I'm running some apps under docker on Oracle cloud free-tier ARM64 server. I'm using an nginx reverse proxy and wildcard subdomains to access the apps.

When I try to access the app at port.meracloud.tk using my home internet connection, I get a "503 Service temporarily unavailable" error(both on my phone and laptop). However, when I use the mobile data on my phone, I can access myapp.

The weirdest p ...

I've installed ocserv package using these commands on Ubuntu22:

mkdir /usr/local/src/ocserv
cd /usr/local/src/ocserv
wget ftp://ftp.infradead.org/pub/ocserv/ocserv-0.10.9.tar.xz
unxz ocserv-0.10.9.tar.xz
tar xvf ocserv-0.10.9.tar
cd ocserv-0.10.9
./configure --sysconfdir=/etc/ && make && make install

The ocserv package is installed and it run and works with this command:

ocserv -c ...

I have installed Windows 10 Home version and updated it to Enterprise and added the KMS server. If I now run the sysprep everything else is ok but sysprep adds an account admin. How can I prevent this or delete the admin account before a user will start the OOBE process?

Password for account admin is "admim".

It is a complex setup, which I want to explain first (if you dont care, just scroll to 5) ) :

1) Company has multiple Active Directory Forests, which are:

user.local --> here are all user accounts stored server.local -> here are all servers are stored group.local -> new domain where all clients, servers and users should be transfered to. This domain has constrained delegation turned on

2) Wh ...

I have an Apache webserver behind a load balancer which proxies request to Apache and have problem regarding configuring directories.

Here is my scenario:

1. Upper Load Balancer proxies request to Apache with adding original Hostname in X-Forwarded-Host.
   
2. I should decide which directory to serve based on X-Forwarded-Host header value.
3. Incoming requests have X-Forwarded-Host headers like:
   test1.exampl ...

I have a IPSEC tunnel configured as follows.

Site A (Sophos XG) 192.168.40.0/22 to Site B (pfsense) 10.1.1.0/22

At site B i have a Zabbix instance installed at 10.3.1.2 on a separate VLAN. I want this Zabbix instance to access the XG (over the tunnel at 192.168.40.1) at Site A via SNMP.

I have altered the firewall at the Sophos XG end (Site A) but i need to configure the pfsense.

Do i need to create a NAT ...

The Root CA is domain joined. The Sub CA will be domain joined. The Sub CA will deliver workstation Authentification (template) to PC clients via GPO.

Is there any known issue with this configuration? Should the root CA be only standalone? I know the security recommendation for the root CA to be standalone but is there any operational issue if it's domain joined?

I've deployed openstack and used LVM as a backend for the cinder block storage, but after using it for a while I could no longer allocate block storage volumes , after checking the available space in the thin pool I found out that it shows 100% space usage even though the space allocated for it is more than 20 times the actual space used by logical volumes. here's the output of lvs command

[root@st ...

Since a couple of months we are using a vulnerability scanner (Rapid 7) which is complaining about the bcel package being vulnerable. Red Hat released an update package, but hasn't found it's way to the Centos 7 repository. The only suggestion so far I can find is update to the latest version of bcel in the Centos repository, which ain't helpful as the latest version seems vulnerable. Also I can't find  ...

We have a webserver with IIS reverse proxy and apps server with application, configured reverse proxy with http and the reverse proxy rules works fine.

The same application and reverse proxy after configuring with SSL certs, browser fails to load the application. Chrome browser throws "ERR_TOO_MANY_REDIRECTS"

Below is the working rewrite rule for HTTP.

    <rewrite>
<rules>
    <rule name= ...

I have opened my port 8080 in iptables and i am launching a nextcloud container where port 8080 is exposed and routed to nextcloud server on port 80 inside the container.

I cannot reach either localhost:8080 when i run docker locally or server_ip:8080 when i run docker on a remote server even if my port 8080 is open.

Docker has modified iptables after i ran my script to configure firewall.

How should i ...

I used this and this blog posts to configure postfix to relay mails to a specific server using authentication. The following settings have been made in main.cf:

# sender-dependent sasl authentication
smtp_sender_dependent_authentication = yes
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay

# default relayhost setting
relayhost = [fully.qualified.target.server]:587

# smtp authentica ...

I am using an Ubuntu 18 on a virtualbox machine and I am trying to overwrite a netplan config related to an interface. There are two config files located in /etc/netplan/.

50-cloud-init.yaml:

network:
    ethernets:
        enp0s3:
            dhcp4: true
            match:
                macaddress: 02:d4:40:b8:a4:a0
            set-name: enp0s3
    version: 2

50-vagrant.yaml:

---
network:
  versio ...

I have this

Status: active
Logging: on (low)
Default: allow (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere
80/tcp (Apache)            ALLOW IN    Anywhere
80                         ALLOW IN    Anywhere
443                        ALLOW IN    An ...

I am trying to set up an IIS 10 (Windows 2019) to tunnel HTTPS traffic to a REST API of an application server at our customer location.

Tunnelling HTTP traffic was no problem and works like it should via the rule in web.config:

        <rule name="ReverseProxyInboundRule1" enabled="true" stopProcessing="true">
            <match url="(.*)" />
            <conditions logicalGrouping=" ...

I wanted to fail a login attempt to be logged in my Mariadb server. The failed login attempt successfully logged in my general log file while I am providing the wrong username or password.

If I provide the correct username and password, after providing the wrong database name, Mariadb DB throws Access denied error. But there is no warning message logged in the log file. I expect Mariadb to log er ...

I did set up a ssh vpn on ubuntu server and created a user for that and everything is working fine. So how to limit this service to one device only for that specific created user? I am using password authentication.

I have had setting up network unlock for my Centos based hypervisor for several years, and I finally set the time aside to try it a second time and am running into a road block. I do not want to ssh to a dropbear initramfs, I want this to be automatic as long as I've unlocked a central server.

The basic concept I want to achieve:

1. Store the keyfile/password on an "always on" system, within a luks encrypt ...

I have the following file that creates a mysql-secret for mysql deployment pod.

apiVersion: v1
kind: Secret
metadata:
  name: mysql-secret
type: Opaque
data:
  mysql-password: MTExMTEx
  mysql-root-password: MTExMTEx
  mysql-user: YQ==

The problem is that, previously I could deploy mysql on Kubernetes cluster using the secret key created by this command:

kubectl create secret generic mysql-secret --from- ...

So, I have a situation here and I'd like to hear some tips about it.

I have a Windows Server 2012 R2 and I'm going to upgrade it to Windows 2019. The server has two HDD's in RAID 1.

To be on the safe side and have a quick solution in case of a problem, I will remove one of the Disks and install Windows 2019 on the left disk. If something goes well I place the second HDD and rebuild RAID 1. If everyt ...

I previously made an Amazon EC2 instance and stored some data onto an elastic block storage volume (150 GB sc1). I have since detached the volume and attached it onto another EC2 instance. However, when I try to mount the volume I get the following issues.

~ # sudo mount /dev/xvdf /data

mount: /data: wrong fs type, bad option, bad superblock on /dev/xvdf,
missing codepage or helper program, or oth ...

I've been setting up a HAproxy before two systems that both run postfix and dovecot. As I have it now, I have three public services (one for each port: 25, 587, 993) behind which there are three backends, that each consist of two servers (one Linux+Docker, one macOS+MacPorts). Each backend has a healthcheck configured.

Currently, the test I use simply checks if postfix (postscreen) is listening on ...

I have issues trying to push an image I created with podman to an ECR container I have.

The issue doesn't seem to be related to permissions or authentication and I am struggling to find similar issues online. I am also seeing the tagged image so the issue seems to be related to the push only.

I am getting 3 of the below errors until the 'podman push ..' commands eventually fail.

[ec2-user@ip-10-0-151-137 ...

OK, here is what I am trying to achieve. I have servers distributed across data centers around the world. I want them all to join the same Active Directory Domain. I don't want to implement ADFS and put Active Directory servers in every data center because it is too much work.

Instead I want to have only one Active Directory server/cluster in one data center, let's say US East. Then I want al ...

I have NGINX Amplify running on a linux box w/ NGINX v1.18. The server has very low end-user usage at this time (< 50 browser clients at any given time). I notice random spikes in file descriptors.

I setup a headless browser load test with 200 browsers for 5min and notice the file descriptors don't spike anywhere near the random spikes that I have been seeing.

The pink highlighted section from Am ...

I have a Dockerfile as following:

# Install Operating system and dependencies
FROM ubuntu:22.04 AS build-env

RUN apt-get update 
RUN apt-get install -y curl git wget unzip libgconf-2-4 gdb libstdc++6 libglu1-mesa fonts-droid-fallback lib32stdc++6 python3
RUN apt-get clean

RUN useradd -ms /bin/bash user
USER user
WORKDIR /home/user

# download Flutter SDK from Flutter Github repo
RUN git clone https://gi ...

I have Wireguard running in docker container (wg-easy) on VPS, the other machine connected is home server running opnsense.

VPS:
local network is 10.0.0.0/24
local address is 10.0.0.73
Wireguard:
local network 30.8.0.0/24 
local address 30.8.0.1 
Opnsense:
local network is 30.0.0.0/24 
local address is 30.0.0.14

I configured opnsense and can ping hosts on both wireguard and VPS networks. Unfortunately ...

I'm trying to block access to the website for certain IP addresses. For this I have a file ipblacklist.conf with list of IPs in the following format one line per IP:

Require not ip xxx.xxx.xxx.xxx

Then in the httpd.config I have this:

<Location />
   <RequireAll>
      Require all granted
      Include ipblacklist.conf
   </RequireAll>
</Location>

This works fine; however, I also ...

I tried this command on the host.

virsh snapshot-create-as --domain test_vm_back --name "snapshot-before-install-package" --description "snapshot test"

As you know, this is just a simple command from tutorials to create a snapshot of the VM. The VM is running.

ERROR from the command.

I googled this error, but I couldn't understand it. This problem seems rare.

error: Requested operation is not valid ...

I have an error trying to add an olcAccess using ldapmodify command:

ldap_initialize( ldapi:///??base )
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn: olcDatabase={1}mdb,cn=config
changetype: modify
add: olcAccess
olcAccess: to dn.subtree=“ou=Groups,dc=example,dc=net“ by dn=“uid=hellios,ou=Users,dc=example,dc=net“  ...