Latest Server related questions

I need to allow my trafic just from my country. How can I do it? I know that I can create a rule specifying the IP range, but there are more than 1600 IP ranges to add. Is there any "easy" way?

Ultimately, I am trying to configure an ocsp server on ubuntu 20.4, but I cannot even verify any certs issued by my intermediate CA yet.

I have configured a ca-root called ca-root.mydomain.org. I also have configured a intermediate ca called ca-sub.mydomain.org. Finally, there is my future ocsp server, ocsp-server.mydomain.org.

First, I make a self-signed cert ca_root_cert_file. Then I have the ca-r ...

I'm trying to set up a CNAME DNS entry:

start.*.example.com

That matches the following domain names:

start.a.b.c.example.com
start.a.example.com

Is this possible? My current tests are failing with networksolutions.com.

It was previously working as an A record wildcard (*.exmaple.com) - but I would like it to work as a CNAME.

Today I had an email of OVH saying my server was hacked (it was nothing more than a wordpress plugin of a client messing around) but it ended with my server forced to Rescue Mode and I'm not able to boot normally anymore.

My server has 2 disks:

Disk /dev/nvme1n1: 1920.4 GB, 1920383410176 bytes, 3750748848 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512  ...

I have a docker-compose.yml file which runs a couple of Apache web applications. I have a HAProxy acting as a reverse proxy for the web apps also running inside the container environment. I've exposed the HAProxy port with the directive

ports:
  - 80:80

The web apps, proxy and networking are exactly similar to the setup as described in http://www.inanzzz.com/index.php/post/w14j/creating-a-single-haproxy- ...

I'm working on a personal project with some friends and it is becoming quite large, so I'm considering to self-host a GitLab instance to help preventing the development to go to complete chaos. However, I discovered that GitLab's privacy policy allows GitLab to gather some data from its users and share them with third parties and I'm not OK with that, but it isn't clear if that applies to "Self-managed" ...

am trying to create a GKE job by following the instructions in the official documentation.

I am doing it though via Cloud Shell. I have created the yaml file, however when I run the command:

kubectl apply -f config.yaml

I am getting the following error:

Unable to connect to the server: context deadline exceeded

What is the problem and what exactly is a context deadline?

I have made sure to enable the  ...

Is it possible to set the default "PROT P" statement in vsftpd to use implicit FTPS? I'm using the sim module, but it doesn't allow me to send this command. However, vsftpd requires it, or it will throw an error "522 data connections must be encrypted".

I have to showcase a grafana dashboard to a group of familiar strangers. There is no VPN. Screencast is not interactive enough.

My idea is to set up a single linux user 'demo-user' and share the password for this user with the group. From there, everyone can create a port forward from their machine, to port 3000 on my machine.

The result would be +-50 machines running ssh -L 3000:grafana-server.example. ...

I want to have a way that I can automatically (or on-demand) create a Web App and database table using a WebDeploy package in Azure. It ends up being a data-driven ASP.NET website application.

What's the most current way (and/or easiest) way to do that these days? Are there any open-source or commercial solutions out there that can make the development of this faster?

I'm also interested in being  ...

I have installed lighttpd and added script.fcgi to /var/www/html/ with chown and chmod and edited etc/lighttpd/lighttpd.conf like mentioned below and got:

2021-06-09 22:05:27: server.c.1513) server started (lighttpd/1.4.59) 2021-06-09 22:05:27: gw_backend.c.475) unlink /tmp/script.sock-0 after connect failed: Connection refused 2021-06-09 22:05:27: gw_backend.c.325) child exited: 127 unix:/tmp/script.so ...

I am running Postfix 3.3.0 on a host which acts as a mail server for a development environment. It therefore captures all mail as if it were local. But in order to make accessing the mails it has received a bit easier, it splits these into mailboxes based on the FROM address.

Formerly I was using:

smtpd_sender_restrictions = hash:/etc/postfix/sender_access

which worked exactly as intended. However this o ...

Our business has multiple DNS servers that are AD-integrated. Our main server is WS 2003r2 (soon to be retired) and has AD, DNS, and DHCP. I believe that it is our only DHCP server. The last time we had to restart this server, the entire company lost access to internet and internal resources until it came back online.

According to the DNS records, all of the active DNS servers are listed as Name  ...

#!/bin/bash

sudo /.../my-letsencrypt-clone/letsencrypt-auto certonly -v -t --webroot \
   -w /var/www/web1/ -d www.domain1.com -d domain1.com -d subdomain.domain1.com \
   -w /var/www/web2/ -d web2.com \
   -w /var/www/web3/ -d www.web3.com -d web3.com

# A couple of extra commands to move the renewed cert (in `/etc/letsencrypt/live/`) to 
# /etc/ssl/private/mycertfolder

sudo service apache2 rest ...

I have an openldap server I set up on cent os 7. I blended it to work with all my other VMs that mount a nfs mount from a nfs server for their /home.

I just figured out that if I create a new ldap user, and try to log into some VM it lets me login but states how it cannot create /home/user and is unable to chngdir to it.

But I also learned if I first ssh user@mynfsserver It logs in, creates the app ...

Is there a command that I can issue that will tell me if the current set of config files for dovecot are valid or if there's an issue?

I just made a change to my dovecot config files. Before attempting to restart the service, I just want to do a quick sanity check to confirm if I made a fat-finger mistake or not.

I'm looking for the dovecot equivalent of any of the following:

nginx -t
apachectl -t
postfi ...