Latest Server related questions

TL;DR: How much effort is required to self-manage a low-traffic SaaS app? Is PCI / SOC2 compliance too much of a hassle?

Currently we are using GCP. Our infrastructure is straightforward: A load-balanced SaaS, Postgres instance, and Memcache instance. We have two copies of this for our production and QA environments. Our site is very low traffic. We are also required to be PCI and SOC2 compliant.

 ...

I am trying to set up a connection between two servers so when one is accessed the client is proxied to the second one.

http {

        upstream serverConn {
                server <my.server.ip>;
        }

        server {
        listen 80 default_server;

        root /usr/share/nginx/html;

                location /test {
                        proxy_pass http://serverConn/;
           ...

I've been having this really weird issue. I'm running WG on a VPS and on my macbook. I run WG on the linuxserver container on a debian host. The connection is great, the speed is good, everything works really well. I've noticed though that every once in a while (like every 10-20min) there will be a handshake and my connection to the internet instantly drops. I can still access internal services so I kno ...

I haven't been using Pfsense for long and aiming to switch a raft of customers across to it for a bunch of reasons that I'm sure are obvious to all you long time Pfsense users.

Before I even consider rolling this out as the preferred solution, I have a test network which mimics a customer network and setup in everyway. So far I'm really liking Pfsense and have everything up and running by using t ...

I am setting up logging on AWS, based on official AWS Centralized logging (source). Cloudwatch log groups are added with command like:

aws logs put-subscription-filter --destination-arn DEST --log-group-name NAME --filter-name FILTER --filter-pattern " "

What surprises me is they are storing all log groups data into single 24-h rotated Elasticsearch index for all Cloudwatch log groups, using AWS::Ki ...

I recently purchased 2.5GB adapters for my main Desktop (Windows 10) and NAS server (Ubuntu 20.04).

When testing with iPerf3 FROM Windows, I only get 1GB. But when I use the --reverse flag, I get the 2.5GB (or close enough).

This occurs whether the -s server flag is on the Ubuntu or the Windows machine. I've also tried two different Ethernet cables, with the same results.

Server on Ubuntu.
Data FROM Windo ...

I've the following scenario:

At MainOffice:

• firewall PFSENSE with IP WAN: 80.80.80.80, IP LAN: 172.19.2.1
• server MAINSERVER with IP 172.19.2.10

At SecondOffice:

• NO CONFIGURABLE FIREWALL
• server Windows 2019 ANOTHERSERVER with IP 192.168.0.20 , with an OpenVPN program

How can I configure the OpenVPN server on the PFSENSE in order to:

1. ANOTHERSERVER must be able to ping/connect to MAINSERVER usi ...

There is an Online Charging System (OCS) which handles Diameter Ro and Gy traffic. The OCS receives CCR Diameter messages and answers with CCA Diameter messages. And this response time - latency - degrades over time.

Normal average latency is 20 ms, but in one week it degrades to 70 ms with increased frequency of spikes more than few seconds. The cluster consists of several physical hosts, on eac ...

I'm running Ubuntu in WSL on Windows 10.

I'm trying to get an owncloud server going but I've been unable to get mysql working.

When I run sudo service mysql start it takes it's time before reporting: [Fail] with no other output:

I tried checking the logs but there are no mysql related logs in /var/log/. No folders or files related to mysql at all.

/etc/mysql/my.conf includes:

[mysqld_safe]
log_error=/ ...

According documentation for installing docker on Windows I have installed WSL with its Ubuntu dist. Next step should be set up user and password for Ubutnu. So according documentation I open Ubuntu from start menu and it shows console window with text: Press any key to continue. But as I do it it disapears and I can not set user. Picture shows the console window

Not sure when but WHM/cPanel and/or Apache have changed how they handle requests for domains that do not exist.

Previously it would redirect to http://requested-domain.tld/cgi-sys/defaultwebpage.cgi however it will now simply show the content of the first domain listed in the virtual hosts without changing the domain.

I've tried adding variations of the following to:

• /etc/apache2/conf.d/includes/pre ...

My user account has a non-standard umask setting of 0002, and I cannot find the config file where this is being set. I have searched in /etc and ~/.bash* with sudo grep -iIr umask. Running umask in a bash shell over ssh is showing 0002, and running it in a root shell via su - root gives 0022.

I have configured my server (an Ubuntu 22.04 machine) so that it is managed by Apache (v2.4.55) and php7.4-fpm. The current configuration allows every vhosts to be divided into specific php-fpm pools, and each of these pools running with different users.

Everything works fine, but security related only to users to control permissions (or based on open_basedir) cannot stop shell_exec (which I need ...

I have a VPN setup following this guide. I connect to the VPN from my Mac and I can confirm that both, my Mac as well as EC2 instances do have access to internet. However, for this to work, all my EC2 instances need to have a public static v4 IP. And I don't really want them to have a public IP for these EC2 instances but I do want internet connection. Of course, if I create a EC2 instance without  ...

I have a question about monitoring of MySQL replication and in particular about alerting using Grafana/Prometheus.

We have 2 MySQL(MariaDB to be exact) instances for which replication is configured: One Master and one Slave. They can change roles and Master an become Slave and vice versa from time to time (I use MariaDB Maxscale proxy which makes this switch very easy)

I want to monitor replication  ...

We have a VisualSVN server set up on an Azure VM running Windows Server 2022 Datacenter Azure Edition. Our windows users are set up on office365 which I understand has its own active directory. Is there a way for the users to log in to the VisualSVN server using their windows credentials? I tried turning on the 'Integrated Windows Authentication' in VisualSVN, but it doesn't work. I believe the disconne ...

We are trying to migrate all DNS zones to a new server. The old server is Windows Server 2012 R2, the new one is running Windows Server 2019.

We are following the steps: Microsoft Guide

We cannot find the "Zones" folder, when we try to do the 5 step,

"Locate and click the following registry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Zones",

Insted of 5 step, We can see the fold ...

I installed lets encrypt using certbot when I go to the www.domain.com I get this site is not secure error

Found the following certs:
  Certificate Name: example.com
    Domains: example.com
    Expiry Date: 2023-05-25 15:01:00+00:00 (VALID: 70 days)
    Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem
  Certificate  ...

I have a development vm setup in a private network area in Azure. Now I'm trying to connect to it via SSH and it's failing for a certain reason. I'm sure that I uploaded the correct public key to the azure VM and that the username is also correct.

vagrant@7XZRVZ2:~/.ssh/dev-vm$ ssh -vvvv -i /home/vagrant/.ssh/dev-vm/id_rsa [email protected]
OpenSSH_8.4p1 Debian-5+deb11u1, OpenSSL 1.1.1n  15 Mar 202 ...

we found an error during migration process from our recaptchaV2 android key to recaptchaEnterprise:

ERROR: (gcloud.alpha.recaptcha.keys.migrate) FAILED_PRECONDITION: This site type is currently not supported in reCAPTCHA Enterprise.

Anyone experiment same error? How we can do that?

BR

I have a daemon running in a Windows Server 2019 with blocked outbound traffic.

I have a firewall rule for the daemon's executable that allows outbound traffic and it is working well. But as part of a periodic automatic environment refresh, I delete this firewall rule and create it again with exactly the same configuration and name. When I remove the rule, the daemon stops having external access. ...

fyi i would consider myself an exchange-noobie

Ok, the scenario is:

User left the company, but still gets a lot of mails sent to their mailbox. The AD User-password has been changed so they no longer have access.

How do I configure Exchange, so that I can disable both the AD-User and the Exchange-mailbox while forwarding the mails sent to it?

For the last few days, one of our Windows servers (Windows Server 2022 Datacentre Azure Edition) has suddenly started running rather slow. On inspection, "Power Settings Command-Line Tool" is sitting using 60-80% CPU usage.

The server in question is an azure server.

Is there a way to disable this command line tool? We dont use power profiles on the machine

I have configured redundant VPN connections over expressroute private peering with private IPs. BGP is configured making router 2 backup using BGP as-path. Wondering how the traffic is sent back to on-prem routers there is active-passive configuration but it seems there is packet loss from Azure to on-prem. Effective routes on a nic in a VNet shows VPN-GW public IP as next hop. How is traffic forwarded  ...

I have a Debian 10 server where I have installed Apache2. I have a domain, let's call it mydomain.com, pointing to my public IP address. The server runs fine, as I can access it with no problems using mydomain.com outside of my local network. However, when I try to access it using mydomain.com within the local network where the server runs, I either get a timeout or ERR_CONNECTION_RESET from the browser ...

I'm trying to rate limit per user based on sasl_username using postfwd. (FWIW, I was using Cluebringer and this worked, but it feels clunky).

I have a rule

id=RULEDEFAULTSASL
  sasl_username=~/^(\S+)$/
  action=rcpt(sasl_username/200/7200/REJECT only 200 recipients per 2 hours for $$sasl_username)

Postfix is logging the following

postfwd3/policy[13604]: [RULES] rule=1, id=RULEDEFAULTSASL, cli ...

Hello Community Members,

I am facing an issue where I am not able to connect my NFS share from the Suse Linux VM whenever the firewall on the Suse Linux VM server is enabled. As soon as I stop the firewall services NFS server is accessible.

Synology NAS is acting as an NFS Server in this scenario.

Suse Linux VM is acting as an NFS Client in this scenario.

Please suggest.

Thank you so much in advanc ...

Good morning, I have one ed25519-sk key (using a hardware token), which I need only on my personal machine for some high security servers (all Debian). This key type is supported by OpenSSH 8.3+. We still have two machines running RHEL 7 which offers OpenSSH 7.2.

There is now an implementation glitch in the agent forwarding. It seems to send all the keys in the ~/.ssh/ dir as a byte stream. It does not  ...

Recently we tried to monitor supermicro's servers power consumption. And got this error:

ipmitool -I lanplus -U readonly_user -H ip_address -P password dcmi power reading -L user

DCMI request failed because: Insufficient privilege level (d4)

If we run it by user with ADMIN privileges it's working. But we would like it to work with USER privileges also.

Other vendors (HPE,IBM) work just fine. Here is ...

I host various APIs on my company VPN using self-signed certificates. I recently tried to host a new API, and no matter what I did, I got SSL errors. Firefox reported PR_END_OF_FILE, while the Python requests library similarly complained about

HTTPSConnectionPool(host='localhost', port=7057): Max retries exceeded with url: / (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c ...