Latest Server related questions

I have an app that requires a set of permissions to various resources on the Platform. I want to have several (say 2) service accounts for this app to separate production activity from dev.

Generally Google recommends to avoid creating groups of service accounts (SA). They say SA corresponds to an app, and app is usually unique. It is not really unique in my case, I assume.

So I thought of creating a ...

Im trying to install it on Debian 11

curl -LsS https://r.mariadb.com/downloads/mariadb_repo_setup | sudo bash -s -- --os-type=debian --os-version=11 --mariadb-server-version="mariadb-10.5"
# [info] Skipping OS detection and using OS type 'debian' and version '11' as given on the command line
# [info] Checking for script prerequisites.
# [warning] Found existing file at /etc/apt/sources.list.d/maria ...

Hoping someone can help. Our website ProcessServing.uk does not appear to be resolving the DNS correctly. It came to light recently when I tried to sign up for a SEO service but their system said our domain was not registered.

Our domain is registered and I can access our domain from the U.K.

I cannot access the site if I use a VPN.

GoDaddy advanced technical support have assured me everything is set u ...

I am not a DNS expert, but I know just enough to break things :)

This is the entire list of entries in my DNS zone:

NOTE: names have been mangled wherever necessary, but the general gist is preserved.

Recently, I've been working on implementing hardware keys for authorization in dovecot/postfix and unfortunately, perhaps due to lack of knowledge, I wasn't able to implement it. From what I've seen, yubikey has the ability to use private keys (I found in the dovecot documentation that it can verify the client certificate) but unfortunately I have no idea how to implement it, because how would yubikey p ...

There is multihomed Ubuntu 22.04: internal 192.168.0.99/24 external 12.12.12.12/29 (for example) acting as gateway also. All, including internet access from the server as well as from the Lan behind works, that is IP forwarding is on, SNAT is set up. I set up indeed SNAT, because of static external IP.

Web server is binded to internal interface only to 85 port. Not binded to external one !

Outside a ...

For the same user, I have two keys on the local machine. On the remote server, both keys are in the authorized_keys file.

I delete one of the keys in the authorized_keys file.

I then try to ssh with the other key using the -i option. It succeeds. The auth log shows that the other (undeleted) key in the authorized_keys file was used to log in - despite me having tried to use the deleted key with the - ...

I've been trying to set up an OpenVPN site-to-site tunnel for 2 days and I'm currently stuck with the following problem. :/

With the current configuration I can reach all servers in the client network from the server LAN network. From the server on which the OpenVPN client is running I can also access the servers in the server LAN. But now I want to extend the connection so that the other servers ...

I configure a response policy zone in my DNS server and I use that to block two domains. This is my zone file.

$TTL    1
$ORIGIN rpztest.
@       IN      SOA     ns1.fati. ns2.fati. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                      ...

I'm using Hybrid Azure AD Join for all my Windows 10 & 11 Workstations, but not for the Windows Server OS.

So rather than manually deploying the 3rd Party VPN client to each workstation, can I use Always On VPN or Microsoft Entra VPN offerings?

Here is the list of 3rd Party VPNs list I am trialling:

https://learn.microsoft.com/en-us/windows-server/remote/remote-access/overview-always-on-vpn http ...

I'm running nginx locally. Without adding any explicit logging configuration to nginx.conf, a symbolic link is added under /var/log/nginx, for access.log:

/var/log/nginx # ls -l

lrwxrwxrwx    1 root     root            11 Sep  9  2021 access.log -> /dev/stdout

If I add an explicit config to nginx.conf like so:

http {

    access_log /var/log/nginx/access2.log;

Then I get a regular log file in  ...

I have a web server set up on Nginx and PHP-FPM (PHP version 8.1). It has worked fine for over a year now. Lately, I've noticed that the site would be down for hours - maybe once or twice a week. After investigating, I found that if I manually restart php-fpm sudo systemctl restart php8.1-fpm, everything starts working again. I suspect that it could be a spike in ddos attacks, because there is some g ...

(Note: I'm really using pfSense, but I'm just going to focus on the ipsec.conf files, since pfSense doesn't seem particularly relevant to the issue.)

We're getting the following error from charon:

Aug  2 21:10:10 vpn-left charon: 13[CFG] <con2000|2049> looking for a child config for 100.127.7.8/32|/0 === 100.127.6.8/32|/0
Aug  2 21:10:10 vpn-left charon: 13[IKE] <con2000|2049> traffic selector ...

I have a local server with microsoft server 2012 which I have AD DS and GPO installed.
On a client pc when installing office 365 and trying to log in to the account I get an error that microsoft cannot log in and the same happens with the news and interest that load in the windows 10 pro taskbar, these do not they come to load.

Could you help me what could be happening?

I am facing some problems with setting up WordPress on my local server. After a successful connection to the local database, Wordpress dropped me Unable to write to the wp-config.php file.. I created wp-config.php manually, but I still could not install any plugin or change any settings. A bit later, I solved it by changing the ownership of all WP files to www-data, but this way of setting ownership is p ...

Have a fleet of linux machines that have different printers available which has chromium running in --kiosk-printing for auto printing. Issue when a different printer profile is selected, sometimes the browser will not use the newly selected printer, instead the browser will use the previously selected printer. To work around this, need to disable kiosk printing mode, print and in the print dialog, pick ...

We had an App Engine's standard environment application running in Python 2.7, and we upgraded it to Python 3.11.

Services/frameworks used by old app:

• Shared Memcache
• Task Queue
• Google's Discovery library (for Big Query)
• webapp2 Framework

Services/frameworks used by new app:

• Flask
• Shared Memcache
• Task Queue
• Storage Write API
• webapp2 was removed since it isn't compatible with Python 3.

We followed th ...

I am struggling to implement a feature for my certificates. I am generating my certificates with OPENSSL 1.1.1. I want to allow only TLSv1.2 and TLSv1.3. The other protocols should not be possible (TLSv1.0 / TLS1.1 / ...). The goal is to generate certificates for multiple websites and authorize only TLSv1.2 and TLSv1.3 with specific Ciphers. I don’t want to modify my webservers configuration (I know i ...

How can I show the tabular data as a graph on Grafana when it's not doing so automatically? What's the problem here? You can see my query as well as data in the screenshot below:

I have tested this on several ubuntu 22.04LTS servers (CLI only) and so far proving unstable. I created a new service which runs a shell script to start up Palo Alto Networks globalprotect VPN client and auto-connect back to our data center. The script loops every minute to ping an IP address inside the data center and in the event of failure, reconnect VPN client. I've had several approaches with the  ...

I'm trying to install Wordpress on my local server according to instruction described on this page

And now I'm stuck on this step:

GRANT ALL ON wordpress_db.* TO 'wp_user'@'localhost' IDENTIFIED BY 'password';

Tried this command replacing 'password' with my actual password, but MySQL complains about an extra apostrophe at the end of a sentence, but I can't find any mistake.

mysql> GRANT ALL ON w ...

Why does mail_crypt require generated private key to be stored on the server? I thought that the purpose of encryption at rest is to prevent attacker from reading the contents of user's mailbox. Once someone gains access to the server they can just use the private key to decrypt the emails (even if the key itself was encrypted with a password that could be brute forced).

I thought that the privat ...

How can I get Apache to serve pre-compresses Brotli files?

With Chrome I am getting

net::ERR_CONTENT_DECODING_FAILED 200

I made my pre-compressed .br (Brotli) files from minimized .html files (.min.html). I used PeaZip (9.3.0) to generate these Brotli files. This is the process I used to make these files.

I host them alongside each other -- all in the same directory. The naming convention is as such

How to create a virtual host in Apache for a server on a local network so that it can be accessed via the Internet. I have server with statick ip and working site on em (first.mysite.org) , but i want to have access to my another application on server in local network , to give it a domain name (second.mysite.org) and have access from the Internet, and not only from the local network . Its working on t ...

In AzureAD, I have a global conditional access policy (cap) that prevents users from accessing their accounts from non approved countries (I do realize this is not an accurate/reliable means of securing an environment).

When people travel we put them in an exception group so they can go to Bali or wherever.

There is a finite list of people that remote work from locations we generally ban e.g. India, ...

I'm trying to link my App's Firebase account to a BigQuery sandbox. It worked a few months ago and stopped when it reached a limit. Therefore I cleaned all BQ data to give enough space for it to work again (as following image indicates): Firebase storage indicator

But its been weeks and it is not sending data anymore. Everyday it register the following error on Cloud Logging:

Quota exceeded: Your  ...

I need some help creating a redirect, I'm trying to replace all - to +, but both are special characters and also want to do it only when the URL contains ?s=.

This is an example

example.com/?s=i-need-to-rewrite-this-url
example.com/?s=i+need+to+rewrite+this+url

This is what I have, I already tried to use () or "" but didn't work

RewriteEngine on
RewriteRule ^?s=(.*)\-(.*)$ ?s=$1\+$2 [L,R=301]

I ap ...

I have radius MAC authentication with dynamic VLAN setup on a WPA-PSK wireless network to easily put different IOT/VOIP devices on various networks that may not support our WPA-Enterprise network. Currently, we just add the devices' MAC into Active Directory and the NPS policy is a accept/deny then assign VLAN when accepted. Is it possible to have a catch all VLAN with NPS? For example, if the devices'  ...

I have a playbook that includes a file containing this:

- name: debug tags
  debug: 
    msg: debug tags
  tags: 
    - debugtags

When I run the following command, I would expect that only this play be executed. Instead, no play is executed. This is in a docker container on my linux desktop, so it needs to go out and get the playbook. I'm sure that the play is in the playbook. The command (edited a  ...

For example I have a ubuntu server 20.04 with 200gb disk and 150gb of that storage is full.

And I want to backup the data in this system to a remote system.

• Is there a way to push all the data to S3 async?
• If I want to target a docker db and files inside a docker what should I do?
• I already have a backup system but as in this example when the storage is not enough. process will be cut in half wh ...