

I have some issues in my configs to have an full functional mailserver with CRAM-MD5 authentification for only port 993 and 465. Plz help me and others to get an right config file struct for ubuntu servers and for the future if someone are seaching for full configs like that. I have big problems to understand the right combination of the parameters to get the right result. I will update and write the ri ...

I have a large file system in which I have to delete certain directories from time to time. Currently I have a script which amongst other things, deletes a folder and subsequently generates an email notification. However, as the deletion of a directory can take anything from a few seconds to a few days, I would like to do this asychronously.

I can cook up a solution by say, generating little sn ...

I create a router without an external gateway. Then, I send the below input to this API to add an external gateway to the route. I get InternalServerError. All uuids exist in the openstack.

Input:

{"external_gateways":[{"enable_snat":true,"external_fixed_ips":[{"ip_address":"37.130.206.150","subnet_id":"b8d2ac22-..."}],"network_id":"419e8adc-2..."}]}

Url:

 :9696/v2.0/routers/f143df49.../add_external_g ...

What I want:
I've setup a openvpn-server and want the clients in range of 10.8.0.0/21 limit their speed to 10mbit for each IP as a total limit of 100mbit.

wan interface     : eth0
openvpn interface : tun0
clients ip range  : 10.8.0.0/21

What I have done:
I've setup the tc filter with below config.

tc filter rules :

tc qdisc add dev eth0 root handle 1: htb default 10
tc class add dev eth0 parent 1: cl ...

I'm updated nginx to 1.23.4, and nginx -t start showing warnings:

nginx: [warn] protocol options redefined for 0.0.0.0:443 in /etc/nginx/sites-enabled/beta:5
nginx: [warn] protocol options redefined for [::]:443 in /etc/nginx/sites-enabled/default:28
nginx: [warn] protocol options redefined for [::]:443 in /etc/nginx/sites-enabled/grafana:5

These lines are

    listen 443 ssl;
    listen [::]:443 ssl;
#  ...

At the moment, I'm only backing up my VMs, but I want to also back up my Proxmox settings, important files and configurations, so that if I need to set up a new machine/server, I can restore from this backup. Which method is best at the moment?

I want to add recurring backups, as well as my VM snapshots.

Using https://cors-test.codehappy.dev/ to test our test server's new CORS policy, we receive:

These are the response headers received when making the request:

access-control-allow-credentials: true
access-control-allow-methods: GET, POST, DELETE, PUT
access-control-allow-origin: https://*.hotjar.com
access-control-max-age: 300
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-trans ...

I'm install openstack wallaby using kolla-ansible deployment method. (ubuntu) I want to chagne container runtime engine(running on controller and compute node) from docker to cri or containerd. is it possible?

Thanks.

I wish to grant a third-party application API access to my Azure tenant for purposes of installing a TLS certificate on a certain website ("App Service," in Azure terminology).

However, assigning the Contributor role seems a bit excessive. I don't want to give away the keys to the kingdom, so to speak.

Is there a lesser role that I can use that will accomplish this goal? I'd like to apply the Princi ...

I'm running an Ubuntu 22.04 host with a 22.04 guest (using Multipass). Currently, the guest can access the LAN and the host. How can I prevent the guest from accessing the LAN, while still allowing it to connect to the internet?

I only have access to the host by SSH.

I have 2 different application running on the server and both should be served by the same domain, let's say CMS1 will be served by domain.com while CMS2 served by domain.com/path

I have each CMS working properly by separated domains. But, I need in some way, when someone go to domain.com/path, nginx serve the site from CMS2.conf configuration file. while the main domain is served from the cms1.c ...

The perccli utility (doc page) has an option to set the "pdcache" option, where pdcache means physical drive cache (although I can't find where that's actually defined). From the docs, the syntax is:

perccli /cx/vx set pdcache=On|Off|Default

(where /c specified disk controller x or "all" and /vx specified RAID virtual drive x or "all")

My question is, how can I see the current pdcache setting for phys ...

I am currently trying to set up LDAP replication between to instances of 389 Directory Server (both running on Fedora 37), which I'll call $SUPPLIER and $CONSUMER in the following (serving at the domains supplier.mydomain.example and consumer.mydomain.example, respectively).

Both $SUPPLIER and $CONSUMER are configured identically and use Let's Encrypt certificates. I have successfully configured sev ...

I'm trying to figure out how to restore a database using the Azure Portal without losing either point-in-time or long-term retention history.

1. My production database has both a point-in-time and a long-term retention backup schedule

2. Restore must be to a new database name (can not be the production database)

3. Renaming the restored database to the production name causes history to be lost

To keep the b ...

I am attempting to configure a fault tolerant setup of Asterisk with FreePBX. Going over the docs, I see I need to configure Pacemaker. Not a problem in itself as I've used PCS before. I have 2 servers running RedHat 8 and have Asterisk + FreePBX installed.

The issue is, my SIP trunk is not available over the Internet, instead the provider has given me a dedicated fiber line on which a /30 subnet ...