Latest Server related questions

I purchased a proxy and whilte-listed my server's IP address so that my server can connect to proxy without authentication. Its working fine in Ubuntu CLI, but when I open Chrome, it cannot connect to proxy and I get error:

ERR_TUNNEL_CONNECTION_FAILED

What am I missing here. Note that I rebooted the server when I setup proxy in /etc/environment

export HTTP_PROXY="geo.iproyal.com:xxxx"
export HTT ...

I've a JS app that is running on http://localhost:1337. Behind there's a Nginx reverse proxy with the following config:

/etc/nginx/conf.d/upstream.conf

upstream test {
    server 127.0.0.1:1337;
}

/etc/nginx/sites-enabled/test.conf

server {
    # Listen HTTP
    listen 80;
    server_name test.example.com;

    # Redirect HTTP to HTTPS
    return 301 https://$host$request_uri;
}

server {
    # List ...

I have set up SPF, DKIM and DMARC in my domain (to the best that I can figure out), but I still can send spoofed emails - without a DKIM signature - and they are accepted (at least when I test with GMail - I assume they will be the most strict about such things⁽²⁾). When I spoof my domain from a non-SPF approved SMTP server, GMail does quarantine it, but as we use public SMTP senders for our work (such ...

I generated a password protected key by command openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:P-256 --out ca.key -text -aes-256-cbc. The passphrase is "rrrr" (this example is a throwaway), and the output is:

-----BEGIN ENCRYPTED PRIVATE KEY-----
MIHsMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAi+VEL8/UzdpQICCAAw
DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEHpyCWa1fjYAkJj3lrmvSHQEgZDK
VPcbj7CDX0tqL+ZmorVz9 ...

It isn't clear exactly what more needs to be escaped in the following macro to allow it to be used with awk or sed on FreeBSD.

define(`RELAY_MAILER_ARGS', `TCP $h 2525')dnl

Here is an awk command that attempts to insert the above line at line 90 below the SMART_HOST configuration.

awk 'NR==90 { print "define(\`RELAY_MAILER_ARGS\', \`TCP $h 2525\')dnl"}1' example.com.mc

The command results in the f ...

I am running a cloud server on Vultr.com. Recently, I logged into Vultr.com in my web cloud instances web interface and checked my firewall. I noticed that port 53/udp had been opened in the vultr firewall and the allowed IP was 206.217.205.100/32. This is not an IP I recognize, and as far as I can remember, I didn't open up this port myself in my vultr firewall from the cloud instance's web inter ...

I have a Golang project that automates the execution of the iptables command to modify the network, and at the same time needs to do checks to determine if it has been filled successfully.

I listed the rules via the iptables -S command, but there were some inconsistencies.

For examples:

iptables -t nat -A PREROUTING -d $INET_IP -p tcp --dport 80 -j DNAT --to-destination $INNET_IP

The corresponding

I'am trying to use Laravel Forge in a Ubuntu 22.04 Server with SSH is blocked. Laravel Forge is a server management software which requires SSH to connect and manage.

I found another similar service Serverpilot.io can connect and manage even though SSH is blocked by firewall.

How I can take similar approach to use Laravel Forge when SSH is blocked by Firewalls?

Note that this entire cluster was working fine up 'til I updated certificates. I'm on Elasticsearch 7.5.

I updated my certificates using the certificate-util - created a server.yml with all my servers and the Kibana node in it, ran the utility with -pem, -multiple, and --keep-ca-key, passed the ca.crt and the various node certificates out to the nodes, made sure the elasticsearch.yml and kibana.y ...

Background
We use LDAP in our department to authenticate users to various services including web apps as well as Linux servers (via SSH).  When a user leaves the department, we should disable their access to our services but still retain the account and data, for various reasons.

I thought that simply changing their login shell to something like /bin/false was sufficient, but I'm still learning ...

Is there a way to install Windows Updates on a HyperV Host, e.g. Windows Server 2022 Datacenter, without downtime, unless you use live migration? Any suggestions here would be greatly appreciated

i installed fail2ban it doesnt work im trying all the day to configure jail.conf.. this is my jail.conf(yes i changed the original one, my fault...)

enabled = true port = ssh filter = sshd logpath = /var/log/auth.log backend = %(sshd_backend)s maxretry = 3 bantime = 60s findtime = 60s

and i changed:

banaction = ufw

im not familar with the linux firewall is that enough?P fail2ban doesnt work can someone ...

I've added my site to CloudFlare. I'm trying to allow requests to only come in through CloudFlare's network, and reject all others. When I add the following to my .htaccess, I get HTTP 403 Forbidden.

# Cloudflare Firewall Bypass Prevention
<RequireAll>
    Require all denied
    Require ip 103.21.244.0/22
    Require ip 103.22.200.0/22
    Require ip 103.31.4.0/22
    Require ip 104.16.0.0/13 ...

I've got the next setup:

• Proxmox 7.2
• CEPH 16.2.9
• K3S v1.23.15+k3s1
• CEPH CSI v3.7.2

CEPH using as RBD-storage for QEMU images and K8S PVC. When I do disk benchmark in QEMU I've got the next results:

I am trying to connect a existing server files with my new machine. I need to be able to connect with a username "????", but for some reason mysql is not accepting that.

Using root as username it prompts me into entering password

As for using ???? as username it acts as if I asked to see help..

Can I make mysql accepting ???? as a username? If so - how?

Thanks in advance!

I have installed K3s with Rancher on Rocky 9.1 machine. According to the manual, firewalld must be turned off. To turn off the firewalld, I performed:

systemctl disable firewalld
systemctl mask --now firewalld

I also enabled the nftables service with systemctl enable nftables.

Now I am trying to configure a reasonable ruleset in the firewall. As I understand, the current Linux versions use something  ...

Noob question here. I'm updating Debian from Buster to Bullseye. A configuration file change question popped up and I choose to compare the 2 files. Now, how do I get out of the compare option and continue the installation?

I'm having trouble getting IPv6 to work for my KVM/qemu guests.

I have two bridges setup, one routed (external, non libvirt) bridge for public dedicated ipv4 + ipv6 which works for both protocols.

Then I have a libvirt nat bridge (with the routed bridge as parent) with a nated ipv4 (that works) and I also want a public ipv6. I'm able to transmit udp packets out but I never get any response.

Looking at  ...

We are trying to connect a Nodejs server to multiple SQL databases. The problem is that every SQL Server database is in a different network with a different VPN. Is it possible to connect one server to these three machines? Our scheme

My Postfix system is reachable and everything is working (I set it up yesterday). But during multiple occasions today, it just wasn't reachable and I really don't know what to do. Usually it when not working it went that way: I tried logging into my Mail-Account on my phone after logging in on Mozilla Thunderbird on my Computer. Setting up the mail account on my phone just didn't seem to work. After try ...

I have a website that run under nginx, with directives applied by Cloudpanel and i want to add my crm on it, the crm have 2 .htaccess file, one in the root folder and one in the /public folder.

I'm trying by 2 days to convert the htaccess into nginx directives and add them to the vhosts file that cloudpanel let me edit.

This is the .htaccess of the root folder (very easy):

<IfModule mod_rewrite.c>
 ...

I have a physical server with 6 interfaces: eno1, eno2, eno3, eno4, eno49, and eno50. The eno49 and eno50 are up and when I check their capacity for example with ethtool eno49 or from cat /sys/class/net/eno49/speed, they show that there are 10G up. But I want to know the capacity of other interfaces which are down. To check that I assign them an IP address like 172.29.1.11 with ifconfig eno1 172.29.1 ...

Im currently running NGINX on a Docker container. In an EC2 instance running Ubuntu 20.04 I have stored the SSL keys in the directory /etc/ssl/certs. I have the certificate and I have the key.

When I run the NGINX container locally I'm able to read from /etc/ssl/certs and the keys have the following permissions.

/etc/nginx/certs # ls -lah 
total 12K    
drwxr-xr-x    4 root     root         128 Jan  5 22: ...

I'm using ssh and Microsoft VS Code on my Mac (up to date Ventura) to connect to my Ubuntu VM (up to date 22.04). However, I keep getting inactivity timeouts (I believe this is from the macOS side):

client_loop: send disconnect: Broken pipe

My Ubuntu sshd_config contains:

TCPKeepAlive yes
ClientAliveInterval 30
ClientAliveCountMax 5

And my macOS ~/.ssh/config contains:

TCPKeepAlive no
ServerAliv ...

Script has to log everyting in it to output and to log file

Like this it works OK:

#!/usr/bin/env bash

some_command_1
((
echo "Some text (in parenthness too)"
echo "Another text without them"
) &2>1 )|tee log.txt
some_command_2
exit 0

It outputs to stdin/stderr and to log file as expected.

But this script:

#!/usr/bin/env bash

some_command_1
((
cat <<EOF
Some text (in parenthness too)
Ano ...

This is such a strange situation. I'm trying to build an image, and apt-get update fails. Network works fine though. DNS is fine, I can even wget the same urls just fine!!

See terminal output :

❯ docker run -i -t python /bin/bash

root@e0264555b919:/# apt-get update
Err:1 http://deb.debian.org/debian bullseye InRelease
  Temporary failure resolving 'deb.debian.org'
Err:2 http://deb.debian.org/deb ...

I am a newbie for web and network stuff.

I want to hosting the following web services for my personal use:

• Gitea
• Nextcloud
• pypiserver (Private pypi server)
• Ktra (private rust registry server)

I only have one machine which only have single network interface (single IP address).

I wish it can allocate URL for each service like below:

• Gitea: (https://my-ip-addr/gitea/)
• Nextcloud: (https://my-ip-a ...

I want to transfer a domain (.uk) from Azure to Cloudflare. Both the domain and DNS hosting is on Azure.

• Cloudflare require the DNS resolution to be moved to them prior to the domain transfer.
• Cloudflare need the existing Azure DNS servers removed from the DNS record and replaced with Cloudflare ones.

Editing the DNS record in Azure doesn't allow the Azure DNS servers to be removed, only the Cloud ...

I have php wordpress website hosted on IIS, have been using FastCGI, below is my fastCGI configuration

Below is screenshot of task manager

There are many fastCGI processes that are using 0% CPU but consuming certain portion of RAM, is this ok ? or there is any misconfiguration due to which this is happening

I originally asked this question on SO, but i realized Serverfault was probably the correct place to ask.

I have an Artifactory Pro server running on an EC2 instance. Up yesterday morning, it was running version 7.41.13 and worked just fine.

It has a bunch of repositories that are hosted in the local Derby database with the blobs stored in S3.

Yesterday around 8:20 UTC, it crashed and rebooted. After th ...