Latest Server related questions

With this reference link

My s3 bucket name say testbucket.

If I create prefix for a rule say.

subfolder1/

All the objects in it are applied this rule.

But it is not getting applied for objects inside subfolders.

subfolder1/subfolder2/item1 subfolder1/subfolder3/item3

How to create a common prefix for a folder so that all the sub folder contents of the folder also gets this rule.

I have a server ("A") running behind a firewall, which only serves HTTP (I kid you not). I have no control over the firewall, but "A" can connect to server "B", though the reverse connection from B to A is not possible due to the firewall. I've successfully installed Jenkins nodes on "A" since they have an option to use web sockets to connect back to the master node on "B". As a result I've been trying  ...

apache2 v.2.41 on Ubuntu 20.04.5 LTS (WSL2) is suddenly not connecting over https, in browser or via wget.

It's been working for months, and I haven't changed anything.

I tried restarting Apache; it's still not working.

My sites's .conf file:

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerAdmin <redacted>
    ServerName penguin.linux.test
    ServerAlias www.penguin.linux.test
   ...

I want to recover my ssh public key from my private key. I am aware of this answer but it doesn't seem to work for me. When I run the command suggested ssh-keygen -f ~/.ssh/my_key -y > ~/.ssh/my_key.pub I only get the algorithm ssh-ed25519 and an ssh fingerprint not the full public key. What am I missing?

I tried making a new key and testing the command, it worked as expected. Is there something about ...

I've got a Debian 10 server running Apache2 2.4.38. Recently, I replaced the SSL certificate file used by all of the configured HTTPS vhosts and ran systemctl reload apache2.service, which runs /usr/sbin/apachectl graceful via the systemd unit file.

According to the Apache 2 docs,

The USR1 or graceful signal causes the parent process to advise the children to exit after their current request (or to e ...

I am using a VMware photon OS VM.

I want to configure a secondary IP address for my eth0 interface. And following the lead in : How to configure interface aliases using Systemd-Networkd?

I added an additional Address and Gateway values as shown below:

[Match]
Name=eth0

[Network]
DHCP=no
Address=10.196.57.202/23
Gateway=10.196.57.253

Address=10.196.57.203/23
Gateway=10.196.57.253

DNS=10.202.22.1 ...

I have a LAMP stack with Amazon Linux 2, Apache 2.4, and PHP-FPM for PHP 8.1 and I'm trying to set the value for process_control_timeout in my PHP-FPM config

I added process_control_timeout=50s to the bottom of the file /etc/php-fpm.d/www.conf but on reloading PHP-FPM it fails and the status contains the error

ERROR: [/etc/php-fpm.d/www.conf:xxx] unknown entry 'process_control_timeout'

According ...

Using Ubuntu Server and bind9...

Here's the error: enter image description here

Direct zone: enter image description here

Reverse zone: enter image description here

Named.conf.local: enter image description here

Named.conf.options: enter image description here

When i do the checkconf and the checkzones it says everything is good, basically... But when i try to nslookup an IP it fails. Fortunately, it  ...

I want to identify heaavy users on a web API I would like to ignore CGNAT IPs . I looked at https://www.rfc-editor.org/rfc/rfc6598 Is this mandatory or can an ISP use any given IP ?

Is there a List of IP Adresses used for CGNAT ?

thanks

I have a very annoying problem with my EC2 instance. I have a ubuntu EC2 instance and in a Python Notebook cell I do a loop for retrieving many files from s3 (actually not that very much, around 300 files) and sometime when I run this loop, after a few minutes my instance crashes. When I look at its status everthing seems perfectly fine, but I got disconnected from VScode and I can't reach the instance  ...

[Mon Jan 30 19:43:19 2023] ata4: COMRESET failed (errno=-16)
[Mon Jan 30 19:43:19 2023] ata4: hard resetting link
[Mon Jan 30 19:43:06 2023] ata4: link is slow to respond, please be patient (ready=0)
[Mon Jan 30 19:43:09 2023] ata4: SATA link up 1.5 Gbps (SStatus 113 SControl 310)
[Mon Jan 30 19:43:09 2023] ACPI BIOS Error (bug): Could not resolve symbol [\_SB.PCI0.SAT0.PRT3._GTF.DSSP], AE_NOT_FOUND (2021 ...

Is there a way to retrieve the login page url for a cognito user pool app client from the cloudformation template?

I currently have two projects: one for a spa webapp end one for the aws stack to host and serve it.
In terms of automation it would be perfect to have the spa project pipeline retrieving any necessary url from the aws stack via cli (e.g.: sam describe-stack or such) before assets compil ...

We host our website on a dedicated windows server. Every time the server restarts, we lose around 5-6 minutes of traffic. We are using .Net Architecture (MVC).

A separate dedicated server would be expensive. What would be the best architecture for seamless traffic?

Most solutions point to single server setup or redirecting to a maintenance page. Seamless browsing is not an option discussed in variou ...

In official Nginx docs a new directive added since v1.19.10 named keepalive_time 1h: Nginx keepalive_time Doc

Limits the maximum time during which requests can be processed through one keep-alive connection. After this time is reached, the connection is closed following the subsequent request processing.

Once a keep-alive connection initiates by browser, keepalive_timeout 75s limits the time during  ...

I have built an IKEv2 VPN server.

The current config in /etc/ipsec.d/ikev2.conf is like this:

  conn ikev2-cp
  left=%defaultroute
  leftcert=58.xx.xx.xxx
  leftsendcert=always
  leftsubnet=192.168.1.0/18
  leftrsasigkey=%cert
  right=%any
  rightid=%fromcert
  rightaddresspool=192.168.43.10-192.168.43.250
  rightca=%same
  rightrsasigkey=%cert
  narrowing=yes
  dpddelay=30
  retransmit-timeout=300 ...

We're a small business with 5 employees. As such owners and employees share the same PCs. The owners might have documents which as sensitive in nature and the employees could be using the same PCs and need to be local admins (to install programs etc). The issue with the employees being local admins is that they can see all the files in the PC.

The files in question are stored on the PCs in OneDri ...

For security reasons, I want to restrict users to have more than one ssh connection. In terminal, if I check $ last user , I'll find the user is still logged in. Is any solution to check if user is still logged in don't allow to login again?

The original text is in Chinese, translated into English using Google Translate.

premise

Because of the need to upgrade glibc2.28 to glibc2.29, and later required too many dependencies, the upgrade was given up. Then when connecting through ssh, it is found that the server cannot be connected, and the authentication fails. After connecting through the ssh client of other hosts and entering the user n ...

I have bunch of RHEL8.6 machines and i need user authentication via Active Directory.

I got machines added to AD-domain with Realmd, made user groups, restricted access to user groups and enabled Sudo for those groups.

However, i'm facing some lag/delay(3-10 seconds) when running commands with sudo.

AD has about 200-250 users total. At the moment there is only one(1) user group with 3 users who has acc ...

I have multiple domains as below: www.domain1.com www.domain2.fr www.domain3.com www.domain4.fr www.domain5.biz

I wanted to redirect specific requests coming to the any domain let's say traffic coming to www.domain1.com with specific parameter should be proxy_pass to domain1.domainabc.com

upstream backend {
        server <server1 IP>:80;
        server <server2 IP>:80;
}

server {
      ...

In an effort to try to remove the ability for users to print directly to an MFP shared printer, relegating the users to use their badge ID for more secure printing while in the office... Currently testing with one printer by removing the 'Everyone' group and adding an 'Allow' group the access to print (for exceptions). SO far that does the trick. And I can print all day with my badge but when I try to p ...

// Not sure if this question is best fit for serverfault or webmasters stack exchange...

I am thinking to rate limit access to my sites because identifying and blocking bad bots take most of my time.

For example I have bots accessing the site by vpns/proxies and each individual IP makes 10k - 15k requests per 1-2 hours before I find and block it. And daily I see around 100-200 of them. They slow dow ...

Postfix sends mail to relayhost, but relayhost bounces back with dsn=5.0.0 and no further details.

Q: How can I debug this in detail so that I can find out where I made the mistake?

Setup:

smtp-client.test.com : this is a test server on which I installed postfix with Debian 10. This test server simulates the situation when it hosts a company's website and it should be able to send e-mails generated from ...

Given an Auto Scaling Group with a single EC2 environment, am I able to create a scheduled scaling policy and a CPU target tracking policy for the ASG?

For example, I would like to define a scheduled scaling policy to scale up at 10am and scale down at 4pm. In combination with the scheduled policy, I would like to also have a CPU target tracking policy to handle any unexpected load the scheduled  ...

In my network I have:

• mikrotik router (10.0.0.1) with static DNS entries for myhost.mydomain.com -> 10.0.0.4
• adguard server (10.0.0.128) that uses 10.0.0.1 as upstream DNS
• DHCP gives 10.0.0.128 as primary DNS.

I have really weird situation with DNS resolution on ubuntu machines:

[21:22:18][root@ubuntu]:~# nslookup myhost.mydomain.com
Server:     127.0.0.53
Address:    127.0.0.53#53

Non-autho ...

I'm new to QGIS and stumbled about this question while playing around with the QGIS Server configuration.

The QGIS Server installation guide says:

QGIS Server needs a running X Server to be fully usable, in particular for printing.

...but I can use the GetPrint option just fine to get PDF/PNG/SVG without x Server or xvfb installed on an Ubuntu Server 22.04 machine.

Is the guide just outdated or  ...

Hey guys I purchased and deployed a CIS hardened image of RHELv 7.9 on my azure platform but now it shows the above message when I run the yum command to install or update something.

If I am not registered to an entitlement server does it make my instance illegal/pirated ? If not then can I just disable my subscription manager plugin and I can use my instance without worrying much.

I have a gRPC service and I want to deploy it behind an Apache reverse proxy.

The apache configuration is similar to the following:

LoadModule http2_module modules/mod_http2.so
LoadModule proxy_http2_module modules/mod_proxy_http2.so
...
<VirtualHost _default_:443>
  SSLEngine on
  SSLProxyEngine on
  ServerName service.mydomain.com:443
  SSLCertificateFile ".../mycert.crt"
  SSLCertificateKeyFi ...

I will try to explain the problem as best I can.I have an IIS server that is accessible from outside and users use it to download files (.zip, .iso, etc.).

With smaller files, this is not noticeable, but with larger ones, I recently noticed that when the link is clicked, the download does not start immediately (it does but I don't see that in browser) but the page is loading (and downloads in the ...

Currently a client application works directly over internet with Azure Keyvault to get secret stored in the Keyvault. Azure service principal is used on client side for authentication to the Keyvault and this service principal has GET, LIST permission on Keyvault.

Is it possible to configure a Azure API Management (Azure API gateway) between client app and Keyvault to proxy client's API request ( ...