Latest Server related questions

Ubuntu Linux 22.04.2
Samba version 4.15.13-Ubuntu

I am using the default installation of Samba on Ubuntu.

I added this to /etc/samba/smb.conf

[www]
browseable = yes
printable = no
comment = Web Root Dir
create mode = 0644
directory mode = 0775
path = /var/www/html
writeable = yes
valid users = @www-data

Also there is this line active in the settings:

unix password sync = Yes

After this I rest ...

When I try to use cgexec, I get the error message "cgroup change of group failed".

This is how I'm setting up:

CGROUPS_DIR='/sys/fs/cgroup'
createdGroup_dir="$CGROUPS_DIR/createdGroup"

if ! [ -d "$createdGroup_dir" ]; then

    mkdir -p "$createdGroup_dir"/leaf

    echo +cpu +cpuset +io +memory +pids > "$createdGroup_dir"/cgroup.subtree_control

    echo 3G > "$createdGroup_dir"/memory.high
   ...

I have 2 prometheuses, both are with forward-auth via the oauth2-proxy, which have the same client credentials in a single keycloak. I would like one prometheus to federate the other one. This is my config snippet for authentication in prometheus.yml

    oauth2:
      client_id: "oauth-proxy"
      client_secret: "XXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
      token_url: "https://keycloak.mydomain.tld/realms ...

I have been experiencing a persistent issue with CORS preflight requests when trying to use AWS API Gateway and Lambda function for sending emails from my website's contact form. Despite following best practices for configuring CORS settings in API Gateway and Lambda, I continue to receive "CORS preflight did not succeed" and "CORS header ‘Access-Control-Allow-Origin’ missing" errors.

Here is ...

I am using dataplane api to dynamically add/remove backend servers. I was expecting haproxy stats to update accordingly with new haproxy config version generated by dataplane API. Am i missing something here? Please advice. Below is dataplane config used in haproxy -

  host = "0.0.0.0"
  port = 5555

  user "randomuser" {
    insecure = true
    password = "randompass"
  }

  transaction {
    tran ...

We have an Ubuntu Server running as a Reverse Proxy (Apache) for all our Servers, which are hosted in Azure.

Every month or so (not regular), the Proxy server stops processing requests, and all of our sites stop communicating with the outside world.

Restarting the Server immediately fixes the issue.

We have checked

• CPU
• Memory (RAM)
• Network volume

And none of these seem to be contributing to these  ...

Is there a way to reorder the output filters for Apache 2.4? I am forced to use something like this because DEFLATE runs before SUBSTITUTE:

AddOutputFilterByType INFLATE;SUBSTITUTE;DEFLATE text/html

(From https://serverfault.com/a/844192/193130)

Seems very inefficient to have to inflate, then deflate again.

I have a website that is reachable on the internet and also on a local network. On the local network, pinging the server name produces a different IP address than I get when I ping it from the open internet.

I'm having a situation where the website is served with a different SSL certificate depending on where the client browser is seeing the site from. Both server certificates are visible when I ...

Can nginx be configured to send zero response data and immediately close the connection? I'm trying to avoid sending absolutely any outbound data for a certain class of inbound connections.

I found a possible solution here https://stackoverflow.com/a/17010681/68788 from a number of years back:

location /ip/ {
    keepalive_timeout 0;
}

But I don't know if keepalive_timeout 0; will keep nginx from s ...

We have a number of VMs (VMware ESXi) running Ubuntu. As a result of the installation time 'feature' which only allocates half the amount of the requested space, we have a lot of wasted/unallocated space. For example, a 100Gb volume as seen by the OS is taking 200Gb in ESXi.

There are lots of articles describing how to correct this by extending the OS volume to take the full 200Gb - but I'd like  ...

I have an internal .NET 7 web application that uses an MSSQL database hosted on Amazon RDS.

I have a requirement to create a linked server to query data from a separate ServiceNow DB instance.

The only way I can see to do this is:

• Install a new instance of MSSQL/SQLExpress on a Windows Server.
• Install the ServiceNow ODBC driver on the same Windows Server and configure a System DSN to point to my s ...

I have the following exports

/exports/nfs            192.168.1.0/24(fsid=1234,sec=krb5p,rw,no_subtree_check,root_squash,crossmnt,async)
/exports/share          192.168.1.0/24(fsid=2345,ro,no_subtree_check,all_squash,crossmnt,insecure)

Both of these shares have the same directory bind mounted with in them

mount --bind /mnt/bin /exports/nfs/bin
mount --bind /mnt/bin /exports/share/bin

My goal is to ex ...

I changed my name servers for the domain mmaiato.com from the default GoDaddy name servers to custom NS records as part of my web hosting requirements.

I did not ask for a change of registrar. I did not ask for a change of SOA. Why cant I manage my DNS zone at GoDaddy after changing NS records?

This is a Mint 21.1 x64 Linux system, which has over the years had disks added to RAID arrays until we now have one array of 10 3TB and one array of 5 6TB. Four HDs dropped out of the arrays, two from each, apparently as a result of one controller failing. We've replaced controllers, but that has not restored the arrays to function. mdadm --assemble reports unable to start either array, insufficient  ...

I am in the process of setting up an Apache web server to host a few hundred sites. The sites will be nearly identical in configuration with the exception of some site specific information (Server name, Document Root, Directory, Log path).

I was hoping to define variables in each site's conf file and then include a file with the site settings.

For example, I would like to have a config file called  ...

I stumbled upon a tricky situation: I read on the Docker Alpine main page that the image is getting updated every month for minor versions/security fixes. Packages with CVE are not updated for the stable version (v3.17.*) but are on the edge version.

I know that there is the possibility to update a package by specifying the release version like apk add git --repository=https://dl-cdn.alpinelinux.org/al ...

According to net, sched: add clsact qdisc you add filter on ingress and egress after adding clsact,e.g.

 ➜  tc qdisc add dev foo clsact
 ➜  tc qdisc show dev foo
 ➜  tc filter add dev foo ingress bpf da obj bar.o sec ingress
 ➜  tc filter add dev foo egress  bpf da obj bar.o sec egress
 ➜  tc filter show dev foo ingress
 filter protocol all pref 49152 bpf
 filter protocol all pref 49152  ...

We recently had a few VM's provisioned but I didn't realize firewall settings were baked into the local policies, see below. These are Windows 2019 instances. A lot of the rules set are for services we're not using, or for servers we don't interact with.

On this specific server I'd prefer to manage firewall rules/permission by manually setting them on the local firewall of the server. I know this can be ...

If I have installed Google kubernetes autopilot cluster and didn't install anything on it, will I be charged?

Here

https://cloud.google.com/kubernetes-engine/docs/concepts/autopilot-overview

is a statement

You only pay for the CPU, memory, and storage that your workloads request while running on GKE Autopilot.

On the other hand, it is hard to believe, that it will allocate nodes for me, but doesn't  ...

I am unable to get the poller added to view interface details using SNMPv3 on Solarwinds. I am using the following pollers:

'N.Status.ICMP.Native': True,
'N.Status.SNMP.Native': False,
'N.ResponseTime.ICMP.Native': True,
'N.ResponseTime.SNMP.Native': False,
'N.Details.SNMP.Generic': True,
'N.Uptime.SNMP.Generic': True,
'N.Cpu.SNMP.HrProcessorLoad': True,
'N.Memory.SNMP.NetSnmpReal': True,
'N.AssetI ...

The ability to attach Synology volumes has for some reason stopped working. This was working, but after the latest zed update from Ubuntu appears to have stopped working. Running Openstack Zed on Ubuntu 22.04. I am able to create volumes, but it appears Nova will not attach the volumes. I can see in the Synology Logs that the volume LUN has been created, that a target is mapped and attached to the LUN ...

Is there any way with Azure Application Proxy to unprotect certain signup or "guest" pages in your application?

I have:

1. a Spring Boot application running on Windows on 8080 and
2. a service running in the Docker container within the WSL2 Ubuntu, and

I'm loking how to enable the Windows host's 8080 to this service?

The limitation is that the service is part of the development setup and is built with the docker-compose, so the solution should be IP-independent or fully (maximally) automated.

The application is rea ...

I have a working Freeradius authenticating WiFi users (windows,mac,linux,ios,android) with WPA2 enterprise using samba AD DC for user directory.

I want to move to WPA3 Enterprise but I am not sure if this can be done at all.

I am trying to figure out if it is theoretically possible to support WPA3 enterprise with Freeradius and Samba AD DC to authenticate clients with username/password from AD?

Apache 2.4, using mod_session{,_dbd,_crypto}.
Something (SessionDBDCookieName?) adds Set-Cookie to most/all responses.

I can Header (always) unset in LocationMatch, to remove Set-Cookie on anything but / :

  <LocationMatch "^/.+">
    Header        unset "Set-Cookie"
    Header always unset "Set-Cookie"
  </LocationMatch>

But can't for the life of me unset Set-Cookie header on non-200  ...

I am using 5.7.37-log MySQL Community Server. my mysqld.cnf looks below:

server_id = 11
log_bin = bin.log
log-bin-index = bin-log.index
binlog_format = row
max_binlog_size = 100M
socket = mysql.sock
expire_logs_days = 1

when i check my logs they keep on growing though i mention them to get expire in 1 day. using expire_logs_days.

With this above config, can i expect the logs be removed automatically or s ...

I am trying to get Apache (2.4.41, Ubuntu) to work with SSL and am not having luck. Whenever I visit the site in my browser, I get the error "This site can't be reached: my-domain took too long to respond."

I have a valid certificate and key, though I am not entirely sure which variant to use. I have tried several (both with chain and without) and can't seem to get it to work.

Here are the cert vers ...

I have a ACR122 Smartcard reader I am attempting to export a PFX certificate to for password-less authentication. I have everything set up on the active directory server, but am stuck on the simplest and most frustrating issue: the driver for the actual smart card. I've tried searching the internet, using terms like, "ntag215 driver", "ntag215 driver for Windows", etc. I even tried to create my own filt ...

As of around February 2023, only when our forward web proxy solution is enabled, signing in to a Microsoft Account (personal / consumer) works fine in general (e.g., at https://login.live.com/) except for Microsoft Learn and Enterprise Skills Initiative (ESI) which doesn't recognise that the account is signed in, and attempting to sign in on the page seems to go through and work but actually doesn't, an ...

We have 6 RD Servers (2012 and 2008) and on all of them users sometimes get assigned a temporary profile.

In Eventlog we can always see Event ID 1600

Das Profil kann nicht von <domain>\files\RD_Profiles nach C:\Users kopiert werden. Es steht nicht genügend Speicherplatz auf dem Datenträger zur Verfügung.

my english translation:

profile could not be copied from <domain>\files\RD_Profiles to  ...