Latest Server related questions

Wondering what decides the outgoing interface. Here is my setup

Eno1 - 192.168.3 0.2/24, Gateway - 192.168.30.1
Eno2 - 192.168.50.2/24,  Gateway - 192.168.50.1

My routing table looks like this -

[root ~]# ip route
default
    nexthop via 192.168.30.2 dev eno1 weight 1
    nexthop via 192.168.50.2 dev eno2 weight 1
192.168.30.0/24 dev eno1 proto kernel scope link src 192.168.30.2 metric 100
192.16 ...

I have a Modem/Router (NAT) that authenticates to my ISP's fiber optic cable. This modem has one ethernet cable connected to my Computer and another to the WAN port of a Wi-Fi router.

The Router is set to Bridged mode. Connected to this router is a laptop and a server.

Both the Laptop and Server can access the Modem's configuration page (192.168.1.1) but they cannot ping the Computer (192.168.1.23) (

I keep encountering this warning when the tablespace file mytable.ibd is over 4G bytes, then get the following error:

[ERROR] InnoDB: Trying to access page number xxx in space yyy, space name mydatabase/mytable, which is outside the tablespace bounds. Byte offset 0, len zzz, i/o type read. If you get this error at mysqld startup, please check that your my.cnf matches the ibdata files that you hav ...

I know that client side openvpn configuration can use route-nopull and write theirselves route. But this may cause some secure problem, for example when you don't want to let vpn user visit some node through vpn gate.

So how to restrict route scope at server side even if vpn user modify their client configuration and write self-defined route?

I'm currently running Nextcloud on Ubuntu server. After upgrading from 20.04 LTS to 22.04 LTS, I couldn't log into Nextcloud. I switched the PHP modules from 7.4 to 8.1 as recommended in this forum post, but I still can't log in. Whenever I go to the login page, I just get this error:

Internal Server Error The server encountered an internal error and was unable to complete your request. Please conta ...

I have created a NIS environment . Nis users are able to login to all nis client machine but not able to login to NIS master.

login as: nani [email protected]'s password: Access denied [email protected]'s password:

I have pointed the passwd files to var/yp/ location and update this entries in /etc/sysconfig/yppasswd file as well

kindly please suggest which file i need to modify to all the nis users t ...

I have two servers with twin RDMA enabled 25GbE NICs installed. For the time being, during testing, they are direct connected... no switch between them. If I just make a single SFP28 connection between them, I can easily saturate the 25GbE link. However, when I set up the second one, the most I can hit is 35Gbps instead of the desired 50Gbps.

Not wanting to bore you and go into all the configurat ...

I can add route over the interface using ip route add command, for example:

ip r a 1.1.244.244/32 dev main-br

How to achieve the same using nmcli?

I want to buy the DS 920+ with (4x)6TB Seagate IronWolf NAS HDD. I definitely want some reliability. I obviously don't want to lose any data which is stored on the NAS.

Which RAID would be the best? I think RAID 1 (12 TB is enough of course) but what about RAID 5? Is this a good idea?

I have been running several LAMP servers for 5+ years with Let's Encrypt certs. Today, I did the SSL test by Qualys https://www.ssllabs.com/ssltest/index.html to learn that I had lost my coveted A+ because the ever-evolving cipher-suites list had changed and now I had weak cipher suites in use. Searching the internet will bring you to myriad websites, each with differing answers based on age. I lo ...

I have an ipv6 proxy that I generated by a vps, the problem that the proxy only works in the browser, the site supports ipv6, and I have already used this type of proxy by subscription of a provider and it worked normally by python, my question what could be causing this problem?

Note: Im using the same headers from chrome in python.

Browser img

Wget img

Python img

We have configured access to a web site on a remote machine using the guide here. This lets us access the remote web site using WMSVC. The end goal though is we want to be able to connect to the site remotely and stop and start it using powershell. Note that although this seems to grant access to the specific website, the user DOES NOT have any permissions on the web server itself so doing things like PSE ...

I’m trying to implement SSO between a custom app and Microsoft 365 so that when the users hit any link to Teams o SharePoint Online in the Liferay app, ADFS doesn't ask for credentials. Context:

• ADFS is owned by corp global IT team and changing its IdP role for AAD/M365 environment is not feasible… Also “Custom SSO provider” cannot replace ADFS as it doesn’t have windows credentials SSO ( ...

I'm creating some ACLs in my RHEL 9 laboratory under learning purposes. But I faced the following problem.

As user1 I've created a file named "aclfile" under /tmp and created an ACL so user100 can operate read and write actions over this file.

[user1@server1 tmp]$ pwd
/tmp
[user1@server1 tmp]$ touch aclfile
[user1@server1 tmp]$ setfacl -m u:user100:rw aclfile
[user1@server1 tmp]$ getfacl -c aclfile
us ...

currently we have an AWS client vpn setup to give users access to our VPC. We are using active directory groups to allow certain users access to ip ranges. However, we would like to allow some users to only access an internal load balancer we have set up. The ip addresses on the internal ELB change sometimes and break the rules we have set up.

Is there a better way to set up the network so users  ...

In my apache config file I'm trying to set a virtual host on port 443 IF my environment variable is not dev

I have a docker container running via docker-compose which specifies the environment variables.

To check the env variables are properly set, I remote into my container:

root@4f212c1c7e23:/var/www# echo ${APP_ENV}
prod

Below is the apache config file that is apart of the volume mapped to the contain ...

I have setup a RedHat 9 VM on Azure cloud with one virtual NIC which the VM recognizes as eth0. However, I have noticed that after booting up or restarting, the VM creates a duplicate device eth1 with the same IP address as eth0. eth1 does not appear anywhere in /etc/sysconfig/network-scripts/* Trying to delete it using ip link delete eth1 produces the error RTNETLINK answers: Operation not supported

I am experimenting with eBPF and network namespaces, because ultimately I want to filter traffic among Kubernetes containers. But I am finding that this doesn't work. I am using eBPF and user code from the usual test case I am working on https://github.com/tjcw/xdp-tutorial/tree/master/ebpf-filter , and when I run https://github.com/tjcw/xdp-tutorial/blob/master/ebpf-filter/runns.sh I get a failure a ...

I'm scraping information regarding civil servants' calendars. This is all public, text-only information. I'd like to keep a copy of the raw HTML files I'm scraping for historical purposes, and also in case there's a bug and I need to re-run the scrapers.

This sounds like a great usage for a forward proxy like Squid or Apache Traffic Server. However, I couldn't find in their docs a way to both:

• Keep a pe ...

I've gone through the limit_req_zone docs and also searched through but haven't seen whether it's possible to do this with nginx rate limiting. I want to do the following:

1. set a global rate limit ie. limit_req_zone global zone:general 10r/s

2. let's say there's a vip group of whitelisted ip addresses. I want to split 5r/s amongst the vip group, and then everyone else has 5r/s to fight over.

Ideally I cou ...

it's a company environment. DNS name resolution ist fine (really), all PC are part of the same domaine.

If i want to connect from a PC to another using the name of the target computer (with or without domaine does not change anything) it throws a error "mit den Anmeldeinformation konnte keine Verbindung hergestellt werden"/"no logon possible with that credentials" If i try to connect to the remot ...

I'm trying to debug a waf rule. I've set it to preview in Cloud Armour and checked the policy is applied to all 3 of my services. I then went into Load Balancer and clicked edit (there's only one load balancer) then chose "Backend configuration" and clicked the pencil icon next to the service that runs my API. In the sidebar I checked "Enable logging" and set the rate to 1 (capture all events) and click ...

I have a virbr0 interface, created by libvirt with

inet 10.1.2.1  netmask 255.255.255.0  broadcast 10.1.2.255

There's an active IPSec tunnel with

leftsubnet=10.1.2.0/24
rightsubnet=192.168.160.0/20

The VMs are able to reach 192.168.160.0/20 but now I would like the VMs to have all their traffic redirected to 192.168.168.254 instead of using the default gateway of the machine.

I thought I could use s ...

i was wondering if it was possible to cancel the rescan-scsi-bus.sh --forcerescan action after running it ? as far as i can see all it does is adds

echo 1 > /sys/class/scsi_device/${host}:${channel}:${id}:${lun}/device/rescan

Im assuming that this flag stays even after a server restart? would echoing a 0 (or "") to those files stop/cancel it?

I hope i explained correctly :-)

How can I add a variable within awk command? below is my command:

cat /home/ubuntu/test/copy.txt | awk 'NR==21{print ".host = "$line";"}1'

$line is basically an IP address which is retrieved from a text file. With the above command the output looks like

.host = ;

Any immediate help would be really appreciated.

Format of copy.txt

backend default {
#.host = value; need to be here
.port = "8080";
}

On Wednesday evening I launched on my Windows Server 2016 Diskm.exe as this "dism.exe /online /Cleanup-Image /StartComponentCleanup". I thought it would be a straightforward process but when I checked it out on Thursday morning it was stuck at 70.4% and TiWorker.exe still working (and eating up a lot of CPU).

I checked it out several times in the morning and it always was showing the same value. In the a ...

I am working on a project which is in Yii2. I have to integrate swagger UI for API documentation. My current directory structure:

This is what the .htaccess looks like:

RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php
<IfModule mod_headers.c>
   Header set Access-Control-Allow-Origin "*"
</IfModule>

When I hit http://xx ...

I've built a Swarm-based Docker setup for our on-prem DevOps pipelines. Docker-based pipeline agents are started and can perform build operations. I also have a few of those agents capable of building new docker images - this was enabled by binding \\.\pipe\docker_engine from the host with these containers.

This generally works... however in case there's an issue with the build process it'll likely leav ...

I have keepalived 2.0.19 running in Ubuntu 20.04.

Trying to add the --log-file= option to DAEMON_ARGS in /etc/default/keepalived results in this.

keepalived[454603]: -g requires configure option --enable-log-file

But if i also add --enable-log-file i get this (too)

keepalived[454603]: Unknown option --enable-log-file

The man-page doesnt mention --enable-log-file. And if i look at output of 'keepalived  ...

Every now and then I browse my spam folder (for science!). Recently (after adding DKIM Verifier plugin to my MUA) I noticed that some e-mails have valid DKIM signature, but the Verifier points out that sender domain and signing domain are different. This got me thinking:

Should e-mails like this be treated as spam unconditionally? Are there any scenarios where such e-mails are legitimate?