Latest Server related questions

I'm setting up FreeIPA servers using the ansible_freeipa collection role: ipa-server. I see there's an option for ipaserver_no_pkinit:. As far as I know it do not really need any pkinit, as I'll only use FreeIPA as a ldap server with replication.

However I'm not sure what's required in other to establish replication/failover between two IPA servers.

I set up an python environment in path \pyenv\1st\ by

cd /
mkdir pyenv
python3 -m venv /pyenv/1st

The official method to activate this environment is to type this command manually:

. /pyenv/1st/bin/activate or source /pyenv/1st/bin/activate,

which will result in (1st) in front of prompt and load corresponding python libraries.

I want to save typing and put this command in a file mypy, but sh mypy

I started fail2ban service as sudo systemctl restart fail2ban.service, it successfully started. But my ssh attempts with the wrong password from remote PCs are not blocking, There is no IP listed in Banned IP list

• It works only with fail2ban-client set sshd banip <remote_pc_IP>
• Banned IP list not updating as per maxretry attempt

/etc/fail2ban/jail.local

[DEFAULT]
default_backend = auto

[sshd]
en ...

I have installed Ubuntu in a vSphere VM and due to some error, it got the wrong IP address. I asked IT to fix the DHCP entry and they did but the VM kept getting assigned the wrong IP. I could get it the correct IP address running dhclient but this was not persistent. The solution was to add

dhcp-identifier: mac

to /etc/netplan/99-dhcp.yaml.

Can someone explain how assigning IP addresses works by d ...

This is my first year at university and This is also my first time trying to configure a server.

They want me to block some https-web. I was able to block all websites with iptables except one.

I'm using FedoraServer 37 and I would like to block access https://www.example.edu

If i try to curl it, it shows a 301 code. If I follow it with the flag -L, it works normal.

I tried to use iptables with:

I am trying to add a secondary IP to my VPN tunnel tun0 interface, however I can't seem to get any traffic to originate from the secondary IP. I'm very new to this so apologies if this is a silly question.

This is the command I am using to add the IP:

ip address add 10.11.12.13/24 dev tun0

This is my interface:

tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state  ...

I have created an on-prem Kubernetes 1.24 cluster using kubeadm in Ubuntu 18.04 as a master node. I want to add windows server 2019 as a worker node in the Kubernetes cluster.

Can we have official straightforward documentation for adding a Windows node using kubeadm for Kubernetes version 1.24?

If not then what will be the reason that Kubernetes cluster creation with Windows node documentation is no ...

I can update my bind server with nsupdate when I start my script directly from the terminal. However when I start the script it from inside openvpn then I get a time out error: Communication with 1xx.xxx.x.x#53 failed: timed out.

The key is found.

The port 53 is open for udp and tcp. In my named.conf I tried the option listen-on port 53 { any; };.

I start it from terminal with ./nsupdate-both.sh. From i ...

So, I've set up a reverse proxy for multiple domains in nginx like this:

server {
    listen 80;
    listen [::]:80;
    root /var/www/nginx;
    index index.html index.htm;
    server_name example.com example.org example.net example.nl;
    location / {
        proxy_pass http://localhost:7001/;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_ ...

I have an RDS deployment that consists of several RDS Session Hosts and several collections. Almost all collections are configured to use User profile disks, I have different file servers for storing the UPD disks. Each server has a shared folder, and inside the shared folder, a folder for each collection that uses that server.

Everything works well. From time to time, I have a problem with some  ...

I had a clean raid1 which I tried to convert to a raid5 following this procedure: https://dev.to/csgeek/converting-raid-1-to-raid-5-on-linux-file-systems-k73

After the step: mdadm --create /dev/md0 --level=5 --raid-devices=2 /dev/sdX1 /dev/sdY1 which took almost all night, I ended up with an array that seems broken.

My understanding is, that this array is incomplete (since it just consists of 2 disks) bu ...

I have created a group policy to set youtube restricted mode in Edge and Chrome on a Windows server 2022 domain controller. On my test machine (W10 Pro ENG) the policies are applied and seem to work when browsing to https://www.youtube.com/check_content_restrictions. The site reports: HTTP header restrictions are ON.

However when I add another machine to the domain (W10 Pro NL) I can see that the polic ...

I have run into an issue when combining monit with Ubuntu/Debian unattended upgrades. Monit monitors services and binaries, and flags changes, restarts processes, etc as needed. However, when a package providing a service is updated (say, nginx), a checksum check is triggered because the binary has changed, such as with this config:

check process nginx with pidfile /var/run/nginx.pid
  group www
  group  ...

I have a Galera Cluster (MariaDB 10.5) that consists of 3 nodes (one of which is Arbitrator).

Last week I have two incidents: both nodes just stopped responding and the following was found in logs:

2023-04-10 23:35:42 1 [ERROR] InnoDB: Conflicting lock on table: `DB`.`Table` index: PRIMARY that has lock                                                                                                     ...

I'm trying to setup a reverse-proxy on a debian11 with apache2 and it works but when you access the serveur on background by the reverse at the beginning you arrive on a login page in the application but nothing work, we can click on the button like "login" or "forget password" but nothing happens.

This is my configuration :

 <VirtualHost *:443>
   ServerName proxy.exemple.fr
   ServerAdmin admi ...

Using NGINX as a reverse proxy, I want to tag which load balancer/proxy the request can in on, and pass that to the end app servers...

For example, we have 2 ingress connections, using round-robin DNS to 3 load balancers,

so, connection one has 3 pubic IP's and connection two has 3 IP's. each pair points to a load balancer and they're using proxy pass upstream to send traffic to the 10 web/app serve ...

I have two clusters A (on-prem) and B (gke). Clusters are connected with VPN. There is a pod and NodePort-service on clusterA. I want to be able to talk with service/ClusterA from pod/ClusterB. VPN works fine. From Node/ClusterB I can successfully contact with service/ClusterA. Unfortunately from pod/ClusterB I can't connect with service/ClusterA. curl return: connect to port 30578 failed. As I said th ...

How can I dynamically allocate/scale CPU resources to my QEMU VM according to the workload of the VM? Would this require a script? Is it even possible to change CPU allocation at runtime?

I have a Windows guest and a Linux host.

here is example from dmesg output from important production server ( RHEL 7.2 - DELL machine HW ) as we can see the sde disk in server is dying

[Wed Jun 30 11:24:58 2021] sd 0:2:4:0: [sde] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
[Wed Jun 30 11:26:18 2021] sd 0:2:4:0: [sde] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
[Wed Jun 30 11:26:18 2021] sd 0:2:4:0: [sde] tag# ...

I am using the following .htaccess rules to redirect the url for following conditions:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteRule ^$ https://example.com/page.php [L,R=301]

1. If user enters "https://example.com", he is redirected to "https://example.com/page.php".
2. If user enters "www.example.com", he is not redirected to "https://example.com/page.php" but regular "inde ...

I'v been struggling with Nginx logging. A problem that I found out first was logrotate failure. so I've changed user to the same owner of nginx worker process which is www-data and I forced logrotate, then It suddenly stopped to log.

here's the permission

$ ls -al
total 3876
drwxrwxrwx  2 www-data adm       4096 Apr 11 01:09 .
drwxrwxr-x 10 root     syslog    4096 Apr 11 00:00 ..
-rw-r--rwx  1 www-dat ...

I thought ipv6 solves the address problems. I was under the (obviously false?) assumption that I'd get an ipv6 address assigned to my machine at home and I would be able to use if (my ISP supports ipv6).

Why does ip -6 address only show a link-local address on my box?

2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::<address>/64 scope link noprefi ...

This occurs on many systems and I expect someone has a solution for it.

The PATH environment variable is a major part of security issues. For sanity's sake, the path portion of the .zshrc looks like:

# Set Path
PATH_RUBY="/usr/local/opt/ruby/bin:/usr/local/lib/ruby/gems/3..0/bin"
PATH_TREESITTER="$HOME/p/na/ts/tree_sitter_na/node_modules/.bin"
PATH_CONDA="/usr/local/anaconda3/bin"
PATH_CARGO=".car ...

I have an Azure log analytics workspace. This instance is connected via Diagnostic Settings log of a resource this workspace. However, data just doesnt arrive even several days later. I have other resources that successfully pipe data into this LAW.

Initially I felt it was a problem with the LAW, so I created a new LAW and wired the resource to it. Still no logs (or even tables for that matter).

I n ...

Got 4 debian boxes, all suddenly not resolving mdns ip4 queries. On the contrary MacOS seems to resolve these queries just fine.

I can do avahi-resolve --name hostname.local and get the result 'Timeout reached'

Odly enough I can see in wireshark that the mdns queries are leaving with the responses returning i.e

User Datagram Protocol, Src Port: 18189, Dst Port: 5353
Multicast Domain Name System (respo ...

Ever since changing to Windows 11 we have some workstations that now and then try to connect via smart card, but we don't use smart cards.

The event occurs with the computer's account, not a user's account, which is also interesting.

Event ID: AUDIT_FAILURE(4771)
Domain: [Domain/Server]
SID: [sid]
Account Name: [computer account (not user account)]
Service Name: krbtgt/[domain]
Client Address:  ...

I occasionally experience massive performance issues accessing one of my systems via network (internet). I tried to narrow down the cause of the issue, actually made some progress, but I fail to proceed since I simply do not have much knowledge about low level network technology. Which is why I could use some help here, ideas, hints ...

The system is a private VPS (operated by a service provider  ...

I am trying to create a proxy on my Apache2 server, but it returns a 404 page not found

Basically I am using it as an intermediary for the creation of an API, within my Linux server I make requests and it responds correctly, but already using the Proxy it responds with a 404 page not found

I put an example of how I am creating the Proxy

<Location /consulta> 
ProxyPass "my:url.api" 
ProxyPassRev ...

I have three brokers: one central and two outliers. The central broker is set to persist messages and has bridge connections with QoS 2 to the two outlying brokers.

However, I am finding that if one of the outliers goes offline for some reason and the bridge breaks, the central broker does not attempt to re-establish the broken bridge.

An example of the bridge connection config:

connection <redacted&g ...

Our company uses Windows 11 Pro, We currently have it so that nothing can be downloaded from Microsoft store via the GPO

Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update

Do not connect to any Windows Update Internet locations

The fear is that by disabling the above GPO, we will open ourselves to systems updating via Microsoft Servers  ...