Latest Server related questions

I know that domain authentication is required to get a certificate for HTTPS. But I really don't know why this is needed. Can't you just give a certificate without domain verification? What happens if I just give the certificate? Are there any concerns?

I searched the website, but couldn't find a satisfactory answer. I'm very curious about that part.

I have instances configured with cloudwatch agent which daily pull the config from AWS SSM parameter store. From https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/create-cloudwatch-agent-configuration-file-wizard.html

The default setting sends disk metric for all partitions

which aren't much of use since I'm only ever interested in disk usage/inode usage for the root(/) parition. How ca ...

So here is the situation. I have an IOT device running a Digital Signage system. I am trying to set it up so that it hosts it's own WIFI network and a user can connect to that WIFI, enter an http address on their device and be routed to a Webserver that the IOT device is running. It is important to note that this IOT Device itself is not connected to the internet.

This works fine up until someone ...

I am trying to achieve the followings on my OpenBSD 6.9 servers:

1. Forbidding the use of all keys but the ssh-ed25519 one on both SERVER and CLIENT sides.
2. Limiting ssh-keygen -A to generate keys only by the authorised ssh-ed25519 algorithm and nothing else.

In order to achieve these, I have added the following lines to my sshd_config:

HostKey /etc/ssh/ssh_host_ed25519_key
CASignatureAlgorithms ssh-ed2551 ...

I have a user service which is placed under /home/<user>/.config/systemd/user/<service>.service

When I perform systemctl --user status <service> I have the desired output, for example:

<user>@<server>:~$ systemctl --user status <service>
● <service>.service - Service
     Loaded: loaded (/home/<user>/.config/systemd/user/<service>.service; enabled; v ...

I have a config map like this:

apiVersion: v1
kind: ConfigMap
metadata:
  name: database-configmap
data:
  config: |
   dbport=5432
   dcname=
   dbssl=false
   locktime=300
   domainuser=
   conntype=ON-PREM
   dbinstance=
   dbpwd=VrjvBguQB7+FHIwBKV
   iisport=80
   docountupgrade=false
   doreportupgrade=false
   dbname=testdatabase
   martuseiis=false
   dbtype=POSTGRESQL
   dbusername=postgres ...

We have F5 Networks SSL VPN setup and added some internal websites in F5 portal. One website works good, but the other one has session problem.

When I sign in to F5 portal, from there I go to internal website (which F5 redirects) 1, then I can sign in into that website with X user, but then when I want to sign in with other user, it stills signs me in with X user not matter what user you write. Eve ...

I've set up https on our Azure DevOps Server 2020.0.1 and want IIS to serve the website over http/2. When browsing the website with a Chromium based browser (Chrome, Edge) all content is served over http/1.1. When browsing with Firefox static content of the website is served over http/2 and api generated content is served over http/1.1.

I want that all content in all mentioned browsers is served ove ...

I setting a mission on schedule, and I choose administrator to run and setting "when loggin EC2" or "when ec2 start up", but they are doesn't work in every morning, it will close at midnight and start at 9:00 am, when I connect to EC2 in the morning, I see they are not working.

How to make it auto run?

site.yml:

---
- hosts: localhost
  connection: local
  post_tasks:
    - name: "List dir"
      tags: always
      shell: "ls -la"
      register: logs_result
    - debug:
        var: logs_result.stdout_lines

Running it:

ansible-playbook -t abc site.yml

Can't see the output. How to make debug always work regardless of the tag?

The essence of this vulnerability is that if you perform a shadow copy of your important files with hashed passwords for all OS accounts, encryption key data, and other important information (the files stored in SAM, SECURITY and SYSTEM) - you will be able to read them immediately with standard user rights.

Whereas in a standard situation, after performing a shadow copy, you can’t read the specif ...

I'm trying to limit download and upload speed of each wireguard peer to 512kbit.

The problem is that my following commands, only limits download bandwidth of peer and doesn't limit upload bandwidth. Any help would be appreciated.

tc rules for example peer with ip 10.7.0.2 and iptables mark 12:

tc qdisc add dev eth0 root handle 1: htb
tc qdisc add dev wg0 root handle 1: htb

tc class add dev eth0 pare ...

Acording what I read, rsyslog is usually used to process logs and send them to another locations, either local (external storage, specific partition, etc.) or remote (logging server, for example). However I'm trying to configure rsyslog to store the logs in an external storage device (SD card) but I'm having problems with the sdhci driver in the kernel. First you have here the rsyslog configurati ...

I have a DNS zone hosted on Google Cloud DNS with records similar to:

(assume the zone is example.com, and there are SOA and NS records for the zone root):

example.com          A       10.20.30.40      # <- points to some real IP address
*.example.com        CNAME   example.com      # everything else is a CNAME to example.com
*.sub1.example.com   CNAME   example.com
*.sub2.example.com   CNAME    ...

As stated in the title, we are having a problem with our Cassandra cluster. There are 9 nodes with a replication factor of 3 using NetworkTopologyStrategy. All in the same DC and Rack. Cassandra version is 3.11.4 (planning to move on 3.11.10). Instances have 4 CPU and 32 GB RAM. (planning to move on 8 CPU)

Whenever we try to run repair on our cluster (using Cassandra Reaper on one of our nodes), we lose  ...