Latest Server related questions

I was using a letsencrypt certificate for the https connection, but now the DST root CA X3 is getting expired and they added a new path to the root ISRG X1, which is not a trusted root for the IoT device that I'm using. So I need to change the root certificate in my server to a new one. Can anyone help me with a solution on how the new certificate can be added along with the existing one or without the  ...

We have an environment with a web server running nginx, this has 4 virtual hosts (2 of them are the ones running in production, and the others 2 are for testing). We run php-fpm and all that nginx cache thing. Now, i have two questions:

• How do i manage to only have the cache running for production and no for testing virtual hosts?
• And, every time a new thing is incorporated to production, devs have to ...

I have a question.

Currently, this OS is Windows Server 2019. The volume configuration is Raid-5. The two servers are connected by a heartbeat network Both nodes were mirrored using WinDRBD. Both nodes have the same configuration. I left unformatted G: and set D: to be visible to the primary node.

my resource are below

include "global_common.conf";

resource "foo" {
    protocol    A;

    net {
         ...

I am trying to run google cloud python sdk from inside a k8 pod, running on google compute engine. There is a service account attached to the VM, which is giving it access to the secrets manager. I am able to access secrets manager from the host, however running the python sdk from k8 pod complains of not able to access the metadata service

>>> secret_id = 'unskript_test'
>>> name ...

Here is the problem. I have a Linux server. This server has a lot of people who need to log into it through the web server; currently authenticated by LDAP. However, I would like to allow some of the users to be able to log in locally and, more importantly, some of the users in LDAP that belong to the "administrators" LDAP group to be able to log in through ssh and be able to run commands as if they wer ...

I have an application that was working fine in IIS 8.5 which used this setting in the web.config file for a client certificate login (smartcard) for a path. I had to migrate this application to IIS 10.0 and everything is working except the application does not prompt for the certificate and just simply throws an error in the code that there is no certificate.

I have double checked and triple chec ...

I have Centos 7.9 server running with Apache and Git, however if I do a

[root@a]# git status
fatal: Out of memory? mmap failed: Permission denied

But if Disable or Permissive the SE-Linux via below commands it start working fine.

setenforce Permissive

Any idea on how to fix this issue permanently with SELinux enabled?

Audit log says

node=a type=PROCTITLE msg=audit(1630636505.296:37076): proctitle= ...

We are moving away from using VMWare over to Windows Failover Cluster (version 2019) to host our company services. I have successfully configured WFC and have a few Virtual-Machine roles running along with the File-Server role and DHCP-Server role. Next is to get our SQL server instances (also version 2019) setup and I am posed with an architectural question.

Is it acceptable to install SQL serve ...

I have 4 CentOS 7 boxes with SuperMico 10000BaseT NICs plugged into a Netgear ProSafe XS712T switch with Cat8 cables. Switch is all default settings, but shows NICs at 10G Full. NICs are configured:

[root@VH11 ~]# ethtool ens1f0
Settings for ens1f0:
        Supported ports: [ TP ]
        Supported link modes:   100baseT/Full
                                1000baseT/Full
                         ...

I'm using GCP and have set up the GCP Cloud Console Android to notify me of errors and alerts. But my phone is on silent/vibrate most of the time and I miss alerts. Is there a way to get the GCP Cloud Console Android app to always notify me at full volume?

(My previous experience is with PagerDuty. Their Android app will ring loudly even if my phone is on silent/vibrate. I see that GCP has an ...

TDLR: I have a Catch 22 where, depending on permissions on the user's home directory, I can get the SSH authentication to work, or the user directory constraints, but not both.

BTW, I really want to roll my own SFTP server. Please don't recommend I try AWS Transfer service or something alternative. Thanks.

Here is relevant (changed from default) content in /etc/ssh/sshd_config:

Subsystem sftp internal-sf ...

I am trying to create an OpenVPN server cluster that can autoscale, I have found a lot of information online on how to create such a network.

As far as I understand, you basically use a round-robin DNS, and few OpenVPN servers, the clients simply connect to the DNS and are assigned one of the OpenVPN servers to connect to.

However, my setup requires that all clients will be visible to each other, so ...

My question is: How do I set up a bastion host for ssh on AWS using an ubuntu instance?

I can do the following with success:

root@e183d80cdabc# ssh -J ubuntu@63.33.206.201 ubuntu@10.240.0.20
Last login: Sat Sep  4 13:14:17 2021 from 10.240.0.30
==> SUCCESS! ==> ubuntu@ip-10-240-0-20:~$

But it fails when I try the ~/.ssh/config file approach. Commands used:

# ssh 10.240.0.20
# ssh ubuntu@10.240.0. ...

I am running multiple VMs in Azure. VMs are running in a subnet with NSG. NICs do not use NSGs, we do not use accelerated networking.

I notice that when a VM talks to another VM of the same subnet using TCP, the MSS value in the SYN packets is reduced by 42. That means if I send a TCP SYN with MSS=876 to another VM of the same network, the other VM will capture a TCP SYN with MSS=834:

Client:

18:49:27.52 ...

Setup:

• approx. 1000 windows 10 machines in 4 countries (AD)
• approx. 10% of the users tend to keep PCs running for > 1 week without reboot -> something i consider an issue (i.e. because of Windows Updates for example)

Target:

• ensure machines gets rebooted after an uptime of > x days
• ensure user gets notified X hours before forced shutdown
• ensure user gets notified Y minutes before forced shutdo ...