Latest Server related questions

My mail server configuration is rather strict and some times incoming mails from legit servers get rejected because the remote end has a configuration problem, a common one is the HELO hostname.

I have a specific example that is from the most important electrical company in Italy, ENEL, that apparently sends transactional emails with an HELO hostname that does not resolve:

Feb 20 18:31:10 MYHOST postf ...

I have two local web apps which should be accessible from external network, but only one external IP. Both web apps use 443 port which can't be changed. So the task is to configure nginx in the way so that it can forward the incoming requests based on the 3rd level domain. Let's say my web apps live on 192.168.1.55 and 192.168.1.65 My public IP is 9*.23*.15*.12 and I have configured 2 dns A entries site ...

I am configuring à nginx location but I need to run a script (njs) that update requestBody before redirection :

This my conf but when i deploy it still redirect without update requestBody or return error

Parent nginx.conf:

     // .....
     js_import checkScript from  /etc/nginx/js/scripts/checkScript.js;
     // ....

In checkScript.js :

export default {
    rights
}

function rights(r) {
    const b ...

I'm about to move my Proxmox home server from NAS to RAID 10. I'm a hardware RAID fan, so I chose a solution among inexpensive old controllers. In the course of studying budget solutions for the home, the choice fell on the "Adaptec ASR-6805T (BBU) 512 MB".

I came across some controversial information on the net, saying that it will only accept HDD or HDD + SSD hybrid. Is it possible to use an SS ...

If you bring up a couple of default image VMs in the default VPC in EC2, they will generally have their interface MTU set to 9001. If you sent TCP traffic between those two instances using their private IP addresses, it is easy to verify that full 9K jumbo frames are used (e.g., by examining interface stats and calculating the packet size as "TX bytes / TX cnt").

If you send data between the two instanc ...

My client’s server has recently started having performance issues. The single website hosted on the server loads very slowly. It is built with WordPress using a custom theme. There are a minimum amount of plugins installed, and none were added in the last few weeks when the performance issues began.

The server has 2 CPUs and 2GB of memory. The server stack is LAMP with Ubuntu 20.04 and PHP FPM. ...

If I need to store, say, a 5gb file on a cloud file storage location (e.g., aws s3 bucket), will zipping the file reduce the cost / latency when people download it?

Obviously zipping a file reduces the storage size, but my specific question is:

• Do webservers compress data automatically before sending to another computer?
• If so, does zipping a file reduce transmission cost beyond anything the webserver is ...

I have the below configuration for rotating the DB backups. The /var/mysql_backup/data/ contains two subdirectories db1 and db2.

/var/mysql_backup/data/*/db.sql.gz {
    daily
    rotate 7
    nocompress
    notifempty
    missingok
    create 640 root root
    dateext
    dateformat _%Y_%m_%d_%s
    extension .sql.gz
    
    postrotate

        PATH=/var/mysql_backup/data/
        MYSQL_USER=USER
 ...

I've setup an authentication service in a Kubernetes cluster which lives in a Docker Desktop + WSL2 environment on a Windows 11 Pro machine.

It can be reached e.g. via CURL & PostMan requests from the same Windows machine (outside that WSL2 layer).

However, and here's the problem, that rest endpoint cannot be accessed from a Linux machine within the same LAN network.

In order to verify that a conne ...

I'm currently developping a network configuration role used by Ansible to customize our fresh new virtual machine that came from our Debian 11 template.

The following role changes from DHCP to static interface configuration and then restart the networking service.For testing purpose i set IP/netmask/gateway as extra vars (and it's dynamically changed depends on the server i have to use my role)

  - na ...

Need some help with Cloud Run with Secret Manager, we need to mount 2 secrets as volume (file only), following is the yaml from Cloud Run.

        volumeMounts:
        - name: secret-2f1d5ec9-d681-4b0f-8a77-204c5f853330
          readOnly: true
          mountPath: /root/key/mtls/client_auth.p12
        - name: secret-29c1417a-d9fe-4c37-8cb0-562c97f3c827
          readOnly: true
          mountPat ...

So I currently have a proxy configuration that looks like the following:

ProxyPassMatch ^/foo/bar/(.+)$ https://xyz.domain.net/$1
ProxyPassReverse ^/foo/bar/(.+)$ https://xyz.domain.net/$1

ProxyPreserveHost Off

I'm trying to map, for example, https://my.website.com/foo/bar/home to https://xyz.domain.net/home.

The proxypass seems to be working as I can see the webpage from xyz.domain.net/home, h ...

Good morning: I am trying to export an image from Gcloud, but when it takes two hours to export, it gives error. I have tried several times and it always gives error after two hours. I do not know how to solve it, the error I get is this:

ERROR: build step 0 "gcr.io/compute-image-tools/gce_vm_image_export:release" failed: step exited with non-zero status: 1

thank you

I am trying to configure a Prometheus agent with the 'remote_write' function. The Prometheus agent configuration file has these parameters.

 global:   scrape_interval: 30s   external_labels:
     environment: roble
 
 remote_write:
   - url: http://dominio.com/api/v1/write
     name: hostname
     write_relabel_configs:
       - source_labels: [__address__]
         regex: expensive*
         actio ...

If three virtio-blk devices are added VM is crashing in the middle of the Windows 10 boot. The attached blockdev has no influence. VM is working fine using two virtio-blk.

qemu-system-x86_64 \
...
-device virtio-blk,drive=c,bus=pci.3,addr=0x0,write-cache=on,bootindex=1 \
-device virtio-blk,drive=d,bus=pci.4,addr=0x0,write-cache=on \
-device virtio-blk,drive=e,bus=pci.5,addr=0x0,write-cache=on \
...
 ...

As we found out that the nginx ingress as well as the cert-manager were outdated and not compatible with the Kubernetes version of 1.22 anymore. I upgrade the two components: nginx-ingress from 0.26.1 to 1.5.1. and the cert-manager from version 0.12.0 to 1.5.

which lead to the cert-manager pods running

kubectl get pods -n cert-manager
NAME                                       READY   STATUS    RESTAR ...

Problem: I have an NFS server that fails to export directories on boot. Once booted I can ssh in and start the server manually. I have set all owner:group and permissions to be very "permissive, so as to avoid any permissions problems, these will be locked down later, when I have the problem fixed.

NOTE: This server is not accessible from outside my lan.

Output of systemctl status nfs-kernel-server. ...

I need files created by git checkout command to have custom permissions.

Even with core.sharedrepository=0777 setting git creates working tree files with 0644 permissions. But I want it to be at least 0664 so someone from the group could write to them (it also would be very good to specify a custom owner group)

Applying recursively chown/chmod may work but it smells like the last resort and resource was ...

I have the following DNS entries for the root domain example.com:

• * CNAME record pointing to foo.com
• dummy.api TXT record containing the value dummy

When I try to resolve bla.foo.com then it correctly resolves to the CNAME entry, but when I try to resolve api.foo.com, the DNS server fails to resolve. This would make sense to me if there was a TXT entry for api.foo.com, but in this case there is only a T ...

I have a brand new VPC (10.0.0.0/16) with 3 public subnets (pointing to an IGW) and 3 private subnets (with a NAT GW in each). I have deployed an OpenVPN appliance in the public subnet and configured it to use NAT mode (Yes, using NAT in the routing config). I also have a test-instance in one of the private subnets. Both the OpenVPN instance and the test-instance has SG groups with "generous" flexibi ...

I am using an Ubuntu Server 16.04LTS running ISP config that is hosted an VMware ESXi I experienced an unexpected shutdown issue, and I'm trying to identify the source. Upon checking the logs, I was unable to see the logs prior to the problem. The logs are appear's only after the server runtime

Action taken by my side:

I used to perform Journalctl command for the particular period of time but unable ...

I have a scenario where a Mail Server A.example.com has to forward all emails received on @xyz.com to be forwarded to B.example.com and C.example.com.

What is the appropriate Postfix configuration for setting this kind of an use-case?

After moving a site to a new server/IP (completely new setup) the server became unavailable, cur says:

curl: (35) error:1404B438:SSL routines:ST_CONNECT:tlsv1 alert internal error

I assume there is some issue with the fact that caddy issued a cert before to a different IP with the same domain.

Eventually I've just created a new subdomain for now and it works fine with that but would like to know the ...

On a Ubuntu 20.04 VPS, installing opendkim via sudo apt install opendkim opendkim-tools proceeds as expected, following the steps provided here.

However, upon testing, while e-mails get sent in practice to the targetted mailbox with a very low spam score (3.9) and thus percolate outside of spam filetering,

sudo opendkim-testkey -d domain.tld -s default -vvv

returns unexpected and somewhat contradictory  ...

I have a logrotate task to rotate my nginx logs. I have my config file in /etc/logrotate.d/nginx. When I run logrotate -f /etc/logrotate.d/nginx, it can rotate the logs correctly, which means my config file is corrent.

By when I put the command in cron like 0 0 * * * logrotate -f /etc/logrotate.d/nginx, the logs are not rotated. Although I can see CRON[6006]: (root) CMD (logrotate -f /etc/logrotate.d/ngi ...

Using Ubuntu Linux Server 22.04 minimal edition without GUI, I need some help in mounting the iSCSI LUN using Open-iSCSI so it is mapped to /dev/sdb with the below command:

Could you please let me know if I missed any steps on the following:

Edit the file /etc/iscsi/initiatorname.iscsi into:

InitiatorName=iqn.2023-02.com.domain.repo01:repo01.initiator01

and then continue with:

sudo systemctl res ...

I have a Windows Server 2022 server with IPBAN installed to make hacking it more difficult but in the logs occasionally I see:

2023-02-20 03:59:23.5304|WARN|IPBan|Login succeeded, address: XX.XXX.XXX.XXX, user name: ANONYMOUS LOGON, source: RDP

I've been searching and found that this is most likely harmless is this correct?

Also how do I replicate and prevent these logins?

I have a Kubernetes with two master nodes in the master nodegroup. The problem is 1 node has 73-75% pod allocation while the other node only has 23-25% pod allocation. How do I balance the pods between the two master nodes? I have helm descheduler installed and the default config does not help with this. I tried kube-scheduler with the below config but it fails with timeout unable to get a lock on the d ...

Versions/Programs: xenforo 1.2.9, phpmyadmin 4.x, php 5.6.4, MySQL 8.0.32 IIS 10, Windows Server 2019

I am trying to host a local server for tinkering on an old computer I have. This server will be hosting a XenForo installation. However, my xenforo is 1.2.9 which is outdated and requires php5.6.4. because im using an older php version I also require the phpmyadmin 4.x.

I have all of this install ...

I recently upgraded our Tomcat server from 7.0.85 to 9.0.70. I am using Apache 2.4.

My Java application runs in a cluster, and it is expected that if the master node fails during a command, the secondary node will take the master role and finish the action.

I have a test that starts an action, performs a failover, and ensures that the secondary node completes the action.

The client sends the request an ...