Latest Server related questions

enter image description here

Error: Kubernetes cluster unreachable: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable

Error: Get "http://localhost/api/v1/namespaces/devcluster-ns": dial tcp [::1]:80: connectex: No connection could be made because the target machine actively refused it.

Error: Get "http://localhost/api/v1/namespaces/dev ...

I set up DNSSEC on my private domain many years ago and unfortunately forgot all about it. Bind now tells me it's about to deprecate auto-dnssec in favour of dnssec-policy and I need to migrate my configuration.

I can see my keys are using RSASHA256 and if I understand the documentation correctly I need to define the KSK and ZSK key sizes in the policy like this:

dnssec-policy "mypolicy" {
        key ...

On a VPS with installed Ubuntu server 20.04 and OpenVPN, I need to forward all the traffic from a specific port of the vps public ip, to the same port of a VPN client.

VPS IPs:

vps public ip: 1.1.1.1
vps vpn ip: 10.8.0.1

Client IP:

vpn client ip: 10.8.0.2

Port forwarding for the port 587:

1.1.1.1:587 >> 10.8.0.2:587

I have tried to run the commands on the VPS (1.1.1.1):

sudo iptables -t na ...

Usually, in Linux-based systems I create new user without admin rights (sudo group).

I'm able to login as that user via SSH and then, when I need admin rights, I can just,

$ su root
...entering pwd...
# whoami
root

In OpenBSD I can't login as a root via 'su' command, because only users in 'wheel' group can do that.

But 'wheel' group in OpenBSD system means the same as 'sudo' group in Linux.

Is there  ...

I have 3To of storage on a RAID5 configuration, and I want to setup a regular backup of these 3To of data on external disks that I would bring to a separate physical location (my office). I have 3 external drives of 1To each. I could of course use Windows (the server holding the NAS is running a regular windows 10 copy) to create a software RAID 0 with the 3 disks, but in case one of them fails I'd lost ...

https://www.rfc-editor.org/rfc/rfc1035#section-8

If the <local-part> contains dots or other special characters, its representation in a master file will require the use of backslash quoting to ensure that the domain name is properly encoded. For example, the mailbox [email protected] would be represented as Action\.domains.ISI.EDU.

However, in practice I've never seen any special chara ...

My aim is to block all ports from non "lo" interfaces except for 22, 80, 443. I don't want external devices to my Rasberry pi to be able to access anything else except for 22, 80, 443.

I have a nc server running on port 9123. My nftables rightly blocks LAN devices from accessing that port. However - any service I start in docker seems to be NOT blocked - other LAN devices can access docker server ...

I am wanting to get Bind to answer for primary domain and then onpass queries for sub domain to MS DNS. I dont really want to try and get MS AD to use BIND :)

In Future in the back of my mind DNSSEC and LetsEnc/Certbot are probably going to have to get implemented.

But first, I cant get it to work as it stands.

This is where I had got to

In Bind9

/etc/bind/named.conf

include "/etc/bind/named.conf ...

I have setup my DNS for my domain name and have a POP3 server on my VPS.

Now, I want to a run a POP3 mail server without SMTP just to receive emails It will run on port 110, the POP3 port of my VPS.

Is it possible to receive mails without running an SMTP server (port 25) but just a POP3 server on port 110. Can I disable the SMTP server on port 25 as I am not sending emails?

I want to expose web services from Docker container running in LXC and from virtual machines to internet through Traefik router, single Wireguard tunnel and VPS. I also want to use same tunnel for SSH for controlling Proxmox and VMs and containers over internet.

I already have Docker container on VPS running Wireguard server. I want to run all client configuration inside a Docker container in LXC ...

I'm here today because of a big mistake that I have made.

I created an LVM-Thin data pool (and not on a LVM-Thin LV) on my Proxmox server and (don't ask why) ran a mkfs.ext4 on the pool then mounted it on my local node. After that I copied a bunch of data on it and stopped my system:

mkfs.ext4 /dev/mapper/pve-data
mount /dev/mapper/pve-data /mnt/data/
cp -r Temp/ /mnt/data/

The next time I created a VM ...

i have followed the following doc to create jwt caching.

https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-jwt-authentication/

the caching is working fine

but i don't find any file written in the cache directory. i am wondering where nginx is caching the keys

any ideas?

So I learned today that UWP apps (which are being ran in AppContainers) do not have access to localhost at all. So if I run a native win32 app that listens to 127.0.0.1:555 I cannot make that connection from UWP app (unless it is started in the context of the same AppContainer).

Long explanation for this is apparently here but you need 30 years of experience and 7 bachelor degrees to understand it.

On the DigitalOcean droplet, I have initiated 4 screen sessions for the Python scripts fetching data via API 24x7 and inserting it in MySQL(installed on the same droplet). After a certain period of time when I try to SSH I get the error:

shell request failed on channel 01

I am unable to find a reason behind it.

I am connecting via MacOS

how can we execute command on CMD or power shell windows clients from a windows server or admin domain on network

we are using windows server 2016 for active directory and all users have windows 10

we want to send "gpresult /r" and "gpupdate" command on clients

I'm using squid proxy on Ubuntu 22.04(LTS) with auth_param basic program /usr/lib/squid/basic_db_auth and it's working fine. I am able to add the users to the mysql database and able to use the proxy using those.

I'm also storing the access_log in mysql using logfile_daemon /usr/lib/squid/log_db_daemon.

Now here is the issue

• suppose I have created 5 users, (user1, user2, user3...)
• I use the user ...

I am trying to understand how Docker interacts with conntrack. I created two containers (connected to docker0), pinged 4 times from one to the other, and analyzed the iptables counts. This is the result: iptables screenshot. My concern is with the first packet. It seems that it matches rules 1, 2, 4, and 6 of the FORWARD chain. However, none of these rules seem to call conntrack, although this is need ...

Hi I have a virtual host on my apache server that isn't working, i've narrowed it down to it being the server name, particularly the server1a (1) part because if I remove the 1 it works but have absolutly no idea on where to even start with fixing this does anyone have any ideas?

EDIT: It gets even stranger server2a works but server1a doesn't...

<VirtualHost *:80>
        # The ServerName direct ...

I have a Linode instance configured to run Django with Apache, and it has been working fine for the last 6 months. The instance runs on Ubuntu on shared CPU, with the kernal being "Latest 64 bit (6.0.10-x86_64-linode158)". We also have a GitHub Action script that auto-deploys code on the main branch onto the server, and, as said, it has been working fine for the past 100+ deploys:

name: auto-deploy
on: [p ...

I have two AD domains with a two-way forest trust. I want computer accounts in DomainB to enroll for computer client auth certificates from the two-tier Windows CA in DomainA. I configured a certificate cert template in the issuing CA for this and gave Read and Enroll rights to the computer in DomainB.

I configured the issuing CA in DomainA for the Certificate Enrollment Policy Web Service and Ce ...

I have a vmdk file (approx. 800 GB), it contains many large media files. Unfortunately, the ESXI VM is filled to the last bit. The attempt of a subsequent enlargement was already some years ago, so that only this vmdk file is still contained.

Is there any way to recover this data? Especially since the file could be corrupt.

Information:

Host: 2 TB SSD - Only 500 GB Free (System and vmdk)

VMDK File: ...

Let's say I have domain.tld and www.domain.tld, and currently there are separate certificates for the main domain and the www subdomain.

• I want to migrate to a setup that uses a single certificate issued for both the domain and the subdomain.
• I want the resulting setup to be squeaky clean, with physically no leftovers from the old setup, no certbot telling me the domains already have certificates when I ...

I managed to click on update system as dsm recommended (i only seen the server online and didn't know its not factory synology nas, and never worked with synology NAS before, my bad, anyway)

it is a xpenoboot dsm 5.2-5644, with a wild config one hdd in raid with an ssd (neither the same manufacturer, nor the same size, lets move on). 

I went to the server location to fix the issue, and of course i  ...

I have completely trashed my certificate settings for IIS and now can't connect new machines using the http://servername/connect function. I am able to access the site using https://servername, but not the ip address. The connect process requires software downloaded using the ip address through https. So, I need to set up a wildcard ssl certificate for IIS and re-bind it to the sites. I have not bee ...

There are many xmpps servers around (ejabberd, prosody etc ...). Is there a api call that tells one what brand and what version is running on that server?

I have a network setup like this:

Ubuntu Laptop (192.168.1.157) --> Router B (192.168.1.1) --> Router A (192.168.0.1) --> Internet

and

CIFS NAS drive (192.168.0.50) --> Router A (192.168.0.1).

When vpn disconnected, laptop can ping any 192.168.0.* devices and it can access the NAS drive.

On the laptop, I've created nordvpn whitelist for all local addresses:

> nordvpn whitelist add subne ...

Trying to get my routine webserver set up, and running into this roadblock, no matter what I try it's not working, something i've done hundreds of times and i'm out of ideas.

Typical webserver setup, centos 8 with a node process running on pm2, firewall-cmd with http, https and the port of my app, App works fine when visiting http://ip:port.

I've directed the domain to the server and confirmed it's  ...

I use unbound as caching and forwarding name server for my local network. That means that all requests which cannot be answered out of the cache are forwarded to an "upstream name server" – which is not exclusively mine. Some services have per-IP limits, e.g. RBL/DNSBL services, so my problem is that the local SpamAssassin often hits URIBL_BLOCKED and similar. Hence I'd like unbound to recurse itse ...

I have setup a kubernetes cluster in a private network and I'm using a gateway machine for accessing the cluster. In the kubernetes cluster I have installed the elasticsearch operator and through that I have created an elastic cluster and a kibana instance. In the gateway machine a nginx reverse proxy is providing access to both kibana and elastic.

The official documentation in the elastic site ( ...

I run a V2ray server and client and created a Inbound Socks5. I want to forward 0.0.0.0:8443 to a remote machine with IP and port number.

I know that dokodemo-door in v2ray can do this, but my ISP has been blocked this protocol. So I need another solution. IS there any solution to generally forward ports over a socks proxy?