Latest Server related questions

Using VC7. Any idea why cloned linux VM after start has no IP assigned ? Only solution is use customize OS during Clone.... As I understood "Clone VM" should copy whole VM. FYI: original VM was powered off, so no IP conflict there, and new VM eth link was UP. And original VM used static IP

I have an Ubuntu 18 server which is being used as a VPN server ( V2RAY ) . My VPS provider ( OVH ) has sent me this abuse report :

2022.10.22 12:40:47 CEST 51.91.11.***:53258 8.8.8.8:443 TCP SYN 60 ATTACK:TCP_SYN
2022.10.22 12:40:47 CEST 51.91.11.***:43752 157.240.21.63:443 TCP SYN 60 ATTACK:TCP_SYN
2022.10.22 12:40:47 CEST 51.91.11.***:49242 179.60.192.52:443 TCP SYN 60 ATTACK:TCP_SYN
2022.10.22 1 ...

I'm trying to setup a DNS-Server for my Domains using Bind. The Server behaves correctly for noncustom Domains like google.com or github.com, but for my domains it always returns "SERVFAIL". I've already checked the zone file using named-checkzone which returns "OK".

My Zone config (defined in named.conf.local):

zone "michlfranken" {
  type master;
  file "/var/cache/bind/db.isiko404.dev";
};

My Option ...

Today I wanted to do some labs of SSTP Windows Server VPN. What I have done so far, it’s to build a Windows server 2019 as a Domain Controller and as a Certificate Authority.

From my CA I have created a self-signed server certificate in order to install it on my Windows Desktop Client

I have well prepared my server installing Routing and Remote Access role

On the tab "Security" (from properties) I ha ...

On a file server, a base folder contain user's folders:

This base folder is protected against user's actions (deletion, rename, dump of files, etc), users can only read and traverse it:

To protect each user's root folder, I explicitly deny them the right to delete their own folder:

This imply to add a deny on each folder.
Doing it on the base folder does not work: deny to the group Users

I run a Postfix server which forwards one address to a gmail address.

# /etc/aliases
localuser: [email protected]

This works since several months. But if a sender has a SPF record with a hard fail, then the forwarding does not work:

  gmail-smtp-in.l.google.com[ said: 550-5.7.26 The
    MAIL FROM domain [example.com] has an SPF record with a hard fail 550-5.7.26
    policy (-all) but it f ...

nsupdate not update the records. Try to find where I'm wrong but I can't.

> server 192.168.1.117
> update delete _kerberos-master._tcp.example.com. SRV
> update add _kerberos-master._tcp.example.com. 3600 IN SRV 0 100 88 idmserver1.example.com.
> update delete _kerberos-master._udp.example.com. SRV
> update add _kerberos-master._udp.example.com. 3600 IN SRV 0 100 88 idmserver1.exampl ...

The stage: a control plane machine, kubernetes 1.24.3 on a baremetal Ubuntu 22.04, installed with kubeadm, there is also one worker node. The whole set-up worked like a charm for 4 months until some unknown silent kaboom yesterday (I actually don't exclude a sudden hardware issue)

The problem: port 6443 is listed by netstat for the first few minutes after the control plane machine start-up, and t ...

I'm experimenting with a NAT gateway vs a Squid proxy in an EC2 instance (both of these placed in the same public subnet). To test connectivity, I'm using a private subnet to access the internet (once using a Linux instance, and then again using a Windows instance). The actual switch (squid vs NAT) is being done in the route table entry.

In other words, I test the following 4 combinations:

1. Linux instanc ...

I recently installed Suricata as an Intrusion Detection System on my Ubuntu-22.04 server. I setup Suricata following a tutorial on digital ocean (https://www.digitalocean.com/community/tutorials/how-to-install-suricata-on-ubuntu-20-04), using the default ruleset.

Early in the morning Suricata generated and logged an Alert, showing that my server reached out to a known abusive IP address via SSH.

we are having a weird issue with a network of Cisco SG350 Switches that I cannot figure out. We are thinking it may be related to STP but have verified all the normal problem points (i.e. proper ports are showing as Root / SmartPort disabled / etc)

Here is the network diagram: Cisco SG-250 Network Diagram

As you can see, we have 5 Cisco SG350 switches, all in a parallel daisy chain, except switch ...

How to test that an account other than login account has access to a network folder ?

Here's an example :

I'm logged in as steves but I need to test if joej has access to :

\\contoso\dept\finance\payroll\taxes\

I would like to know if anybody experienced this. I am running the server cli version of Ubuntu 22.04.
After running apt, I see a message saying to run apt autoremove. (I did this) I also got a message about a kernel update and to reboot (I rebooted) Network never came up.

It did not take me long to realize that the iproute2 package and the netplan.io package were both gone. (both the ip and n ...

I am a user of a server with 2 level password authentication (keys+password). My passphrase for the keys is stored in the mac OS keyring app, but I cannot find a way to save my password.

I have read that it is possible to configure putty-tools in a way that the password is read from the keyring app.

Otherwise I would like to use any other method to use the password stored in the keyring.

I am trying to setup PPTP server on a remote dedicated server with only one static IP and on network interface and I am very confused about how to enable, I have no subnet on the dedicated server it is directly connected to the internet with an static IP, can anyone please illuminate me on this ?

I'm hosting mattermost-6.3 via docker. I followed this documentation https://docs.mattermost.com/install/install-docker.html and cloned the repository https://github.com/mattermost/docker then I copied generated the .env file (from env.example) and with docker-compose -f docker-compose.yml -f docker-compose.without-nginx.yml up -d mattermost is up and running.

So far so good, but now I'd like to do  ...

I usually see options like boot=casper or boot=live. However, I cannot find anything describe the actual meaning of this option and I cannot find any piece of code handle this option at all. From kernel documents it said:

Parameters denoted with BOOT are actually interpreted by the boot loader, and have no meaning to the kernel directly.

So I guess this option is actually handled by whatever bootl ...

I have a server with Ubuntu 20.04 that ran without problems for a while. However, since a week ago, problems started to arise as everything became slow. On the server I run Virtualizor with a number of VM (VPS) servers.

It looks like everything is so slow because of high iowait. The server runs 3x a Samsung 870 QVO 1TB SSD. Can someone explain why there is such high iowait and how to solve it?

Comma ...

I'm facing a problem with my samba server. I had a Samba server but it was a very old configuration so I have reinstalled the OS (Debian 5.10.140-1) and the Samba (Samba version 4.13.13). But now all the computers with Win10 cannot connect in the server. I get the message:

The device or resource (nameServer) is not configured to accept connections on the "File and Printer Sharing (SMB)" port.

I Have tr ...

I own a large wordpress site that gets

• 500k+ visitors
• 30+ plugins (some heavy)
• server with 128 GB RAM

Wondering if there are "best practices" for php.ini settings for larger sites on Linux? I think my host may be cutting corners to save bandwidth, but I'm not 100% sure where to start on php ini settings.

We first set up MariaDB replication using less powerful servers but considering our increased database load we had to rent more powerful servers and that's when the troubles began.

Right now the replication between the master and slave occasionally lags between 0 and 1000 seconds for reasons which we've not been able to identify. This happens on average a dozen times a day. Considering the nature ...

In my bind9 DNS server, I have my servers described like this:

[...]
prd1frm201      IN      A       172.21.10.2
dns             IN      CNAME   prd1frm201.kprd1.
ntp             IN      CNAME   prd1frm201.kprd1.

prd1frm202      IN      A       172.21.10.3
sentry          IN      CNAME   prd1frm202.kprd1.

[...]

And the reverse is defined like:

[...]
3                       IN PTR  prd1frm202.kp ...

I am running a LEMP server (Ubuntu 20.04 server) with fast cgi enabled, and am getting the following error message in the logs for one of my virtual hosts (one of my websites). Here is the full error with my website and IP address redacted:

[error] 2041#2041: *38 FastCGI sent in stderr: "PHP message: PHP Warning:  hash_equals(): Expected known_string to be a string, null given in /var/www/example.c ...

My Pods are allocated 1000m CPU. I would like to make Pod not-Ready when CPU usage is over 900m or 90% of the allocated resources.

Is there a configuration for this or do I need to implement a check in my application that would signal readiness based on the CPU usage?

I'm facing below issue when i need to activate server block from nginx.conf. Can you check it with me please?

sudo systemctl status nginx.service

● nginx.service - nginx - high performance web server

Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Fri 2022-10-21 18:28:13 +03; 11s ago Docs: http://nginx.org/en/docs/  ...

I need to a variable for haproxy that is the actual remote ip while still using accept-proxy, like http-response set-header Upstream-Server %[req.real_ip]. %[src] does not work and sends the client ip from the proxy protocol if accept-proxy is active.

I have a setup like this:

1. haproxy load balancers
2. haproxy ddos protection servers
3. nginx proxying to PHP web applications

1 accepts public Internet HTTP/ ...

I am creating a configuring a Server using Ubuntu and Apache. Everything works fine except that when I use redirection of HTTP to HTTPS.

How can I write an exception case where every http request is redirected to HTTPS except when its for JENKINS.

JENKINS : http://www.example.com:8080/ <= Should not be redirected to HTTPS Normal Request : http://www.example.com/ <= Should be redirected to HTTPS

Since a week I've been suffering from a server with VPS servers that is very slow and has a lot of IOWAIT. Can someone explain or tell what is causing this problems?

Command: iotop -aoP

  PID  PRIO  USER     DISK READ  DISK WRITE  SWAPIN     IO>    COMMAND
 338273 be/4 root          0.00 B      0.00 B  0.00 % 33.41 % [kworker/u130:0-events_unbound]
 344858 be/4 root          0.00 B      0.00 B   ...

I found these errors in my Nginx error logs. I use a dedicated server (Ubuntu) with 2 websites/apps (running also a sync engine with APIs)

[ N 2022-10-21 11:40:55.2857 5800/T3 age/Cor/CoreMain.cpp:1147 ]: Checking whether to disconnect long-running connections for process 5969, application /home/admin/rails/prod/current (production)
[ N 2022-10-21 11:46:38.3071 5800/T3 age/Cor/CoreMain.cpp:1147 ]:  ...

On my Debian 10 VPS I have a MediaWiki deployment that I'm hosting on wiki.myorg.com stored on the filesystem using a soft link to manage versions like this:

/var/www/mediawiki/1.34.4
/var/www/mediawiki/1.38.2
/var/www/wiki -> /var/www/mediawiki/1.38.2

Then in nginx.conf I have the configuration pointing the home directory of the site:

server {                                                       ...