Latest Server related questions

Score: 2
dodov avatar
How to check if SSH agent forwarding is running, from the remote server?
tz flag

Locally, I've turned on the SSH agent and I've added my key:

  1. $ eval $(ssh-agent)
    Agent pid 80
    
  2. $ ssh-add
    Identity added: /c/Users/...../.ssh/id_rsa (.....@........)
    

In my ~/.ssh/config, I have this:

Host example
    User root
    HostName 123.45.678.912
    ForwardAgent yes

Once I run ssh example, I am successfully connected and if I make a remote test connection to GitHub, I can see that I'm aut ...

Score: 0
arif muhammed avatar
Openldap Bind user issue
hk flag

I am facing an issue regarding openldap 2.6 running on rhel 8.

PasswordMustChange Attribute is affecting the bind user.

Whenever I change the PasswordMustChange to TRUE then bind dn user password having expired so not able to contact client machines.

Score: 1
Globe avatar
Nginx not working with domain/url that points to server IP
rw flag

The configuration I have set (below) works for localhost but not for my domain. The goal is to access port 3000 externally with basic auth so only I can access it. When I go to localhost, it is upgraded to https, I have to complete the authentication, and then port 3000 is shown, just as it's meant to. However, going to api.example.com does not prompt authentication, does not upgrade the connection, and  ...

Score: -1
Abl avatar
How to turn on safe search using bind 9 without rpz
mh flag
Abl

is it possible to enable safe search using bind9 without rpz?

The point is I don't want to get nslookup results like this image enter image description here

Because it shows that what is being accessed is forcesafesearch.google.com, not google.com

Can you help me, if my question is difficult to understand, I'm sorry.

Score: 0
Robert Campbell avatar
open-source ngnix reverse proxy for tomcat servers session persistence with JSESSIONID?
cn flag

I am tasked with converting (or attempting to convert) some legacy Apache virtual host configuration to Nginx, in Google Cloud (GCP). It is thought that Nginx might solve some performance issues. The ngnix (Debian11) VM will sit in front of (replacing the Apache in LB role) several Tomcat servers (Debian10) and perform reverse-proxy and load-balancer functions. In the legacy Apache LB configuration, th ...

Score: 3
Taknok avatar
Dedicated user vs selinux
ve flag

What are the advantages and disadvantages of running a process with a dedicated (non root) user versus with SELinux (where a SE user may be bound to a Linux user) ?

Score: 0
George Carpiti avatar
Apache httpd low performance
ae flag

I have an website which is running using httpd on Centos 7.

I have 8 cpus and 32 GB ram.

When we have more than 500-600 users in the same time on the website, the server response is getting higher. Even that, cpu load is about 20-25% and RAM is also not used.

What can we configure in order to increase the performance or what I am missing? Our pages are 100% cached and we do not run database queries or  ...

Score: 0
cliusz avatar
How to expand the expiration of gpg subkey while it had expired in shell script?
bq flag

It is Nov 27, 2022 now. The environment is below:

user@domain:~$ date
Sun Nov 27 00:32:12 HKT 2022
user@domain:~$ gpg -K --keyid-format long --with-fingerprint --with-subkey-fingerprint --with-keygrip user
sec   rsa4096/CCCCCCCCCCCCCCCC 2022-03-31 [C] [expires: 2022-11-30]
      Key fingerprint = BBBB BBBB BBBB BBBB BBBB  BBBB BBBB BBBB BBBB BBBB
      Keygrip = DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD ...
Score: 0
Thomas P avatar
systemd start mariadb after mounting USB stick
br flag

I moved the datadir of mariadb to a USB-stick, subsequently mariadb won't start anymore at boot time, because the stick is mounted after mariadb was started. I tried to modify the start order by adding

[Unit]
After=remote-fs.target local-fs.target

to /etc/systemd/system/mariadb.service.d/tp.conf, but it does not work. What have I forgotten?

Score: 0
henfri avatar
who is setting my link_power_management_policy?
io flag

I am experiencing issues with my sata connection. Thus, I want to change /sys/class/scsi_host/host*/link_power_management_policy to max_performance.

For that, I execute on boot a script:

cat /etc/openmediavault/sata_power.sh
for i in /sys/class/scsi_host/host[012345]/link_power_management_policy; do echo max_performance >$i; done
cat /sys/class/scsi_host/host*/link_power_management_policy

I see tha ...

Score: 0
elb98rm avatar
Installing sql server drivers for php on ubuntu
in flag

Background

I have an ubuntu server running laravel that needs to connect to a different server of ours running mssql.

Linux server:

  • Ubuntu 20.04
  • php 8.1

I created a laravel test query to help me debug the process. As expected it gave a could not find driver exception as expected.

Next I attempted to follow the Microsoft instructions. These are at:

Score: 0
how to deploy a helm chart a 2nd time
gb flag

I need to deploy the ingress-nginx helm chart twice, once for private and once for public services. The chart for private ingresses is already deployed, in namespace=kube-system and with release-name=nginx-ingress-private.

When I run the installation command I get this error that indicates a conflict with the installed version for private ingress:

george@devops:~/ $ helm -n ingress-nginx-public  ...

Score: 0
Skip avatar
MongoDB volume size auto increase
ec flag

I deployed a container with MongoDB on the server. The container has its own volume where MongoDB data is stored. The database is very small, 6 collections and no more than 40 documents (some removed, some added).

Every time I view the size of the volume, I see it increase (about once in 10 minutes):

520MB   0B (0%)
520.1MB   0B (0%)
520.2MB   0B (0%)

If I make a backup of the database, delete the volume ...

Score: 0
VeeeneX avatar
SonarQube is not starting on SynologyNAS due to CONFIG_SECCOMP
ar flag

SonarQube is unable to start on Synology NAS Docker due to the CONFIG_SECCOMP not being present on Synology NAS. Is there an option to ignore SECCOMP for SonarQube while it's starting ElasticSearch?

2022-11-26T11:00:50.430590094Z  stdout  java.lang.UnsupportedOperationException: seccomp unavailable: CONFIG_SECCOMP not compiled into kernel, CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER are needed
2022-11 ...
Score: 0
Mosi avatar
Outline Server Connected but didn't transfer any data
fr flag

I configured an Outline VPN Server and everything is ok and VPN connected very well but on another VPS I can connect but no data transfer between the server and the user. how can I check outline logs or possible errors? also, I flush all iptables rules to make sure there isn't any issue with the firewall

Score: 0
Dima avatar
Different behavior of SGID in *BSD and Linux
mo flag

I came across an interesting thing: on BSD systems a new file will have group set to the group of the directory. On System V systems it will have the primary group of the user that created the file. As for BSD systems, what is the purpose of such behavior and does it mean that SGID bit is useless there?

Score: 0
Ivaylo avatar
apache doesn't accept more dan one slash in get request
mo flag

Hi guys I have hosted my react app on apache. And I have configured the fallback to be passed to my index HTML file.

So /home would work

but /home/1 doesn't work

The apache server returns a status of 500 internal error. I do not know how to fix this, please help. Here is the config:

 DocumentRoot /var/www/html/notify
    <Directory /var/www/html/notify>

            Options Indexes FollowSym ...
Score: 0
Sharad avatar
AWS Application Load Balancer not responding - Request timed out
fm flag

I am trying to setup new AWS Application Load Balancer with EC2 instances. Followed all steps outlined in AWS website but ALB is not responding.

I did AWS Reachability Analyzer from ALB Network interface to EC2 instance and was successful. Healhcheck with Target group were successful as well. So, I am assuming the security group and all network permissions are good.

Is there anything else that can g ...

Score: 0
humkins avatar
Nginx behaves differently with the same site configuration in different docker images
cn flag
nginx site config
    server {
    listen 80;
    server_name _;
    server_tokens off;
    gzip_static on;

    location ~* \.(html)$ {
        add_header 'X-XSS-Protection' '1';
    }

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
        try_files $uri $uri/ /index.html;
    }
}

it works perfect with docker image node:14.19.3 (nginx/1.14.2), but with

Score: 0
juanbits avatar
docker cannot reach external urls
eg flag

i have a server and it has installed CSF (firewall). I run docker in the server and the docker-CSF config is enabled, I can reach the containters via nginx reverse proxy.

But i have a problem, the container cannot reach external urls, ex: google.com or facebook.com

When a task inside docker try to consume a external url, I got and error, like the next: Failed to open TCP connection to graph.facebook ...

Score: 1
Andre avatar
Forwarded port is Closed / Filtered outside the network and Open inside the network
cc flag

I'm trying to forward a VPN port to the open internet to create remote office network. My VPN connects properly when I'm inside the Office network, however the VPN does not properly connect outside of the Office network. I have a Fresh Tomato (2022.6) router using AT&T (Fiber) ISP which supports port forwarding to the open internet.

For the sake of example, I want to forward the HTTPS protoco ...

Score: 0
Cisum Inas avatar
Route some clients through router openvpn client file
in flag

I have added a openvpn client to my router. This works but all my devices are using the vpn.

I want some devices to use the vpn and others not to.

To illustrate

A (phone) => no vpn regular traffic

B (TV) => vpn traffic

C (computer) => no vpn regular traffic

Can this be achived with only the openvpn file config? I can't use software for devices to configure vpn settings.

(I dont have access to th ...

Score: 1
surfrock66 avatar
OpenLDAP and Kerberos servers on Ubuntu Server 22.04; Krb5 isn't creating /var/lib/krb5kdc/principal
cn flag

I have an existing openldap server on Ubuntu Server 22.04 and am trying to set up a kerberos server with it, following this guide: https://ubuntu.com/server/docs/service-kerberos-with-openldap-backend

The accounts are created and tested, they work fine (I reference them by cn, but they have a uid; I just created them in apache directory studio first). I've done "dpkg-reconfigure krb5-config" and edi ...

Score: 0
Havard avatar
Iptables Traffic forward
tv flag

Would you please help me . I have a 2 vps (Ubuntu) I want to forward all traffic from one vps(1.1.1.1) to another (2.2.2.2) vps except ssh port on A vps(1.1.1.1) A server is 1.1.1.1 B server is 2.2.2.2

1st try:

sysctl net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -i eth0 -d 1.1.1.1 -j DNAT --to 2.2.2.2
iptables -A FORWARD -i eth0 -d 1.1.1.1 -p tcp  --dport 22 -j REJECT
iptables -A FORWARD  -i et ...
Score: 0
Rostyslav Malenko avatar
HostTracker API update already present domain
mo flag

I have already present domain on host-tracker.com

Using this POST /api/web/v1/tasks/http I can create a domain monitoring with DNS exp, SSL check, etc...

Using PUT, I should update a domain, according to the HT API documentation. But it doesn't work for me.

I have got message Same task allready exists

Can someone share some experience on how I can edit or change the already added domain using their API? ...

Score: 0
Guillaume Filion avatar
Client can connect to reverse proxy running Debian 10 (Apache/2.4.38) but not Debian 11 (Apache/2.4.54)
cn flag

I have a website hosted behind 2 reverse proxies running Apache on Debian. The client is an automated script and it's not easy to know what config/software they're using.

When both reverse proxies were running Debian 10 (Apache/2.4.38 (Debian) OpenSSL/1.1.1n) the client was able to connect fine. When I upgraded one proxy to Debian 11 (Apache/2.4.54 (Debian) OpenSSL/1.1.1n), the client started hav ...

Score: 1
AAA avatar
OpenBSD 7.2: Mailbox file in users' home directory - use Postfix or stick to default sendmail?
lb flag
AAA

I need to setup a mail server with a bit unusual requirements:

  1. OpenBSD is a must. Probably latest version, 7.2.
  2. All mails have to be stored in aa Mailbox file located in user's home directory.

Well, it does not look difficult, as I did it before using other systems. But I used Postfix for this task, as I'm quite familiar with it and I just like Postfix.

Taking OpenBSD's top security into account, I s ...

Score: 0
Chris9834 avatar
xrdp no login possible for AD-users
id flag

i have set up a Fedora 37 Gnome box, as well as Fedora 32 Gnome box and a Fedora 37 KDE box (this one upgraded since about 5 years)

All PCs are part of a AD-domain, login with AD-users on local Desktop works fine, also login with AD-user via SSH works fine on ALL PCs.

But when it comes to log on via XRDP, it is only working with the "old/upgraded" Fedora 37 KDE box.

On Fedora 37/32 Gnome access via XR ...

Score: 0
award94 avatar
Script to notify me when users are created
aw flag

I've created a script from what ive found on the web to notify a SA of users being added to a server. I have it setup with a cron to run the script every 5 mins to monitor differences in the /var/log/secure file but it still sends a blank email if nothing has changed. How can i edit it to not email if no changes are made. Script is below:

file="/var/log/secure"

while cmp "$file" "${file}_bkp"; do
 ...
Score: 0
lea pre avatar
SSH connection sometimes works other no from WIN10 client to linux server
bd flag

I'm trying to connect in ssh on port 22 (with client putty,mobaxterm..) on a remote machine with Linux, the connection sometimes works and other no. My pc run on win10 and if I try on cmd the command ssh "host" I get the following error:

C:\Users\User>ssh kex_exchange_identification: banner line contains invalid characters

Can somebody help me? Regards.

The Stunning Power of Questions

Much of an executive’s workday is spent asking others for information—requesting status updates from a team leader, for example, or questioning a counterpart in a tense negotiation. Yet unlike professionals such as litigators, journalists, and doctors, who are taught how to ask questions as an essential part of their training, few executives think of questioning as a skill that can be honed—or consider how their own answers to questions could make conversations more productive.

That’s a missed opportunity. Questioning is a uniquely powerful tool for unlocking value in organizations: It spurs learning and the exchange of ideas, it fuels innovation and performance improvement, it builds rapport and trust among team members. And it can mitigate business risk by uncovering unforeseen pitfalls and hazards.

For some people, questioning comes easily. Their natural inquisitiveness, emotional intelligence, and ability to read people put the ideal question on the tip of their tongue. But most of us don’t ask enough questions, nor do we pose our inquiries in an optimal way.

The good news is that by asking questions, we naturally improve our emotional intelligence, which in turn makes us better questioners—a virtuous cycle. In this article, we draw on insights from behavioral science research to explore how the way we frame questions and choose to answer our counterparts can influence the outcome of conversations. We offer guidance for choosing the best type, tone, sequence, and framing of questions and for deciding what and how much information to share to reap the most benefit from our interactions, not just for ourselves but for our organizations.