Latest Server related questions

I am trying to add some public-key certificates to my CAcerts file. In the past I have done it by modifying the keystore directly as such:

keytool -keystore /etc/pki/java/cacerts -importcert -alias mail.mysite.com -noprompt -file myCert.pem

I have since learned a more proper way of doing this is to add my PEM files to /etc/pki/ca-trust/source/anchors/ and re-generate the certificate file with the

I am improving a script made by third parts.

The script runs on a Ubuntu OS.

This scripts contains a loop in which about there are about 10 if statements (they involve only localhost), and each one contains a ssh command.

So it works like this:

the code loops over a list of host machine names,
if a condition is met, the server will ssh into another server, access a database (by using a custom connection ...

Twice I've noticed out of space errors in my php app and both times I've received the error "No space left on device while writing config" when attempting to login via ssh to troubleshoot the problem.

I have plenty of free disk space and both times my app worked again after restarting my server manually through my hosting company's website. Obviously, this is an inconvenience but when I have customer ...

I'm exploring the feasibility of multiplexing http service from up to 100 IOT devices thru a single cloud host. The diagram below represents what's desired.

Situation:

• We have complete control over the configuration of the IOT devices and the cloud host.
• We don't have control of the customers' routers and firewalls, but can specify minimum requirements for port openings, etc.
• FWIW, the IOT devices  ...

Situation

I’m using Linux Mint, and am syncing my profile between two machines, using unison-gtk. Those machines have some key differences. One of them being that it’s a laptop, that should go to standby after 15 minutes, while the other one is a desktop that should never go to sleep. (Which is worsened right now, as there’s a bug that prevents it from waking up correctly.)

Now this would al ...

I have two ubuntu server, one server from Iran and other from England

On the England server run V2ray vpn and i should have some tunnel from iran server to foreign country for best quality of speed and something like china great firewall to pass throw hard filtering. I see some people in iran to config servers with ipv6 and get the best result, now i do something but i have problem in tunneling.  ...

Context

I have a website of approximately 50k files (mostly static, a handful of PHP files) and plan to gradually migrate all of them into WordPress. There are about 500 files/folders in the root folder and the total of all is about 10GB.

Due to the amount of time the migration into WordPress will take, I need my URL to be able to serve the new the WordPress content and the old static content as t ...

I have a client who has a domain and wants to use two email servers:

• Server #1: It would have the email atendimento@
• Server #2: It would have the email comercial@

If I point the highest priority MX to "Server #1" and the lowest priority to "Server #2". Would this work?

I am having trouble with 2 PC of my domain, both on Windows 10 1909, which I'll call "01" and "02", using a domain service account (called "s_automate" to connect to a SMB share on the network. The share is working and networking connectivity is OK, as pings works and all ports are open.

Here's the trouble : The account "s_automate" has a "Access is Denied" error on both 01 and 02.

Details :

• Conn ...

Cisco switches.
Version 12.1(22)EA2

I have a printer downstairs that is on the wrong vlan, previous admin set vlan by switch port, but didn't label the patch panels so I can't find which one the printer is in. I've tried to look on each switch by Mac using both show mac address and show mac address | include xxxx.xxxx.xxxx however I can't find the mac address of either the printer or of a laptop I've p ...

Some former employee verified our domain with google cloud for god knows what. No wiki or 1password entry or anything. Is there some way to figure out who it is so I don't just break something by re-verifying the domain with a new account.

I've got an pfSense 2.6 instance which hosts OpenVPN for clients. I'm testing with client version OpenVPN Connect 3.3.7 (2979).

There are some web endpoints with a dynamic IP addresses, so I can't push the routes easily via Custom options. I also don't want to redirect all the traffic via the VPN either.

I found out about allow-pull-fqdn, but that's not supported by OpenVPN connect versions 3.x, source: ...

So in Linux you need to manually run some commands or write config files to connect to the network. Before these steps you can use the system perfectly fine without a connection. Is something like this possible on Windows 10? Currently, even if I haven't login yet I see a bunch of packets running somewhere. That is: is it possible to use Windows offline without disabling a network adapter or intentional ...

I am trying to address a problem. We have a windows DHCP server and some devices, which we need to replace on needs. The device has a custom DHCP client which sends DHCP-DISCOVERY Packet with additional vendor-specific unique information,(It is tested, and works). When a device is replaced it will have the same unique details as the previous device. MAC address is different.

here is the problem,  ...

I have about 5 different PHP scripts that must be run by the server continuously even with the terminal closed.

How do I run the 5 scripts once via nohup, each with a log of what it generated, and be able to close the terminal?

I tried to run the script below and an error occurs.

sudo nohup php send-mail.php > mail.txt
-bash: mail.txt: Permission denied

nohup php send-mail.php > sudo mail.txt
-bas ...

Noticed that when running id usertocheck or groups usertocheck the users in the administrators group did not show that group listed.

Checking on the windows dc with net user usertocheck shows Administrators group listed.

Performing an ldap query of the group I see the following

ldapsearch -Y GSSAPI -H ldap://host.our.domain -b 'CN=Administrators,CN=Builtin,DC=our,DC=domain' -s base tokenGroupsNoGCAc ...

My company is going to migrate to GCP, and I found some issues with how we want to manage our infrastructure and projects.

Our stack is mainly based on Kubernetes, right now we have 2 clusters:

• production
• dev/test

In each cluster, we have deployed many tools such as:

• externalDNS (our nameservers are managed by CloudFlare)
• cert-manager
• ingress-controller
• other useful tools such as sealed-secrets...

I am trying to configure DNS server on centos 7. I am following this link. when I run dig -x 192.168.40.107 I don't receive any answers record. here is output

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.13 <<>> -x 192.168.40.107
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24981
;; flags: qr aa rd ra; QUERY: 1, ANSWER: ...

I followed the guide: https://www.tecmint.com/enable-apache-userdir-module-on-rhel-centos-fedora/ on how to enable user home dirs

When i browse: https://server.com/~myuser it works fine - but only for HTML files.

When I try to run a CGI file that is working fine when browsing https://server.com/file.cgi - it just doesn't work

I run the following:

$ journalctl -b | grep myuser

cannot get docroot informa ...

Our production environment contains 2 ALBs: a public facing ALB and a private one. Both of these ALBs support HTTP/2.

Now I have a target group which supports HTTP/1.1 containing an ECS service. The very strange thing I'm observing is that:

When requests are made to this service via either of the ALBs, approximately 1 out of 5 requests fail with a 504 gateway timeout.

When I make requests to the IP add ...

I'm auditing one ubuntu server using a tool named lynis, which performs several tests to configuration files and give suggestions to harden the servers. For example, it suggest to reduce the value of MaxAuthTries from 6 to 3, which makes sense for me... but there is one suggestion that I don't understand:

  * Consider hardening SSH configuration [SSH-7408] 
    - Details  : Compression (set YES  ...

Evening,

So i have an unencrypted borg backup repository which im trying to upgrade. The problem is, when running the borg backup command borg replies with "no key file found for repository".

I'm a bit confused about this situation since the repository in question is unencrypted therefore theres no key for it.

Currently I run an openvpn server that pushes a route on per client basis (different clients receive different routes and static ips).

ccd/client1
push "route 172.16.236.0 255.255.255.0"
ifconfig-push 10.8.0.29 255.0.0.0

And then I route the traffic from vpn tun interface to client-specific docker network interface (multiple).

sudo iptables -A FORWARD -i tun0 -o br-6b1cd32adc27 -j ACCEPT
sudo ipt ...

Haproxy load balancer - I configured 2 different domain SSL certificates and get a conflict. For example I have two domains api.xxx.com and api.yyy.com. If try to get api.xxx.com its showing yyy cert insecure after refresh xxx crt is showing and yyy domain showing insecure.

This is configuration -

global
   maxconn 2000000
   tune.ssl.cachesize 1000000

listen stats 10.0.1.151:8080
    mode http
     ...

I am trying to install k8s1.26 on debian11, my kernel version is 5.10.0/x86_64. Here is my kubelet logs.

Mar 09 17:51:55 devnew0 kubelet[369024]: I0309 17:51:55.933659  369024 scope.go:115] "RemoveContainer" containerID="4ace1812ec7d981b55a51f422287499bdacf240e7c739d50872e6de1892fa7a2"            
Mar 09 17:51:55 devnew0 kubelet[369024]: E0309 17:51:55.934416  369024 pod_workers.go:965] "Error sync ...

I want to setup more than 255 GRE tunnels between 1 server and about "6000 other servers/aka proxies", method used is:

sudo ip tunnel add gre1 mode gre local 149.5.175.220 remote 5.182.37.41 ttl 255
sudo ip addr add 10.0.0.2/30 dev gre1

sudo echo '100 GRE' >> /etc/iproute2/rt_tables
sudo ip rule add from 10.0.0.0/30 table GRE
sudo ip route add default via 10.0.0.1 table GRE

I'm facing an issu ...

I used a live USB Linux system to create images of Windows Installations (Win 8 and 10) on hard drives like this:

dd if=/dev/sdb bs=64k conv=noerror, sync | gzip -c > /dev/sdc1/win.img.gz 

However, when I try to restore them (on the same machines the images are from) like this:

gunzip -c win.img.gz | dd of=/dev/sdb

they don't boot.

Is it possible I should have backed up some sort of metadata of the  ...

I have the following fules that I would like enforced.. However, if the ip address of my machine changes, I would like to keep the rules enforced. These current rules will get out dated in the event that my ip address changes.

-A OUTPUT -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff
-A OUTPUT ! -d 192.168.50.13/32 -m owner --uid-owner 130 -j MARK --set-xmark 0x1/0xffffffff
-A OU ...

I want to move away from my current email provider which also hosts my domain and setup a private mail server on my local machine which runs 24/7.

Let's say I have 4 registered email addresses [email protected], [email protected], [email protected] and [email protected], where example.com is my domain registered at IONOS.

I want to use my IONOS domain DNS configuration for example.com and route the MX ...

I compiled nginx from source and installed it. Also I made the systemd service for nginx (https://www.nginx.com/resources/wiki/start/topics/examples/systemd/). But it won't start automatically in boot. Instead I need to manually initialize it.

The systemctl's log

● nginx.service - The NGINX HTTP and reverse proxy server
     Loaded: loaded (/lib/systemd/system/nginx.service; disabled; vendor pre ...