Latest Server related questions

I don't even know if this is possible. But I have a VM in azure running just private IP. I can access this VM from my azure web app when it is running in Azure.

But I need to develop against it and I am running VSCode etc locally and I'm able to access cosmodb and other azure services without issue. But I cannot access this VM as it is closed off publicly.

So I am wondering whether I can add my publ ...

This is my first question on serverfault, so please bear with me.

At my work we've currently have a custom webgui that uses ruby on rails to enter DNS records into the custom powerdns database. The naming convention of the tables is different than the normal database schema. The version of Powerdns on this server is old (3.0). This server is the master for a bunch of slave name servers. These sl ...

I have installed OpenVPN on my Ubuntu 22.04 server using the system package manager and generated a configuration file for the server. When I try to use that conf file to connect to the server from my home laptop, an Arch Linux machine, with $ openvpn user.ovpn. I get the following error:

2023-03-08 14:32:15 UDPv4 link local: (not bound)
2023-03-08 14:32:15 UDPv4 link remote: [AF_INET]xxx.xxx.xxx.xxx:1119 ...

I created 2 key-certificate pairs with the exact same method. However, while trying to setup TLS on my graylog server to a remote filebeat node, it does not successfully connect when trying to connect with a regular certificate validating the authenticity of the graylog server.

Then, if disable server side TLS but I enable client authentication, it miraculously works and I have a TLS connection.  ...

I am facing random occurrences of 502 Proxy Error. We have a 3rd party application running in our server. It uses a reverse proxy to serve the request. The Proxy server is returning 502 Proxy Errors in a random manner. A similar request that failed 5 mins back passes in future tries. The number of occurrences is quite high

I am running out of ideas to debug. I am facing this in production setup.  ...

I have tried to install Jenkins on Kubernetes cluster,but can not connect to my ELB

k get svc
NAME            TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)     AGE
jenkins         ClusterIP   10.100.197.198   <none>        80/TCP      41m
jenkins-agent   ClusterIP   10.100.6.195     <none>        50000/TCP   41m
kubernetes      ClusterIP   10.100.0.1       <none>        443/ ...

Alpine defaults to ash as the login shell, I want to change it to bash.

What I did so far:

• installed bash by sudo apk add bash
• installed shadow by sudo apk add shadow
• I changed my user's login shell to /bin/bash with chsh
• checked that /etc/passwd contains /bin/bash as default login shell for my user

but that seems to be ignored. When I login (on console or ssh) I always end up in the ash shell ...

my company has multiple top domains, eg.

foo.com
bar.net
baz.org

I have created a subdomain for each authentication domain:

auth.foo.com
auth.bar.net
auth.baz.org

and behind each subdomain there is the same keycloak instance.

The authentication works as long as the user stays within the same top domain but as soon as the user changes the top domain he’s in he’s logged out.

Is there a way for ...

I want to try setup FreeIPA in my home lab, but I do not want any more additonal stuff like, Certificates and DNS. I just want the IPA to work as a LDAP server.

Does the FreeIPA installation support such feature, so I can disable these functionalities?

I am using Avast firewall. I blocked ports from 1024 to 55535 yet I see apps established connection on ports in that range.

As you can see on the screenshot, the machine is making mirror connection. Is this a malware or any kind of attach?

Regards, Nealesh

On Red Hat 8.7 on x86_64 I would like to restrict process to be allowed to use only 50% of CPU time.

I tried to limit a process with cgroups following Red Hat tutorial Setting CPU limits to applications using cgroups-v1 and I have successfully created cgroup and limit CPU time on specific process on my test computer.

Now I would like to do the same on production computer but I run into a problem. I  ...

I have setup a windows server 2022 with Exchange 2019 and am unable to send out email because outgoing port 25 is blocked.

Vultr.com says they have removed the default SMTP block from my barebones server. They claim the port is open both inbound and outbound. Also Vultr firewall is unavailable for barebones servers.

I have done the following:

1. Stopped the firewall (Windows Defender) completely [Image]

From a running EC2 instance, how do I download the AWS generated private key for use with SSH and WinSCP in PEM format?

I expected to see Download on the Actions menu, but it's not there. I'm posting this after spending a few hours trying to get this information in a way I can understand it.

Does anybody know if it is possible (and how) to share the same ELB between two Ingress Controllers on different EKS clusters in the same VPC?

I have one cluster EKS cluster already running and I just created a second one. I'd like to use the same ELB that is being used for the first in the second's ingress controller. Is is possible?

I tried installing a new IngressController through Helm on my se ...

Systemd file for filebeat doesn't pickup env variables and throw as below

ExecStart=/usr/share/filebeat/bin/filebeat -environment systemd $BEAT_LOG_OPTS $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS (code=exited, status=2)

Below is my systemd for filebeat service

 [Unit]
Description=Filebeat sends log files to Logstash or directly to Elasticsearch.
Documentation=https://www.elastic.co/products/beats/filebeat ...

I have 2 domains, each with its own document root. The root of one domain contains the folders pics and docs that I want accessible through the other domain. So domain1.com/pics/house.jpg and domain2.com/pics/house.jpg would show the same image.

Below is an excerpt from the config file for domain2. It doesn't work - I always get a 404 when accesing the image in domain1 root on domain2. I'd welcom ...

Assuming I could identify more or less important logs by pattern-matching them, is there a way to configure fluentd (or fluentbit) to do intelligent shedding (discards) when it starts to buffer to much (back-pressure from output)?

Are there other log-processing filters that would do this?

Basically, under low/normal loads I want to pass all the logs, but during overload or spike situation I would li ...

I've been messing with this for a couple days now and can't seem to get it to work. I have 2 sites enabled via their own config files. site1.conf & site2.conf

Each sites has rewrite rules from Let's Encrypt that route them to site*-le-ssl.conf

Having an issue where when I enter my public IP into the browser it is loading site1 where I want to either have an error like forbidden or something oth ...

I've got a cleanup job that is running daily to clean a number of directories based on a csv file. The CSV file contains the following:

SourceFolder,MinAge(Days),SubDirectories(Y/N?),ExcludeItems
TEST,0,N,*.txt;*.csv;*.bmp
TEST2,0,N,*.csv;*.bmp

I'm extracting the ExcludeItems data using:

$ExcludeItems = $ExcludeItems.Replace($separator,",")
$ExcludeItems = "`" + $ExcludeItems`""

Mind you I've tried  ...

Thanks for taking a look at my question.

I've been writing code from my desk to a remote server managed by WHM/cPanel (for which I have full root access) with VS Code Remote SSH functionality for a few months without any major connectivity trouble. All of a sudden (as in: since yesterday) VS Code can't display the contents of folders on the server for apparently any cPanel account while it can su ...

We have a wildcard certificate issued by GoDaddy coming up for renewal, and I would like to use a different company (which is yet to be chosen). The wildcard certificate is on use at a dozen sites across a few servers. There will be a gap of a few hours between the certificate being issued at the new authority, and when we can install the certificate on all those sites & servers. During that gap, wi ...

• I created Load balancer.

  NAME                TYPE           CLUSTER-IP       EXTERNAL-IP                                                                 PORT(S)                      AGE 
  open-imis-gateway   LoadBalancer   172.20.102.239   a45b63e62e44b4e239c1381faf6a0216-727219181.eu-central-1.elb.amazonaws.com   443:31394/TCP,80:31355/TCP   3h43m
  

• Inbound and Outbound rules allows all traffic.

Is it possible to do something like this :

    set authorized {
    type ipv4_addr ether_addr
    flags constant

    elements = {
        { ipaddr: 192.168.1.xx, etheraddr: xx:xx:xx:xx:xx:xx },
        { ipaddr: 192.168.1.xx, etheraddr: xx:xx:xx:xx:xx:xx },
        { ipaddr: 192.168.1.xx, etheraddr: xx:xx:xx:xx:xx:xx },
    }
}

This returns a syntax error. Is there a valid syntax to do it ? Nothing s ...

I'm using the C/C++ OpenLDAP client library. I specified a NETWORK_TIMEOUT and TIMEOUT of 3 seconds in my openldap.cfg. However, when the OpenLDAP client library issues SSL_connect, it hangs indefinitely and the client application does not see a timeout. Is there a way to timeout the SSL_connect to say 3 seconds? What am i missing as far as timing out the connection?

I am using Compute Engine and VPC Networks in Google Cloud Platform.

I have a "classic" frontend - backend server setup inside Google Cloud with two VPC Networks which are connected trough VPC-Peering (for another purpose, validator for a blockchain).

The frontend consists of a few full nodes, full nodes are accessible and accessing other full nodes in the internet and contain the current state and  ...

According to Nginx's doc on proxy_cache_bypass

Defines conditions under which the response will not be taken from a cache. If at least one value of the string parameters is not empty and is not equal to “0” then the response will not be taken from the cache:

I want the request with the header Cache-Control: no-cache to bypass the Nginx cache and be forwarded to the upstream service. Shall I ...

I'm looking into a long-overdue upgrade from ESXi 5.5

The server is a standalone, bare metal server at OVH

I intend to mount the iso over the virtual java kvm

Can I upgrade to 7.03 directly, or do I have to take intermediate steps over 6.x?

The cpu is compatible with 7.03 the vmfs is 5.60, also compatible with ESXi 7.03, at least the spec say that vmfs5 is compatible both <=6 and >=6.5

Are an ...

First of all:

• I know : L2TP and IPSEC from Windows XP: Where do I put the IPSEC group name? exists, but the answer is incorrect and is not working on Windows 11 (please do not duplicate this topic by linking that one, it's 13 years old).
• And: L2TP and IPSEC from Windows 11: Where do I put the IPSEC group name? was closed pointing on the first topic without addressing the question as well. (@Jan Janisz ...

I have been working on this for 2 days now and am desperate for some help.

Postfix & Dovecot 
CentOS Linux release 7.9.2009
Plesk 18.0.50

For the most part emails are flowing into the server correctly - however I have an odd scenario where some emails that come through our external spam filter and flow through an account that's a forward or an alias, they do not actually end up in the users  ...

The issue we have is getting laptops back and needing to wipe them but the person is no longer contactable and they have not shared the password and they have left iCloud logged in.

I tried adding an admin account to the devices but they did not show up in recovery mode. I later found out that is due to the disk being encrypted by the user.

I have seen that mdm solutions will allow us to wipe but we ...