Latest Server related questions

I have a bastion server running openvpn on port 7777. Each openvpn client has a static ip fixed for him. I'm using iptables to define which routes a client can go.

My server also running ssh on port 22.

my first client is unique client because he has access to everywhere. His fixed ip address is 10.8.0.1. This client also can connect the SSH, using the internal machine ip, to gain ssh control on the  ...

I have 10 servers with two CPUs each and one Mellanox 100G Infiniband NIC per CPU. Each NIC is connected to a single Mellanox 36 port 100G IB switch.

My RDMA application runs as one process per NUMA node and binds to the local NIC to avoid cross CPU traffic. Each node/process needs to connect to every other node using RC mode.

The problem I ran into is, it appears the default OpenSM routing forces m ...

My router works with IPv6, I tried to open a IPv4 server but due to CGNAT no one could access my web server. I asked to some friends to test it, those without IPv6 couldn't reach it. ReqBin also could'nt reach.

I can access IPv4 servers, but I have shared public IPv4, so it's impossible to do web hosting in it.

How can I allow IPv4 users to access my IPv6 server?

I have this task in my playbook:

- name: Update instance tags
    command: oci compute instance update -c {{ compartment }} --freeform-tags {{ tag_var_json }}

According to the oracle documentation for this command, the parameter --freeform-tags accepts a json that represents the key-value pair for the tag. I need to have this json be created dynamically in the playbook itself, so prior to running  ...

I have activated Identity Aware Proxy on a GCP Load Balancer and configured it to authenticate the users against my OIDC Identity Provider (Auth0) through Google Identity Platform with a default login page hosted on Cloud Run.

When I browse my application I got redirected to the login page but then this happens:

although the document is available and publicly reachable at that URL:

I followed GCP docu ...

I want to make a script that creates a list of bounced emails on a gmail account. I know I can connect using:

openssl s_client -crlf -connect imap.gmail.com:993

I initially tried something like:

openssl s_client -crlf -connect imap.gmail.com:993 <<!
a login mymail@gmail.com Apa55w0rd
a select INBOX
a search on 4-oct-2021
!

However, all I get back is the initial response from connecting to the  ...

What are the advantages and disadvantages of using HTTP/2 or even HTTP/3 for connections between reverse proxies and backends?

I haven't really come across this and only ever see H2 and H2 deployed in front of reverse proxies and CDNs. ASFIK H2 and H3 usually (H2C is a thing, right?) require TLS which would make it unsuitable if you'd like to do TLS-termination away from the backend.

H2 could also b ...

I'm migrating a Horizon 7 environment to Horizon 8 and in the process, updating the golden image to Windows 2019, which uses V6 profiles.

What's the procedure to upgrade Mirosoft Windows V2 profiles to V6? All I can find is information about a certain vmware app to update from V2 to V5.

We have strange busy workers swing in production server in a cluster (only one of 4). At red line we restart tomcat8 and it stop swinging.

Tomcat accepts max 100 http connections and 100 jdbc connections in the pool. It seems to touch the max jdbc limit when busy workers are high. During the swing the server has bad performances.

I don't know witch direction to take :

• keepalive miss configuration ...

I have zsh configured to browse command history with prefix search. For example when I type ssh and press ↑, only my last ssh commands are being displayed.

However, when I use zsh within tmux session, it stops working. The shell goes back to ordinary history browsing, like in default sh.

Where should I look for configs that describe this interaction?

We have a Nginx+Ruby application where the data between Nginx and the application are interfaced through a socket.

As part of performance improvement, when we analyzed the netstat statistics on the application side we saw these:

    5334 packets pruned from receive queue because of socket buffer overrun
    2299951 packets collapsed in receive queue due to low socket buffer
    227365 delayed acks  ...

On an up-to-date Debian 11 server, I noticed the expired DST Root CA X3 certificate is still present:

$ grep DST /etc/ca-certificates.conf 
mozilla/DST_Root_CA_X3.crt

This certificate is expired since last week:

$ openssl x509 -in /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt  -text | grep "Not After"
            Not After : Sep 30 14:01:15 2021 GMT

I know I can disable it (prepending it wit ...

Log files for the control-plane pods don't exist in the /var/log directory. I tried to enable kube-apiserver logging to a specific file in Kubernetes (v1.20.2). I added the following keys to the kube-apiserver manifest:

spec:
  containers:
  - command:
    - kube-apiserver
...
    - --log-dir=/var/log
    - --log-file=/var/log/kube-apiserver.log
    - --logtostderr=false

But it didn't work, I still ca ...

I am trying to setup a gre tunnel on debian to receive broadcast packets.

I have the information for an interface

ip address [10.16.2.4 255.255.255.192]
tunnel source [10.16.0.2]
tunnel destination [10.16.254.1]

When I try to create the tunnel with these commands

$ sudo ip tunnel add gre0 mode gre remote 10.16.2.4 local 192.168.1.101 ttl 255
$ sudo ip link set gre0 up

The interface comes up but I do no ...

I need to set up port forwarding from my local Windows machine Port 3307 to a remote MySQL server port 3306 but accessed via 2 Linux proxy servers and a Linux web server.

I need to use Putty or plink.exe on the Windows machine to set up the connnection.

See diagram

I've found examples using Putty GUI or plink CLI to achieve similar with only 1 proxy server but not with multiple hops.

I can achieve th ...