Latest Server related questions

I have a server on my network which I want to expose to external SSH connections. I can ssh directly to the device from my network (e.g. ssh 192.168.88.162 works fine). I have a NAT rule set up so that connections to 17722 reroute to 22. However this fails:

PS C:\Users\Me> ssh -vvv -i .\.ssh\id_rsa -p 17722 me@160.119.XXX.XXX
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug1: Reading configuration data  ...

On OpenBSD 6.9 I tried to install an IPSec (IPv4, IKEv2, ESP, tunnel) network-to-network gateway to communicate with a Palo Alto gateway (which I do not control).

ikectl show sa leads me to believe that the SA has been set up.

When I try to ping a host behind the tunnel, I get ping: sendmsg: Message too long. The enc0 device shows an mtu of 0. Trying to set the mtu to a different value ifconfig en ...

I have asked for a service account from the AD guys that will let me use a specific server as an SSH jumphost (using ProxyJump), and of course I've set up an SSH private key for the purpose. The jumphost itself is running SSSD to authenticate users against the AD.

However, I have been warned that if the AD LastLoginTimeStamp attribute on the service account gets too old, the account will be purge ...

I've configured Varnish to use a file storage. Varnish seems to be working, but the cache seems to be a fraction of the size I've specified and the file I've specified for the storage does not seem to have been created.

I've been running service varnish reload to restart the service after making config changes. Is that sufficient?

Running varnishstatus shows an ever-increasing MAIN.n_lru_nuked value, ...

currently I'm deploying a virtualized system and having a problem with forwarding of an udp port. I tried many tutorials, but something must be wrong and I don't know why the connection is refused all the time. Firewall is disabled on all used machines.

My setup is the following:

I have a debian server with kvm, that hosts 2 VMs.

VM1 192.168.122.215/24 at enp1s0 (ubuntu 18.04) VM2 192.168.122.104/24 at ...

I am using an HTTP API Gateway with {proxy+} route, $default stage and ANY method with IAM Authorization. Before activating IAM Authorization the API responds to every request and to none after activation as expected

However, after adding an IAM policy to an EC2 instance that allows the instance to call the API, it still returns { message: 'Forbidden' }

The policy I am using (as specified by the do ...

On our k8s cluster we use NGINX Ingress Controller to request the clients (web-browsers) to provide a client certificate. If the certificate is valid, the request ist proxied to a full-blown Apache Server inside the private network.

The nginx <> Apache communication is not TLS encrypted. Using the Option 'nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true"' on the ngni ...

A week ago, some images in my website home page started returning a 500 error. More concretely, every image in the /img/cms/ folder whose name starts with an x results in a 500 error only when requested from a browser (tested with several browsers in different OSs). Files are accesible with wget and ftp. Permissions are 0644 which looks right.

Every other file in that folder can be accessed with no pr ...

I have created the user with a home directory inside another user's home directory(i.e. /home/cpaneluser/pulic_html/testuser). But when I am trying to SSH login with the newly created user. it's showing below message

Notes:

1. Server OS is centOS 7 with Cpanel
2. an intention is to allow non-Cpanel user to login to their home directory and set permission for Cpanel user to run the website(setfacl)

Could no ...

Context

I have a server setup which looks like this:

• An Apache server is listening for example.com;
• Public port 80 is redirected to 443;
• Public port 443 is forwarded to a Symfony project;
• On the same machine, there is a local API server written in Rust, which is listening to http://127.0.0.1:8030 (no SSL/TLS support);
• The local API is able to respond some sensitive data, like JWT authentication tokens ...

So I do know that by default when we mount; the user/group ownership is set to uid=0=gid when belongs to the root and I read that in the mount man page.

The weird thing is I am mounting an NFS share in /oradata which is a directory that I have created as follows:

[root@sandbox ~]# mkdir /oradata
[root@sandbox ~]# chown oradata:oinstall /oradata

Then am doing the NFS mount:

[root@sandbox ~]# mount -t nfs ...

I created a gre tunnel to a ip that's doing multicast broadcasting.

I look at tcpdump and I see that there are two messages that keep repeating

PIMv2 98 bytes long Info Hello
IGMPv2 72 bytes long Info Membership Query, General

I think the tunnel is correctly setup, how do I join so that I can start getting the broadcast messages?

I recently upgraded from Apache 2.2 to 2.4 (I know, I'm slow to upgrade, don't hate me). I have the following virtual host:

<VirtualHost _default_:30000>
    DocumentRoot /opt/phpmyadmin
    ErrorLog ${APACHE_LOG_DIR}/error.log

    <Directory /opt/phpmyadmin>
        Options -Indexes +IncludesNOEXEC +FollowSymLinks
        Require all granted
    </Directory>
    SSLEngine on
    ...

There is a virtual machine located at a machine, which I access through VMware vSphere Client.

• it has only 200 GB HDD which is quite a bit.
• it's connected to a domain and a lot of users are using it with domain accounts.
• it has old snapshots, because of licenses, which I cannot delete.

The issue is how do I extend that C: drive from 200 GB to something bigger by knowing that I cannot remove all the ...

We are hosting some VMs that are virtualized with Hyper-V. For these we have set up replication which works fine in the beginning but starts to fail pretty soon.

The error it shows when looking at the replication status is: "Last successful replication for virtual machine 'xxx' has been delayed. Delay has exceeded the defined critical limit. Replication might be encountering problems."

We are also n ...