Latest Server related questions

I'm building a patroni postgres cluster, however, I can't decide which is better architecture

App > HAproxy > Pgbouncer > PostgreSQL (patroni)

App > PGBouncer > HAproxy > PostgreSQL (patroni)

I can't seem to get an answer upon my search and a lot of conflicted answers. Some say its better to have haproxy in front and others say the opposite .

I would appreciate your opinion on this matte ...

Content of my Dockerfile:

FROM php:8.1-apache

WORKDIR /var/www/html/

RUN pecl install xdebug \
    && docker-php-ext-enable xdebug \
    && a2enmod rewrite \
    && docker-php-ext-install zip

COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
COPY composer.json composer.json
COPY composer.lock composer.lock

RUN groupadd -r user && useradd -r -g user  ...

I have a host and guest Virtual-Machine (VirtualBox) with NAT Networking with the following network interfaces.
How to trace traffic from local IP 10.0.2.15 i.e. guest's IP back to Host ?

Host
Ubuntu

ip route show
default via 192.168.68.1 dev wlp0s20f3 proto dhcp metric 600 
169.254.0.0/16 dev docker0 scope link metric 1000 linkdown 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0. ...

I'm trying to create a script that will answer questions in my other script on perl. There are simple actions but I cannot figure out how to make except understand the output.

Here's my code:

 #!/usr/bin/expect -f
 set force_conservative 0  ;
                           ;
 if {$force_conservative} {
         set send_slow {1 .1}
         proc send {ignore arg} {
                 sleep .1
               ...

I have two container in bridged network one of these is a bind container and the second a kali linux for testing my network issue and a bind server who the 53 port is used in udp and tcp

If i use a custom IP on my resolv.conf, all is ok (172.17.0.2) bu if i use the ip of my container server (192.168.0.32) the udp request is failed

I don't understand why because my bind container has the port 53 bind ...

BareOS - drive full. How do I delete (cancel with bconsole) old jobs?

In this case I want to completely remote job #11030 and free that disk space up. How?

When I use bconsole's disable job=11030 is gives me "not found".

I am new to the whole crypto-mining game. I am looking for a crypto hosting provider that offers POS hosting. I have the budget but need hand-holding as I am not a server administrator. What are my options?

I followed this tutorial to install the SSLH package to handle both web hosting and openvpn in my ubuntu 18 server.

However, my server can just handle very limit public incoming port, such as 80,443,1193 (TCP only), for security reason but no limitation for the port use amongst the intranet. For example: I can connect 10.10.10.2:63952 (ip from intranet:any port) to 10.10.10.1:63952 (my server:any por ...

I am trying to write a below rewrite rule but somehow this is not working and I would really appreciate if someone can help me on this?

I have a Nginx reverse proxy set and my orignial server IP is 172.16.3.15 and site listens on http://172.16.3.15/web1

Hence I wrote a vhost config on Nginx server and tryin to rewrite so that that if user enters http://web1.example.local it will be diverted to http://web ...

I am not sure if this is relevant, but I am on one of the Oracle Compute instances, and I am using an Ubuntu 22.04 instance. I have opened the right ports so that the server is accessible to the outside world.

Now, here is what is strange: I try the following command.

sudo python3 -m http.server --bind 0.0.0.0 80

And I try to access it from an outside machine with

wget <myip>:80

--2022-11-10  ...

I have 2 Server:

Server 1: MikroTik RouterOS (Setting up L2TP vpn server) [out of my country]

Server 2: Fresh Ubuntu 20.04 OS [in my country]

I can't connect to Server 1 via L2TP connection (protocol blocked by ISP for out country servers), but I don't have limitation to connect Server 2 via L2TP or other protocols...

My scenario is run packet forwarding on Server 2 and use L2TP connection of Server 1, b ...

I have MSK Kafka cluster on AWS with 3 brokers: b1.amazonaws.com:9092, b2.amazonaws.com:9092, b3.amazonaws.com:9092. Brokers are not public, so I have opened 3 tunnels through bastion:

ssh -L 9092:b1.amazonaws.com:9092 -L 9093:b2.amazonaws.com:9092 -L 9094:b3.amazonaws.com:9092

But I can't setup my Kafka client to connect to localhost:9092,localhost:9093,localhost:9094 - I have to keep original s ...

i followed a couple of tutorials to set up a strongswan site-2-site vpn, and i got stuck ... .

that's the situation:

SITE A                     <------->     SITE B
AWS VPN GATEWAY                          STRONGSWAN
HOST 1                                   HOST 2 (Strongswan host, also EC2)

• I can ping host 2 from hots 1, but there is no answer going out (tcpdump on host 2).

  00:30:46.360533 eth ...

I'm trying to build a script that I need to be quite able to manage directory with spaces or/and backslashes in their name or not.

Inside a bash script or directly on bash shell using variables for testing, I cannot change to a directory with escaped spaces in it, I can do it manually, but if I put it in a variable and I try to change directory using that variable I cannot.

EXAMPLE:

directory I want to ...

We recently installed Exchange 2019 and noticed that after completing the setup wizard, it apparently created a mailbox for the user who ran the installer.

I am unable to locate any documentation from Microsoft on whether this is default behavior or not. It seems odd and should be documented somewhere. Is this expected behavior when installing Exchange in general? This is my first Exchange ins ...

I have some nftable rules in the inet firewalld table

        chain filter_FWD_policy_externalTolxc {
                jump filter_FWD_policy_externalTolxc_pre
                jump filter_FWD_policy_externalTolxc_log
                jump filter_FWD_policy_externalTolxc_deny
                jump filter_FWD_policy_externalTolxc_allow
                jump filter_FWD_policy_externalTolxc_post
            ...

I've come across an issue I haven't seen before and am really scratching my head. We have a basic wordpress site running on a WHM/cpanel(for configuration) hosted platform. We have an SSL certificate installed. 2 days ago, something changed with the server configuration that every one swears they didn't change(ha).

So every time we went to the wp-admin, we kept getting a redirect loop. After trac ...

I work on an AWS Fargate service which has a health check configured as well as an autoscaling policy set.

The application needs about 30 - 45 seconds to start.

The application does receive traffic spikes now and then. The autoscaling policy will kick in when CPU usage goes above 60% for the last 3 minutes. The 1 minute resolution is the most fine grained resolution AWS provides for built-in metrics ...

nginx running on ubuntu 20.04, for a (once running) Magento 2.4.5 install

After a reboot of the server, nginx failed to restart.

Running command sudo nginx -t brings up error:

nginx: [emerg] "root" directive is duplicate in /home/--/web/--/public_html/nginx.conf.sample:32 nginx: configuration file /etc/nginx/nginx.conf test failed

If I open nginx.conf.sample and comment out line 32, I'm faced with a ...

I have created an application in Azure AD and already have verified MPN ID to associate with this application.

When I add MPN ID I get the error:

This capability is not supported in an email-verified tenant.

There is a custom domain in the tenant, and it shows as "verified". The verification was done by uploading a json file to a .well-known folder.

Please clarify, how can I properly proceed with ...

I'm trying to publish a remoteapp, but when I select the option, I get the response the server which I'm using, where the remoteapps are published, isn't available.

I'm pretty sure the reason is because I can't start up the RD Connection Broker, RD Mgmt and RemoteApp and Desktop Connection Manager.

When I try, I get:

Error 1075: The dependency service does not exist or has been marked for deletion.

I am attempting to run Wordpress on Docker on my VPS. Since I run some additional web apps, I have setup Nginx proxy pass to route requests to each of them. As such I have setup the same for this Wordpress setup by proxy passing /blog to the Wordpress container running on port 8198.

Everything seems to work fine when installing and logging in, even the admin panel opens. But if I click on any lin ...

So, my eth0 interface in ubuntu 10.04(DVWA Machine) is configured with dhcp by default, but it is not taking an IP from the dhcp(in VirtualBox), that's why I want to assign a static IP. I have already made the change in /etc/network/interfaces from dhcp to static, like this:

auto eth0
iface eth0 inet static
address 192.168.0.100
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gate ...

Using Strongswan IPSEC

eth0 IP is xx.xx.129.177 (which is our public IP and the one currently sending requests) the gate way to eth0 is xx.xx.128.1

eth0:1 IP is 10.16.0.24/16 - Client expects this address to deliver TCP requests and make the SQL connection, is this the private IP address of eth0? And can I route traffic to use this??

I'm not sure how to route traffic through eth0:1 and tbh I'm not sure ...

An answer on SO to the same nice - and following guidelines - question but for Apache, how to set Access-Control-Allow-Origin entry header for multiple origin domains deals with .htaccess, checking from a list of allowed origins and returning the specific value:

<IfModule mod_headers.c>
    SetEnvIf Origin "<regex-matching-allowed-origin-domains>" \
             AccessControlAllowOrigin=$ ...

I have an instance in oracle cloud with debian 11

The network configuration for IPV6 is:

iface enp0s3 inet6 static
address xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
netmask 128
gateway fe80::1
dns-search google.com
dns-nameservers 2001:4860:4860::8888 2001:4860:4860::8844
accept_ra 0
autoconf 0
privext 0

Talking to Oracle support chat, they gave me a link https://www.51sec.org/2021/09/20/enable-ip ...

As in any IT environment, the number of web server certificates is constantly increasing. With the reduction of the duration to 1 year, the administration effort increases at the same time if such processes are not automated. Currently we have a simple PKI based on MS ADCS.

I have never delegated the issuance of web server (mostly Windows Server with IIS,Apache,Tomcat...) certificates to the web  ...

I use a jump host to connect to the remote servers through SSH.

I use the following linear command for the connection.

ssh -J jumpuser@jumphost:2455 remoteuser@remotehost

It works fine.

But for new servers I need to setup passwordless SSH, So I tried with the following command:

ssh-copy-id -J jumpuser@jumphost:2455 remoteuser@new-remotehost

But it throws the error:

/usr/bin/ssh-copy-id: ERROR: invalid  ...

I am trying to create and attach a volume with:

openstack volume create ... VOLUME_NAME

and

openstack server add volume ...

But I am having two problems:

• The volume is always created, and I would like to prevent the creation if VOLUME_NAME already exists.
• The volume is attached in the machine under a sequential device. So, the first time, it is attached in /dev/sdb. If I detach and attach again, it is in ...

I have a local TeamCity installation on my work PC. I've set up TeamCity to pull and build nightly.

Checking the build logs, I can see that it is failing to collect changes whenever this build trigger happens. If I trigger the build manually, it works.

I changed the build trigger to run during the day, then I logged off my PC. This time it worked. So it seems to me like the nightly builds are failin ...