Latest Server related questions

I can add a passwordless id_ed25519 file locally using ssh-add -k, but not on my remote server.

Locally:

☁  ~  ssh-add -l
The agent has no identities.
☁  ~  ssh-add -k ~/.ssh/id_ed25519
Identity added: ~/.ssh/id_ed25519 ([email protected])
☁  ~  ssh-add -l
256 SHA256:.... [email protected] (ED25519)

Locally my OS is not bothered that this is a passwordless key, and does not prompt for a password ...

I have an Nginx server in Ubuntu 20, And has a multi-port listener on it for the proxy pass.

I want to limit the number of connections per port. IP doesn't matter (I mean dont limit by IP). My IPTable has been disabled and I prefer to dont use it. I want way to limit connection event without Nginx but the Nginx limit is ok too.

There is a way to limit that without lose performance ?

Update : I found CS ...

Note: I originally posted this question in Unix/Linux StackExchange, but after a week, there have been no responses. I see more postfix-related discussion here, and so I've voted to close the StackExchange version of my question, and I've moved my question here.

I'm running postfix version 2.93 under Debian 8, and I'm trying to accomplish something unusual.

I have been using a home-grown milter f ...

I am trying to create a dockerfile that uses a combination of rtlamr and rtlamr-collect to collect information about my utility meters. I cannot get the ENTRYPOINT in docker to be rtlamr | rtlamr-collect.

Here's my dockerfile:

FROM golang:latest AS build
RUN CGO_ENABLED=0 GOOS=linux go install github.com/bemasher/rtlamr-collect@latest
RUN CGO_ENABLED=0 GOOS=linux go install github.com/bemasher/rtlamr@l ...

Our RDS database has been in state 'Upgrading' for over 5 hours. It appears it was applying an Automatic minor version upgrade to mariadb 10.4.26 I cannot connect to the database in any way; I can only view error/mysql-error-running.log which displays this: error/mysql-error-running.log

It appears the only option right now is to restore to the latest backup, but I don't know if this will leave the  ...

I am trying to set up SFTP on my Arch Linux machine. I made the sftp user, gave it a password, and tried to login with sftp sftp@localhost using the correct password, but it gave me the error Permission denied, please try again. I can login as my normal user through ssh, but this one does not work. How do I fix this?

SSH Logs:

pam_systemd_home(sshd:auth): systend-homed is not available: Unit dbus-org ...

In libvirt version 6.0.0

I have following configuration

<type arch="x86_64" machine="pc-q35-4.2">hvm</type>
<loader readonly="yes" secure="no" type="pflash">/usr/share/OVMF/OVMF_CODE_4M.ms.fd</loader>
<nvram>/var/lib/libvirt/qemu/nvram/root-test-uefi_VARS.fd</nvram>

Before I start the vm, i also remove the root-test-uefi_VARS.fd to let it create a new one from defau ...

I am trying to connect to github over ssh on my remote server (Running Ubuntu 22.04).

On my local computer (Running Win 10), I have ~/.ssh/config file with the following:

Host remote
    HostName SERVER_IP
    port 22
    User ubuntu
    ForwardAgent yes

After connecting to the remote server, I can confirm that the ssh agent is working by typing:

echo "$SSH_AUTH_SOCK"

result: /tmp/ssh-XXXXPWEKZo/ag ...

Linux is capable of bonding NICs together. The interesting policy for this is Round-robin, which alternates outgoing packets between each NIC.

However the performance benefits are usually limited to multiple clients. A single 1000BASE-T client, despite being fed from dual 1000BASE-T, is of course still limited to 1 Gbit/s.

What about 2.5GBASE-T clients? Assume the following:

[Server|2x1G] <===> [ ...

I was adding some nfs links to fstab but a stray process filled disk so I lost fstab when trying to save. Am trying to recreate, machine is still live.

Found some helpful links, used blkid and think I have put mount for boot device.

However the main system is on lvm and the UUID for that doesn't seem to match the underlying block devices.

I tried looking at fstab and blkid on another machine and copied ...

every time i try to do an update because I can«t find a certain package, i just get a bunch of 404s and error messages saying that my repositories no longer have a release file. this is really destroying my use of the system :/

meanwhile i discovered that i was running 22.04 (which claims to be LTS but repositories are dead?), and there's a 22.10 which has running repositories. so I tried to upg ...

I have been trying to setup Squid proxy for a good 2 hours now, I dont want any authorizations or any blacklists. I just want all requests to get accepted. I have already tried http_access allow all, acl all src all and a lot of other methods (pretty much every method you can find on the first 3 google result pages) already, but I always get a 403 code when I actually try to make a request through ...

In regex, I think I want .*\..* -> Match all files with any characters, single dot, all characters.

In unix filenaming pattern matching, is there a way to do this as *.* matches filenames with two . in them. It will match release_4.18.1 file when I only want it to match all the release_4.18 files.

I am using github branch protection name matching so I can't do fancy commands either in bash or anythi ...

Setup is: cloudfront -> load balancer -> ec2 server

CloudFront logs shows the request are coming from these IP's and User Agent.

c-ip = 52.2.212.237 44.207.101.129

cs(User-Agent) = Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36

I am living in Iran currently and our internet is limited. For bypassing the national firewall, we have to use a VPS based in Iran as a relay to connect to a VPS server outside Iran.

Many are using V2Ray VPNs and use a relay configured with IPTables to forward a connection on ports 80 and 443 to VPS ips (see this gist)

Instead of configuring iptables, I am trying to come up with a solution using N ...

I have 2 lambda functions wrapped in docker containers and am using docker compose to run them together. One runs on port 9000 the other on port 9001. I am trying to use nginx to allow them to both be reachable on the same port locally. I am able to hit each lambda individually at their respective port in postman at

localhost:9000/2015-03-31/functions/function/invocations

but not at the nginx map ...

Read title. I am trying to figure out how to boot into safe mode on a windows VM and still be able to connect to it via RDP (or another remote service).

I pass-through a usb device like this:

<hostdev mode="subsystem" type="usb" managed="yes">
  <source>
    <vendor id="0x067b"/>
    <product id="0x2731"/>
    <address bus="2" device="11"/>
  </source>
  <alias name="hostdev0"/>
  <address type="usb" bus="0" port="4"/>
</hostdev>

If I boot from virtual cdrom, the lsusb can show my usb drive without ...

Problem

There are some outgoing TCP DNS requests in my Ubuntu server that I couldn't control them to be resolved by Unbound on 127.0.0.1:53 which uses 208.67.222.222 to resolve everything, and I see those TCP DNS packets finally going from my public IP address to famous DNS servers such as 8.8.8.8 and 1.1.1.1.

What I have done

ipset -N myipset iphash
ipset -A myipset 127.0.0.1
ipset -A myipset 208.67.22 ...

I cannot connect to my windows VM after booting into safe mode [networking enabled]. I have restarted, and I have tried using the serial console but it doesn't make much sense to me. I am trying to figure out:

A. How to enable RDP on Windows via the GCP console

B. How to restart the computer in normal mode via GCP console.

Please help.

EDIT: Solved it myself lol. See my comment below.

I am trying to get a VM operational and working so my router can forward a high port to its SSH, allowing someone on the Internet to connect to the VM. I am familiar with how to make that part of it operational.

I first tried bridged networking. With that, the guest does not get an IP address. If I set an IP address on the guest manually, then the guest can ping Internet addresses, but TCP con ...

Hello when I export Azure logs to csv I get this datetime format that excel doesn't recognize as a valid date time format:

2022-10-19T12:05:58Z

Is this the best way to convert this to an excel datetime or is there something simpler?

=DATE(MID(A107,1,4),MID(A107,6,2),MID(A107,9,2)) + 
    TIME(MID(A107,12,2),MID(A107,15,2),MID(A107,18,2)) 
    - TIME(5,0,0) 
    + TIME(1,0,0)

This minus five hours is ...

I have a use case where I would like all requests to start with a prefix like:

https://WHATEVER/pfx

For example https://WHATEVER/pfx/a and https://WHATEVER/pfx/b/c/d

But I wish to prevent https://WHATEVER/somewhere_else and similar requests that do not include the prefix (pfx). In preventing this, I'd like to simply redirect all such requests to https://WHATEVER/pfx (home page)

Is this possible wi ...

Steps

1. I create cluster in zonal mode and only have 1 zonal GKE version v1.21.14-gke.2700

2. I create a PD in GCP GUI make sure it is in the same zonal

3. I am deploy a pod mount the PV, PVC using PD i created without nodeSelector/nodeAffinity and tolerations <=== to shows the PV,PVC and PD is correct define

4. I then create pod with nodeSelector and tolerations without mount and pv and pvc <== Re ...

A scheduled GCP cloud run job is failing sometimes (most if the time its running correctly) without a proper cause in the error message. The only message its returning is a very obscure one: "Execution JOB_NAME has failed to complete, 0/1 tasks were a success."

Context: The job runs a docker container, that is deployed in GCR. The container is being built with GCP Code build, trigger by a github push. ...

I have several web apps I like to proxy with a single URL. This is my nginx.conf

server {
    listen 443 ssl;

    server_name webapps.mysite.com 192.168.5.28;

    access_log  /var/log/nginx/webapps_access.log;
    error_log   /var/log/nginx/webapps_errors.log;

    ssl_certificate /etc/letsencrypt/live/webapps.mysite.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt ...

I've installed fail2ban and it's working fine in banning IPs that try to access ssh with invalid username/password even if they tried once.

Now I'm receiving key exchange attacks that fail2ban doesn't deal with in the default setup.

I created cron that generate the IPs using the command:

sudo cat /var/log/auth.log | grep "Unable to negotiate" | awk '{print $10}' |sort |uniq >> ipsfile

Now I  ...

I am currently configuring a nginx reverse proxy. The docker instance of nextcloud is available on Port 8891

server {
  listen 8888 ssl http2;
  ...

  location /nextcloud/ {
  proxy_pass http://0.0.0.0:8891/;
 }

}

however when I try to navigateto the url, I have the problem, that the stylesheets etc. are not available under /nextcloud/* instead they are getting fetched from /core/*.

Removing t ...

I am considering migrating my e-mail from one hosted provider to another; specifically to Proton Mail, but I don’t think that matters. My trepidation comes from my personal domain and the potential for either a temporary loss of service, loss of my e-mails, or both.

My current provider manages my domain, DNS and mail hosting (IMAP-based). I have three mailboxes, let’s call them {a,b,c}@example.co ...

I am a beginner with traefik, lighttpd, docker compose, and I am trying to get logging working for lighttpd under docker compose.

My lighttpd.conf file contains:

server.modules = (
        "mod_debug",
        "mod_accesslog",
        "mod_dirlisting",
        "mod_indexfile",
)

server.document-root = "/var/www/lighttpd8081/html"
server.errorlog = "/var/log/lighttpd/error.log"
server.port = 80

mimetyp ...