Latest Server related questions

Background

For work I have to use Appgate SDP which is a VPN client. It creates a tun0 device, adds a bunch (300+) routes and is supposed to setup the DNS servers with domain search for tun0. At some point in the last week the DNS configuration stopped working and I could no longer resolve server names to IP addresses. I suspect some update, either NetworkManager or resolved, could have caused this  ...

After 3 days of banging my head against the keyboard, I finally came up with a solution that allows my Windows 10 Professional built-in VPN client to connect to my Linux IPSec VPN server using EAP and MSCHAPv2.

I will try and detail all troubleshooting steps and errors encountered, so hopefully I can save other people some time and aggravation.

I'm sure this is not the optimal, or possibly even most ...

I Have a CentOS 7 Server with WHM/cPanel installed on it. I want to connect on IPSec IKEv2 Tunnel with a preshared key but without forwarding the internet thru the VPN Connection. The Tunnel is important to connect a website to an LDAP Server.

How can it be done? In the past, I set a VPN on a CentOS server and I set routing to have access to the server from my static IP. Now I don't want the serv ...

We have a debian 11 just installed and when i execute "systemctl restart networking" the server becomes unresponsive and the console shows this:

enter image description here

I have to restart from vcenter console. what could be the reason?

So I have a new tool installed on my webserver and it has a somewhat complicated folder structure, in order to get it to run, I put everything in a subdirectory and serve that as root of my domain.

The corresponding .conf

    <VirtualHost *:80>
    ServerName example.com
    DocumentRoot /var/www/html/example/public
    <Directory /var/www/html/example/public>
        AllowOverride All

  ...

I'm working with a cost-conscious client, trying to avoid having to spin up more Serverless VPC Connector-machines just to handle the dev environment.

We are using static IPs for outbound traffic, having followed this guide: App Engine Docs, but we need prod and dev to use different IP addresses.

Is it possible to use the same Serverless VPC Connector and somehow route or restrict the App Engine instan ...

nano /etc/apache2/mods-enabled/security2.conf

<IfModule security2_module>
        SecDataDir /var/cache/modsecurity
        IncludeOptional /etc/modsecurity/*.conf
        IncludeOptional /usr/share/modsecurity-crs/*.load
</IfModule>

i try in .htaccess

<IfModule mod_security2.c>
    SecRuleEngine On
</IfModule>

Error: .htaccess: SecRuleEngine not allowed here

i have hest ...

I have a server running apache2 on Ubuntu 20.04 and Virtualmin software. For one of these domains, the site just stops loading and timeout occurs in the browser. When this happens there are no access logs created so I think the request never even reaches apache? Other domains on the same server continues working just fine.

When I restart apache, the site starts working again. It happened a few we ...

By default systemd assigns resource limits through CGroups like TaskMax, here's a example of this:

$ systemctl status sshd
● sshd.service - OpenSSH Daemon
     Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; preset: disabled)
     Active: active (running) since Fri 2023-08-18 08:24:27 CEST; 37min ago
   Main PID: 936 (sshd)
      Tasks: 1 (limit: 76994)
(...)

$ systemctl show --property  ...

We have deployed Fortify Software Security Center in an environment with configured MSSQL ssc_db. How would I configure the High Availability Database configuration in Fortify SSC if possible? Otherwise, if I can enable the option Always On Availability Group option in MSSQL, what configuration would I need to change in Fortify SSC?

I have been trying to set up an Authelia instance for the last week or so and keep running into an issue where it won't authenticate to the Redis instance (both in Docker). I suspected it was because the username I wanted to use needed to be set up in Redis, so I did this and set up an admin account, as well as keeping the existing default account active without a password, just for testing purposes. N ...

It seems like it's needed, because it asks me for the password. But if so, then what's the point in having 2 credentials (a credentials file + password)?

If not, then what am I missing?

The docs is not too revealing about this:

If prompted, enter the password.

To test it from the local machine I did:

docker-compose.yml:

services:
  app:
    build: .
    command: sleep infinity
    init: true
     ...

I created and attached a volume to a Droplet:

resource "digitalocean_volume" "main" {
  name = "backups"
  initial_filesystem_label = "backups"
  region = var.region
  size = 50
  initial_filesystem_type = "ext4"
  description             = "A volume for backups"
}

resource "digitalocean_volume_attachment" "main" {
  droplet_id = digitalocean_droplet.main.id
  volume_id  = digitalocean_volume.main ...

I want to configure the unbound DNS for the domain e.g. domain.com in a way that it only answers for *.domain.com and rest of any query like gmail.com or hotmail.com are refused. I have following configuration but it doesn't work as desired.

server:
interface: a.b.c.d (public IP)
verbosity: 2
logfile: "unbound.log"
log-queries: yes
hide-identity: yes
hide-version: yes
access-control: 127.0.0.1/8 allow
acc ...

I would like to create a load-balanced environment using Apache 2.4.43 (windows) and two Tomcats servers.
Using the "mod_proxy_hcheck" module some basic healthcheck operations should be implemented, which are based on the official documentation: https://httpd.apache.org/docs/2.4/mod/mod_proxy_hcheck.html

My config

ProxyHCExpr ok2 {%{REQUEST_STATUS} =~ /^[2]/}
<Proxy balancer://appcluster>
    Ba ...

Hello all hoping someone may be able to help.

I have a VPS server running apache with linux centos 8. I have a few domains running on PHP 8 and one wordpress and node API application. Everything was working fine until this morning I tried accessing my websites and all domains are getting the This site can't be reached message. I have tried on multiple browsers and devices. I checked apache is run ...

many questions here on spliting DKIM txt records, but my dns provider only allows 255 chars for each key. no fancy way to enter multiple values like the other platforms mentioned all the other questions.

I went ahead and entered multiple TXT entries with the same name:

entry    type   value
[z._domainkey] [TXT] [v=DKIM1;k=rsa;...]
[z._domainkey] [TXT] [...restofkey]

which does show on my queries, but som ...

If a NAS is from QNAP then it blocks ssh for non-admin users as a form of security.
Usually this makes sense, but their are multiple use-cases where you don't want this.

Annoyingly enough QTS (the OS on QNAP) likes to "protect" admins from themselves by making it extremely hard to make changes that QNAP doesn't like.

Is there a way to let regular users use ssh/sftp ?

i have a centos server controlled by cpanel, i have some proxy i want to set for my main domain, my configuration work clearly at /etc/apache2/conf/httpd.conf, but any edit in cpanel will remove my configuration and regenerate the file again, how to stop cpanel from control apache conf file or is there a best practice for this ?

I run my server with ubuntu 18.4 with openlitespeed installed, i'm making some php code to call a web service with SOAP, however, on my production server i'm facing some issues:

There is the code i use, i also use this function on my local server and it works normally:

 $soapParams = array(
   'login'          => 'Name',
   'password'       => 'password',
   'authentication' => SOAP_AUTHENTIC ...

I have an AKS cluster and one of the pods, call it "my-service", needs to connect to an on-premises service via VPN and that service requires whitelisting of IPs. Unfortunately, it can only whitelist individual address and not ranges. The connectivity between AKS (Azure) and the on-prem service over the VPN is running and verified working. The AKS pod can communicate with the on-prem service. The diffic ...

I recently set up a mysql innodb cluster, and have configured mysqlrouter to sit in front of it.

On my PHP applications, if I change the port from 3306 to 6446, the application hangs when it tries to connect to the DB. I never see any error messages. I do have one PHP application that is working on port 6446: phpmyadmin.

The mysql commandline client works connecting to 6446.

I did find a bug that  ...

My MySQL client gets stuck on a query when the output is a certain size. When it's small enough, the query will successfully output. The client is connecting to a remote server (Ubuntu 18.04). When I ran SHOW FULL PROCESSLIST; on the server after the query got stuck on the client, it showed the remote client connection as sleeping with no error. The client is a MacOS Mojave (10.14) device.

When I tested ...

Following what's described here --- https://httpd.apache.org/docs/2.4/howto/cgi.html --- I've created a tiny Perl document:

#!/usr/bin/perl
print "Content-Type: text/html; charset=utf-8\n\n";
print "Hello, World.";

and called it first.pl. I've also modified it so that it looks like

#!/usr/bin/perl
print "Content-Type: text/html; charset=utf-8\r\n\r\n";
print "Hello, World.";

because a friend pointed o ...

We have two applications. One application exists behind an on-premise site's firewall. It communicates with our second application, a service app that operates a REST API in the Azure cloud.

My question relates to the on-premise firewall. The service app in the Azure cloud has a single static inbound IP address. It also has a slew of outbound IP addresses. I plan to whitelist the Azure service ap ...

We have certain sites we need to mask our client IP addresses with a proxy when they browse to those sites. I have built NGINX on AWS Linux 2023. It works with simply google.com but does not work with any site using .js. Not sure what to try next.I have a domain --> A record --> ALB w/Cert --> EC2 w/Nginx

server {
   listen       443;
   server_name  ==my LB A-record==.com;

   proxy_conne ...

I am trying to implement a solution to modify the local security policy on client machines using SECEDIT and a provided inf file, however /IMPORT requires the /db parameter to be listed but I cannot find the path to the active policy. I am essentially trying to script the act of importing a template from the snap-in GUI to enforce account lockout. Any help would be appreciated, this is for Windows 10 an ...

I'm at the end of my wits with this issue and I'm hoping some genius here can assist. Background: We have a client (a hospital) with 3 sites in AD and two DCs at each site. These DCs are 2012 and we're moving to new 2022 DCs. Not upgrading, putting in new 2022 VMs and retiring the old ones.

The plan is to raise the domain functional level to 2016 once all the 2012 is retired.

Between their LoB apps  ...

Hello,

I am currently in the process of configuring a WAN + LAN network within VirtualBox using pfSense (VM) as the router in my LAN. The primary objective is to establish communication between a TCP client program on the host machine (WAN) and a server program on my Ubuntu VM (LAN). All communication is intended to pass through pfSense.

Issue

I have encountered an issue where the client/server programs ...

I want to block access for ChatGPT for a whole website, but still allow it to see the robots.txt file located in the public root directory (my robots.txt basically also tells ChatGPT not to crawl the site).

I am blocking it as follows:

# Disallow chatGPT bot
location / {
    if ($http_user_agent ~* "gptbot") {
        return 401;
    }
}

But I want it to be able to access the robots.txt file.

I tri ...