Latest Server related questions

Reference that I used: https://www.cyberciti.biz/faq/centos-7-0-set-up-openvpn-server-in-5-minutes/

I configured OPENVPN server on CentOS7. It seems up

[root@linux ~]# nmap -sU linux.domain.com -p 1194

Starting Nmap 6.40 ( http://nmap.org ) at 2023-05-16 18:34 CEST
Nmap scan report for linux.domain.com (163.179.xxx.xxx)
Host is up.
PORT     STATE         SERVICE
1194/udp open|filtered openvpn

Nma ...

I am hosted in a shared web (apache) server in a subdomain. I don't have access to any panel, only sshfs.

The problem is that the host (lazy), does not issues / uses SSL certificates.

I issued my own (letsencrypt) but I can't direct the apache to use my certificate. Is it possible via .htaccess file?

I tried this in a .htaccess file but server is crashing (internal error)

SSLCertificateFile "/server_p ...

Currently, I am working on a project we are trying to containerize our application. As our current VMs build scripts are pulling the environment and application-related parameters via puppet file related to our application. How do I pull the same values from Puppet while running the Dockerfile?

I have an issue with one of my images. The image is encrypted.

About three weeks ago I started a snapshot of a running image and then did a blockcommit more recently. Something has since happened to that image and it no longer boots. I can run "virsh start vm1" and it starts running, but if I connect to the console ("virsh console vm1") it never prompts for the key to unlock the disk. There are n ...

What happens if a user try wrong password in different DC (sites), how come the lockout occurs after meeting threshold bad pwd count?

Account lockout threshold value is 3

for eg i have 3 sites - Site A,B,C

if a user enter wrong password in site A and then same user try to login with wrong credentials in site B and then same as site C. now the account will be lockedout and how?

On a Ubuntu 22.04 machine, I'm trying to disable password authentication. To achieve that, I have updated /etc/ssh/sshd_config from

...
# PasswordAuthentication yes
...

to

...
PasswordAuthentication no
...

And then restarted sshd with sudo systemctl restart ssh.

However, password authentication is still working.

Am I missing anything here?

On the machine, it's installed OpenSSH_8.9p1 Ubuntu-3ubuntu0.1,  ...

in my storage server, I operate three RAID6 Linux software arrays. Everything was working fine until it was not.

There are two RAID6 arrays and one RAID5 array, all consisting of SATA drives, all connected to a HBA9500-16i controller. Suddenly, multiple drives of one RAID6 and one RAID5 array started to show this:

May 15 01:20:07 xxxstor kernel: [42205.209000] mpt3sas_cm0: log_info(0x3112010c): origin ...

I used below command in jenkins, After execute this command, It shows that tomcat is started but tomcat is not started

#!/bin/bash

TOMCAT_HOME=/home/apache-tomcat

nohup $TOMCAT_HOME/bin/startup.sh &

I need run tomcat in nohup mode on linux machine with Jenkins

I hope I'm at the right place with my question. Already tried it in the Zyxel forum but they're not as active as you guys are. So I'm here.

I want that devices inside a specific IP range can not access or communicate with the internet. They shall just communicate locally. To achieve this I went to the firewall settings of my Zyxel router and found the option to create ACL rules. I think that's th ...

If files in RPMs are marked %config or %config(noreplace)¹, running something like dnf update or yum update will not touch (modified) configuration files, but leave the old ones in place and create .rpmsave or .rpmnew files instead.

Is it possible to tell dnf, … to always replace all configuration files, discarding changes and forcing updates of all files?

How to remove msdos partitions on Rocky Linux 8.7, while the command fdisk -l provides no partition table label, the command partprobe shows msdos label, which I want to remove

# fdisk -l /dev/nvme0n1
Disk /dev/nvme0n1: 477 GiB, 512110190592 bytes, 1000215216 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 b ...

I wanted to test the cloudnativepg operator for a local cluster and would like to save the backups on a local dir. The problem is that the documentation only has information regarding cloud solutions https://cloudnative-pg.io/documentation/1.20/backup_recovery/ and I can't seem to make it work with directories. I know it is somewhat of a long shot since not many people use this operator. I was thinking of ...

I need to give some rights to my user postgres_exporter to scrape metrics from postgres to grafana

I can do that on each server by

sudo -iu postgres psql -c 'GRANT pg_read_all_settings TO postgres_exporter;'
sudo -iu postgres psql -c  'GRANT EXECUTE ON FUNCTION pg_ls_logdir() TO postgres_exporter;'
sudo -iu postgres psql -c  'GRANT EXECUTE ON FUNCTION pg_ls_waldir() TO postgres_exporter;'
sudo -iu pos ...

I have configured session scripts to log stdout and stderr to s3 bucket as described in https://docs.aws.amazon.com/appstream2/latest/developerguide/use-session-scripts.html#enable-S3-bucket-storage-session-script-logs & https://docs.aws.amazon.com/appstream2/latest/developerguide/create-session-scripts.html .

The log files are created successfully on a running appstream instance at /opt/appst ...

VPS in installed Ubuntu server 20.04 and OpenVPN, I need to forward all the traffic from a specific port of the vps public ip, to the same port of a VPN client.

My Ubuntu VPS ip is 107.172.142.153 And I want to use this port 8888

root@himuami:~# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 107.172.142.153  netmask 255.255.255.0  broadcast 107.172.142.255
      ...

Suppose I want to allow SSH authentication only, and disable password authentication.

In /etc/ssh/sshd_config I've typically done this:

PasswordAuthentication no

But in some answers people recommend this:

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

How do those differ? What is the correct way to disable password auth?

• The ubuntu version is 20.04
• I am running a http service on port 6000.
• I have created the service and as a user root i can run the service successfully
• I have created a account svc_auto_bm and wanted this user to have the capability to start service http.server.service

I did configure the file

root@LB1EDGRSISNBX02:/etc/systemd/system# cat http.server.service
[Unit]
Description = Job that runs sim ...

I am wondering if I can mark TCP and UDP packets with DSCP, then at Postrouting, if a packet has certain DSCP marking, it will be rerouted back to Prerouting.

The reason I am doing this is because I am running a transparent proxy, and UDP packet has to be routed to the Tproxy in the mangle table Prerouting chain. There are certain rules in filter table that I want to be applied before the packet  ...

I have some files that I want stored mirrored. I have some files that I only need single copies (i.e. scratch data, easily regenerated data, etc). And I have some files that are so critical, I want it mirrored in triplicate so I can handle a 2-disk failure. These sets of data are separated into different directories and could be different fs/volumes/etc.

I want to also thinly provision the data a ...

I was wondering why I couldn't get the mailing on my domain ("example.com" below) to work.

The hosting provider states that I have to use s18.myexampleprovider.com (having IP 123.123.123.123) as the MX value if I have my domain externally (which I have; this configuration works), but why doesn't it work (can't connect) when I assign mail.example.com as the MX value and have an A record for this subdomai ...

I've noticed that connecting to the internet from the allocated compute node via Slurm-GCP keeps failing. For example, using wget from the login node works successfully:

[me@gcp-login0 ~]$ wget https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.17.2.tar.xz
--2023-05-11 19:06:34--  https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.17.2.tar.xz
Resolving cdn.kernel.org (cdn.kernel.org)... 111.111.1.111, ...

I've been using nf_conntrack_ftp module successfully (though rarely), but now I have to deal with TLS-encrypted FTP - this renders that helper useless an I would have to resort to opening the firewall statically, which I'd rather avoid.

Are there any generic nf_conntrack* modules that would work in this case? The scenario I'm interested in is if there is a connection to port 21/tcp, allow connect ...

Okay.. this should be a pretty simple fix but nothing is working, maybe I'm missing something:

A record is set for my blog, sample site here: http://43.130.149.65/?rid=yLmTQxP Cloudflare set for an A record from 43.130.149.65 > cbwg.blog ( with both @ and www set)

I only have port 80 working on the server, since I'm trying to get CloudFlare to issue my cert.

I can browse directly to the site but goi ...

I'm setting up a LAMP stack on Ubuntu 20.04, and had this recent discussion with a colleague about the fact that it's better to not keep the PHP scripts of all of your stack (classes, API Controllers etc.) within the web directory of your server, as they're publicly available. In any case of bad configurations, the worst case scenario is that your php files could be output in plain text to the browser.  ...

I'm running postfix on Debian 11, together with procmail as lda. Some users have a ~/.procmailrc which calls an external program, parsing the mail and doing things accordingly. This works as expected, as long as nothing goes wrong.

Goal definition

I found out that if the program being run within a procmail recipe exits with an error, the mail is put into the user's local mailbox and no further actio ...

I'm running a test with this topo: tester---(port1)ubuntu_linux(port2)----tester. I enabled ip_forwarding in ubuntu_linux by : echo 1 > /proc/sys/net/ipv4/ip_forward

The tester is trying to find the highest session setup rate, the basic session is: create a tcp port80 session, download a 1 byte file then close the session. The tester is trying to see how high the session setup rate could be.

In m ...

I have an existing RAID1 disk that is my boot & root drive locally. I want to convert this disk to a non-RAID disk and allow boot & root to be mounted without mdadm. What is the best way to do this?! I am having a tough time getting this converted to allow boot. I have imaged the disk and backed it up to other disks to test and haven't been able to do it with the commands I've been able to f ...

I need to create resources for multiple accounts in my terraform code. So, I have created multiple providers in aws and using the same for individual modules. Other than above, if I create any resource, I want to use one of the accounts as default.

I tried below code but not working.

provider "aws" {
  alias  = "silver"
  region = "us-east-2"
  profile = var.profile
}

provider "aws" {
  alias  = "gol ...

In my system, multiple logical volumes are created, mounted and /etc/fstab entries are added after systemd starts up.

When system is rebooted for the first time, during shutdown many umount failures are observed.

Interestingly, in subsequent reboots, this problem is not observed.

The difference in behavior between first and subsequent reboots might be caused by the fact that during first reboot alon ...

I'm currently developing a NodeJS application that I want to deploy in Elastic Beanstalk (EBS). To isolate & secure my cloud resources I'm using VPCs where I deploy the EBS app and also my databases. I'm using an application load balancer to route the traffic to the EC2 instance(s). I already managed to get everything working meaning that the app can communicate with the database inside the VPC and  ...