Latest Server related questions

I left it here, reverting to an outdated backup, as I needed to get the system up and running. If there are new answers and things to try, I will try so that the issue can be resolved. I shut down the faulty server and I'm holding it.

I am using ubuntu 20.40 and Mariadb 10.3.38 innoDB engine.

I have deleted Moodle's log table rows via .py script.

My deletion is complete and I have 4.5GB of disk space le ...

I am sending logs from Logstash as the producer to Kafka and then consuming them from Graylog. This works as expected.

However, when stopping the Graylog input, thus sending a LeaveGroup request, the consumer is not unregistered and even when the group is deleted via bin/kafka-consumer-groups.sh --bootstrap-server localhost:9092 --delete --group graylog2, Graylog keeps consuming (and is able to do so) e ...

my dkim configuration was working just fine. Im working with an email marketing app, pretty simple, normally i used to send the campaign with a Sender ID that is my domain company, and for the From Email, the customer email. I signed the dkim wih my sender id and my domain company and everything was working just fine but for some reason now im getting dkim failure, idk if anything changed on PHPMailer o ...

I have created a btrfs subvolume in the path of /docker/nc/data. As shown below:

$ sudo btrfs subvolume list /
ID 256 gen 13908 top level 5 path docker
ID 257 gen 13877 top level 256 path docker/nc/data

Is it possible to move the subvolume somewhere within the subvolume docker? I.e.

/docker/nc/config/data

There are nearly 90GiB of data in it. Is it possible to be done without copying?

I don't understand why AWS Cognito require a client secret when configuring an external IdP (e.g. Azure AD).

AFAIK, AWS Cognito merely forwards federated identities to the external IdP for (OIDC) authorization code grant flows, which in turn results in access- and ID tokens issued to the app after successful authentication:

The client secret is only needed for AWS Cognito authenticating as a servi ...

This is ovh server.

    root@ns302572:/home/saltworks/panel.saltworks# sudo apt-get install libvirt-daemon

result

    Reading package lists... Done
    Building dependency tree       
    Reading state information... Done

 
   After this operation, 120 MB of additional disk space will be used.
    Do you want to continue? [Y/n] 
    Get:1 http://ubuntu.mirrors.ovh.net/ubuntu bionic/main amd64 fo ...

I have a Linux server used as a GitLab runner. I'd like the server to be usable for two different purposes simultaneously:

1. For build jobs, unit tests, etc. (things that aren't timing sensitive) many jobs can be run concurrently to take advantage of the memory availability of the system and make better use of the CPU while some jobs are doing I/O-bound activities like downloading dependencies.

2. When a  ...

With OpenVPN, the virtual network card is persistent. This allow easy routing/config/whatever. This also allow TCP connections not to drop in case of VPN restart.

With WireGuard, the virtual network card is created on the fly. This is a problem with bad internet connection when WireGuard has to be restarted. For example RDP clients lose the connection frequently with smartphone tethering, some us ...

I have some specific questions with regards a high available PKI based on ADCS.

The questions are as follows. Please see the detailed info below to get more info on the casus.

--------------------------- questions ------------------------

In an environment with multiple issuing CA's. How does the client choose which CA to contact for a new certificate? What is the difference between hosting 2 VM's with ...

The build server is Ubuntu 16.04, patched recently with sudo apt update && sudo apt upgrade.

docker version says:

Version:           18.06.0-ce
 API version:       1.38
 Go version:        go1.10.3
 Git commit:        0ffa825
 Built:             Wed Jul 18 19:11:02 2018
 OS/Arch:           linux/amd64
 Experimental:      false

The Dockerfile looks like this:

FROM debian:12-slim

RUN apt-get upda ...

I need help with writing a PowerShell code I want to generate a Randon number (password) and assign that number to all active users in active directory. The random number will be place on the "IP Phone" field from the "Telephone" tab in AD to act as a password for secure printing

I have two domains -- one for dev and one for corp.

I can join a Windows machine to the dev domain and login as a corp user because of the transitive forest trust. I can join a Linux machine to the dev domain (with realm join or adcli join) but I can't login with ssh or console with a corp user account. Is there a solution for this without joining (using realm/adcli) the corp realm also? They don't w ...

I received this error while trying to tail the log of a Kubernetes pod.

failed to create fsnotify watcher: too many open files

Are there PowerShell commands for managing NPS RADIUS policies?

I see commands for RADIUS clients (Get-NpsRadiusClient; etc), but nothing for the policies, I can't find a command to create the NPS shared secret (there is Get-NpsSharedSecretTemplate, but not to create it).

I'm running a site in AlmaLinux 8.8 (Centos) and Apache 2.4.56. The site has a self-signed certificate.

When I access the site, I get the usual warning due to the self-signed certificate. After accepting that I want to continue, I get the error SSL_ERROR_HANDSHAKE_FAILURE_ALERT in Firefox and ERR_BAD_SSL_CLIENT_AUTH_CERT in Chrome.

On the same server, other sites are working correctly with Cloudflare +  ...

I have 1 master, 2 worker node kubernetes cluster, I have drained one worker node to apply os patch and to reboot. after the reboot I have uncordoned the worker node in master, when I checked the pod distribution under particular namespace , I could see all the pods are running on one server( not distributed with other node). Then I restarted the deployments expecting a redistribution but then all the p ...

I have a multilingual WordPress site that has two languages: en and tr, It's site A.

I wanna put my other WordPress site inside /tr/shop/ folder, It's site B.

Just need only these rules:

• /en/anything/ goes to site A (also /en/)
• /tr/anything/ goes to site A (also /tr/)
• /tr/shop/ goes to site B inside the /tr/shop subfolder.

Currently:

• If visitors go to /en/ or /en/anything, It's OK.
• If visitors go  ...

I'm trying to get this regex working in Fail2Ban:

SRC=(?<ADDR>.*) DST.*(?=DPT=5003)

In a regex tester it's working very fine. When testing in Fail2Ban, I get this error:

ERROR: Unable to compile regular expression 'SRC=(?\[?(?:(?:::f{4,6}:)?(?P<ip4>(?:\d{1,3}\.){3}\d{1,3})|(?P<ip6>(?:[0-9a-fA-F]{1,4}::?|::){1,7}(?:[0-9a-fA-F]{1,4}|(?<=:):)))\]?.*) DST.*(?=DPT=5003)'

This is a li ...

win-acme auto renews SSL certificate by invoking task scheduler task which executes C:\Users\admin\Downloads\win-acme.v2.2.5.1541.x64.pluggable\wacs.exe

Someone deleted that folder from the downloads directory. What is the way to reconfigure automatic renewal and not have the wacs.exe in downloads folder? Is the solution to download win-acme (same version), place it in another path (like C or D drive),  ...

I have a server with three vhosts, the default (domain.com), site1.com and site2.com. The server is running Ubuntu 22.04 LTS with Apache2. Until yesterday, this server only served the default domain, a simple hand-crafted site, and site1.com, which contains a Wordpress site, and did so without problems. I'm using HTTPS with LetsEncrypt certificates.

Yesterday, I installed site2.com and popped a s ...

I cant find an information about "normal" fan speed for server. Server: SuperMicro 1114S-WN10RT (1U) with 1x AMD EPYC 7763.

Now its 5% load:

user@server12:/home/user# ipmitool sdr list
CPU Temp         | 53 degrees C      | ok
Inlet Temp       | no reading        | ns
System Temp      | 26 degrees C      | ok
Peripheral Temp  | 38 degrees C      | ok
M2NVMeSSD Temp1  | no reading        | ns
M2NVMeSSD ...

I'm developing a transparent HTTP proxy for fault injection testing. The proxy needs to capture all traffic to a HTTP server in order to selectively inject faults.

The transparent proxy sets an iptables rule that redirects all traffic to a given port to the port it is listening. This part works.

However, it must also force all existing clients to reconnect or the transparent proxy will not have e ...

I'm setting up Ubuntu server with Samba. The file system is BTRFS and I can't seem to get Windows to see the previous versions from the snapshots.

My smb.conf has this for the share:

[Backup]
    path = /mnt/pool1/backup
    comment = Share for backups
    writeable = yes
    delete readonly = yes
    browseable = yes

    vfs object = recycle shadow_copy2

    recycle:repository = /mnt/pool1/backup/. ...

I have windows 11 pro for workstation and use 2 RAID-5 volumes for storage (nvme group and ssd group). The read speed for the nvme group is around 2220 MB/s and the write speed is around 170 MB/s. SSD group counts as the same. I tried 128kb, 64kb, 32kb and 16kb for stripe size, but the speed drops as the stripe size gets smaller. I also tried hardware and software raid-5. Software raid-5 was slower. Her ...

We are going through implementing ISO 27001 processes we have a requirement of having a proxy server between the application and database server, can someone suggest an architecture and tools to use?

I have a project where we are moving from on-premise file share to AWS FSx. I need your suggestion on data synchronization. I decided to use the RoboCopy tool to copy the data. We need to also copy data with file permissions. I'm using the command below:

ROBOCOPY <source> <target> /MIR /SEC /SECFIX /LOG+:<log_file>

According to the plan, we are copying all the data to FSx. As there a ...

we have created the VM instance on GCP and Google assigned the default user xx we have configured the ssh key we are able to log in without a password and added the new group Sftp yy and added user zz to group unable to do password less ssh and sftp with new user

I have several (<10) gke clusters, all but one are all in the same condition and I can't figure out what and why is it happening. I hope to find someone that managed to solve the same issue :)

Some time ago, i noticed that our HPA stopped working, having no way to read metrics from pods. Long story short, our pod named "metrics-server-v0.5.2-*" crashloops outputting a stack trace like this one ...

We have an internal root hint server and several nameservers for different domains. Let's say we have 3 domains with different nameservers example.com, solo.example.com, dmz.example.com. So each of the domains have 2 NS records.

My question. Is there a way for me to hint towards dmz.example.com and solo.example.com while still hinting towards example.com? So that if example.com is not reachable then

Up against two DL380 Gen10s running 2016 that are failing to connect to their Hyper-V guests after (what was described as) a graceful shutdown.

Both hosts are exhibiting the same issue: VMs showing expected uptime, plenty of spare resources, network adapter information is correct, preview is showing the logon screen, nothing in Hyper-V event viewer indicating critical\error\warning, host is liste ...