Latest Server related questions

OS: Ubuntu server 20.04 NIC: Intel XL710-QDA1 DAC cable: FS "generic" QSFP+ Switch: Brocade ICX-6610-24p

I cannot get this thing to work. Updated firmware. No change. Ifconfig shows nothing but RX errors. This is only after using a static IP address. DHCP wouldn't work. Pings both to and fro to IP addresses on the network. Can't ping "google.com" for example. It won't connect to anything, and not ...

Did I shoot myself in the foot ?

I mainly use gmail to send and receive emails. Support etc. My default 'send email as' profile is not the gmail address itself but an address on my server (also the Reply-to address). Example: "My Name <[email protected]>"

On my server I have SPF and DKIM setup optimally because I send out 'bulk' emails from time to time to my user base (after I update my  ...

when I enter PHP files, they load forever. But do not show up in the browser. After few minutes the browser goes to timeout.

Html files get shown/rendered correctly.

Here is my virtualhost:

server {
    listen 80;
    
        server_name localhost;

    root /var/www/site;
    index index.php index.html;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
     ...

Alright so I'm running this Ubuntu 22.04 server, it's about 6 months mature now and has had a sparkling security record to date.

Today I SSH'd in just to check one of the UFW rules, and lo—

$ sudo ufw status
Status: inactive

I smashed out sudo ufw enable, then scrambled over to /var/log to see how long the firewall had been inactive, only to become more confused: the most recent logfile contained c ...

Slight AWS newbie here.

I have just taken over a new application in AWS that has an ALB (routes traffic to ECS). The ALB has an SSL certificate and some default DNS records in Route53.

I have created a distribution in Cloudfront and selected the ALB as origin (Domain Name), but getting a 502 when hitting the Cloudfront distribution URL, which I'm guessing is correct? I selected "HTTPS Only" as i wan ...

I have a master server with a single zone sync'ing to a slave.

The slave has the same zone configured.

Both sides have the Auto PTR checkbox turned on. I've also tried with Auto PTR off on the slave.

I'm using mariadb as the backend

The master responds to reverse record lookups, the slave does not.

Is Auto PTR not supported in a master/slave setup (and I'm forced to create the zone manually?)

I have a ...

How can I output all files/directories, ordered by size, including hidden ones
(those whose name starts with a dot), all in one go? ¹

The difference to How can I sort du -h output by size is that I'm requesting an output
that includes all files and directories – whether hidden or not.

References

• How can I sort du -h output by size
• How can I find the biggest directories in Unix / Ubuntu?
• How to use

I am new to regex. How do I write a Fail2Ban filter to match with these nxinx error log lines?

2022/11/30 00:46:19 [crit] 57811#57811: *8911 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 64.62.197.168, server: 0.0.0.0:443

and:

2022/11/30 02:26:52 [error] 57811#57811: *8939 upstream timed out (110: Connection timed out)  ...

The issue at hand is I have pcap files that I want to replay over a network. I used to use playcap to do this with no issue, however recently I noticed that playcap is sending each packet from the original file twice. I then downloaded bittwist and used that to replay my pcap files, but still I'm seeing each message sent twice. My current OS is windows 10, and the last time I remember definitely not hav ...

I have configured multiple sites on WordPress and it is connected with internet-faced ALB under AWS.

Is it possible to restrict one site as private on ALB?

Remaining sites needs an public access.

Thanks in Advance.

How to set up bypass in Basic Authentication by IP address or user agent in NGINX. If I set it like this:

map $http_user_agent $auth {
    default on;
    "~curl" "off";
}

server  {
.......
satisfy any;
allow 1.2.3.4;
allow 5.6.7.8;
deny all;
auth_basic $auth;
auth_basic_user_file /etc/nginx/.htpasswd;
.....
}

Then when I enter from an address other than the whitelist with user agent curl, then I get ...

I use AWS SES to send emails to users who registered on my website. When I receive an email from AWS about a bounce or a complaint, I remove that user from the database. I'm OK doing this manually (no need for an SNS pipeline of JSON data).

In the last few months, I have received notifications about bounces but not about complaints. And yet, my complaint rate is at 0.11%, far from the threshold o ...

Is there any way to force a specific process to use an OpenVPN connection, but allow all other processes on a system use the default network connection on Ubuntu Linux?

I have a custom Python application running in AWS that I'm trying to integrate with an external PostgreSQL service. The service provides a OpenVPN-configured VPN so I can access their PostgreSQL server.

As I understand it, by default ...

The goal is to forward all traffic from computer A thorugh computer B.

The problem is that B's firewall blocks all incoming connection, so typical proxy servers won't work here. At the same time, there is no firewall on A. So the idea is that B should connect to A and then A would forward all its traffic through B.

How to implement this?

I have wordpress server contoso.com/blog. I want to retire the server so I created blog.contoso.com and set dns redirects to point all contoso.com/blog to blog.contoso.com.

Now when I Google "contoso+blog," it still shows contoso.com/blog, not blog.contoso.com.

Any ideas on how to fix the issue? I'm about to edit the htaccess file to hopefully redirect traffic, but I want to retire the old server an ...

I have a test case similar to code in https://github.com/xdp-project/xdp-tutorial/ which maintains a statistic map in a per-cpu array, and user-space code which displays the statistics periodically.

When I run this, the user space code always displays zeros. I have instrumented my eBPF kernel code with bpf_trace_printk and it appears to be putting the correct values into the map. The user code is iteratin ...

This is an existing environment that I just stepped into. Running VyOS as a AWS EC2 instance, which handles all of the site-to-site routing for our company. Everything is already up and working. We just acquired a new company for which I replaced their equipment and allocated their site some address space on our network. I configured the VPN on both ends, and created a new VTI in VyOS with a route to ac ...

I can't perform yum update/install new software using yum it always say: Network error: sslv3 alert handshake failure

Here is error example:

[root@static ~]# yum update
Loaded plugins: fastestmirror, rhnplugin, universal-hooks

Network error: sslv3 alert handshake failure

OS: CloudLinux v7.9.0

Anyone people guide how to resolve this problem?

Thanks

I am trying to isolate the networking inside a Windows container, which is very easy using --network none.

The problem comes when I have two threads in the same process trying to communicate each other using multicast through a network interface, so this is the reason why I need to create an interface inside the container. The objetive of using network isolation is to avoid sending noise to the same pro ...

How to allow all Port from everywhere (IP) in CentOS and Ubuntu

I am trying

sudo iptables -I INPUT -j ACCEPT
sudo iptables -A INPUT -i lo -j ACCEPT

Nginx with enabled both brotli and gzip compressions replies:

curl -s -I -H 'Accept-Encoding: br,gzip,deflate' https://something
content-encoding: gzip
curl -s -I -H 'Accept-Encoding: br'  https://something
content-encoding: br

any chance to set a kind of priority in browser/nginx? Why and how Nginx decide to reply "gzip" when several options supported?

I'm just making a few test on FastCGI cache and I see that the suggested .conf have this directive:

if ($query_string != "") {
    set $skip_cache 1;
}

This will bypass the cache for every request containing a querystring. The problem is that all facebook links have a querystring inside, as AMP pages have ?amp=1, so is this directive really useful? is it safe to disable it?

Thanks!

Regards.

I'm moving a mongodb server to production on my Ubuntu machine. I got an ssl certificate signed by a third party and installed it on the server. Clients are able to connect to it using their system's CA and validate the server's identity.

However, the mongodb website mentions client certificates. Am I able to generate them since the CA is a third party? I tried using openssl to generate these by  ...

I've searched stackexchange up and down, found several similar problems but none helped me to fix my problem: It is the common

% sudo apachectl configtest
[Wed Nov 30 08:31:24.196914 2022] [alias:warn] [pid 529709] AH00671: The Alias directive in /etc/munin/apache.conf at line 17 will probably never match because it overlaps an earlier Alias.

The problem would be so simple to solve if apache would just a ...

I have a Windows Server with OpenSSH. Client is connecting with user/pass using Putty for Windows. The task is to use Putty key files instead - and the keys must come from a PFX certificate.

I can setup Putty using keys where the keys are created by Putty (i.e. using Puttygen). Public key is stored on the server and everything works. But I cannot seem to convert the PFX certificate into Putty com ...

My prometheus dashboard has values missing for the last 20 minutes, no matter when I query (container_cpu_usage_seconds_total) it. What could be the reason behind this?

Screenshot of dashboard

I have Windows IIS FTP (local internet provider) and Linux FTP client (datacenter).

On server side port 21 is open on firewalls (windows firewall, router).

On client side firewall is off.

Connection is in ACTIVE mode.

Client connects to IIS and usually everything is ok, but sometimes client opens port (I have checked with netstat) but server is not connecting. I can connect to that port on client side fro ...

At my company we currently are using the Quickbooks Desktop edition and its using Quickbooks Database Server manager to host a Multi-User Mode solution for our network. Normally we are able to have multiple users access the same Company file at the same time on the same local network.

After some time there is now remote user that dials in using RRAS L2TP VPN on Windows Server 2019 (Same machine w ...

I have the OpenLDAP Master-Slave architecture. One day I have restarted the slapd service in the LDAP Slave and then found the TLS negotiation issue in the Logs. Before restarting the service, it was working without any issues

Then I tried to debug the issue, I've found some common problem which will trigger TLS negotiation issue.

1. The SSL Certificate might get expired - For my one it's not the case, ...

We Have a trail created, and dumping into cloudwatch logs group.

From there i have crated a metric filter for various activities we wish to monitor. (root access, IAM ROLE Changes, Deletions, ETC). I have then created alarms to send to our SNS topic of choice.

Is there a way to have that alarm also carry over the event info that triggers the alarm?

Instead of just saying metric > 1, would also like  ...