Latest Server related questions

I created an AWS VPC and security group with the necessary outbound rules and routes to an internet gateway for IPv4 and IPv6. I created an autoscaling group, but the important part is I have an Ubuntu 22 EC2 instance that can run wget https://google.com properly:

ubuntu@ip-10-0-0-0:~$ wget https://google.com
--2023-03-20 20:43:26--  https://google.com/
Resolving google.com (google.com)... 2607:f8b0:4004: ...

I installed Devstack on a Proxmox Ubuntu 22.04 VM to provide me with my OpenStack environment. I took the defaults for the installation based on these instructions:

https://docs.openstack.org/devstack/latest/networking.html

I added a "provider" network to the OpenStack environment which was a subset of my home network address space. I also added a router that connected the built in shared network to this ...

I am using Postgres docker 14.4. I want to pass a server configuration (let's say idle_session_timeout) to the postgres docker. The doc gives an example using docker run

docker run -d --name test-db -e POSTGRES_PASSWORD=postgres postgres -c idle_session_timeout=900000

How this option can be passed in docker-compose? My docker-compose file now looks like below -

version: '3'
services:
  pgadmin:
    conta ...

I have some problem with comfiguring authentication openvpn to Active Directory with LDAPS. I don´t know, where shoud be problem, because if I use ldapsearch (with ldaps://addr_to_my_AD), evertyhing is correct.

Can you help me please?

    <LDAP>
# LDAP server URL
URL       ldap://ad.xxxxxx.eu    
# Bind DN (If your LDAP server doesn't support anonymous binds)
BindDN  [email protected]
# Bind Passwo ...

I'm trying to serve an application under two different paths

What I need is this:

http://example.com => http://service1
http://example.com/login => http://service2/login
http://example.com/signup => http://service2/signup

In other words I need to pass the subpath into a service2 so the subpage is being served into the upstream server.

Is this possible nginx ingress?

I've got a domain in the format jason-bourne.com which I use for my e-mail address with a paid e-mail provider. Now, I'm considering to use a second domain in the format jasonbourne.com as an "alias" for jason-bourne.com.

The reason is that I want to prevent confusion over whether the hyphen in the domain is correct or not (the "correct" domain is jason-bourne.com, i.e. with the hyphen).

Basically ...

I have adopted the following snippet from Visual Studio Code's documentaion to create an ssh-agent on login:

if [ -z "$SSH_AUTH_SOCK" ]; then
   # Check for a currently running instance of the agent
   RUNNING_AGENT="`ps -ax | grep 'ssh-agent -s' | grep -v grep | wc -l | tr -d '[:space:]'`"
   if [ "$RUNNING_AGENT" = "0" ]; then
        # Launch a new instance of the agent
        ssh-agent -s &a ...

On Ubuntu/Debian you can run

apt-file list nginx-core

and you will get a list of all the files that a package will deploy when installed.

How can I achieve this in RHEL with the yum command ?

The command rpm -ql is not an option because it only works with already installed packages.

--bind /home bind mounts /home, but --bind /sys/kernel/debug only leads to an empty directory. Any other options needed? Thank you!

We have several servers running in AWS that send emails through SES. The number of emails sent is very low, usually fewer than 10 per day across all servers.

Recently, we were informed that our bounce rate has crossed the 10% threshold, putting our account into review. This was caused by a couple employee email addresses being disabled. Some of our older servers were sending automated report emai ...

I need to set up a local connection between my Windows 11 PC and an external device (IP 10.0.0.10), with jumbo frames enabled (MTU 9000). The end goal on my PC is to connect to the remote device from WSL2, which currently works but has the same MTU issues.

At the end of the post, I put the steps I followed to set the MTU.

However, I still cannot ping my device with a large packet size. The strange t ...

When listing the NAT rules, are the packets and byte counters reporting only inbound packets, or inbound and outbound packets?

I am trying to determine how many TCP connections were made. A connection (session) has 5 packets sent (by the client), but a variable number of packets received.

Command: iptables -t nat -v -L

Output:

 pkts bytes target     prot opt in     out     source               destinatio ...

I'm trying to install some of the packages on Debian VM which is connected to another Debian machine (router). On the router default policy for FORWARD chain is DROP. I added rules for http(80), https(443), ftp(21), ftp-data(20) to ACCEPT but I cannot install anything.

SC: IPTables configuration on router

Default policies on first machine are ACCEPT. When default policy on router is ACCEPT I can r ...

I have been working with a device that sends heavy TCP/IP traffic.

I'm trying to capture those packets in my Linux machine (Ubuntu 22.04.2 LTS) with Python programming language.

But, most of the time the sent packets are not received correctly from the OS.

I can see some of those packets are correctly re-assembled by the OS but not most of them.

I can clearly see the from Wireshark.

Below are the u ...

I'm trying to configure nsswitch to use sudoers: files sss which is default for rhel9 system, however this does not work for me, but the following sudoers: files ldap does indeed work.

What am I missing for SSSD to work?

I can successfully log into instances using my account, however I'm not allowed to use sudo even tho sudoCommand: ALL

$ ldapsearch -H ldap://ipa.example.com -b ou=sudoers,dc=example,dc=co ...

I'm using an application load balancer with the target group of two instances. In the target group, I have enabled application based cookie. However whenever I test the load balancer, it keeps switching to both instances. (I have put IP address on each instance, so I can see that it's going to both instances). Shouldn't it go to the same instance every time? How can I fix that?

Here's how I have se ...

Apple macOS is licensed for virtualization only if running on Apple hardware. VMWare ESXi 7.0 Update 3 has support for Apple's 2018 Intel (Macmini8,1). This works well. However, I need to roll around a cart with a 4k monitor because VMWare ESXi apparently will only output 4k 2160p (the native resolution) to the monitor.

We presently have several of these Macs on an HDMI KVM with Keyboard (USB) su ...

Our business uses an application with our EMR system in which they upload PDF documents into a third party EMR. We basically are outsourced healthcare and then upload documents from our EMR to another EMR being used at the facility.

Recently, we noticed that a lot of uploads are failing and we contacted our EMR support. They said months ago they use 3-legged OAuth in order to upload these docu ...

This worked in procmail, but it seems procmail was abandoned in Sept 2001. I had a rule that would sense when utf-8 was used in the 'To:' header to write my name using emoji or non-Latin characters. When I try the same in Dovecot's Sieve implementation "Pigeonhole", I am frustrated because it seems to discard some of the data.

ref. Sieve rules in RFC5228
ref. Dovecot Pigeonhole implementation

What I  ...

I would like to launch dynamic Wordpress instance i.e. "on demand" when a user want to test Wordpress (Wordpress for example). I have a bare metal server.

Example scenario : A user will connect with demo/demo login and will be able to test a wordpress instance on my domain like wpxxxx01.mydomainExemple.com

A second user will use wpxxxx02.mydomainExemple.com

The app with the associated dns will be creat ...

How to run the following commands on the master node before executing any pipeline in Jenkins. can't find any option to run pre build step.

docker system prune --all
docker volume prune

after searching and try-and-erroring for a while I came to the conclusion that my problem is a bit too special for google :-)

I have 2 domains and multiple subs

example.org

• cloud.example.org
• wiki.example.org
• *.example.org (all other to this domain) should redirect to example.org which shows the "under construction" image.

beispiel.de

• blog.beispiel.de
• same here: *.beispiel.de should redirect to beis ...

In the aks cluster, the helm chart I installed:

Chart got from link

And the ingress chart I used

helm repo add jetstack https://charts.jetstack.io

helm repo update

helm upgrade --install \
cert-manager jetstack/cert-manager \
--namespace cert-manager \
--set ingressShim.defaultIssuerName=letsencrypt-prod \
--set ingressShim.defaultIssuerKind=ClusterIssuer \
--set ingressShim.defaultIssuerGroup=c ...

Im trying to implement a reverse proxy which takes in a SOAP request, saves the SOAP body message (Envelope, header, body etc.). I would then like to change some of the content of the SOAP request and continue to pass that to get a new response with output that reflects the changes of what was made in the reverse proxy.

Im currently unsure how to continue to pass on the changed request, im using  ...

I have a PCIe connection with Generation 3 and 4 lanes, as can be seen from lspci -vvv | egrep 'LnkSta|LnkCap:

        LnkCap: Port #0, Speed 8GT/s, Width x4, ASPM L0s L1, Exit Latency L0s <1us, L1 <2us
        LnkSta: Speed 8GT/s (ok), Width x4 (ok)
        LnkSta2: Current De-emphasis Level: -6dB, EqualizationComplete+, EqualizationPhase1+

I want to configure it to Gen2 (speed=5) and then t ...

I would like to ask a question regarding my server problem. I have no idea why it sent 521 code while resources is still fine. I think there is misconfiguration. I am using default of Webuzo panel. Nothing changed. I think the problem leads from php-fpm

request_slowlog_timeout = 5s
slowlog = var/log/php-fpm-dsimlife.logs
listen.allowed_clients = 127.0.0.1
pm = ondemand
pm.max_children = 5
pm.start_ ...

I'm setting up a server with coturn using only STUN (TURN is disabled). It seems that STUN UDP can be used for DDoS, so I'm trying to set nftables rules to make it harder, but the rules don't seem to always work. Sometimes, I can see something like this using tcpdump:

21:16:08.006842 IP 5.39.71.183.25565 > A.B.C.D.3478: UDP, length 20
21:16:08.007091 IP A.B.C.D.3478 > 5.39.71.183.25565: UDP, leng ...

As a site that has a number of users who are "technologically challenged", and as the system mangler, it's fallen on me to solve the spam problem for us all. So, SpamAssassin's doing a fine job of identifying the spam, now it's just a matter of moving it into a directory where people can find it and identify the ham now and then - as the SA people call it!

I'd been using an IMAP based reader for that, ...

I'm trying to setup keepalived between two servers, this servers are in diferent DMZ's. I already open all necessary ports and the servers are communicating correctly beetween each other, but when i tried to start keepalived I get this meesage in both servers.

Mon Oct 10 22:03:18 2022: (xxxx22) Receive advertisement timeout
Mon Oct 10 22:03:18 2022: (xxxx22) Entering MASTER STATE

Configurations

 ...

I'm trying to redirect http to https
I have sevral sub domains and use sevral port.

I wnat to redirect 80 port to 443 port automatically.
I have httpd.conf / vhosts.conf / ssl.conf
so when i type https://example.com, it's working well
but when i type just 'example.com' or 'http://example.com' or
www.example.com goes to error page.

It's my first try to make http to https redirect on vshots.conf