Latest Server related questions

Recently I installed the new linux kernel 6.0.2 on my Manjaro laptop. After using my usual apps for a while, I notice the laptop "freezed" and only a forced power off got it back. Looking the journalctl logs, I found the log below that was issued exactly before my laptop stopped working:

Oct 17 12:53:08 manjaro-bl kernel: amdgpu 0000:03:00.0: amdgpu: [mmhub0] retry page fault (src_id:0 ring:0 vmid: ...

When using the “I forgot my password” button available on /admin/users/login, all emails going to an external email address fail. For example, if the user has a password reset email of me@internalDomain the reset code is sent without issue. However, if they have a password reset email of me@externalDomain then it fails. All other types of outgoing mail to external domains are working.

In the ...

I am using a RHEL8 server system as jumphost - connection to it from the windows-world with tls 1.2/rdp and then Xcfe4 as X11 base for applications in need of X-windows.

My questions are about the poweroff-button on the upper right corner of Xfce4.

1. How to I inhibt users from powering off / reboot when there is only one logged in user?
2. How do I replace that button with a logout-button?

xfce is version 4. ...

Is there a way with Postfix to send mail through a milter only if you are authenticated?

For instance, if you are not authenticated, I'm hoping to have the effect of

smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

and if you are authenticated, I'm hoping to have the effect of

smtpd_milters = inet:localhost:8891,inet:localhost:7357
non_smtpd_milters = inet:localhost:8891,ine ...

im trying to create and use gpo startup scripts for linux when creating gpo scripts startup using Code:

 samba-tool gpo manage scripts startup add  {32147013-5DD6-4BFA-BAF5-D25B0F05A0C9}  /usr/local/scripts/add_proxy.sh

i have no errors

when i trying to list scripts for exact gpo

Code:

"samba-tool gpo manage scripts startup list  {32147013-5DD6-4BFA-BAF5-D25B0F05A0C9} --user=Administrator"

i hav ...

I am trying to set Chrome startup option to "Continue where you left off" by setting registry value RestoreOnStartup in HKEY_CURRENT_USER\Software\Policies\Google\Chrome to 1. It works in most of my PCs except for two Windows 10 cloud PC, where chrome://policy shows RestoreOnStartup policy as "Error, Ignored". Why doesn't it work on these cloud PCs? Is there any way to solve this problem?

I'm aware that it's strongly advised to never execute user input as code, but I'm curious if my particular situation can be vulnerable to code injection:

1. The user provides text input in a front-end web form
2. A python script on the back-end takes user text input and uses it to create variable names for an R script (the variable names are stripped of any characters that violate R syntax for variable names)

I know that anycast will failover for layer 3 issues but will anycast failover if a file is not present? I.E. like a 404?

It seems like it won't, like as long as nginx returns something anycast will consider that server healthy.

I read the many articles that JVM has its own DNS caching and TTL. Like https://stackoverflow.com/questions/1256556/how-to-make-java-honor-the-dns-caching-timeout

But is it possible for JVM to honor the TTL from a dns reply, by using somthing like 'nscd'?

This is different with Is it possible to use OS level DNS Cache like nscd, dnsmasq at JVM/JAVA?

I become to know the JVM can use the system level ...

Is it possible to use OS level DNS Cache like nscd, dnsmasq at JVM/JAVA?

I read many letters saying JVM has their own DNS caching.

https://www.ibm.com/support/pages/understanding-tuning-and-testing-inetaddress-class-and-cache https://stackoverflow.com/questions/1256556/how-to-make-java-honor-the-dns-caching-timeout

But is it possible for JVM to use system level DNS daemon such as nscd?

I wondered if I could fine tune Nagios notifications

For example:

• For most services, only CRITICAL notifications
• For some individual services, both CRITICAL and WARNING notifications
• For some other services, no notifications at all

I mean like something default, for all servers, not defining this one by one

Is this possible at all?

I am trying to setup traefik as a container and I can't get my existing certificates to work. This worked when I had this defined in traefik_dynamic.toml but I can't get it working via the labels entry in the docker compose file.

My traefik.toml contains:

[log]
  filePath = "/var/log/traefik/traefik.log"
  level = "DEBUG"

[accessLog]
  filePath = "/var/log/traefik/access.log"

[entryPoints]
  [ent ...

I have installed squid proxy on server1(OS=centos7 & IP=y.y.y.y & PROXY_PORT=3333) and openvpn server on server2(OS=centos7 & IP=x.x.x.x ).when client wants to connect to openvpn through proxy, gets this error: "on y.y.y.y:3333 HTTP proxy returned Forbiden status code"

squid.conf(server1):

acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  #  ...

I have some trouble setting up LDAPGroups on Mediawiki LTS 1.35.8. Since the discussion site to this extension seems quite inactive, I want to try my luck here.

I've set up LDAPProvider successfully without any problems. But once I activate LDAPGroups it gives me the error

Original exception: [85942cc925c78b2bb06ab606] /index.php/Hauptseite MediaWiki\Extension\LDAPProvider\LDAPNoDomainConfigExcep ...

I have a samba server running on a debian host so I can share an specific directory with an ubuntu client machine. This directory on host has no files on it.

Samba config on host is as follows:

sudo nano /etc/samba/smb.conf
[share_name]
   browseable = yes
   read only = no
   hosts allow = 192.168.0.0/16
   path = /tank/mail
   create mask = 0775
   force create mode = 0775
   force directory mode =  ...

I use Windows.

My main goal is to be able to open corporate websites which are only available via corporate VPN such as GitLab. Since Windows wouldn't allow me to specify which websites I would like it to use the VPN to connect to, I came up with the idea of using Proxifier to proxy into a Docker container, which would have the required VPN running. This would eliminate the need to constantly turn  ...

I'm coming from Windows.

As soon as DNS Server role is installed, Windows downloads list of "Root Servers", sends the query to one of them and caches the response for further use. There's no forwarder here.

I want same functionality with Bind: a public DNS server with no local domain and forwarder. Just query root servers and cache the response.

I'm googling for 2 days and have read 20+ tutorials to no av ...

By using ssh like ssh userB@serverB -D 0.0.0.0:6060 , we bind ssh to the 6060 port of current server (serverA). I can connect to serverA port 6060 using Socks5 client (no auth).

There are 2 problems:

1. I would like to be able to use the opened port using http proxy client (not just socks client)
2. there is no authentication

I tried to run different proxy servers to handle both problems.

• I used Dante

How to keep the current Nginx websites running intact when installing iRedMail?

For inventory purpose due to some business limitation, i wrote a playbook that retrieve content of resolv.conf + ntp.conf + timesyncd.conf and then, write the retrieved content within a CSV file.

Globally, maybe it's not the best practice but i set a fact at every task for retrieving file content, then i format the datas as i would and finally, write them in a csv like data1;data2;data3;

I got some  ...

I'm cracking my brains on the following, and I hope you guys can help me out.

I'm trying to setup an OpenVPN server on a Raspbian distro. Since I'm also using this server as a DNS server in multiple vLANs, I created multiple vNICs with VLAN tagging etc. Works all fine for a while now.

But now I want an additional vLAN for only my OpenVPN traffic. So this is what I did:

• I added an additional vNIC  ...

I bought a domain name on OVH, it's dnapc.ovh.

But, I want to store the DNS configuration on AWS. (I find this simpler to manage, and it's clearer this way what belongs to the AWS config and what belongs to the OVH config)

What I've done so far, is replacing the default OVH NS records by those provided by AWS for the Route53 dnapc.ovh Hosted Zone.

But, when I add DNS records for subdomain (CNAME), I st ...

I have an nginx in front of an apt-cacher-ng. The nginx's job is to terminate HTTPS and take care of authentication.

The issue is, that nginx will look in the Authorization header for credentials, but when I configure apt to use a proxy, it will send the credentials in the Proxy-Authorization header. So apt gets 401 as a response.

Is there a way to make nginx look for credentials in the Proxy-Authorizati ...

I build my app from Jenkins inside a Docker container using a series of commands like docker exec mycontainer /bin/bash -c 'mvn clean install'. I'm also used to the SonarQube plugin to configure the server URL and the authentication token, i.e.

...
withSonarQubeEnv('MySonarQubeServer') {
    script {
        sh "docker exec mycontainer /bin/bash -c 'mvn sonar:sonar'"
    }
}
...

I'm getting

SonarQu ...

I followed this solution on how to redirect http to https. It works on pc but not on phones for some reason (and im sure neither on iPad or tablets). You can test the website here. I think IIS is ignoring http requests on phones but I dont know why it would. If I wait long enough when testing on my phone, I get err_connection_timed_out. Connecting to https on phone works just fine.

I installed Failed  ...

I have been trying to upgrade Kubernetes bare metal cluster (3 masters, 3 workers from version 1.21.2 to 1.22.6) and was successful in upgrading all the master nodes.

Coming to the first worker node, I upgraded kubeadm and then trying to execute kubeadm upgrade node, which fails:

root@worker01:~# kubeadm upgrade node
[upgrade] Reading configuration from the cluster...
[upgrade] FYI: You can look at ...

I have X instances of the same application running on X amount of EC2s. The frontend is using port 8000 and it's also consuming messages at port 5671 (rabbitmq).

I have A-records (app1.example.com, app2.example.com...) pointing to each EC2 instance.

Would a reverse proxy work for consolidating this? Having cnames for all subdomains pointing to the reverse proxy, and then having that proxy the traffi ...

We need to enable JWT auth in vault which is hosted within our EKS cluster in preparation for using K8s 1.24 OIDC and testing token renewal with Vault. I'm following documentation from a few places:

https://banzaicloud.com/blog/kubernetes-oidc/

https://www.vaultproject.io/docs/auth/jwt/oidc-providers/kubernetes

https://www.vaultproject.io/docs/auth/kubernetes#discovering-the-service-account-issue ...

For both Disk and Snapshot Azure resources there is the "Snapshot Export" and "Export Disk" functionality respectively.

OK, so I can download either my Snapshots or Disk to anywhere, say on-premises.

Question

What I am missing, is the inverse operation, I mean "Import" I've tried to look it everywhere, for example Create Snapshot does not allow to create a snapshot via upload, the only source what it acc ...

I am trying to install certbot on ubuntu server 21.10 with the following tutorial: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-20-04.

But when I run the following command:

sudo apt install certbot python3-certbot-apache

I get the following error message:

Reading package lists... Done
Building dependency tree... Done
Reading state information... ...