Latest Server related questions

The title may be a bit confusing, so a little explanation. I need to configure an application by passing a PKCS1 PEM encoded key using environment variable. The App is configured using a .env file

Locally I just export MY_ENV_VAR=$(cat my_key.pem), but on the server, it needs to be inside the .env file and needs to contain the value, not a command.

I've tried

echo MY_ENV_VAR=`awk 'NF {sub(/\n/, ""); print ...

We're using a custom table in Log Analytics for application error logging. The setup is: Serilog -> Azure Analytics Sink -> Data Collector API (used in sink) -> Log Analytics Workspace -> Custom Table. There seems to be a secret I'm missing in setting up the custom tables. I have two tables working beautifully. We're not seeing entries in all subsequent tables we've created, even though th ...

I am in the process of building an infrastructure for my gitlab instance using AWS EKS. I have already created an EKS cluster, added a managed node group and installed the gitlab-runner in the cluster. In this node group I can now run my pipelines as usual. In my gitlab instance, I have several projects that each have an MR pipeline. In addition, I run another pipeline overnight in each project. These p ...

I had this rule in previous rsyslog versions:

if $fromhost-ip == 'xxx.yyy.zzz.www' then /var/log/name_of_the_server.log
& stop

And I translate it as:

template (name="dinamico" type="string" string="/var/log/%HOSTNAME%.log")
if $inputname == 'imudp' then { action(type="omfile" dynaFile="dinamico") stop }

And works like a charm... but if I want to translate this old rule:

if $fromhost-ip == ' ...

I asked this question a while back and it got bumped to chat because a lot of subjective opinions.

Original message here for reference: https://chat.stackexchange.com/rooms/139176/discussion-on-question-by-sabre-dns-forwarding-issue

And I found a seemingly similar issue, unanswered as well. Conditional Forwarding intermittent failures

So I figured I would try to consolidate it to basic information  ...

I'm trying create a validation for server certificates and one of the things I need to do is to check if the certificate is revoked, but the server certificates from a specific server seems to not have a CRL URL which I would use to retrieve the CRL to check. Is this supposed to be possible? In the case of no CRL URLs should I just consider the certificate not revoked or stale?

Environment is vSphere 6.7 three hosts in a cluster and AD authentication enabled for HTML5 client.

Problem : Assign AD group with limited permission to allow management of: power, console access and deploy from a template into a specific datastore.

I've spent several hours searching the documentation and examples I've found refer to Role permissions that do not correlate to the administration withi ...

I have registered a .website domain, and I want to point it directly to my VPS (without using a CDN). I've done it before, with other registrars. But when I try to set the nameservers to my dedicated IP, the registrar's control panel gives me an error, saying:

DNS (XX.XX.XX.XX) is not in correct format

Is there anything I can do? Or should I just cave in and use a CDN?

P.S.: This is my registra ...

I need to answer a network administrator student which tool is more useful in terms of "employability" at the moment : Nagios or Zabbix. But this is not my field.

I've heard that Nagios had its glory in the past and that today Zabbix is more used. Is it true?

More over, do they offer the same features? I've read that Nagios is continuous and Zabbix is not? Is it true?

Many thanks for your insights :)!

OpenSSH 8.2 introduced new public key types "ecdsa-sk" and "ed25519-sk", and the key file contains a reference to the private key credential stored on the FIDO/U2F hardware. Should I still need enter a passphrase when create these types of SSH key? It's seems useless if one attacker get the private key file without FIDO/U2F hardware access.

Several days of fighting. My configuration is SME server 10 and fail2ban version 0.11.2. I run:

fail2ban-regex /var/log/httpd/access_log apache-get-dos.conf :

Running tests
Use failregex filter file : apache-get-dos, basedir: /etc/fail2ban
Use datepattern : {^LN-BEG} : Default Detectors
Use log file : /var/log/httpd/access_log
Use encoding : UTF-8

Results
Failregex: 373 total
|- #) [# of hits] ...

On my SFTP-Server I want to allow only login via public key AND password OR (if and ONLY IF user has no password) by only public key

I set the following in the the sshd_config:

AuthenticationMethods publickey,none publickey,password
PubkeyAuthentication yes
RSAAuthentication yes
PasswordAuthentication yes
PermitEmptyPasswords yes

But I'm always promptet for a password. When the user has no password it sa ...

To deploy the ML models, we are use the AKS cluster. To deploy the models inside the AKS cluster, we are using airflow.

Two days prior, we manually renewed the AKS cluster's certificate. Nodes, disks, and scale sets are redeployed as per this doc(https://learn.microsoft.com/en-us/azure/aks/certificate-rotation)

After the certificate renewal, two deployments create pods indefinitely, and then all t ...

I get a Certificate Signing Request every 15 minutes

❯ kubectl get csr -A --sort-by=.metadata.creationTimestamp

csr-r2dwb   3h      kubernetes.io/kubelet-serving   system:node:host-cluster-control-plane-2hhtt   <none>              Pending
csr-kcj2m   165m    kubernetes.io/kubelet-serving   system:node:host-cluster-control-plane-2hhtt   <none>              Pending
csr-h4k8j   149m     ...

This is a follow up question to Disable all services, except ssh. I want to achieve the same thing on CentOS 7 but I'm having trouble getting it to work.

I've created /usr/lib/systemd/system/maintenance.target and the contents are as follows:

[Unit]
Description=Maintenance Mode with Networking and SSH
Requires=maintenance.target systemd-networkd.service sshd.service
After=maintenance.target systemd- ...

I am trying to cross migrate VM across two Vcenters ( from 6.5 to 7.0) with move-vm command, but something is wrong, couldn't find my test-vm, even basic get-vm find it.

$global:DefaultVIServers

Name                           Port  User
----                           ----  ----
host1.. 443   x.LOCAL\Admini...
host2.. 443   y.LOCAL\Admini...

$destination = 'new-host'
get-vm test-vm

Name           ...

This question was off-topic on Networkengineering and the recommendation was to post it here. So, here we go...

When connected to a network via a VPN tunnel (IPsec/L2TP), I can normally access a MySQL server host via SSH on port 22, but have critical connection problems when building a MySQL connection to the server on the default port 3306. I realised that only a very, very few number of packets get thro ...

Learning about how mailing works in general and I have the following question:
If I own the domain bigmoon.com and I want to have a mail address that looks like [email protected], as I understand it I can do the following:

1. Setup a mail server on a hosted machine A.
2. Create an A record that points mail.bigmoon.com to machine A.
3. Create an MX record that points bigmoon.com to mail.bigmoon.com.

Assuming I ha ...

I am having this error each time I run an apt-get command, I dont know what caused this but I tried every solution I found related to this but still no hope

root@vmi575272:/# sudo apt-get autoremove
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  debconf
Suggested packages:
  debconf-doc debconf-u ...

I have a larvel app that runs very smooth and quick on my localhost, but when I push it to my server and run the deployment environment there (same as on my localhost), sometimes the app is very slow and in htop I see:

/us/bin/php8.1 -S 0.0.0.0:80 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Console/../resources/server.php

The path /var/www/html/ does not exist in my host - I ...

I want to make a cURL request every 12 hours and trigger the request with a cronjob. Unfortunately I'm a total newbie in cURL and cronjobs.

This is the request I want to make:

curl --location --request POST 'https://example.com/wp-admin/admin-ajax.php' \
--form 'action="algolia_re_index"' \
--form 'index_id="searchable_posts"' \
--form 'p="1"'

The request should be triggered by a cronjob via EasyCron. I  ...

I have a service. This service has a GET handle(/api/v1/retrieve_blocks). This handle's requests and responces are small, no more than 1024 characters.

regular situation:

• this handle is constantly under 500rps.
• Almost all requests are different by url's parameters. for example:
  host/api/v1/retrieve_blocks?entity_id=1111
  host/api/v1/retrieve_blocks?entity_id=2222
  host/api/v1/retrieve_blocks?entit ...

I am performing a Invoke-WebRequest to a site using Powershell. And i'm facing error "Could not create SSL/TLS secure channel"

PS C:\Users\admin> Invoke-WebRequest -URI https://myexternalsite.com -Proxy 'http://myproxy.com:8080'
Invoke-WebRequest : The request was aborted: Could not create SSL/TLS secure channel.
At line:1 char:1

I did a packet capture and found that there is a Client Hello followe ...

So I have a project with large amount of build logs which previously inherited "delete after 91 days" rule from grandparent project.

I am adding the specific "delete after 31 days" rule to this project via Kotlin DSL configuration and it is displayed in this project's Clean-up Rules section.

However, after pushing Administration -> Clean-up Settings -> Start clean-up now, the disk space is n ...

DISCLAMER:
I'm still trying to fully learn and understand how to properly maintain a samba domain controller.

The Problem:

I had a working samba installation with AD controlle but now, just a month after my last computer join, it won't work anymore. On Windows it says "unknown user or password" but I've checked them to be correct.

I tried setting the log level to 3 in "smb.conf" and while trying to j ...

In Ansible I can loop through a list of dicts/lists and then use the loop vars in the Ansible task, but also in the template I call on.

I'm trying to do the same in Salt, but it seems like it's not possible. At least not in the way I'm used to.

I have the following in my Pillar.

routes:
  ens4f0np0:
    - address: 192.168.1.0
      netmask: 255.255.255.192
      gateway: 172.18.48.1
    - address: 172.16 ...

We have previously been running Fedora instances but for a few reasons we have needed to move over to Ubuntu based distros.

Previously, we have used the following firewalld rules in order to NAT specific ports and it worked flawlessly.

sysctl -q -w net.ipv4.ip_forward=1 net.ipv4.conf.ens5.send_redirects=0
firewall-cmd --permanent --direct --passthrough ipv4 -t nat -A POSTROUTING -p tcp --dport 587 -s  ...

I want to expand my disk capacity for my Google Cloud machine and have been following the tutorial that's located here.

However, I'm fairly certain that the tutorial assumes the user has a GPT partition table but I have MBR. I only need 20GB so this shouldn't be a problem.

Anyway, I followed the tutorial up to step 4a and everything seemed to execute just fine including everything involved with t ...

I have a computer running Debian 11 and I’m trying to set up Supabase self-hosting. The Supabase official documentation only goes as far as starting the Docker containers and accessing them from http://localhost:8000. I can also visit http://{docker_container_IP}:8000 on the host machine to access what I want. All of the other information online goes further but doesn’t show how to use the databas ...

We are having a prelaunch-site to test DNS (and other services) before going hot. I've never involved public IPs here previously and it may not work as I've intended. We have a /29-net from our ISP that are public IPs. 121.24.124.144/29. To test our DNS for different "view"s we have set up the LAN side of a router to emulate this net; with the router as the GW to our ISP. Apart from not being able to ac ...