Latest Server related questions

I have a Windows Server 2019 VM in AWS EC2. I'd like to have a VPN server on it so I can connect to it from my dev machine and run a non-secure protocol across it. I've got the PPP RAS adapter installed, and I can carry out part of the connection from my dev machine. But after authentication, it disconnects and the server side logs an event that says, "RoutingDomainID- {00000000-0000-0000-0000-000000000 ...

Related - but not the same: Azure Cloud Service Upgrade Domain server restart interval

I have a cloud service (extended support) in Azure with two instances of a role, in an availability set, with different value for Update Domain - 0 and 1 - as can be seen in this screenshot.

When a deployment runs, or VMs are being updated by Azure (e.g. windows updates, etc.), I expect that the VM in Update Dom ...

I have made extensive research about how to setup and secure correctly our new VPS with a Ubuntu 22.04 OS for three weeks, and I have currently a good idea of what has to be done.

However, I would like to build a bash script to make all these numerous and complex tasks automatically with a global script and sub-scripts by subject.

For example, the global script VPS_Setup.sh will launch successive ...

I need a regex that would match the following example strings:

 Example 1: "red, blue, and hot"
 Example 2: "red, blue, or hot"

Three individual words, the first two followed by commas, and the conjunction 'and' (case 1) alternatively 'or' (case 2).

Case 1: "<word01>, <word02>, and <word03>"
Case 2: "<word01>, <word02>, or <word03>"

I have the following regex

I have a standard corporate network with Active Directory, and I have an outbuilding for the local community college. We run off port 1 on our modem and run straight into our Palo Alto, which then feeds into our core switch; the CC runs off port 2 and jumps straight out via two Cisco SG300s to their Watchguard and their AD handles network settings through the VPN tunnel. The PCs need to run off their co ...

How to unlock ssh private keys with PAM, so I can use fingerprintd module?

There are many questions here discussing PAM and kerberos for sshd auth, but I can't find anything on the client side.

Also, I do not want to use a ssh-agent at this time.

My setup uses one key per service, defined in the user's ~/.ssh/config to avoid key-identification leak (i.e. it only tries the correct key to each known s ...

I am trying to assign IPv6 addresses to loopback lo0 and access them through curl / browser with custom domain.

I've created ULA on lo0:

ifconfig lo0 inet6 fd56:dd46:5a5d:f2b5:3a51:916d:40ee:1b4a/128

and I have a tcp6 server listening on that IP.

I've created an AAAA RR that points echo to fd56:dd46:5a5d:f2b5:3a51:916d:40ee:1b4a.

It works properly with dig:

~: dig AAAA @127.100.0.16 echo

; <<> ...

I have a build script template that does all the usual build script things: sets up a bunch of parameters, configures various config values, and runs a PowerShell script to run a build step. This template is inherited by a handful of build steps that customize things for different code branches.

TeamCity allows values from the template to be overridden in the inherited build steps. In the case  ...

So I have a Penguin Relion 1900 1U rack mounted server running CentOS 7 that recently had a hard disk failure. It had 4 hard drives configured in RAID 6. To replace the failed HDD, I powered off the machine, swapped the failed one with a new drive of the same size (4TB) and powered on the machine again.

The system booted into the EFI shell instead of loading the OS. I exited from the shell and we ...

The README documentation says:

Please treat gcsfuse as beta-quality software.

My question is, would GCS Fuse ever be deployed in a production application? In other words, what is the use case?

I am a SaaS developer who has a popular website that services users in financial institutions. As we have grown i have noted that an increasing number of our end users are having downloads or uploads blocked due to corporate IT policies and / or software.

To help mitigate this issue we want to create a help article in our help center that outlines the common scenarios when this happens (e.g. you  ...

I'm having an issue with getting the ErrorDocument to work. I have tried most of the suggestions on most of the forms and posts. The only thing I know that I have that the others did not is the RewriteCond that was added by certbot.

I have done it in the past, but that was on an older version of ubuntu and was a self-signed site.

OS: Ubuntu 22.04

The current conf file

        ServerAdmin webmaster ...

My current task is to set up a (remote) backup (using rsync/rsnapshot) over sftp of /home (linux). Obviously some files are read only for the owner (ie -r-------; and should stay that way) so i guess I'll need the root user to back up those files. Setting up an rsync daemon seems also too insecure to me.

However, I do hesitate to use an ssh key for that purpose due to security concerns (if the ba ...

I have this very weird and hard to solve problem on my domain controller (Windows Server 2022).

I have 3 Windows Servers in my domain: Server1 is a member server which acts only a print server (printers are installed on this server and shared).

Server2 is the (only) domain controller. Printers shared on Server1 are deployed to users via a user-GPO. In the past these printers got installed on the DC ...

I've seen this question and others online, yet my problem persists.

I have a gentoo host with the following interface:

virbr0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
        ether 52:54:00:c0:12:c5  txqueuelen 1000  (Ethernet)
        RX packets 22  bytes 2632 (2.5 KiB)
        RX errors 0  dropped 0  over ...

I'm running Apache 2.4.54 on Debian Bullseye and have 42 VHOSTs configured. Most of them are subdomains xxx.my.domain.com of our main domain, say my.domain.com. One client has a special domain. There is also a default VHOST to catch all the requests. All the VHOSTS reside in numbered files, the default comes last.

• HTTP -> HTTPS
• subdomain not catches before -> ErrorDocument
• no subdomain -> erro ...

I noticed my 'tenant' had this Standard Protection preset off. Apparently this is supposed to be the 'baseline protection profile".

However, everywhere I am reading that EOP is enabled by default and protecting already by default.

So which one is it?

Do I have t enable this 'standard protection' to get any protection? What is the difference between leaving the "standard protection" preset on and off? ...

Can you send an email to an address, have it be accepted by the mail server, and then the mail server silently deletes it?

I am running an email server. I have noticed that some emails come from IP addresses on the spamhaus list. When these emails are received by the server it responds with one of the 2yz (Positive Completion Reply) codes. But then it silently filters out the email so that the us ...

On various clean Windows 10 or 11 builds, all of which are domain-connected devices, if I log in from a cold boot using a domain account while having no network connection to the domain, I get lengthy delays before I am logged into the device.

When the device is on the corporate network, it logs in normally.

When off the network, the login delay used to be around a minute. Now, it's closer to 5 minu ...

Say I have two computers connected to the same Wifi network. Let's call them computer-A & computer-B.

I am using computer-A, I can ping computer-B without issues.

Now, on computer-A, I have generated a new SSH key pair (but not the default id_rsa pair which this computer already have). Let's call the keys : newkey and newkey.pub.

I would like to use ssh-copy-id command to copy the newkey.pub t ...

Unable to find information about how to read -fw_cfg value in windows guest with the help of this: https://github.com/virtio-win/kvm-guest-drivers-windows/tree/master/fwcfg

Related question: https://stackoverflow.com/a/70967245/625521

I am trying to secure a self-hosted GitLab solution using Cloudflare zero trust. I followed their tutorial but when adding the DNS record I get 'This hostname is not covered by a certificate'. but I ignored it since the tutorial doesn't mention anything about HTTPS, and they even configure the ingress to work on HTTP.

When I try entering my website after finishing the configuration I get 'SSL_ERROR_NO_C ...

My website has been hit by a massive internal search spam attack.

Tens of thousands of spam links have been indexed by Google, and I'm trying to add Noindex and Nofollow tags to my search results page.

My search results page uses ?s= query string.

https://example.com/?s={search_term_string}

And I tried the following code, but it doesn't work.

    location / {
        try_files $uri $uri/ /index.ph ...

Problem: Google's Public DNS returns NXDOMAIN for certain SLDs.

Proof of problem:

dig vpn.example.com @8.8.8.8

   ; \<\<\>\> DiG 9.11.5-P4-5.1+deb10u8-Debian \<\<\>\> vpn.example.com @8.8.8.8
    ; global options: +cmd
    ; Got answer:
    ;; -\>\>HEADER\<\<- opcode: QUERY, status: NXDOMAIN, id: 8324
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, AD ...

Haproxy experts,

I'm unable to get haproxy stats page to work with TCP mode for the backends.

global
    log         127.0.0.1 local2
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon
    stats socket /var/lib/haproxy/stats

defaults
    mode                    tcp
    log                     global
    ...

Good morning,

My objective is therefore to monitor several web servers and ensure that each one is UP, available, but also to verify that they have not been victims of attacks.

The idea is to find OpenSource tools that could help me do this, but either way I think I should code a bit, and it will be in Python.

As for availability, it's very simple, I just have to send an HTTP request and see that the r ...

There is 1 bundle and there are 2 PCBs in the cluster. Backend service and front service exist respectively, and nginx-ingress was explained in detail through the host. Now I tried to install nginx-ingress-controler to install ingress via acm. I followed these instructions

https://kubernetes.github.io/ingress-nginx/deploy/#aws

ingress.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name:  ...

Every hour one MariaDB version 10.4 database stops responding and I see this output in the log file:

Feb  9 10:00:02 maria55 mysqld: 2023-02-09 10:00:02 0x7f72547a5700  InnoDB: Assertion failure in file /home/buildbot/buildbot/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX/mariadb-10.4.13/storage/innobase/btr/btr0cur.cc line 7940
Feb  9 10:00:02 maria55 mysqld: InnoDB: Failing assertion: space_id = ...

I managed to solve the issue myself but still feel that the answer can be useful to others, therefore I am posting it here.

The problem was twofold. First, the Authentication was set to Anonymous authentication instead of Windows authentication. This still resulted in an Unexpected error 80, with the same code number 80004005. In term, this was solved by running the browser from which ASP site is ...

Connecting to a Dell PowerEdge R7415 server using IDRAC 9 (Integrated Dell Remote Access Controller), I see that the default certificate's subject is "idrac-SVCTAG".

So all similar Dell servers would use the same subject to identify themselves.

I suspect that there is a bug, and SVCTAG should have been the Dell Service Tag; that way the subjects would be different at least, and you had at least a lit ...