Latest Server related questions

I am running debian buster. The machine has one network card and IPv4 is set static, whereas IPv6 is provided by DHCP. To be honest, I am not sure in what file this is configured, as I configure it via the GUI of Openmediavault.

Unfortunately, from time to time, the System looses its ipv6 address. Ifconfig then looks like this:

enp0s31f6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
     ...

I set up a matrix server and everything seems to be happy, but I can't connect to the server. Calling it with: matrix.myDomain.de results in ERR_TIMED_OUT

Calling it with: matrix.myDomain.de:8008 results in ERR_CONNECTION_REFUSED.

I get an answer when I ping matrix.myDomain.de from command line.

My guess is, that I'm missing a config that exposes the service to the internet.

This is what I did:

1.  ...

I have experience with IIS but not with nginx (on Windows). I have two websites on a server as follows;

http://servername:port1000

http://servername:port2000

and would like the following:

http://site1.ourdomain.com

http://site2.ourdomain.com

I'm wondering how to solve it. DNS can't be used and I guess Azure application proxy cant be used either? Some setting within the web application configuration  ...

Deployed a new hyper-v server a few weeks ago and during install I read that the old way of NIC teaming does not work anymore for vswitches inside of a hyper-v. It was replaced with SET Teams that need to be set up in powershell. Cool, no biggie I think to myself. I got all that figured out and a SET team set up with 4 physical NICs and one "SET team".

Now for background I am a network engineer a ...

So I originally posted this question about some issues I'm having with RDP sessions over XRDP on Debian 11:

Configuration Issues with XRDP and Gnome on Debian 11 server

After some further investigating, I found that xrdp-sesman isn't listening on port 3350 like it should. This is what I see when checking on the active ports by calling netstat -plnta4:

Active Internet connections (servers and established)
 ...

This post is for a newbie, sorry for the stupid question, but quick long history, we have a dameware server proxy and the application have the certificate but its about to expire, we want to renew the certificate but when we try to renew the certificate we have a message:

[DBUG] [remote.globaltelesourcing.com] Attempting to create DNS record under _acme-challenge.remote.globaltelesourcing.com...

Dom ...

im web developer and i have not good knowledge about devOps and server config, i use this code for forwarding data from server a to b from client my mean is:

client---------->serverA--------->serverB

now how can i keep original client ip when i use ip forward to server B? is there any way? i used following commands before but i don't know it work for my new concept or not?

sysctl net.ipv4.ip_forwa ...

I'm trying to achieve this:

• Anything in app namespace gets scheduled onto specific nodes
• other namespaces does not have ability to schedule pod to specific nodes
• developers should not have option to interfere with this

So, I should probably use PodNodeSelector and PodTolerationRestriction, however it requires api restart and few articles claim that it will be deprecated once NodeAffinity is good en ...

I want to let the php file_get_content function connect to network via system-wide proxy. I tried to add the following lines in /etc/environment:

http_proxy=http://localhost:3128/
HTTP_PROXY=http://localhost:3128/
https_proxy=http://localhost:3128/
HTTPS_PROXY=http://localhost:3128/

But it does not work for file_get_content, although it works for wget. I also tried to add the following lines to /etc/ ...

I want to automatically connect someone to a website without having to enter credentials. for this i want to use nginx as a proxy to handle the credentials and create a login request to the website instead of the user. How can i do that? Thank you in advance.

One of my clients is missing some emails and I try to find what is going on, but my knowledge is limited. Have asked the server support guys, but they say all is fine and attach just the logs (which I can't read well > ♻️ )

What have I done?.

root@myserver:~# zgrep [email protected] /var/log/mail.log.2.gz

There I see mails, and they get a queue and message ID attached:

Queue-ID: 2125915E4BB, Mess ...

After i renewed our DEP Token in xenmobile all devices are on mdm status waiting for check-in. When i re-enroll a device i have no problem. But all the "old" devices which where enrolled before i renewed the token are no longer able to download apps and get their config deleted by an OS Update.

Citrix Ticket is open for about 1 Week without any progress from their end. Also opened a Ticket with o ...

We have a upload system that is working behind a nginx reverse proxy, the system checks the authentication before starting to stream the request body from the client (passing through nginx) to the storage system, if the authentication failed, the backend doesn't stream the body but returns directly the HTTP 401 with a Connection: close header.

When testing authentication failure to the backend directly, ...

I need help with a PAM configuration.

I've a Debian 11.5 machine with kerberos connected to an MS AD server. I want to configure the machine in order to allow some AD user to login, filtering them by AD group membership. My AD users uids starts from 3000. The local machine users have to login as usual.

So I edit the PAM configuration in /etc/pam.d/common-auth here the entire body:

auth    [success=4 defa ...

where can I find info regarding the proper way to handle expiring mail certificates?

Here's the problem: our certificates for digitally signing mails expire after a year. If, a week before expiry, I revoke a certificate and create a new one, Outlook complains whenever I open an older mail, signed with a now revoked certificate.

I think this shouldn't be so, since the old mail was signed at a time w ...

I have a website which is built on Codeigniter 3. It is a typical nginx + php-fpm setup. Now I need to direct some of the requests to be handled by another php-fpm pool. Here is a simplified example of the configuration:

nginx configuration

test.conf:

server {
    server_name example.com;
    root /var/www/ci;
    index index.html index.php;

    location ~* \.(ico|css|js|gif|jpe?g|png)(\?[0-9]+)? ...

I am working on OpenSuse MicroOS using their pre-configured HyperV disk. I got it up and running successfully, but after trying to install a few containers I ran out of space. I stopped the VM and added another disk, but am not sure what to do now. I have a basic understanding of LVM, but that doesn't appear to be what MicroOS uses. Can anyone tell me how to extend the /var partition (I believe that's t ...

Whenever I run systemctl start named.service I get the error: zone example.com/IN NS 'linserver-1.myco.example.com.example.com' has no address records (A or AAAA) Now the confusing thing for me is that even though this failed, I'm still able to ping my server with a client using ping hostname even though the DNS service isn't running. I also want to note that dig, nslookup, and host commands aren't worki ...

I'd like to have 2 types of authentication on my web app (PHP 7.4 on Apache 2.4):

• for the URLs /api/ and its children /api/xxxx (not actual directory, just url) I'd like to have HTTP authentication
• for any other URL, I'd like to have shibboleth auth

in my main .htaccess in the root folder, I have the following:

AuthType shibboleth
Require shibboleth

for HTTP authentication, I would use something ...

In short: I´m building computer systems with mounted iSCSI storage. Is it possible to extend the iSCSI storage in live operating without rebooting the systems?

Details:

• One LUN is planned with 5 TB of data.
• For the beginning we want to start with 600 Gigabyte for the LUN.
• The LUN is used for database systems.
• We don't want to create a LUN with 5 TB. We want to keep them small, what gives us flex ...

I have created a Samba Active Directory PDC that runs inside a Podman container.

I was trying to working on how to restore the server from an offline backup, when I encountered something unexpected on the setup of the backup server.

I have a file called setup_samba.sh that is being called only during initialization a container running Samba.

It came back with following error:

Initializing samba da ...

I'm running a javascript application with Prerender.io enabled for Google bots etc.

Using the configuration recommended by Prerender.io any matching user agents are redirected to their site and served the pre-rendered page.

There's a requirement to work with some partner services which will attempt to connect to our javascript pages and either make HTTP HEAD requests to get information about the pag ...

I'm troubleshooting some keys and I want to check with the community if you know how to print out the certs used to encrypt a file using openssl.

I'm connecting to remote device through VPN. I use OpenVPN Config: client

dev tun
proto udp
port *port*

remote *ip*

persist-key
persist-tun

<ca>
-----BEGIN CERTIFICATE-----
*cert*
-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
*cert*
-----END CERTIFICATE-----
</cert>


<key>
-----BEGIN PRIVATE KEY-----
*key*
-----END PRIVATE KEY-----
</key&gt ...

I am curious to know about 2 things below about the AWS-EC2 CPU utilization and CPU Credits.

What will happen if my AWS-EC2 instance CPU utilization is constantly 100% and I ran out of CPU credits?

Assume that my EC2 burstable (t-series) instance is in a shared host(which is a 8core CPU) shared by 2 VMs each 4 core. Now both the VMs are utilizing full CPU i.e. 400% each at the same time. Both the VM ...

I followed an article from DigitalOcean to mount a directory from my backup machine (192.168.100.82) on my service machine (192.168.100.81):

mount -vvv 192.168.100.82:/var/nfs/general /nfs/general

But it fails with the following log:

mount.nfs: timeout set for Tue Nov 15 13:17:28 2022
mount.nfs: trying text-based options 'vers=4.2,addr=192.168.100.82,clientaddr=192.168.100.81'
mount.nfs: mount(2): Opera ...

There is 1 network behind FW-A that is already in place, in the subnet 172.16.101.0/24

I would like to establish an IPSec tunnel between FW-A and FW-B,and have devices behind FW-B to also be located on the same subnet as FW-A in 172.16.101.0/24.

Here is a representation:

Now from what I know, the way you achieve this kind of topology is by natting both networks and have them communicate through their na ...

I have a container stack (specified by a docker-compose.yml). The stack requires a PostgreSQL database, but I am using a locally running native instance instead of having it be a part of the stack (to make e.g. backups easier, and to conserve resources). The PostgreSQL instance is set to bind and listen on 172.17.0.1, the IP under which the host is reachable from within docker containers.

However, du ...

Two powerdns are configured and divided into A and B. B is delegated by A. Host A configured pdns and pdns-recursor, host B configured pdns.

[Version info]

pdns-server : 4.7.2
pdns-backend-pgsql : 4.7.2
pdns-recursor : 4.2.1
postgresql : 15.0

Here is my configuration.

[A pdns.conf]

daemon=yes
disable-axfr=no
include-dir=/etc/powerdns/pdns.d
launch=gpgsql
gpgsql-host=10.1.0.107
gpgsql-port=5432
gpgsql-d ...

Want to use proxy cache on selected pages, for these I've added a header variable ngx_cachekey. Other pages that is not for caching are don't have this header variable.

mysite.com/cacheable-page (has the ngx_cachekey in the header) mysite.com/dynamic-content (has no the ngx_cachekey in the header)

I can debug this with add_header X-NGX-CacheKey $upstream_http_ngx_cachekey; , so setting the variabl ...