Latest Server related questions

I have a folder, owned by the "website user" foo, that will host a site:

$ sudo mkdir foo
$ sudo chown -R foo:foo
$ sudo chmod -R u=rwX,g=rX,o= foo
$ sudo chmod -R g+s foo
$ ls -la

drwxr-s--- ... foo foo ... foo

I add Nginx (my server) to the foo group, but I don't want Nginx to be able to write, so I set the group permission to rX.

I set a default ACL. I want all new files to have these permissio ...

I had set up a Debian server with an ip address that was assigned to another device by accident. I forced the server to connect through /etc/network/interfaces but am still finding it switches to the original ip address and I am unable to find the original network configuration file. The interim fix is to change the /etc/network/interfaces to its original device of ens192 but the device is currently eth ...

I am trying to execute a powershell script on a remote server from my local machine, however I get an error. Here is the full error message:

Connecting to remote server failed with the following error message : The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or th ...

I have an app in which there are a few tasks that communicate using publisher/subscriber. The main problem is that the pub/sub discovery works by multicasting information to the other tasks, but when I deploy those tasks in k8s, the pods can't multicast between them as they have private IPs assigned.

I have read about using services, but it didn't convince me because I would lose the peer to peer ...

I would like to set the primary ns server on a domain I am creating on Windows Server programmatically:

ManagementBaseObject outParams = zoneObj.InvokeMethod("CreateZone", inParams, null);ManagementClass zoneObj = new ManagementClass(session, new ManagementPath("MicrosoftDNS_Zone"), null);
ManagementBaseObject inParams = zoneObj.GetMethodParameters("CreateZone");
inParams["ZoneName"] = "mydomain.co ...

I have a virtual Windows 2022 Server in a VMWare ESXi environment, and a WS2019 virtual in another host, which is my Active Directory Domain Controller. I've been trying to promote the WS2022 to domain controller, but it fails during the process with a "The remote procedure call failed" error, then the computers in network cant log on the domain and I have to restart the WS2019 in DSRM and activate the  ...

I want to check if java-11-headless is installed. java-11-headless is a virtual package and it is provided e.g. by java-11-openjdk-headless.x86_64 package. I do not care what exactly package provides java-11-headless I only want to check if java-11-headless is installed.

I googled my issue and all answers concern checking certain package (e.g. java-11-openjdk-headless.x86_64) , not virtual packag ...

I want to access my cctv cameras from outside of country everything looks fine on the cctv network like ports and static ip but i cant check my cameras on ivms-4500 application . please help thank you

I want to check header after add missing headers.

main.cf:

always_add_missing_headers = yes

header_checks:

# 2022-10-25 14:21:34.371985 
/^Message-ID:/i PREPEND X-MY-HEADER: HAHA
# ------------------------------
/^To:.*[email protected]./ DISCARD

Can we change the name of rpool? Do we have to create a new BE(Boot Environment)? Can anyone tell me the complete process?

# zpool status
  pool: rpool
 state: ONLINE
 scrub: none requested
config:

        NAME        STATE     READ WRITE CKSUM
        rpool       ONLINE       0     0     0
          c1t3d0s0  ONLINE       0     0     0

errors: No known data errors

# zfs list
# zfs list
NAME     ...

Is there a way to exclude a conditional access policy from MFA when accessing a specific resource?

In this case it is when accessing a SQL managed instance. Everything else has to apply MFA.

I created a few VMs and made a few checkpoints, how do I safely & preferably quickly, rename the files on disk?

I can easily rename the labels here:

Hyper-V Manager Microsoft Corporation Version: 10.0.19041.1

I want to drop incoming DNS responses that contain 10.10.34.35. How can I do that?

I tried to it this way:

iptables -I INPUT -m udp -p udp --sport 53 -m string --algo kmp --hex-string '|31 30 02 31 30 02 33 34 02 33 35|' -j DROP

But it simply doesn't drop them and I still receive them. However simply doing iptables -I INPUT -m udp -p udp --sport 53 -j DROP blocks all of them coming from port 53, but I w ...

I have a single VPC with one internet gateway and some subnets that are shared across multiple AWS Organization accounts using RAM. The VPC is protected with a Security Group that is managed by Firewall Manager to ensure it is replicated to all of the accounts that are granted access to the shared subnets. And, the subnets are protected by NACLs. The NACLs and SGs are configured to allow bi-direction ...

On IBM SystemX servers, there is a thing called an IBM Management Module (IMM), which is basicly a mini-OS on a seperate Network-Interface, accessible via a Web-UI. This is very handy, because you can monitor & troubleshoot the server, independet of the status of the server-OS.

The IMM on my server has just one nasty problem: sending email notifications is poorly implemented. Apart from the i ...

I have a client that wants to migrate from on prem to hybrid to eventually cloud only and they have a few apps that I want to run via Azure Virtual Desktop as opposed to RDS (licensing for avd is bundled into their M365 licensing) but I'm having an issue with the authentication because of how their domain is setup. They currently have a .local domain on prem that self routes to the domain controller as  ...

I've never heard of anyone running one server on the original instance of Windows Server on the physical machine, and then running a second server on a Virtual Machine, so I can't find any info on this. I have a physical server running Windows Server 2022 that is used for storage and File Sharing. My company uses a CAD software called Microvellum that requires an SQL database and recommends it run on a  ...

There is a way to limit access on the special port when another connection has been established?

for example, when someone with IP 192.168.1.1 connect to my server on port 8080 other IP will be rejected to port 8080 till the 192.168.1.1 device will be disconnected.

I am writing a script to automate shutting down a vSAN cluster (yes I know 7.03 know has a button), based on this knowledge base article.

I am at the part where it wants us to call a script on each ESXi host.

esxcfg-advcfg -s 1 /VSAN/IgnoreClusterMemberListUpdates

I could use a Python lib like paramiko but that means I would need to keep SSH turned on all the time.

Is there a way to use pyVmomi or vSphe ...

There is currently an app that is using cname host mapping with a third party app

the hostname for the third party app is mycompany.partner.com and the current cname host map under my domain help.mycompany.com

so current routing is below

users => cloudflare DNS(help.mycompany.com) => cname host mapping(mycompany.partner.com) => partner app

now i want to do this

                           ...

man ssh says:

-t Force pseudo-tty allocation. This can be used to execute arbitrary screen-based programs on a remote machine, which can be very useful, e.g. when implementing menu services. Multiple -t options force tty allocation, even if ssh has no local tty.

https://explainshell.com/explain?cmd=ssh+-tt

Multiple -t options force tty allocation, even if ssh has no local tty.

What does t ...

Is there an equivalent to ssh -t in the ssh config?

I couldn't find anything in the man pages.

OpenSSH >= 8.9

I have multiple domains and i have imagined that one VirtualHost for each would be the way to go. glpi.localnet.lan is never loaded, whereas web.localnet.lan is always display instead, even if i tip "glpi.localnet.lan" in web browser.

glpi.localnet.lan.conf in sites-enabled:

<VirtualHost *:80>

   ServerName  glpi.localnet.lan
    ServerAdmin [email protected]
   ServerAlias glpi

   Alias /gl ...

I hope this is a simple question. Currently I have an Apache2 webserver on Ubuntu with multiple websites. The basic structure of the Apache is

/etc
  /apache2
     /sites-available  --> the .conf files for the websites
     /sites-enabled    --> the enabled .conf file links for the websites
/var
  /www
    /html
      /sites-admin     --> the location of the websites code

My task is to create ...

I have configured 2 servers, SERVER A and SERVER B. (I have followed this tutorial: https://community.hetzner.com/tutorials/linux-setup-gre-tunnel)

I have used SERVER A for GRE tunnel to SERVER B (Meaning all traffic sent to server A shall be routed to Server B and served from there only). What I wish to do now is when I use "curl ip.me" on terminal of SERVER A, it shows me the IP of Server B, I w ...

I would like to forward all traffic from a server (Linux) to another server (Linux) without losing ssh access to first server. Authorities (government) have been shutting down the Internet, we have a hard time accessing outside of the country's Internet.

I have configured Server B with OpenConnect Server and I can connect successfully from local to Server B

Local Machine === (via vpn) ===> Se ...

Running Apache 2.4.53 - I have a setup where in httpd.conf I have:

<Location />
  <RequireAll>
    Require all granted
    Require not env something
    Require not ip 1.2.3.4
  </RequireAll>
</Location>

The above is supposed to run cross VH. Then, in a specific folder, of a specific VH, I have a single .htaccess which introduces BA with a simple:

AuthType Basic
AuthName "BA"
 ...

I have a backend hosted at api.example.com using Flask. I would like to be able to make changes to this api without interrupting live traffic. I'm thinking of ways to accomplish this but without using a load balancer.

What I have done so far:

1. I created two A endpoints (api-main.example.com) & (api-backup.example.com) and a CNAME (api.example.com). Everytime I would like to make a change I would s ...

This is my first post on any SE related site. You guys have been such a valuable component of my search results that for 20+ years I've always found answers and never had to post, a testament to the quality of the content on SE.

I'm having some issues working with certificates and L2TP/IPSEC on Windows Server OS (2019) that I hope somebody has more experience with than I do and wouldn't mind lend ...

I have a Terraform codebase which deploys a private EKS cluster, a bastion host and other AWS services. I have also added a few security groups to the in Terraform. One of the security groups allows inbound traffic from my Home IP to the bastion host so that i can SSH onto that node. This security group is called bastionSG, and that works fine also.

However, initially I am unable to run kubectl from my  ...