Latest Server related questions

RSPAMD 3.5.2

Using the multimap module I am rejecting certain email addresses via a blacklist:

multimap.conf

blacklisted_addresses {
    description = "Blacklisted addresses";
    type = "from";
    prefilter = true;
    filter = "email";
    map = "/${LOCAL_CONFDIR}/local.d/blocked_addresses.map";
    action = "reject";
    symbol = "BLACKLISTED_ADDRESS";
    regexp = "false";
}

In blocked_addresses. ...

So, I have setup an smtp server using smtp in a Debian 11 machine. It works perfect when sending emails from my phone and my computer, but it does not work when trying to send emails from the same host machine. The error I get when tailing /var/log/mail.log is

Aug 11 13:15:45 mail postfix/smtps/smtpd[2740]: SSL_accept error from mail.example.net[2a02:c207:2041:2547::1]: -1
Aug 11 13:15:45 mail post ...

The most common NGINX config I see is the one below, where it is made sure that all relevant HTTP requests are redirected and the irrelevant ones are dismissed, but usually I only see one server block to handle HTTPS, which is mostly also the implicit default server for all HTTPS requests, regardless of what the Host header says. ^{(Reminder to self.)}

I just learned that, for whatever reason, domain  ...

I have a small issue with VSFTPD, and I'm not able to resolve it yet, so I'm coming here to get your tips !

The user has a ftp directory in its home, which is a mount point through s3fs, to access a S3 bucket. Settings to start my s3fs :

s3fs mybucket -o dbglevel=info -f -o curldbg -o url=https://s3-eu-central-1.amazonaws.com -o use_cache=/tmp/myuser -o use_path_request_style -o uid=UID-of-my-user -o  ...

With a batch script to set variable from For and Tokens and remove the first char:

for /f "tokens=1,2,3,4,5,6,7,8" %A in (
 'net user %username% /domain ^| 
 find "Global Group memberships"' 
) 
do set groupname=%D:~1%

The groupname is like *Groupname and I need to delete the * char.

I check the variable using echo %groupname% the output is *Groupname:~1%

How can I get the desired result?

I am trying to test open service mesh for our application.

No tags in serverfault for service mesh or servicemesh or osm or open service mesh,etc. So I kept istio as serverfault tag to this question as it is also a similar product of service mesh.

So, installed the osm cli on my laptop using this link

In my kubernetes (minikube), installed the osm using:

osm install

This installed osm in the namespace  ...

I'm trying to create an ephemeral debug container using kubectl debug as follows:

kubectl debug $POD_NAME -it --share-processes --container=myapp-web --copy-to=$USER-debug -- /bin/bash

My app is a Django app -- the goal is to be able to shell in and run manage.py commands without worrying about the pod shutting down.

When I run this kubectl debug command, it works for about 30 seconds, then the sess ...

If I edit Timeout in /etc/apache2/conf/httpd.conf then it works for awhile but eventually gets overwritten.

Now, I know it says to use the include files like pre_main_global.conf. So, do I just put Timeout 1000 in pre_main_global.conf and rebuild and restart?

Edit:

Linux version: CentOS 7.9.2009

Apache version: 2.4.57 (cpanel)

Edit 2:

I see that httpd.conf includes additional conf files before and after T ...

Currently I use the following configuration

mkdir -p /var/www
chmod -R 555 /var/www
mkdir -p /var/www/user1
chown root:root /var/www/user1
useradd user1
usermod user1 -s /bin/false
usermod user1 -d /var/www/user1
mkdir -p /var/www/user1/html/com.domain.site1
chmod 750 /var/www/user1/html/com.domain.site1
chown -R user1:www-data /var/www/user1/html
chmod -R g+s /var/www/user1/html
groupadd allowSFTP ...

I'd like to use SSSD ldap as a provider for shadow entries. It seems to be supported, given the default config with sssd installed adds sss to both passwd and shadow in nsswitch.conf, but I can't get the shadow entries.

Testing getent passwd myuser gives me the right result. getent shadow myuser returns nothing immediately (seems to not check with sssd at all).

The shadow entry does exist in LDAP a ...

I have the following files: private.key, example.com.pem, example.com.crt, example.com.pem-full-chain, example.com.p7b and server.csr

I am starting gunicorn using :

gunicorn -b example.com:5000 'app:create_app()' --certfile=example.com.crt --keyfile=private.key

Nothing seems to work, everytime I get the invalid certificate warning when I go to https://example.com:5000

I am working on setting up a number of EC2 instances with IPv6-only networking.

A few of these servers require occasional access to IPv4-only resources controlled by third-parties.

Amazon has a blog post from February 2022 about using NAT Gateway for this. I don't want to pay $$$ for the "NAT Gateway" that will be rarely used, so I wanted to set up my own NAT gateway running on a t4g.nano instance. Ama ...

I have an OCI instance running Rocky Linux 9.2. It is running a production website but for some reason I have suddenly stopped being able to log in with SSH.

I have tested the connection to port 22 by using another OCI instance on the same subnet and security list.

I can confirm by checking /etc/secure.log via the web console that connections are reaching the server on port 22. There are messages of ...

i have my /home/ on a btrfs partition and it appears like after loggingf in to Plasma with my default userm, it becomes mounted ro (rw after boot before login). I booted a USB live system asnd ran btrfs check but that didnot appear to fix the issue:

$ sudo btrfs check /dev/sdb1
Opening filesystem to check...
Checking filesystem on /dev/sdb1
UUID: ba093e47-a5d2-4753-b39e-64413066d9c8
[1/7] checki ...

I'm dealing with a proprietary HTTP-server, which always responds with code 200 -- even when an error occurred. The indication of an error, if any, can only be found in the custom header, for example: MyApp-Status: SECURITY_EXCEPTION (in successful requests that header contains OK).

I'm putting Apache-based proxy in front of it and would like to fix this nonsense.

How would I change the very status of th ...

With the following nginx config excerpt:

map $server_name $server_listen_port {
    default 443;
    localhost. 80;
    localhost  80;
}

server {
    server_name "${ENVIRONMENT_SERVER_NAME}.";
    listen $server_listen_port http2 reuseport;
    # ...
}

I get the following error when validating the configuration with ENVIRONMENT_SERVER_NAME set in the environment to "localhost":

nginx: [emerg] host not ...

I would like to extract pages from various PDF files and create a new PDF file from those pages. What tool(s) should I use?

OK, first let me apologize if this question has been asked before. I did a search but didn't immediately find something suitable.

I've been looking at the Apache docs but just cannot get this rewrite to work, though it seems it should be very simple, so I must be missing something simple.

My vhost conf file looks like this:

<VirtualHost *:80>
    ServerName xxxxx.local
    DocumentRoot /var/www/htm ...

I am trying to add those headers to email sent via the postfix server:

Precedence: bulk
Auto-Submitted: auto-generated

These are the configuration files and only header_checks adds the correct header.

/etc/postfix/main.cf

#add header
header_checks = regexp:/etc/postfix/header_auto_submitted

# ALSO WORKS:
#header_checks=regexp:/etc/postfix/header_precedence_bulk

# DOES WORK:
#smtp_header_checks = r ...

I have a big Windows video/audio application that may be controlled remotely over a web server. For that, I can listen to a local port in a, say, 192.168.1.10 system to port 8000, forward the port via NAT and have a remote browser connect to http://public.ip:8000.

The problem is now that, to have some features available for that, say, microphone recording or QUIC access, I need https. This will ine ...

I am struggling to setup multiple site-to-site vpns.

I have 3 sites:

• Site A: OpenVPN Server, inside OPNsense, IP Ranges: 192.168.10.0/24
• Site B: Asus Router with Fresh-Tomato, IP Ranges: 192.168.20.0/24
• Site C: Asus Stock Router, IP Ranges: 192.168.30.0/24

I managed to setup an OpenVPN Server in OPNsense with the following:

IPv4 Tunnel Network: 10.10.1.0/24
IPv4 Local Network: 192.168.10.0/24,192 ...

My ISP gave me a /27 of IPs. Basically, they gave me the following information.

• Network: 1.2.3.64/27
• Gateway: 1.2.3.65
• IP Range: 1.2.3.66-94
• Netmask: 255.255.255.224

To deploy this, I want to give the router an IP address, and the devices connected to it a static IP. The devices connected will not have a LAN IP, so I believe I won't use 1:1 NAT. However, I would just like configure a static wan I ...

We currently host upwards of 300 wordpress sites/installations, and I am experimenting with beefing up WordPress security through some homemade efforts.

As an IT guy, I watch logs .. All the time, watching logs, and I noticed an inordinate amount of hits on xmprpc.php -- So I thought, if we're not using it, and really given our niche nobody legitimately should be hitting the file, why disable it? Why  ...

I have a website with the following architecture:

• Many services running as part of a docker stack
• Fronted by single nginx as reverse proxy
• nginx does HTTPS termination with certbot
• Developed locally with docker-compose up
• Deployed to production with docker stack deploy (on a public server with somedomain.com pointing to it)

The important part of the nginx config looks something like this:

server {
  ...

[EDITED] I'm receiving on physical interface ERSPAN-encapsulated traffic and need to process just a small part of it. In order to do this, I'm decapsulating traffic on local tunnel interface:

ip link add dev inspan type erspan seq key 10 local x.x.x.x erspan_ver 1
ip link set dev inspan up

and want to filter (drop/accept), rewrite and/or redirect accepted part to further processing - either local or t ...

I have two servers, an NGINX load balancer that receives connections from Cloudflare and two Apache applications that receive requests forwarded by NGINX.

[Cloudflare] → [NGINX] → [Apache 01/Apache 02]

My Apache server will only be accessed through NGINX, and NGINX only accepts HTTP/HTTPs connections coming from Cloudflare.

By default NGINX always sends the user to the same Apache server he visited ...

I'm trying to move object on MinIO yet running into weird issue (even though I'm able to move other objects fine without any issues)

summary:

mc: Failed to copy https://FQDN/path1/file.txt. A header you provided implies functionality that is not implemented

details:

alexus@mba ~ % uname -a
Darwin mba.local 22.5.0 Darwin Kernel Version 22.5.0: Thu Jun  8 22:21:34 PDT 2023; root:xnu-8796.121.3~7/RE ...

have a set of 6 television displays spread over 3 floors and a central personal computer at one of these floors. There exists an Ethernet cat6 cable network in the building with ports at the location of the displays and the PC. All these ports are connected to a 48 port Ethernet Switch. Is it possible to display different content on the displays at the same time controlled and displayed from the central ...

Hi I'm running a private Openstack and I know when we create VM we can pass a config drive to add additional configs to the VM.

But there's some configs we want to standardize across all VMs that users create and not have to rely on user to pass the config drive.

1. pre-built images that have this config, which relies on someone taking care of building these ISOs.

2. Have Openstack inject default configs thro ...

The system was working fine when suddenly the drives were no longer available. Upon further inspection I found that the SAS Fault LED was lit on the RAID card and the megaraid software no longer show when booting up the system. The RAID card in use is AOC-S3108L-H8iR but the user manual is of no real help. The only thing it says is

Red: On | SAS Error(s) detected

I've already tried to move the card to  ...