Latest Server related questions

I have a dumb IoT device that simply asks for a DHCP lease and gets no answer. I figured out that the request never reaches my routers DHCP server and I have no clue on why that happens. If I run a DHCP server on a PC right next to the IoT device on the same switch everything works as expected. Running a DHCP server right next to the upstream router (on a Raspi connected to the router) also shows no evi ...

I created a Mastodon instance with DigitalOcean's preconfigured droplet which deploys version 5.3.5 of Mastodon on Ubuntu 20.04. I ran the setup wizard, then I immediately upgraded it to v4 of Mastodon with the official instructions.

After the restart, the web UI is down. The log /var/log/syslog contains:

ActionView::Template::Error (Webpacker can't find media/icons/favicon-16x16.png in /home/mastodon/liv ...

I have some 18TB Seagate Disks on a DL380 Gen8 HP server with p420i raid controller, with 2GB cache module. I have created a RAID5 with 16TB disks but with 18TB disks, all disks are recognized but when I want to create a RAID volume, all disks fail. (a pic enclosed)

I did not find any HP document that help me find out what is the max disk size a p420i can support in practice. I know that HP indicated tha ...

I am trying to limit packets per second / per IP, however iptables complains about this stating: Bad argument `−−hashlimit−above'.

My rule is as follows:

iptables -I TEST -p tcp -m tcp -m hashlimit −−hashlimit−above 512kb/s −−hashlimit-burst 1mb --hashlimit-mode srcip --hashlimit-name test -j DROP

The example above is literally taken from the iptables man page. Host is using ipta ...

I have a server running httpd for several websites. Using the top command, I found many httpd processes exhaust memory. Using the netstat command, I found the httpd processes are connecting to an external ip address. Is it possible to locate the (php) script(s)/functions that issue the connections?

The access log specified in httpd.conf for a website only shows the information for incoming connections. For outbound connections such as those issued by php file_get_contents function, how can I get the log?

I have installed a mtproto-proxy container:

# podman container list
CONTAINER ID  IMAGE                                     COMMAND               CREATED       STATUS             PORTS                        NAMES
02e39044364c  docker.io/telegrammessenger/proxy:latest  /bin/sh -c /bin/b...  8 months ago  Up 11 minutes ago  1.2.3.4:443->443/tcp  mtproto-proxy

But I can't restart it without a S ...

I'm setting up an internal testing network, and I want FireFox to accept my self-signed certificates. Specifically, I'm trying to configure a certificate for nginx so I can use MyTestNetwork.dev and *.MyTestNetwork.dev.

Here is how I'm generating my certificates:

rm rootCA.* MyTestNetwork.dev.*

# Generate rootCA
openssl genrsa -out rootCA.key 4096
openssl req -x509 -new -subj="/C=US/ST=CA/O=MyTes ...

I own a dedicated server with some kvm vps running for my clients. My main network is 192.168.1.0/24. The vps have a dedicated network 192.168.2.0/24 on a bridge interface brv6. The ipv6 traffic goes through my isp router as each vps have it's own ipv6 address. But for my security, the ipv4 traffic is routed through a nordvpn wireguard vpn (10.5.0.1/24). Here is the routing table for the vps:

defau ...

as relevant with current times so i'm installing myself a mastodon instance...

when I try to restart nginx i get the error

root@instance-20221113-1925:/home/ubuntu# sudo systemctl restart nginx
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xeu nginx.service" for details.

here's the log (it says Nov 13 09:45:11  ...

I receive UDP broadcast packets on wlan0 on my Raspberry Pi which I'd like to forward to my desktop for analysis via eth0.

I'm running a modified WiFi firmware on a raspberrypi which sends UDP packets on wlan0. I can capture them with tcpdump on the raspberrypi:

root@raspberrypi:/home/pi# tcpdump -i wlan0 dst port 5500 -vv
tcpdump: listening on wlan0, link-type EN10MB (Ethernet), snapshot length 262144  ...

I have a problem on Fedora 36 with rsyslog, selinux and /var/log/messages components.

As you can see:

AVC avc:  denied  { unlink } for  pid=XXX comm="in:imjournal" name="imjournal.state" dev="XXX" ino=654207 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0 trawcon="system_u:object_r:syslogd_var_lib_t:s15:c0.c1023".

Selinux is refusing access, and  ...

We've just ended 3y of commitment to GCP. Now we wish to commit again but they made some changes. https://cloud.google.com/compute/docs/instances/signing-up-committed-use-discounts

Article says Committed use discounts do not apply to extended memory. The question is that relevant only for the extended part / all memory / entire machine with extended memory ?

Thanks Ori

A hostname that is a CNAME record resolves correctly outside of an AWS environment, but within AWS, it resolves correctly from EC2 instances in some accounts and fails (NXDOMAIN) consistently in other accounts.

A hostname that is an A record resolves correctly everywhere.

I have used nslookup and dig to check name resolution.

To rule out failures due to bad cache entries in some of the resolvers on the ...

I need to force users for request to alasghar.com for connect to openvpn server, as alasghar.com is not public dns and not resolve by dns server.

Can I change clients ovpn file to force request alasghar.com from for example from 1.2.3.4 ?

I use " dhcp-option DNS <dns_server_ip_address> " in ovpn file but not request dns to my dns server because until client no connect to openvpn server this op ...

I am new to this domain controller and new to the company. all the below domain controller are in windows 2008.

we got two parent controller

• parent-DC1-2008.example.com
• parent-DC2-2008.example.com

we got 4 physical location office, each location has its own child controller, all the location office domain controller connected to the parent controller above. and they are

• locationA-DC1-2008.example. ...

As the subject line says, I cannot ssh to my OCI instance running ubuntu after i did do-release-upgrade.

The instance was running ubuntu 22.04 which i tried upgrading to 22.04.1.

I am hosting a website on the instance. It is not accessible as well. When i try to open the website in the browser I get an error saying the server is not responding.

The upgrade went through. I did a reboot after it was comp ...

We are planning on implementing Azure Backup backups of our VMs but I'm struggling to find any documentation that clearly states how the backups are taken?

I see snapshots are being taken but how does Azure Backup backup VMs without shutting them down? If a machine is in the process of writing files or changing settings how/at what point will the backup be taken if it isn't being shutdown?

I am facing a 404 error when I access my site directly from IP. The default root directory is /var/www/html. And I am accessing it through http://<server_public_ip>/folder_name.

This is my folder structure.

/var/www/html
          ├── WordPress1/
          ├── WordPress2/
          ├── CI_or_Larawel/
          ├── any_direct_file (.php,.zip or anything else)

Generally  ...

I have read about multiple approaches on isolating websites on Apache server such that if one website is compromised, wont affect the rest nor the server itself. But I was confused and not sure which approach is the best in terms of security and usability?

Some of the approaches are:

• Having every website in it's own Apache server in a docker container and using a proxy to map different requests to corre ...

I'm trying to do something like the following:

<If "%{IPV6} == 'off'">
  Header always set Attention "you are using still using IPV4 in %{TIME_YEAR}, please blahblah etc"
</If>

(please withhold commentary regarding the viability of communicating with humans through HTTP headers)

without the %{TIME_YEAR} it works fine but with it it gives an error Unrecognized header format %,

removing the  ...

On a Raspberry PI I have, whatever I run on, say, http://localhost:8080, is automatically visible to other computers on my local network at http://192.168.0.xxx:8080 or http://pi.local:8080.

This doesn't happen with my Mac. If I'm testing an Angular app which runs on http://localhost:4200, that app will not be seen at http://mymac.local:4200 by other computers on my local network.

All I want to do is expo ...

I've been scratching my head a few days at this now and I am by no means a networking expert but I know (most) of the basics.

I've got Virtualizor setup on CentOS 7 and I'm trying to add a new /27 (216.x.x.0/27) I got from my hosting company. My servers main IP is the first available IP in the subnet (216.x.x.2), the rest of the IPs should go to any VPS that gets spun up.

So far the furthest I've go ...

I would like to install Kubernetes on CentOs VMs. These VMs are not connected to the internet, so it would be great to download binaries or RPM packages from somewhere and copy them to these machines, then do the installation.

For (Docker) images, I would like to access a company internal repository.

Since this is just for experimentation, I do not need production ready security.

Can someone give me ad ...

Evening folks

We currently have an internally developed web application that is hosted on IIS using Windows Authentication.

Our users use Edge in IEMode to connect to our web app - currently they don’t have to enter any credentials as IE is using windows integrated authentication so the browser is automatically passing through the users credentials to the web app and providing a SSO experience.

Somewhat recent versions of logrotate fail to execute postrotate actions that invoke Java when logrotate is started via systemd. In my logs I see:

logrotate[123]: Error occurred during initialization of VM
logrotate[123]: Failed to mark memory page as executable - check if grsecurity/PaX is enabled

I have a .htaccess file and I'm trying to convert it to an NGINX URL Rewrite configuration. Unfortunately, none of the available converters help. Every time I get either a 403 error or 'No input file specified.'. PHP 8.1/nginx/aapanel

<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews -Indexes
    </IfModule>

    RewriteEngine On

    # Handle A ...

I am looking for a daily budget alert on my AWS usage, for example in case I leave an EC2 instance running or if a user requests too many one-time passcodes on SNS. I already use monthly budget alarms, and CloudWatch alarms attached to EC2 instances.

In 2020 AWS announced daily granularity on Budgets for some customers:

Daily budget granularity is already available to Savings Plans and Reservation budge ...

we use port range from 1000-12000 and each port for one user, so basicly i need to limit each user

    port 1 <--> 1 ip 

iptables -A INPUT -dports 1000:12000 -m iplimit --iplimit-above 1 -J REJECT

maybe?

--match multiport --dport 1000:12000

i think it must be done using iptables resent for 60 sec , once first ip connected to a spesific port, it will be allowed using Related,Established an ...

When I first saw the UI in VirtManager, I thought "Maximum" is the amount of ram that appears to the guest, and "Current" is the reserved RAM when the VM starts. I thought that VirtManager will automatically reserve more RAM when the guest request it up to the size of "Maximum".

But when I test it, it did not work that way. The guest always sees the "Current" value as its total RAM size. Then, wh ...