Latest Server related questions

Environment overview: AWS

DC1 = Win2k12 instance in region1 - AZ1

DC2 = Win2k12 instance in region1 - AZ2

~ 60 Member servers = all within region1

Replication set up between the two DCs for GPO, DNS, etc and is working properly. Changes can be made on either DC and will reflect on the other within a few minutes.

This may have been going on for a while, but we're now noticing that all member serve ...

NOTE: I've posted this on SuperUser but reposting here because I think it may be more suitable.

I'm trying to configure Quagga to use OSPFv3 to create proper IPv6 routes between two OpenWrt routers running OpenVPN (tun mode). I know the tunnel is working properly because it works if I configure the routes manually.

Both routers have a link-local address on the tun0 interface, and I can actually see  ...

I am using apache as my webserver for drupal. Also, I am using google cloud CDN and my instance is behind a load balancer (requirement for google cloud CDN). The issue is that the load balancer appends 2 IP addresses to the x-forwrded-for header as mentioned in this support document - https://cloud.google.com/load-balancing/docs/https#target-proxies

I want to split those IPs in apache's log and only keep ...

I have a private network linking 2 servers:

server 1: IP 10.0.0.2
server 2: IP 10.0.0.3

When server 2 is using a VPN, I want to be able to connect to server 2 through server 1 using the following command from server 1:

ssh 10.0.0.3

For that I created the following rules in server 2

ip rule add table 128 from 10.0.0.3 
ip route add table 128 to 10.0.0.0/8 dev ens10
ip route add table 128 default ...

I deployed a K8S test cluster in OVH via their managed services, as I aready have some Public Cloud services that I would like to migrate.

I set the cluster network as private with OVH gateway with DHCP, connecting it to an existing multi-region vrack (DE1 + UK1 + GRA1) that I already use to connect public cloud instances privately via eth1 on a 192.168.0.0/24 subnet.

Once connected to the K8S clust ...

We currently run a single OpenVPN server with clients that run apps that talk to it via its (unfortunately often) hardcoded IP 10.8.0.1.

We're switching to multiple OpenVPN servers on the same host, so now clients are in different networks depending on which server they're connected to.

I'm looking for a way for legacy apps running on the clients to still reach their connected server at 10.8.0.1.

I faced with problem and hope for your help. Started getting notifications from smart on Debian 10 server:

Device: /dev/nvme1, Critical Warning (0x04): Reliability

Found that this alert causing because next attribute:

Percentage Used:  107%

I also found information that it is not critical if the other indicators are normal and in my case they are normal:

Available Spare: 100%
Available Spare Thres ...

I want to restrict access to some domains in my HAProxy, actually, I already did but I want to improve the settings. This what I have:

acl network_allowed src 22.33.44.55/32

acl acl-public-domain hdr(host) -i public-domain.com
acl acl-internal-domain1 hdr(host) -i internal-domain1.com
acl acl-internal-domain2 hdr(host) -i internal-domain2.com

http-request deny if acl-internal-domain1 !network_all ...

The ingress yaml:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"  
    nginx.ingress.kubernetes.io/configuration-snippet: |
      rewrite ^/$ https://$host/_dashboards redirect;
  name: demo
  namespace: test
spec:
  ingressClassName: nginx
  rules:
  - host: log.test.com
    http:
      paths:
      - backend:
      ...

Look at this c program:

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

int main()
{
    printf("UID:  %d\n", getuid());
    printf("EUID: %d\n", geteuid());
    system("id");

    printf("res=%d\n", setuid(1001));

    printf("UID:  %d\n", getuid());
    printf("EUID: %d\n", geteuid());
    system("id");
    return 0;
}

My user account is "test" (id 1000). I have a second u ...

I am using following cifs mount and bind:

//myfiler.example.com/share     /mnt/mount-path  cifs  vers=3.0,credentials=/root/.cred,gid=0,uid=0      0       0
/mnt/mount-path/folder-in-share /mnt/archiv      bind  defaults,bind                                     0       0

When using mount -a multiple times the first time everything gets mounted, the second time the mount path /mnt/archive is overmou ...

My server runs 10 websites, very low traffic. Config:

• Ubuntu 20.04.5 LTS
• Nginx 1.18.0 (Ubuntu)
• PHP 7.4.3

In nginx.conf this is added:

        upstream local_php {
                server unix:/run/php/php7.4-fpm.sock;
        }

In sites-enabled the config files have locations including:

        location ~ \.php$ {
                include fastcgi.conf;
                fastcgi_intercept_errors on;
   ...

I am currently trying to learn how iptables works. I have read the following:

When a packet arrives (or leaves, depending on the chain), iptables matches it against rules in these chains one-by-one. When it finds a match, it jumps onto the target and performs the action associated with it. If it doesn’t find a match with any of the rules, it simply does what the default policy of the chain tells it ...

I recently changed using the Event MPM in my Apache 2.4 installation, alongside PHP-FPM and FastCGI proxy, I hope that wasn't the reason for my problem. I also started working with name-based VirtualHost directives although I don't have multiple websites, Linux (specifically CentOS 7) is just a VM running behind NAT.

Before these changes, except the VM was still running behind NAT, it was working ...

Would anyone be so kind as to point me to the piece of documentation which explains the following phenomenon?

When we run kubectl run --rm --stdin --tty --image hello-world hello-pod , it's being restarted by Kubernetes automatically. Why does Kubernetes forget to delete it?

At the same time, if we run kubectl run --rm --stdin --tty --image busybox busy-pod, it's being automatically deleted (which seems ...

Background: we've got some "old" IoT devices running an older SSL stack that must connect to a newer server over HTTPS.

We'd like to setup a forward proxy / bridge so that:

1. Device uses its own terminated TLS to proxy (using old SSL)
2. Device sends HTTP/CONNECT with remote server URL (https) (+basic.authentication)
   • note: remote server URL is unknown / dynamic, hence pushed with CONNECT.
3. Proxy uses ...

I have configured docker to use the syslog log driver. My daemon.json looks like this:

{
  "log-driver": "syslog",
  "log-opts": {
    "syslog-address": "tcp://192.168.1.10:1514",
    "mode": "non-blocking",
    "tag": "{{.ImageName}}/{{.Name}}"
  }
}

According to docker docs on the tag parameter, this should produce an output that includes the hostname of the host device. This does not happen ...

Context

I recently noticed my freeNAS telling me it had issues with one drive. I had about 16 bad sectors, went through the smart tests etc. I bought a new drive, same capacity, went to install it, and for some reason a power adapter for one of the other drives came partly loose, so I was with 4 out of 6 drives in the RAID Z2 array, or basically no redundancy.

The array started resilvering, never compl ...

I keep getting the "Password does not meet the password policy requirements" message when trying to reset existing user passwords / create passwords for new users.

I am logged into a Windows Server 2016 server as a domain administrator.

I disabled the password complexity requirements (I also tried Not Defined) on the Default Domain Policy GPO. Ran gpupdate /force.

I simply need to pull all my users from wordpress. When I urlfetchapp as in the script below, it gives a 406 error but shows the first users in its truncated response, so I set muteHttpExceptions and get the first full page of users. I cannot get a second page or otherwise use queries in the URL.

Here's the kicker, if I disable my authentication, urlfetchtapp gives the same results and same failu ...

i have a simple .NET api that calls an api of an external provider. This provider requires that i indicate from which IP i will call him to allow me. So i have two options:

1. Deploy my api on IIS with a fixed ip
2. Do the same from docker on Azure K8S if possible?

Is possibile from different pods "set the ip caller" ti be always the same?

Bye

I am trying to deploy a Debian 11.6 host using preseed.

This is my config:

# This preseed file was rendered from the Foreman provisioning template "Preseed default".
# for s293.example.org running Debian 11 
# Organization: Default Organization
# Location: FRA1

# Locale
d-i debian-installer/locale string en_US
# country and keyboard settings are automatic. Keep them ...
# ... for wheezy and newer:
d ...

I got an abuse report for AWS and they shut down one of my personal servers. I can SSH in, but no other connectivity is working right now until I can prove to them I addressed it. Full transparency, I'm minimally competent in linux.

AWS says my server is trying to sshinto other systems, so maybe I got some kind of botnet on it. Here's a sample they sent:

Lines containing failures of <IP> (max 10 ...

Hi guys I have a setup where I use Nginx as entry point for my HTTP request on port 80 and then I make a proxy to port 8080 where Apache is running a virtual host with PHP7.4 + MySQL running on windows 11 via laragon stack.

I am programming and consuming an API on TCG and the recommendation is to dump that data into my database; The problem is that the dump is taking me approximately 2 minutes an ...

Quick disclaimer. I don't code in PHP, and I am just helping the people responsible for this service.

Recently we started to have problems with one server who uses php-prefork and without trying to understand the problem we rushed to increase the prefork workers value (as if big numbers fix everything), which only made it worse.

I have very limited knowledge on PHP and its server limitations, so I j ...

I am trying to grab hostnames and IP addresses from a user-entered list of hosts and send that information to a central server. The primary issue I'm running into is that the number of hosts can vary considerably. E.g. on the first run a user may enter 1 hostname, the second run enter 30, and the next enter 5. I want to be able to use a single playbook whether a user is entering 1 or 100 hosts.

H ...

I've got an nginx instance on the Internet that proxies an application. I would like to return 404 on any request from the Internet that attempts to authenticate to the application, as all of the public parts of it allow anonymous access. Only users on the local network should be able to authenticate to it.

I imagine I can use a simple if block, as I'm just using return 404, but I am unsure what  ...

I am running workloads on a spot GPU node pool & intermittently getting 'NodeNotReady' followed by a reboot/restart of the node (& loss of the the workload pod), however the node does not go away but reboots & the kubelet and becomes ready again after a few minutes (see attached).

I am new to using the spot gpu node types so was wondering if this is to be expected?

If the underlying node ...

This is a pure M365 environment. No hybrid, 5 of 6 users are working as expected.

1 of 6 is unable to sign in via Outlook for Windows Desktop. MS Mail/Andoird Outlook/Outlook for Web are all OK and work as expected.

In Windows Desktop Outlook 365 (up to date) we set up a mail profile as normal and the sign in box pops up, we enter the user and pass and... nothing. Just loops back to requiring user/p ...

I use docker with nginx image to run my site.

I have following configuration:

docker-compose.yml

version: '7.1'

services:
  #
  # Conflicts with any local HTTP server.
  # If you have a local Nginx, you must stop it.
  #
  nginx:
    image: nginx:1.12.0-alpine
    container_name: nginx
    ports:
      - "80:80"
    volumes:
      - ./files/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./file ...