Latest Server related questions

Problem. I have one or more domains that serve some uri with a default upstream (a CMS) and few uris that require a different upstream (but still too many to list them comforably and too different to catch them with a regexp).

Now if all the configuration is the same for the two upstreams, beside the two upstreams in itself, I think I solved it in a Good Enough way, it is as follows:

map $host$request_u ...

I want to proxy one URI of my domain to a specific backend server.

I have a public domain name external.lan and a private one lets say internal.lan.

I want http://external.lan/gogs be served by internal server.

Here is my apache configuration block:

ProxyPass "/gogs" "http://internal.lan/gogs"
ProxyPassReverse "/gogs" "http://internal.lan/gogs"

This returns in logs:

[proxy:debug] [pid 4025] proxy_util.c ...

I am unable to compile Apache HTTPd-2.4.54 on Linux platform.

My system config:

• OS: 3.10.0-1160.76.1.el7.x86_64
• Openssl: OpenSSL 1.1.1q 5 Jul 2022

I am getting the following error, even when I try with OpenSSL 3x, I am getting the same error.

Please kindly help me.

Commands I used:

[[email protected]]# export LD_LIBRARY_PATH=/usr/local/lib:/usr/local/lib64:$LD_LIBRARY_PATH
[[email protected]]# systemctl stop ap ...

1. Background

   I have a smart home application written in java and spring. It runs from a raspberrypi inside my home network 192.168.x.x. For security reasons I do not want to control it from internet.

2. What I have

   A web application consist of web pages and some apis. I can open the web page on my phone, tablet, or laptop to view status (e.g. room temperature) and send command (e.g. start heating).

 ...

I created hosted zone in aws and I added the nameservers to my domain

when I tried nslookup on the domain I am getting error

ubuntu@xx-xx-xx-xx:~$ nslookup --type=ns kims.oshabz.name.ng
*** Invalid option: -type=ns
Server:         127.0.0.53
Address:        127.0.0.53#53

Non-authoritative answer:
*** Can't find kims.oshabz.name.ng: No answer

I have an angular app on a Lightsail server. It seems to run correctly

See here

I created the rule in the network tab on the 4200 port

See here

But I cannot reach it from the outside ...

See here

Can you help me?

According to the documentation, built-in databases are ignored by Performance Schema.

The effect of the default object configuration is to instrument all objects except those in the mysql, INFORMATION_SCHEMA, and performance_schema databases.

But in my case, events_statements_history, events_stages_history and events_statements_summary_by_digest retains all the data relating to performance_schema and mys ...

I am not an expert in this topic and so did a lot of research but could not find a clear anwser that I could understand.

I have 2 webapps (microservices) on 2 servers/machines. The webapps communicate with each other over http requests.

I would like to let them communicate using HTTPS (I think that whould be more secure).

The problem is, I use IP addresses of those 2 servers for communication, they hav ...

Using podman/buildah, I want to build a container image that has host file systems already mounted.

I am able to do this with Singularity with sudo singularity build /tmp/lolcow.simg /tmp/lolcow.recipe if those file systems are defined in /etc/singularity/singularity.conf. How can I do this with podman? I am trying to avoid using -v during the podman run stage for this. I'm not tied to Docker compatibil ...

I don't know which forum I should select for this question. Because of that I'm writing this question here.

One of our GCP console users started having issues while listing the instances on the VM instances page of the GCP console. This happened on October 4, 2022.

The user doesn't have access to other pages on GCP console. We were not able to test this with other pages, unfortunately.

The Google Cloud ...

I have this rule and it allows connection on three ports:

iptables -A INPUT -p tcp -m multiport --dports 22,80,443 -j ACCEPT

Then on internet I see examples including

-m conntrack --ctstate NEW,ESTABLISHED

I have then changed my current rule to:

iptables -A INPUT -p tcp -m multiport --dports 22,80,443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

I have read online about connection state but wa ...

What is the iptables equivalent to the following?

socat TCP-LISTEN:8080 TCP:some-random-host-in-another-network.com:80

_{Now multiple clients can connect to port 8080 of this middle host to actually access some-random-host-in-another-network.com:80. I'm asking to see whether it improves the latency and throughput.}

For a while now our vulnerability scanner has been detecting out of date .NET components on one of our servers and a management workstation; this is related to some software we recently deployed on it. However, none of my attempts to fix the issue make this go away, including the link the finding itself that allegedly leads to the solution.

Finding claims this:

    Path              : C:\Program File ...

Q: Can a post-update / upgrade bash script be executed when performing apt-get? I'm experiencing an error where the post-upgrade/update script is running sh & not bash.

See below for details.

1. I'm building Debian packages with fpm, e.g.:

fpm -s dir -t deb \
    -n "<A NAME>" \
    -a all -v "<A VERSION>" \
    --after-install <BASH SCRIPT> \
    --after-upgrade <BASH SCRIPT> ...

#!/bin/bash
#

case “$1” in
    start)
        echo -n “Starting Queue Manager”
                /opt/mqm/bin/strmqm QMPROD1
                sleep 10

        echo -n “Started Queue Manager”
        #
        echo “IBM ACE”
                /opt/ace-12.0.4.0/server/bin/mqsistart.bin IIBPROD1
                sleep 10

        echo “Pokrenut ACE”
        ;;
    stop)
        echo -n “Sto ...

I ran samba-ad-dc domain controller on Debian Bullseye. No problem to create users and groups, organizational units, etc and to join windows or Linux computers to domain. But there is other task: On Windows Server using "Active Directory users and computers", in users profile account tab under button "Log on to..." - you can specify the computers the users is allowed to logon to. This option works for e ...

AWS Client VPN use to work until today. It stop working with the following -AWS VPN Client Helper Tool is required to establish the connection.- I've tried reinstalling the Client found here and it still didnt resolve the issue. I tried to uninstall and i get the same error.

I've restart the mac(M1) multiple times, Reinstall The Monterray OS(didn't removed all applications** don't know why).

I've t ...

I have an EC2 t2.micro instance that I use as a test instance for a web app,

OS: Ubuntu 22.04.1 LTS

the CPU consumption of kswapd0 the process jumps near 100% once in a while, causes a freezes of the instance, and it needs to be rebooted.

Note: "/proc/sys/vm/swappiness" is at default value of 60

I have read that kswapd0 is the process that swaps memory from physical to virtual, so in theory, it should onl ...

I'm trying to force Apache to cache 404, 410 and 301 responses. I've found this solution (which does exactly the opposite and many other example to avoid caching).

<IfModule mod_headers.c>
 Header always unset ETag "expr=%{REQUEST_STATUS} == 404"
 Header always set Cache-Control "max-age=0, no-cache, no-store, must-revalidate" "expr=%{REQUEST_STATUS} == 404"
 Header always set Pragma "no-cache ...

I'm trying to start the service installed with NSSM. The error occurs when performing the process on the Skymail server.

The executable that is turned into a service is a .bat file that executes CakePHP code, the code of the .bat file is as follows:

cd \xampp/htdocs/GridMES
bin\cake mqtt mqtt

The first line navigates to the folder, and the second is responsible for executing the CakePHP Shell function, t ...

Is this a secure setup?

Having an (linux based) Owncloud Server, with Let's-Encrypt SSL Certificate. This server provides shares to the clients, which are SMB connections to an internal File Server

The connection is as follows:

• DNS Entry --> points to private, public IPv4 Address.

• This address has an open port in the firewall, forwarding to the IP in DMZ. HTTPs and WWW are allowed

• The SMB connect ...

I'm trying to backfill Prometheus with old data. My input data is:

$ cat /etc/prometheus/backfill.txt
# HELP mymetric My metric.
# TYPE mymetric counter
mymetric{code="200",service="user"} 123 1665824331000
mymetric{code="500",service="user"} 456 1665824331000
# EOF

Following the docs, I then run the command which doesn't output any error:

$ promtool  tsdb create-blocks-from openmetrics /etc/promethe ...

I have a node server running on nginx as a reverse proxy, which is supposed to handle image uploads. Its ssl cert and domain are configured through cloudflare.

Aside from setting the proxy_pass to pass 443 requests to the node on localhost, I haven't changed the default configuration much. The more notable nginx directives I have set at the bottom of the http block are:

# Disabled nginx testing for ov ...

I've a script to start a Search task on Content Search, of Compliance.

If I use my own user account to login, I am able to run it, but if I use an unattended login through an App, like the one of App-only authentication in Exchange Online PowerShell and Security & Compliance PowerShell | Microsoft Learn, I receive the following error:

From compliance perspective I got this, an empty search:

 ...

I have a Drupal app that is deployed with Elastic Beanstalk from a Mac machine, using the latest version of the EB CLI. The repository is an ordinary GitLab, AWS CodeCommit is not used.

Unfortunately, if I don't religiously take care of running a rm -rf vendor before running eb deploy, it commits four files into the archive:

1980-01-01 00:00:00 .....           11           11  ./vendor/grasmash/yaml-expan ...

I've been playing back and forth routing games for a couple of days.

As it is quite hard to describe with words I made a diagram below:

What I want to achieve is being able to ping Rpi 4B from Rpi 3B and vice versa. However, with the default setup I'm only able to reach Host A eth0 from Rpi 3B eth0.

NOTE: I don't have any control over the router. So all routing/forwarding should happen within Host A/B a ...

Mine is a web server i need multiple URL's of the server enabled with mTLS in place. This is my code.

<IfModule ssl_module>
Header set Cache-Control "no-store"
Header always set Strict-Transport-Security max-age=31536000
SSLEngine on
SSLProtocol TLSv1.2
#SSLCipherSuite aRSA:kRSA:AES128-CBC:SHA
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA3 ...

I have successfully installed nagios4 as a debian package on a debian 11 system. Apache and Nagios4 are working perfectly, i have enabled mod_cgi as instructed.

All nagios4 web interface links are working, except services link which download status.cgi instead of executing it. For instance:

• http://web.localnet.lan/cgi-bin/nagios4/status.cgi?hostgroup=all&style=hostdetail is working and display all ...

I've got a Laravel 6 application that I'm serving in Valet, I've just upgraded to php8.0 and I'm getting a 502 Bad Gateway error. But curiously only on pages that are using the Eloquent database models, the DB query builder pages seem to run fine.

If I look in the nginx-error.log I have lots of the following error:

2022/10/18 10:05:09 [error] 8175#0: *1 upstream prematurely closed connection while rea ...

Quick question, as I just want to ensure - For rsyslog, will below option work as intended if sending logs to remote syslog is configured through UDP? -

$ActionResumeRetryCount -1 # prevents rsyslog from dropping messages when retrying to connect if server is not responding

In example, if remote syslog will be down, will client logs be queued and resend when remote server will be back?

Or this will only  ...