Latest Server related questions

In the process of learning ansible I am trying to create a playbook to run on some email hosts to gather sha1 hashes of the files. I have a plaintext file with the path and filenames the playbook needs to check.

It is formatted as follows: files2.txt:

/opt/zimbra/zimlets-deployed/com_zextras_drive_open/assets/refresh.png
/opt/zimbra/zimlets-deployed/com_zextras_drive_open/assets/icon.png
/opt/zimbra/z ...

I currently have AWS configuration set up with my access key id and secret access key (i.e. I see this when going to 'aws configure' in the CLI). I then login through my company's OKTA to then access the AWS UI.

I've just been given access to a new AWS account (lets call it X) that I've been given access to AWS Single Sign-on (SSO) in OKTA for this new account.

What are the steps I need to take in o ...

This is more of a Docker question that anything else, I think, but allow me to describe the situation first.

We upgraded the base image to one of our containers from php:7.3.28-fpm-alpine3.13 to php:7.3.28-fpm-alpine3.14. The items that changed within the images included:

• Alpine Linux: from version 3.13.5 to 3.14.0 (according to cat /etc/os-release )
• Nginx: from 1/18.0 to nginx/1.20.2

Neither the ngin ...

I am trying to execute the dnf update command on almalinux 8.7 Before a few hours it worked properly, now all mirror gives 404.

I examined the urls, and it seems, that in all repo the checksum in urls are changed.

For example dnf update is trying the url

http://ftp.bme.hu/almalinux/8.7/BaseOS/x86_64/os/repodata/86ea74b2f08c662d45b1405f50f1f0e6ba8f07256801ff3d443f3bc8f870003b-primary.xml.gz

but when I  ...

I have tried a truckload of guides, but neither seems to work properly. My issue is the following:

• I have a host with 1TB SSD drives
• The VMs barely use ~50G/150G of space (when checked with df -h), yet, they consume 170 and 260gb of space respectively on the disk.
• I have the Hyper-V guest services enabled in the VMs.
• They keep growing.

Host OS: Windows Server 2022 Datacenter 21H2
Guest OS: Ubuntu 22.04 ...

given the following role, why can my test IAM user not see any EC2 instances? When I login with the test user and go to EC2 I just see "You are not authorized to perform this operation".

As you can see, I built this through the GUI editor. What am I missing?

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Actio ...

I have 2 AWS accounts, Account#1 and Account#2.

In Account#2, I am creating a role that has a trust relationship with Account#1 like:

"Statement" : [
    "Sid" : "",
    "Effect" : "Allow",
    "Principal" : {
       "AWS" : "arn:aws:iam::123:root"
    },
    "Action": "sts:AssumeRole"
]

When doing this, doesn't Account#1 have to somehow allow Account#2 to create this trust relationship? If yes, where d ...

rsync allows to copy/synchronize folders without transferring files that already have been synchronized before and that did not change since last run. For that, you typically have to specify the source and target destination, and the updates are directly applied on the target destination.

What I intend to do: have the same functionality as described above, except that the changes (and only the ch ...

After i changed the settings in the iptables i have no http connection with lynx and no apt update works anymore but i cant see the flaw in my configuration. My iptable config:

Chain INPUT (policy ACCEPT)  
target     prot opt source               destination  
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https  
ACCEPT     tcp  --  anywhere             anywhere             ...

Not sure where to post this?!?!?!

When using Jeremy Longs dependency-check the following error occurred today and stalled our development/CICID (jenkins slave within OTC):

$ dependency-check.sh -l depcheck.log -s ref-jpers-service/ ... java.io.IOException: Finally failed connecting to Central search. Giving up after 7 tries. ..... DEBUG - Searching Central url https://search.maven.org/solrsearch/se ...

I followed the installation instruction of Outline Manager on https://getoutline.org/ to install the Outline Server on a linux VM. The installation steps included running a shell script on the linux VM that installed and configured the Outline Server automatically with docker.

On the server, two docker containers were running:

shadowbox watchtower I figured out that the shadowbox is the container of ...

I have dedicated server with installed virsh. On the server I have 5 virtual servers.

When someone DDOS attack dedicated server is everyting ok. I hardly know it's an attack. But if someone attacks the virtual server, it is not possible to load the website, database, etc. I have a firewall (UFW) on the virtual server and also on the dedicated one. I also use this script for DDOS protection on all ...

I have a CentOS7 behind a proxy :

$ grep proxy /etc/yum.conf
proxy=http://10.10.30.90:80/

and the http stream to that proxy is allowed :

$ : < /dev/tcp/10.10.30.90/http
$ echo $?
0

I'm trying to use yum behind that proxy by it fails retrieving the mirrorlist :

# yum check-update
Loaded plugins: fastestmirror
Determining fastest mirrors
Could not retrieve mirrorlist http://mirrorlist.centos.org/ ...

I want to apply a default CSP header in nginx - basically a catch all. However, I also want to be able to override the CSP header via PHP in certain scripts. So far I've been unable to find a way to do this and the result is I get 2 headers - the first from PHP and the second from Nginx, with the last header taking preference over the first.

In nginx I have:

add_header Content-Security-Policy "default ...

I am new to RTF and Azure. I am following the MuleSoft documentation for the installation of RTF in AKS.

https://docs.mulesoft.com/runtime-fabric/1.10/install-rtfctl

It comes with the following command

sudo chmod +x rtfctl Now it is asking for my password. I tried everything but not sure which password has to be filled there.

We want to have a server with low latency to the service opensea.io.

To find out which hoster is close to their servers we would simply rent a bunch of servers from different hosters and ping the service above.

Do you have any better ideas for this approach?

Thanks

I have a network interface for which I would like to configure routes.

# ip address show br_10G_V888
6: br_10G_V888: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 78:ac:44:09:9d:82 brd ff:ff:ff:ff:ff:ff
    inet 172.21.1.48/24 brd 172.21.1.255 scope global noprefixroute br_10G_V888
       valid_lft forever preferred_lft forever

I am able ...

This is a duplicate of a question I've just asked on StackOverflow, before realizing this was maybe a better place where to ask it.

I have ModSecurity 2.9.3 and the OWASP CRS 3.3.2 security rules running on my new VPS (Virtualmin).

I enabled the REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES, and it mostly seem to work.

The Wordpress theme editor, however, does not. When saving, it gets a 403 response ( ...

We are facing a problem with connecting android devices to our VPN server. iOS devices do not have any problems connecting.

Android devices trying to connect via StrongSwan official app from Google Play. And iOS from system settings. VPN server based on StrongSwan+Charon

We tried to make a dump from VPN server and found the difference between successful and unsuccessful connections

• In success: se ...

I am working on an IoT device that has three network interfaces: Ethernet, WiFi, and LTE. The interfaces provide redundancy and fail-over for network connectivity, and any combination of the interfaces might be up. When more than one interface is up, the interfaces are preferred in the order Ethernet, WiFi, and LTE.

At the moment each of the network interfaces gets a network address via DHCP, and ...

Trying to set up some advanced filtering/firewall policies from one interface to another and I kept having users blocked from various services/strange issues (like cert errors,etc).

The configuration is this: if you hit port 1433, you get added to a block-list

So in this, I've discovered that google's DNS servers are coming back and hitting port 1433!

Can anyone explain WHY on earth they would do this? ...

Investigating an older server and disk array (Dell EqualLogic PS4100). The server has Dell EqualLogic SAN Headquarters onit. In Group Manager on the server I can see 5 out of 7 volumes as online/active. I can see the different disk usage stats for the various volumes as well.

When I do an auto-config via ISCSI initiator (Windows 2008 R2), it only mounted 1 of the 5 to the server.

When I do "iscsicli ...

I am working on a project that would require my server to proxy images from any domain.

The idea would be that https://icontrolthisdomain.net/https://somerandomdomain.org/some-random-route/image.png would actually proxy the image to the user. If it caches it, it would be a plus too, but the only important thing right now is to proxy it.

There is a question like this one but they always proxy the same doma ...

I'm on MacOS with apple silicon. I'm tring to set up a vangrant environment of two nodes which both should be able to see each other and be reachable by the host.

For that, this is the Vagrantfile I'm using:

# -*- mode: ruby -*-
# vi:set ft=ruby sw=2 ts=2 sts=2:


Vagrant.configure("2") do |config|
  config.vm.box = "perk/ubuntu-2204-arm64"
  config.vm.box_check_update = false


      config.vm.def ...

I've just migrated from APC to using Session Upload Progress (https://www.php.net/manual/en/session.upload-progress.php).

All was going swimmingly until some forms were mysteriously throwing up Access-control errors when submitted.

After a few hours it turned out the problem occurs when you include <input type="hidden" name="FORM_UPLOAD_PROGRESS"/> (with a value) in a form, but the form doesn't  ...

Goal: Provision a SageMaker instance on AWS with Terraform.

Problem: There does not seem to be a go-to Terraform module for SageMaker that is easily configurable or extensively documented. I've tried spinning up the blueprint example of one of the modules, but the result seemed to be missing some features (e.g. Access to AWS' Project templates, Notebook Jobs) that the manually configured SageMaker d ...

I'm using Docker with Ubuntu in a development environment, but I noticed that docker can use all the resources of the host machine, is there any way I can limit this without having to configure each of the containers?

I tried to configure the docker daemon.json example:

{ 
  "cpus": 1,
  "memory": "4096m"
}

I am trying to setup a custom email for a company website. The only issue is that when sending an email to a gmail account, I get the following back:

The mail system : host gmail-smtp-in.l.google.com said:
The IP address sending this message does not have a PTR record setup, or the corresponding forward DNS entry does not point to the sending IP. As a policy, Gmail does not accept messages from IPs ...

I have about 20+ domains to load balance using single haproxy. to differnt backend. i want all of them to route from haproxy but have isolation of each frontend too. when i tried to use each domain with its own frontend, then only one frontend remained active and rest of frontendds did not recieve any traffic (all frontend bind to same port 443. is there any way to use multiple frontendds with same port ...

I've created a VPC-native GKE private cluster. My Pod address range is 10.20.0.0/16 and my Service address range is 10.26.1.0/16.

GKE is setup on vpc-8 private subnet (100.17.8.0/24). I need to connect from pod to remote instances which are on another vpc, i.e vpc-2 (100.17.2.0/24 - this on different cloud) but getting below error:

curl: (7) Failed to connect to example.private.com port 443: Connectio ...