Latest Server related questions

I have an EC2 instance running which is housing a nodeJS/GraphQL based API application. The application is managed via PM2.

I want to have a setup/configuration which can continuously ping one endpoint (actual API) on the server to keep monitoring the latency. e.g, it can keep hitting login endpoint with some dummy credentials to make sure server the response is received within given threshold ti ...

It looks like it is not possible to abort a menuentry content, for example:

submenu test1 {
  menuentry test2 {
    echo "play1"
    cmd1 # even this failed, it still continue to next line
    echo "play2"
    return 1 # this also does not work
    exit # this works but it exit the entire grub
    echo "play3"
  }
}

What I want is similar to set -e in bash, but only return to previous menu. How ca ...

I'm trying to set up a chrony server/client pair. My chrony version is 2.4.

When I check the sources on the client side, I see that the server is unreachable

chronyc sources -v
210 Number of sources = 1

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = ...

I have a efi application in XFS partition. (hd0,gpt2)/test/EFI/BOOT/BOOTX64.EFI I try to chainloader it by:

set root="(hd0,gpt2)/test"
chainloader /EFI/BOOT/BOOTX64.EFI

But chainloader failed with cannot find (hd0,gpt2)/test. Does this means the efi need to reside on a FAT32 partition? Or there is some mod I missed?

I did some research via grub2 shell. It looks like I cannot set path as root. When I d ...

just this morning I started seeing the following error on one of my domain names.

< HTTP/1.1 409 Conflict
< Date: Tue, 25 Oct 2022 20:43:37 GMT
< Content-Type: text/plain; charset=UTF-8
< Content-Length: 16
< Connection: close
< X-Frame-Options: SAMEORIGIN
< Referrer-Policy: same-origin
< Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, p ...

I've gone through a lot of tutorials and questions and I still can't get it to work.

I installed MariaDB 10.5 on a Debian 11 server. We changed its IP address yesterday and since then we cannot do a remote connection. The database answers "Access Denied to user@host on database"

We created some users to test:

GRANT ALL PRIVILEGES ON db.* TO 'user'@'host.domain.com' IDENTIFIED BY 'something';

Does lo ...

I'm now trying rsyslog, I'm trying to receive logs from an external system (barracuda: https://campus.barracuda.com/product/essentials/doc/85494328/syslog-integration/ but someone else manages this system) using rsyslog over TLS.

Actual behavior: I configured in/etc/rsyslog.conf to be able to receive logs over TLS, however I continue to receive them encrypted Of course, I previously created the cert ...

Goal: Get files

• from Bucket 1 in ca-central-1 in Account A
• to Bucket 2 in us-east-1 in Account B
• using the AWS CLI from a third machine using an the IAM role with correct S3 read and write permissions (assume unless that's unlikely)

I got the error:

ClientError: An error occurred (AccessDenied) when calling the CopyObject operation: VPC endpoints do not support cross-region requests

and this bro ...

I'm trying to set up hostapd on linux machine as a network authenticator with 802.1x.

I've been mostly following this guide, with some adaptations since I'm using Ubuntu Jammy instead of RHEL, and using veth interfaces in the bridge instead of physical ones.

I created the hostapd.conf file as instructed with the content as they described - My bridge interface is br0 like in the sample, I changed the

With an NFS4 mount, using /etc/idmapd.conf to map the nobody user and group to user123, files look like they should be accessible to user123 but instead give a Permission denied. The files are accessible to root.

Is there another mechanism I should be using to make these files accessible to user123? Ideally without having to request changes to how the NFS server is set up.

Here's an example of the pro ...

have a single page website that uses the hash (!#) to access different pages. he problem is that some product viewers break my links encoding the hash character, replacing !# with domain main , so for example the link my.app.com/#!/product becomes my.app.com/#!/product m trying to correct this using an htaccess rule that rewrites the URL:

RewriteEngine On RewriteRule ^#! / [L,R=301,NE]

My organization has multiple mapped drives that target DFS paths such as \\domain\HOME\HomeDrives\username. When trying to access one of the mapped drives after connecting to VPN, the following error occurs:

An error occurred while reconnecting U: to \\domain\HOME\HomeDrives\username Microsoft Windows Network: The network path was not found. This connection has not been restored.

The problem resolves  ...

I was creating an image of my EC2 instance and after starting the process of image creation, the original instance is giving 403 forbidden error message. For reference, the original instance has 200GB volume and I chose the option to create the image of that top.

I tried to map the following multi hop using a ssh configuration file:

ssh -tt -l jumphost 192.168.1.5 ssh -tt -l jumphost 192.168.2.111 ssh -tt -l inside_server 192.168.3.50

without using one of the following commands as a config:

ssh -oProxyCommand="ssh -q -oProxyCommand=\"ssh -q [email protected] nc -q0 192.168.2.111 22\" [email protected] nc -q0 192.168.3.50 22" [email protected]
 ...

Searching through the web, I still don't quite understand how a proxy server proxies HTTPS. I read that an HTTP proxy knows the port number and SNI of a CONNECT request, but if the proxy itself is running on 443 with SSL, then the client with have to negotiate SSL with the proxy server first then send proxy requests. Does that mean the connection between the original client/server is encrypted twice, i. ...

I have samba share on ubuntu 22.04:

[tork]
   path = /
   user = root
   read only = no

   # tried :
   wide links = yes
   force user = root
   allow insecure wide links = yes

None of these can be seen from Windows 11:

 13 lrwxrwxrwx   1 root root          7 Aug  9 11:53 lib -> usr/lib
 14 lrwxrwxrwx   1 root root          9 Aug  9 11:53 lib32 -> usr/lib32
 15 lrwxrwxrwx   1 root root     ...

I know the problem isn't new. But I have tried lots of thing. What I couldn't figure out is, socket wasn't available since I downloaded mysql.

/etc/my.cnf
/etc/mysql/my.cnf
/var/lib/mysql/my.cnf

None of the above files are available. I had downloaded mysql-server at first. As it wasn't working I downloaded MariaDB. Still not working. What I can do with MySql is enable, restart (but not start) and  ...

So I have a VZDump of a Proxmox VM image.

What I want to do is import this to QEmu. How would I go about doing this?

So far the results just show me Proxmox to Proxmox and not Proxmox to QEmu.

I have a use case where I need to map an entire domain (dev.example.com as an example) to a specific computer on the network that unbound is looking for.

Except for let's encrypt txt records which I need to go up to a public dns that is the authority name server for the domain.

Creating the wildcard is easy in the a-records.conf file.

Is there any way to say "except if a record is auto_verify.dev.examp ...

I want to find out why some TCP messages are being dropped by our production firewall.

The firewall is running CentOS 7, has a large set of iptables rules defined and is a sensitive part of our production environment: any performance issues are likely to impact our customers.

What should I expect the performance impact to be of adding iptable TRACE rules to this very busy firewall?

I am struggling to have my Debian VM (5.10.0-15-amd64) accept incoming requests for a plain nginx webserver hosted on Docker. When binding the IPv6 address directly within the docker-compose.yaml file I get an 'Empty reply from server" error:

curl -v sub.domain.id:8030
*   Trying 2003:a:b:c:d:e:fe40:1611:8030...
* Connected to sub.domain.id (2003:a:b:c:d:e:fe40:1611) port 8030 (#0)
> GET / HTTP/ ...

I am hosting a Website on some EC2 Instances behind an Elastic Load Balancer. The Website can be reached via the public IP of the Load Balancer. This public IP is changing frequently so I have to redirect/block it.

For redirecting any access from the public DNS of any AWS services I'm using this Virtual Host with a wildcard. This is working perfectly:

server {
    listen 443;
    server_name *.amazona ...

I'm toying around with using OpenBSD as a NAT router behind Starlink but efforts with the NAT are failing even in the simplest cases. I've probably simply been staring at it too long and need an extra set of eyes.

Here's the essential setup.

[Starlink 192.168.1.1] <=> <igc0: 192.168.1.189> [OpenBSD Router "cerby"] igc3:172.16.16.1 <=> {LAN}

ifconfig igcN

cerby$ ifconfig igc0
i ...

Windows Server 2019 (WS2019) Self-Hosted Integration Runtime (SHIR)

I have two on-premises WS2019 servers with Integration Runtime installed.

Each SHIR has been successfully registered with an Azure Data Factory (ADF) SHIR binding.

Network connectivity from on-premises to Azure is via Microsoft ExpressRoute.

This 2-node cluster is relied on only for connectivity to on-premises resources such as databases  ...

I'm trying to write a post-commit hook that will zip all the changed files saving the directory tree. When I try to do a svn status on a repository directory (with conf, db, hooks directories etc.), it outputs the W155007 error saying this directory is not a working copy. I cannot afford to clone the repo locally just for zipping because repository size can exceed 1TB.

What am I doing wrong and is ...

Is there a way to list the actual ports when listing the rules?

I mean:

nft list ruleset

table ip filter {
    chain INPUT {
        type filter hook input priority 0; policy drop;
        iifname "lo" counter packets 114 bytes 316154 accept
        ct state established,related counter packets 415 bytes 70571 accept
        tcp dport http counter packets 13 bytes 728 accept
        tcp dport http-alt ...

When I boot my desktop sshd is not running:

=$ systemctl status sshd.service
○ sshd.service - OpenSSH server daemon
     Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: disabled)
     Active: inactive (dead)
       Docs: man:sshd(8)
             man:sshd_config(5)

If I'll do sudo systemctl enable sshd.service; sudo systemctl start sshd.service it comes online without ...

I try to mount /dev/nvme0n1p1.

Disk /dev/nvme0n1: 465.76 GiB, 500107862016 bytes, 976773168 sectors
Disk model: Samsung SSD 980 PRO 500GB               
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: B1ED7DE3-D07A-2646-9A21-14A2ABF7CEB2

Device         Start       End   Secto ...

I have successfully connected with S3 and updraft backup but I got a problem.

S3 settings test result: Failure: Region: ap-southeast-3: We successfully accessed the bucket, but the attempt to create a file in it failed. Please check your access credentials. (UpdraftPlus_S3::putObject(): [IllegalLocationConstraintException] The ap-southeast-3 location constraint is incompatible for the region specific en ...

I have a k8s cluster deployed in OpenStack which for communication uses internal network and only the Master nodes have floating IP's in the external network. I am trying to use MetalLB load balancer(not really a load balancer) to whom I have assigned an segment of the external network in OpenStack and I have used a Floating IP assigned to MetalLB controller to provide access to that subnet from outside ...