Latest Server related questions

I went through my whole csf config, and unless I'm missing something it's not treated or listed any differently than port 80, although it blocks all IPs that are not white listed. Port 80 will allow any IP address regardless.

Is blocking IPs for port 22 hardcoded into csf? I'm trying to understand. I've read that CSF blocks everything by default, but then how is port 80 open to every IP without s ...

I am a bit concerned about the Windows November 2022 patches that introduced signing of the PAC-Field in Kerberostickets.

1. There is a RegKey(“KrbtgtFullPacSignature”) that, if set to auditmode, accept and log all unsigned tickets. Since January, we have enabled this key on all of our DCs, but nothing is logged on our DCs, even though we have some Server 2008 and Windows 7 systems, which should not ...

From this question I'd like to ask more of it

https://stackoverflow.com/questions/75527943/unable-to-git-clone-from-self-hosted-gitlab-instance-with-custom-port-6022

Solved the problem that I need to open the port on the cloud service. Now the next problem is how do I clone using the gitlab.gitlabinstance.com URL instead of the host machine IP. Example :

ssh [email protected] -p 6022

x.x.x.x is the hos ...

I have a vm instance at IP 35.187.188.140. I created two url representing this service by two different ways, and I inject it in the Gateway configuration file.

http://35.187.188.140.nip.io is a url created by nio.io service. Given an IP, you get a public url http://nik.internal.zone:3000 is a url made from a DNS Zone, with A -> The good IP

The gateway works perfectly with the public nip addres ...

When I run

aws efs describe-access-points --query 'AccessPoints[*].[AccessPointId]' --output table

I get back 5 different ID's.

There does not appear to be any filter options like there are for other resources.

aws efs describe-access-points --filters "Name=AccessPoints.Name,Values=media" --query 'AccessPoints[*].[AccessPointId]' --output table

usage: aws [options] <command> <subcommand&gt ...

I don't understand why Terraform wants to remove the json policy. In other cases, when the data will be read during the apply, the plan shows the json policy being removed and added in the same plan, but it is not happening, Terraform is just removing it.

This is the policy:

data "aws_iam_policy_document" "my_policy" {
  statement {
    sid = "S3"
    effect = "Allow"
    actions = ["s3:*"]
    resour ...

Is there any detailed description how SBD reacts to various conditions/issues? sbd(8) is not very detailed I would say. I can't read the source which is here: https://github.com/ClusterLabs/sbd/blob/92ff8d811c68c0fcf8a406cf4f333fff37da30f9/src/sbd-inquisitor.c.

I know some of you might think that its a little bit off topic here, but am not sure whether its fault of server OR fault of my config file, so...

I made React.js project , but it needs server side rendering, So now I have to migrate from CRA to next.js . the problem: I have to upload my website on apache web server, from what I gathered from google, I need installed node.js and pm2 (latest versi ...

So I've been trying to set up Swagger to work on /swagger/, it was working fine until we switched to a domain. I'm not that experienced with nginx and it's reverse proxy. I will share my settings, if anyone could help. It actually opens the page, but it's all white, same goes with /redoc/ (Redis).

Nginx.conf

events {
worker_connections 768;
multi_accept       on;
}

http {

large_client_header_buffers ...

we have HDP cluster version 2.6.5

when we look on name-node logs we can see the following warning

2023-02-20 15:56:37,731 INFO  namenode.FileJournalManager (FileJournalManager.java:finalizeLogSegment(142)) - Finalizing edits file /hadoop/hdfs/journal/hdfsha/current/edits_inprogress_0000000193594484455 -> /hadoop/hdfs/journal/hdfsha/current/edits_0000000193594484455-0000000193594600017
2023-02-20 ...

I have one debian ssh server question , I want to display a message after successful login I have used motd, but the localhost will display it. I don’t want the local machine to display it. I only want to display it after a specific user successfully logs in to ssh.

At some servers we have the problem that after restart Windows Server selects a PRIVATE domain profile in stead of DOMAIN.

We can solve the problem by resetting the Network Adapater:

Restart-NetAdapter Ethernet0

Does anyone have a permanent solution?

We tried:

1. Run the Powershell script above a couple of minutes after boot (using Task Scheduler), but that somehow doesn't work.

2. Verified that the Do ...

I access an SAP PO server via an SAP Web Dispatcher, like this:

User -> https://po.mydomain.com:443 -> SAP Web Dispatcher -> http://servera.mydomain.com:50200 -> SAP PO Server

This works, but causes an issue with the SAP PO server displays links (e.g. on page https://po.mydomain.com/dir/start/index.jsp) like Enterprise Services Builder = http//servera.mydomain.com:50200/rep/start/sso/Reposito ...

I need to curl -IL all the website and maybe do cron job or something every 24hrs so fastcgi can cache all the pages on website

The cache don't hit unless I curl -IL the webpage so I need something that will curl all the webpage available on the website.

Like you can see bellow:

root@ubuntu-s-1vcpu-1gb-amd-sfo3-01:~# curl -IL https://www.example.com
HTTP/2 200 
date: Thu, 23 Feb 2023 10:31:44 GMT
conten ...

I have a Domain Controller(Windows server 2016) and installed ADFS on another machine(Windows Server 2016) on the same domain. I can access the IDP signon page in the domain machines internally. Now, I am trying to provide a reverse proxy to the adfs server by using a web application proxy which is a standalone server(2016). I tried whether this machine is able to connect to ADFS machine by pinging the  ...

hey there is a hosting server overnight my server hanged up and must to restart it in morning to get it back online and saw this error in my console (you can see the picture) please help me https://i.stack.imgur.com/RKwlF.png

when using RHEL8 and shibboleth as SP and passing web-requests to a docker container, we have the problem that some users generate a constant sso request ( in transactions.log ) and also apache gives a lot of errors in error.log

[access_compat:error] [pid 681406:tid 140386592855808] [client 10.143.116.146:62442] AH01797: client denied by server configuration: proxy:http://localhost:31337/call/getRe ...

This article (https://www.sparkpost.com/resources/email-explained/return-path-explained/) explains "Return-Path" as follows:

When an email doesn’t make it to its intended destination, the return path indicates where non-delivery receipts—or bounce messages—are to be sent.

and

Many senders will incorporate identifiers into the return path address to ease handling of reply and bounce traffic, refe ...

I'm on Linux and using the AWS CLI.

I tried running the following:

• aws iam list-instance-profiles-for-role --role-name role-abc-123
• aws iam get-role --role-name role-abc-123 --query 'Role.AssumeRolePolicyDocument.Statement[].Action[]'
• aws iam list-attached-role-policies --role-name role-abc-123

However each one comes back with:

An error occurred (AccessDenied) when calling the XXX operation: User: Y ...

I have an SMTP server running on a vultr VM. I've set up the rDNS to point to my mail domain name mail.idimitrov.dev. The DNS setup points to that machine on ipv4 and ipv6 for mail.idimitrov.dev and it points to github pages on idimitrov.dev.

When I send emails to gmail only, it tells me that there are no PTR records.

                   |    host gmail-smtp-in.l.google.com [2a00:1450:4013:c07::1b]
     ...

I tried installing puppetserver on my centos 9 stream but it gives me the following error:

Last metadata expiration check: 0:15:42 ago on Thu 23 Feb 2023
01:06:09 AM EST. No match for argument: puppetserver Error: Unable to
find a match: puppetserver

I downloaded the following rpm:

yum install https://yum.puppetlabs.com/puppet-release-el-9.noarch.rpm -y

On ESXi Hypervisor, If I run a command on the terminal via SSH, the commands are logged in the shell.log file, i.e if i run this command

[root@esxi04:~] ls -la

then I can see this command in shell.log file as:

<164>2023-02-22T09:34:24.337Z test_host shell[68783]: [root]: ls -la

But If I use a shell script instead, like this

#!/bin/sh
echo "Test"
ls -la
find / -name "*.log" -exec /bin/rm -rf {} \;

Setup:

2x CentOS VMs (master & worker) using VMware Fusion on Macbook with K8s installed. INGRESS installed METALLB installed EXTERNAL-IP assigned Issue:

I can access the EXTERNAL-IP name resolution within /etc/hosts on the master server successfully but cannot do the same from my host macbook. Any ideas on how to expose K8s EXTERNAL-IP to MacBook from VMware Fusion (NAT)?

I have a apache2 server with mod_worker

i have mod_md enabled and have configured a domain as follows :

achace2ctl configtest is OK and the server started well the problem is it offers me the index.md file to download, instead to parse it to html

Is there something I forgotten?

<Macro MDMacroSSL $domain $zert $portwww $portssl $dir $ip>
    MDomain                 $domain
    MDStoreDir        ...

I'm working on a use case that SoC w/ only one ethnet port(eth1) connect to a SJA1105 switch chip. As mentioned in linux kernel documents, the DSA mechanism will take eth1 as management port and have limitation to open socket directly on this interface. For Vlan-unware case, I use the reference configuration from document as below:

ip link set eth1 up
ip link set swp1 up
ip link set swp2 up

ip lin ...

I have two bnib Supermicro SYS-937R-E2JB JBOD connected with SFF8088 cables to my LSI 9200-8e HBA in my Dell T5810 workstation running Ubuntu Desktop 20.04. Neither the Seagate 12TB SAS or the Whitelabel 10TB SAS drives are recognized or detected. When I do lsscsi the JBOD enclosure shows but not disks, I have ran lsiutil and there are no SAS discovery errors. In lsiutil the enclosures show up with 6 ...

I try to deploy some container to proxmox via ansible+hookscript with proxmoxer.

I follow the documentation to install both proxmoxer and requests on controller (workstation) and node (proxmox)

First of all i tried to reach the proxmox api with root@pam:

curl -k -d 'username=root@pam' --data-urlencode 'password=MYPASSWORD https://192.168.10.30:8006/api2/json/access/ticket

it works :

pvedaemon[425 ...

I have some OpenWRT boxes and some other Linux boards... including a Software Defined Networking board (that I haven't used yet). I have AT&T fiber with its own DHCP & WiFi (& cat5) and I can link to a Cat5 connection to go out over a slower network (also with DHCP) (it goes to a shared cellspot)...

I'd like to have my traffic fail to the slownet if AT&T goes down. I'd like to sha ...

almost same as this article Wireguard use one client as gateway of another but i have wireguard in docker so i can't understand how to solve my routing problem

peer1 --- wireguard_server(in docker) --- peer2 --- internet

peer1: 10.14.1.2 wireguard_server: 10.14.1.1 peer2: 10.14.1.3

My docker-compose.yml

---
version: "2.1"
services:
  wireguard:
    image: lscr.io/linuxserver/wireguard:latest
    co ...

I am trying to understand how AWS charges for Elastic Inference accelerators. The relevant page says:

you pay only for the accelerator hours you use

But I can see two possible readings of that:

1. The hours that an EC2 instance with an EI accelerator attached to it runs.
2. The hours that the EC2 instance actually accesses/engages the EI accelerator.

The difference can be significant: the EC2 instan ...