Latest Server related questions

I have a cloned repository I use only for building some programs. After each build, there are some files added to the directory where the repository was cloned, hence, when I want to do a git pull, I get errors like these:

error: cannot pull with rebase: You have unstaged changes.
error: please commit or stash them.

Then, I have to do a git add . then git commit -m "commit before pull" and git pull

We are a small team where we have a internet lease line of 50Mbps from our office space provider (they won't allow other internet providers). We have one Ethernet cable coming from them which is plugged in our TP-Link AC1750 router which further creates a LAN and a wifi network. And we do not have any IT/Networking guy yet in our company.

Most of our internet usage is generally browsing and searching. N ...

I have a python script which is able to retrieve the IP adress of my remote node, and as a pre-task of my ansible playbook I would like to run this script and set the IP adress. Is there a command in Ansible which would allow me to do this ?

I am trying to create a persistent ramdisk with lvmvdo with the below unit file but it does not seem to work.I have not added the --type vdo option to the lvcreate command yet ( this is for RHEL9 )

[mukesh@server1 ~]$ sudo cat /etc/systemd/system/my_lvm.service 
[Unit]
Description=Create and mount LVM logical volume

[Service]
Type=oneshot
RemainAfterExit=true
ExecStart=/bin/bash -c 'mknod /dev/ram ...

I have a table with a set of ipv4_addr that has a counter for each element.

I want to reset the counters after reading the packets counted, but from what I can tell there is no way to do this.

Are set counters considered anonymous counters?

Thanks

I am trying to import a PFX using PowerShell, that has been created by OpenSSL from a cer and key file (the key was generated by OpenSSL along with a CSR, which was submitted to internal AD CA to generate the cer)

When viewing cert info in OpenSSL, I can see the PFX contains just a single cert and a private key, which is what I expect

If I run the below command, the cert is imported into intermediat ...

So, it's as the title says. Apache doesn't start no matter what I try, and I can't seem to figure out what's wrong.

systemctl status apache2 reports

     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Mon 2023-02-13 18:25:00 UTC; 5min ago
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 73478 ExecStart=/us ...

Fedora Server 37 CA certificate store most equivalent to LocalMachine\root in a Windows environment?

Background notes: I have plenty of experience in the Windows area for certificate management, but Fedora Server is a bit of a new beast. I am learning the nuances of such experiences as certutil as I recently setup and managed to get working (through sheer force of will and determination, many sea ...

I hope someone can help guide me here!

We have a RDS environment and introduced Azure MFA and built it successfully using the following guide here: https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-rdg

The issue I have, is we need to be able to have the chance to bypass users from having to supply MFA in the event of them not having their mobile device. My u ...

I installed traefik via Helm from this repo: https://helm.traefik.io/traefik

It works, but it creates a persistent volume as hostPath which leads to a node affinity for the traefik pod. So it is not high available and it cannot be moved to another node (e. g. for updating this node).

How can I change this? For example using a NFS volume for traefik.

Here is the relevant part of the volume configuration:

Using Ubuntu Mint here, 20.1 Cinnamon.

I'm trying to reduce a SD partition as much as possible, but when use resize2fs

sudo e2fsck -f /dev/sdb2
sudo resize2fs -M /dev/sdb2

it resizes the partition to around 7 GB rather than the expected around 5 GB. df confirms as much:

/dev/sdb2       6,4G  4,4G  1,7G  73%

It is the last partition (sdb1 is the system-boot partition).

Why is it showing that beha ...

Server 2019 Domain Environment. Issue is related to the DCs themselves.

I've a self-created GPO on my DC OU that sets a bunch of things, several of which are Kerberos settings:

Curiously, while other things in the GPO seems to set on the DCs in question, these specific ones do not. Scanning through GPResult outputs does not seem to show those settings being misconfigured by some other GPO (they  ...

I have an issue that I don't know how to debug. I hope you can help me further with this.

In my group, I administer a Linux compute cluster that consists of multiple compute machines and a Synology NAS server. Since the user homes need to be accessible on all machines, we store them on the NAS and mount them via NFS upon boot. This is the entry in /etc/fstab we use for that:

X.X.X.X:/path/on/nas /h ...

i have /var/www/html/ with index.html

i have /var/www/ai_backend with server.js

server.js is running on port 5000. so if i curl from this machine http://localhost:5000 i get response.

but if i send post request from index.html to server_ip/api i'm getting error

POST http://server_ip/api 404 (Not Found)

this is my nginx conf file

server {
        listen 80 default_server;
        listen [::]:80 defau ...

I need to modify the content of a file, with the following sed command (which works fine):

sed -i '[email protected].*@'"date.timezone = $TZ"'@' $PHP_INI_DIR/conf.d/symfony.ini

This line should be injected in a script before the exec:

#!/bin/sh
set -e

exec "$@"

So i need another sed to say "replace before exec":

sed '/exec/i \sed -i '[email protected].*@'"date.timezone = $TZ"'@' $PHP_INI_DIR/conf.d/sy ...

In RFC5246 it is not mentioned that Ssl renegotiate messages should be encrypted. But when using Windows Schannel API I see that the renegotiate messages are encrypted. I tried to send a crafted "Server Hello Request" not encrypted, to a Ssl client in Windows and it didn't accept it, returned an ALERT message stating that it can't decrypt the message. Any idea how can I do Ssl renegotiate without encryp ...

/etc/dovecot/conf.d/90-quota.conf:

plugin {
 quota = fs:User quota:user
}

Quota Plugin is enabled globally and for IMAP and /etc/systemd/system/dovecot.service.d/override.conf is set to

[Service]
PrivateDevices=off

doveadm show the correct user quota:

doveadm quota get -u [email protected]
Quota name Type       ...

The hierarchy suggested during the "Set up your foundation" step 5. "Hierarchy & access" found within GCP as a banner is the following:

• Production
• Non-Production
• Development

But what is the purpose of Non-Production (possibly: QA, Staging, Sandbox) - and why not include Development environment within Non-Production?

GCP Networking Diagram

<Client A> <---> <Server A: reverse proxy> <----> <Server B>

I don't want the Client A to connect to Server B directly, well it shouldn't that's why I'm using a reverse proxy, Server B can be easily accessed by Server A on the other hand Server B has a lot of limitations on bandwidth and ... if accessed directly from Client A.

I'm feeling like my config on Server A is si ...

I tried to connect from my ubuntu local system to ldap server for checking the connection getting can't connect response, following is the command I tried.

ldapwhoami -H ldap://192.168.132.241:389 -D "cn=admin,dc=example,dc=com" -w "xxxxxxxxxxxxxxxx"

is this the right way?

I have installed a Debian-based VM with two network interfaces, one with one public IP and another with one private IP. I can access public gateway IP and beyond from the public interface (native/untagged VLAN 1) but the private interface cannot reach its private gateway IP (tagged VLAN 5).

Scenario:

• Guest: Debian 11 with two network interfaces (ens3 -public-, ens8 -private-).
• Host: Debian 11 with one n ...

I have two Linux servers. Server A hosts various services, including a website, and has good internet (~500mb/s). However, server A is behind an ISP that does not allow me to open ports. Server B currently holds no services, and I can open ports on it. However, it's internet connection is very slow compared to server A. There is a domain (lets use "mysite.com") that points to B. I also have various devi ...

I have a Debian 10 server that keeps rebooting. journalctl offers possibility to list last boots:

journalctl --list-boots
-6 1ee519dc5bc24e88af75cc609ee32093 Mon 2023-02-06 21:02:02 UTC—Sun 2023-02-12 17:23:28 UTC
-5 bb25fc752ac1428abb87bab15a3cea8b Sun 2023-02-12 17:26:04 UTC—Sun 2023-02-12 17:34:59 UTC
-4 91245b74acdc4c7086ebc4a626d55dcc Sun 2023-02-12 17:37:39 UTC—Sun 2023-02-12 21:48:10 UTC
-3 e ...

I basically have two production clusters, say K81 and K82. K81 is having all infrastructure micro-services and k82 is hosting the micro-services applications of the production website which needs the infrastructure service support running on K81. Consul is one of the infrastructure services running on K81.

What I am trying to do is, I want to expose the consul DNS service on the Kubernetes cluster, ...

We are setting up an ikev2 client vpn using strongswan. So far we have managed to setup a single server using letsencrypt certificate with eap-radius authentication method. We are able to connect to our server without any issue. Now we want to auto-scale the vpn so that the server gets scaled up or down depending on the number of users connected to the server but how do we do it?

What would be the  ...

I have a Proliant DL380 Gen10 server with 4 SAS disks. I replaced one of the disks.

Unfortunately during that time, a colleague of mine removed another sas disk, which should not be removed (white symbol).

Now the health LED is flashing red.

Does somebody know, what I have to do in order to get this working again?

I could reboot the server after I recovered a backup. The server is now not in crucial  ...

I have a scenario of a small air-gap production environment with only three Linux servers (CentOS or RHEL). I want to deploy a small k8s cluster on them. I have two approaches for now:

1. Installing a pure k8s cluster with only master nodes and untainting them from NoSchedule to run all pods on them.
2. Installing a mini cluster solution using k3s, k0s, or microk8s and configuring all nodes as master and wo ...

I am trying to redirect

• https://example.com/1001/def.txt -> https://example.com/1001/1/def.txt
• https://example.com/1001/* -> https://example.com/1001/1/*

location /2023/ {
  if ($request_uri ~* "/2023/(.*)") {
    return 302 /1/$2 break;
  }
}

The problem I am facing is that, whenever I am trying to match the path /1001/ and redirect it to the destination path, that also contains 1001 in  ...

Using a Dell-Perc Raid controller in Ubuntu I have a virtual disk as a raid 0 array composed of 4 physical drives (1Tb SSDs).

I would like to copy the virtual disk onto another virtual disk also raid 0 composed of 4 physical drives.

I would like to use the dd command to do this by booting from a flash drive.

Is this possible?

My ipsec configuration

/etc/ipsec.conf

# ipsec.conf - strongSwan IPsec configuration file

conn myvpn
  auto=add
  keyexchange=ikev1
  authby=secret
  type=transport
  left=%defaultroute
  leftprotoport=17/1701
  rightprotoport=17/1701
  right=$VPN_SERVER_IP
  ike=aes128-sha1-modp2048
  esp=aes128-sha1

/etc/xl2tpd/xl2tpd.conf

[lac myvpn]
lns = $VPN_SERVER_IP
ppp debug = yes
pppoptfile = /etc/ppp/option ...