Latest Server related questions

I have a NGINX listening on port 441 and SSLH listening to ports: 441(https), 442(ssh) and finally STUNNEL listening on port 443 forwarding to SSLH(port 2243).

STUNNEL config:

pid = /var/run/stunnel.pid
cert = /etc/letsencrypt/live/f1.example.com/fullchain.pem
key = /etc/letsencrypt/live/f1.example.com/privkey.pem

[sslh]
accept = 443
connect = 127.0.0.1:2243

SSLH config:

DAEMON_OPTS="--user sslh -- ...

What is the easiest way to tell varnish:

Hey Varnish processes, please clear your cache. And also please don't cache anything at all right now. I want you to just pass all requests straight to the backend for now. I'll let you know when I want you to go back to normal operation in a bit.

I'm doing some debugging and iterating on a website, but I'm tired of constantly clearing my cache with this command ...

Context: corporate network, win10 PCs. Devs frequently need simultaneous access to a remote network through PulseSecure VPN and to computers on LAN. Policymakers can't be convinced to enable split VPN.

One fragile workaround found is to use an USB->LAN dongle, register the USB appliance under VirtualBox and access LAN through VirtualBox.

Could you suggest a more robust / less overhead method?

I'm trying to configure fail2ban for 403 errors from Nginx. But for some reason my error.log file is empty and all 403 (and all 4XX, 5XX) errors are going to access.log. However, I checked my config and it looks fine.

server {
    listen 80;
    server_name example.com;

    return 301 https://$host$request_uri;
}

server {
    listen 443;
    server_name example.com;

    access_log  /var/log/ngin ...

An application on a server (Ubuntu also installed with postfix) can send out mails via SMTP.
A seperate application on the server could send out mails via SMTP, but with a different user@FQDN.
No incoming mail is meant to be managed on the server.
The SMTP service would receive mails to relay via port 465 in one instance, and port 587 in another (gmail).

What should the server's iptables configuration be ...

I am in need of creating a playbook that:

1. checks if application1 is installed - if fails then exit this host and move on to next host
2. checks if application2 is installed - if fails then exit & move onto next host
3. stopping application2 services
4. uninstall application1 - make sure application2 services are stopped before installing appliction3 - install application3 then
5. start application2 services
 ...

Say we have network addresses 10.10.10.252/30 and 10.10.255.252/30 and 10.255.255.252/30. They all have CIDR of 30.

I realize all three subnets have two usable hosts.

All three addresses have subnet mask 255.255.255.252 but different number of possible subnets. 10.255.255.252/30 has 30-8=22 bits reserved for subnets (class A). 10.10.255.252/30 has 30-16=14 bits reserved for subnets (class B). 10.10 ...

I have 2 physical Windows servers having 2 networks. One card is to access the internet and the other is for the internal network. For both servers, the internal card is assign to VLAN ID 100. Both internal card are set to Private network category.

Server A internal IP : 192.168.10.100 Server B internal IP : 192.168.10.200

After rebooting both servers, Server B cannot ping Server A using internal IP ...

I need to establish SSH connection over serial between Windows and Linux machine. I used socat on Linux side to do forwarding from uart to SSH server at localhost and it works fine.

Goal: SSH client - Windows(UART) ------------ Linux (UART) - SSH server at localhost

To test the Linux side, I used Putty on Windows side to open COM port connection to SSH server on Linux, and it works.

Now the problem is, ...

I'm working with NagiosCore to check the stats of my network's switchs (mainly S5700 (modulars and non-modulars) and S5600). Using SNMP (v2c) I'm able to get stuff defined by myself such as: DeviceName, Location, Contact, and Description of the ifaces (ports) I'm currently using, as too the status (up/down) of those mentioned ifaces.

Now I would love to also check CPU_usage, MEM_usage, Temperature

I'm trying to set up the following:

┌──────────────────┐            ┌────────────────────┐           ┌─────────┐    
│                  │            │                    │           │         │    
│      Router      │            │                    │           │Server 1  ...

When I upload the file in phpmyadmin this problem appears 413 Request Entity Too Large my configure php.ini

post_max_size = 100M
upload_max_filesize = 100M
memory_limit = 256M

I have NGINX server with FASTCGI php-fpm 127.0.0.1:9000 which php.ini is under /etc/php5/fpm/php.ini

I increased upload_max_filesize and post_max_size in php.ini

The Fastcgi params is like this

fastcgi_param PHP_VALUE "uplo ...

I am curious to know if there are any major gotchas with setting up a 'reverse hybrid' 365 deployment, where all mail flow is already in the cloud with on-prem ad sync already enabled and simply adding on-prem exchange to the mix. I have found surprisingly little discussion about this online and I was hoping to find out if there are any major concerns with doing this sort of thing.

With a private key that is only available on a laptop (alice), is there a way to use that key for authentication with gitlab from a server (bob). (Minor, I think, complication being a jump host between alice and bob.)

alice --> jump --> bob --> gitlab

The ~/.ssh/config on alice is currently:

Host *
  PKCS11Provider /usr/lib/ssh-keychain.dylib

Host jump
  HostName jump01.example.org

Host bob
   ...

I want to setup Hyper-V VMs with a shared vhdx or vhds virtual disk. I have a W10 VM that has the main file space and setup a shared folder to allow two other W10 VMs to map a drive and share the data. I suspect performance may be better is I use a shared VHD in Hyper-V. The host computer is Server 2016 Std. I can create the shared VHD but when I try to attach it to a VM, I get an error that says th ...