Latest Server related questions

Here are the Specs of our current server: Poweredge R540, Windows Server 2019 (version 1809)

We swapped this current server in for an older Poweredge R530 running Server 2012, but we've been receiving a deluge of errors linked to the old server, for whatever reason. They have not hampered productivity or produced any errors on the user side, but it's quite the inconvenience to have to scroll thro ...

According to https://wiki.nftables.org/wiki-nftables/index.php/Flowtables, flowtables reside in the ingress hook. So, does that mean if connection is picked up by the flowtable, it will not be processed by any other rules in prerouting, input, etc.?

I'm new in K8s and I need to check the kubeconfig file from a cluster. Is there a way to describe the kubeconfig file using the kubectl?

I'm looking for something similar to kubectl describe kubeconfig.

My root is mounted readonly (on purpose). I have a separate, read-write vg where I want to lvconvert --merge a thin snapshot. I'm getting Cannot archive volume group metadata for $VG to read-only filesystem. The manpage was unhelpful. Is there some flag I can pass to disable this "archive" functionality or to control where the archive is written?

I'm playing around with nftables to gain more experience and have a pretty easy scenario: NAT the destination port 8080 to 8081 (not really useful but in the Lab it is good enough).

This nft config works (so all packets which are targeted at port 8080 are forwarded to port 8081):

chain foo {
        type nat hook output priority mangle; policy accept;
        tcp dport 8080 redirect to :8081
}

when I  ...

Three environments (LAB, DEV/TEST, PROD) 2 NODES (active, inactive), 7 ROLES.

Experiencing fail over issues on the PROD environment, but the LAB and DEV/TEST clusters are not experiencing the same issue.

QUORUM setups are different.

LAB - Witness: Quorum Disk

DEV/TEST - Witness : Quorum Disk

PROD - Witness : Cluster Disk Quorum

On the PROD system, under resources, the Q drive is a Shared Storage - Dyn ...

We need to check if a URL contains a specific arg "?___store=en" and then redirect to the same url, but add /en/ after the domain name. But this should be dynamic, because the url is not static and should be able to change from every specific page.

For example:

https://www.example.com/category1/product1?___store=en

Should be redirect to:

https://www.example.com/en/category1/product1

We already tried the f ...

What I am trying to do is to have some clean redirects and don't make the content from the server available everywhere like is available via https://server-ip https://non-www and https://www-version

I see this are the 2 current redirects that exist:

server {
    if ($host = vgopromo.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

if ($host = www.vgopromo.com) {
    ret ...

I'm having problems with adding multiple failregex lines in my jail.local file. It works if I have one line but doesn't work if I have two.

This is my my jail.local config:

[sshd]
enabled = true
logpath = %(sshd_log)s
port = 22
banaction = iptables-multiport
mode = aggressive
failregex = %(known/failregex)s
            ^Bad protocol version identification '.*' from <HOST>
failregex = %(known/failreg ...

I've been using a Linux host machine with several docker containers running with one of those as Nginx Proxy Manager (from now on: NPM), which is just Nginx with a friendly UI.

NPM exposes ports 80 and 443 and redirects traffic to each container as per the proxy rules specified, a regular old reverse proxy configuration. All containers are instructed to connect to a bridge Docker network so NPM can  ...

This seems to be network issues between Redis cluster (Deployed on our site's on-prem worker node) and Redis client (On GCP VM that is connected to our site via Cloud VPN). Specifically, the issue is related to the unresponsiveness of the Redis clients (i.e. redis-py or redis-cli) when using the info stats / info memory commands (Large TCP Packets) while connected to the Redis cluster deployed on  ...

I'm building a complete solution to setup and harden our vps (ubuntu 22.04) with bash script and Ansible playbooks. What I want to do is the following:

1. Create a custom group "sudogroup" with sudo privileges
2. Create a new user "sudouser" in this group
3. Secure SSH connection to this user with keys pair
4. Execute my Ansible playbook as "sudouser" instead of "root"

I'm doing this with the following bash scrip ...

I'm having troubles connecting to a local webservice (apache2 default webpage). When I do a simple HTTP:GET request using wget the server returns 503 Service unavailable. However, when I sudo wget, I get 200 OK.

$ wget localhost
--2023-03-02 04:58:46--  http://localhost/
Connecting to 10.10.1.30:3128... connected.
Proxy request sent, awaiting response... 503 Service Unavailable
2023-03-02 04:5 ...

Sorry if this is a very dumb question, but I'm totally new to server administration. I already know how to add files to a web hosting solution through FTP/SFTP, however I have no idea how I can do this with a server.

I just got access to an Ubuntu server, successfully connected to it with SSH and also sent a file there with SCP.

However, I have no idea how I can publicly access the files that I add  ...

I want to sniff UDP packages targeted at port 4500 flowing from machine A -> B with a physical TAP device and receive the sniffed packages on machine C on a local port (see image).

About the TAP Device: This is a physical device which is placed in between A and B. The traffic between A and B is not modified at all but the packages are also sent to the TAP output interface to machine C (packages rec ...

I noticed that the data_free of the information_schema table in MySQL is getting huge, e.g., information_schema.PROCESSLIST.

Is it possible to resolve the fragmentation of this table? I could not run the optimize table because it said I did not have permission to do so.

I've got a scenario where I need to retain a live backup of over a dozen email accounts and within the next several months these accounts will need to be migrated over to a Dovecot.

I became curious after seeing some mentions of Thunderbird being able to use Maildir and then this potentially being able to make it simple/clean to transfer entire accounts with all accompanying folders and data/atta ...

I tried creating alarm for direct connect using this link.

But it is showing insufficient data, so I tried creating manually from aws console and it is working.

So, did a side by side comparison and tried following changes in dimensions.

connection_id  -> ConnectionId 
    aws_account_id -> "Account ID",AccountID,AccountId
    region         --> kept and removed 

Not fruitful, as getting s ...

am working on a scenario where i need to Change Ubuntu server password every 7 days and do autologin.

i tried with breaking the problem: command to create user with password:

useradd -p $(openssl passwd -1 "krspassword") krs

than using the cron to execute this every 7days

but didn't work

can some pls help.

I need to perform an in-place upgrade of a remotely located Windows 2016 server to 2022 (or 2019). My only access to it is via Remote Desktop connection. Knowing that the upgrade process may require restarts, will I be able to re-connect my remote desktop session to continue with the upgrade process?

Obviously I need to know before attempting. I don't want to get into a situation where I can no l ...

I've compiled php 8.2.3 on Alma Linux 9 but fails php-fpm fails to start.

I was previously using Centos 7 with a slightly older php version and didn't have any issues.

The php-fpm conf file is also identical to the centos 7 build.

I have created a systemd service below (which is copied from my centos 7 build):

[Unit]
Description=The PHP FastCGI Process Manager
After=syslog.target network.target

[ ...

A long time ago I created a RAID1 pair from the boot menu of a JMicron JMB363 card. All was working fine under Windows and the RAID1 array was recognized as a single disk. I don't remember exactly how may partitions the disk had but for sure there was one NTFS partition which was the only used when the mirror was working on Windows.

I recently moved the OS from Windows to Linux and I'm not able t ...

I am trying to setup kubelet component as standalone service from kubernetes page, though it seems I am missing something.

I've configured the containerd + runc (according to steps) with:

$ mkdir -p /etc/containerd/
$ containerd config default | tee /etc/containerd/config.toml
$ sed 's/SystemdCgroup.*/SystemdCgroup = true/' -i /etc/containerd/config.toml 

to enable runc according to:

[plugins."io.c ...

How can I limit ssh tunnel traffic usage per user ?

Imagine you have 3 users who can connect to a server remotely and establish a ssh tunnel.

How can you limit those users to use certain amount of bandwidth ?

for example user 1 can only use 10GB and user 2 and 3 can use 25GB

I should mention that I want to add this limits in server side

I'm using Jenkins to build a python package using poetry, here is the stage command to install poetry on the Jenkinsfile

stage('poetry'){
  steps {
    sh 'curl -sSL https://install.python-poetry.org | python3'
    sh 'export PATH="$HOME/.local/bin:$PATH"'
    sh 'poetry --version'
  }
}

But I get this output error during the build

sh
+ curl -sSL https://install.python-poetry.org
+ python3
Retrie ...

Trying to create a Kyverno policy that requires certain array values. They have examples for "maps" such as labels, but I didn't see anything specifically about arrays.

Here's a sample Application resource:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: authentication
  namespace: openshift-gitops
spec:
  destination:
    server: 'https://kubernetes.default.svc'
  project: clu ...

I have a PostgreSQL server (postgresql.service) and a basic shell script (mobilizon-postgresql.service that is run to provide some assertions on the database to a third service (Mobilizon).

So naturally, mobilizon-postgresql.service is configured with an After= dependency for postgresql.service:

# systemctl show mobilizon-postgresql.service | grep After=
After=basic.target system.slice systemd-jo ...

Please help me understand this

root@bdb16e4bb2e3:/opt/scrutiny# smartctl --all /dev/sdb
smartctl 7.2 2020-12-30 r5155 [aarch64-linux-5.15.0-1024-raspi] (local build)
Copyright (C) 2002-20, Bruce Allen, Christian Franke, www.smartmontools.org

=== START OF INFORMATION SECTION ===
Model Family:     SanDisk based SSDs
Device Model:     SanDisk pSSD
Serial Number:    <removed>
LU WWN Device Id: & ...

I like to use the rspamd Spamtrap module, but it seems it cannot add rules for fuzzy matches. I get the following error

call to (SPAMTRAP_CHECK) failed (2): /usr/share/rspamd/plugins/spamtrap.lua:54: attempt to index field 'fuzzy_check' (a nil value); trace: [1]:{/usr/share/rspamd/plugins/spamtrap.lua:54 - do_action [Lua]}; [2]:{/usr/share/rspamd/plugins/spamtrap.lua:135 - [Lua]};

Configuration:

On one of the worker nodes of the Kubernetes cluster, a situation occurs periodically (several times a day) when the OOM killer is triggered, killing the "manager" process I assume it's because configuration of cgroups. How do I configure it in the proper way?

[Wed Mar 1 09:39:07 2023] memory: usage 524288kB, limit 524288kB, failcnt 574916 Can you explain, this is RES (RSS) memory threshold of the  ...