Latest Server related questions

I'm just getting started with configuring a VM on VMware vSphere and I'm using HashiCorp Packer to create the VM template. I'm very pleased with how most things are working out for me, but I have a couple of questions regarding how Packer connects to the virtual machine, and I'm hoping that someone over here can help me.

I am using the vsphere-iso builder from the VMWare vSphere plugin.

1. Is the ssh_pass ...

I have an EC2 instance running a web server (NGINX), and I'm trying to set up authentication via Cloudflare. Here's what I've done:

1. Added a security group to the EC2 instances with an inbound rule allowing all traffic (all protocols and ports) from our office IP address. This was so that I can communicate with the server.
2. Added another security group with several inbound rules to the allowing inbound  ...

I run an OpenLDAP server on (2.6.3_2) FreeBSD.

I works fine with FreeBSD/Linux clients like PAM/NSS/NextCloud over LDAPS port 636.(With a Let's Encrypt certificate)

I can't get it to work together with Windows 11 and LDAP-Admin 1.8.3.0 unless I open up for LDAP port 389. (I would prefer to keep this potentially unsafe protocol closed)

If I configure LDAP-Admin to use Simple-auth+TLS over port 389, then ...

I have domain, pointed to my VPS. I made VH in apache to serve simple index.htm file to check if everything works fine.

Unfortunatelly something is wrong because page is not found(http://zoofi.me).

Here's my DNS configuration:

I added VH via some tutorial that i found and it looks like this:

GNU nano 5.4       /etc/apache2/sites-available/zoofi.me.conf
<VirtualHost *:80>
  ServerAdmin admin@zoo ...

We are migrating guest VM from VMware 7 to KVM (installed on Ubuntu 22.04 LTS). We have achieved success in migrating all Ubuntu guest VM from VMware to KVM by converting the vmdk disk to qcow2.

However facing issue with Windows Guest VM with message "No bootable device" after converting from vmdk to qcow2.

[command used] qemu-img convert -f vmdk -O qcow2 WINVM.vmdk WINVM.qcow2

Tshoot done

1. Tried cha ...

I've got a small issue with my squid (forward) proxy server. It keeps using IPv4 as outgoing IP address even if remote server and client have IPv6 connectivity.

My client's IP address:

devuan@devuan:~$ ip a show scope global
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether b8:27:eb:6e:90:f3 brd ff:ff:ff:ff:ff:ff
    inet 192.168 ...

As in the diagram below I have two routers on two different subnets. I connected them together but have not set static routes yet.

Network Diagram

However, when connecting from Access Point A's SSID, I get an IP from Router B on its network (192.168.2.x), and when connecting via Access Point B, I get an IP from Router A (192.168.0.x). Also, the DHCP relay function is disabled on Router A (EdgeRout ...

I installed Proxmox three months ago, and I have a question about how often I should run commands like apt-get update.

On Proxmox, according to forum members' rules, I installed only the default package plus Tailscale for tunneling (https://share.cleanshot.com/WV7wqFVR).

I want Ubuntu to install security updates automatically. Is this strategy also recommended for Proxmox? Which approach for this proble ...

I am using Proxmox with SSH tunneling. I have disabled all outside ports and connections, except for access via SSH tunneling.

In this way, what is my strategy for server hardening?

My setup:

• disabled root login
• use ssh keys instead password
• do not change the default SSH port, because I do not accept connections apart from tunneling.
• use fail2ban

What should I add?

I have a Windows 10 VM on Hyper-V. It is a production system (yeah I know) that is running multiple critical services that I need to analyse so I can migrate it off to something better. I need to capture the network traffic on that system to ensure all services are covered and that it can be firewalled.

The problems arise with the circumstances regarding that machine. It's hosted on a production  ...

I have a weird problem when I want to change settings in NoMachine.

I get the error: Authentication failed, please try again.

https://share.cleanshot.com/C4lnTBKn

My password is working in the terminal, etc. On the second machine, I have the same configuration and don't have this error. I have researched the forum and the internet, trying different approaches like:

• https://forum.nomachine.com/topi ...

I'm attemping to run Listmonk using the provided Docker method, but I'm encountering an issue related to systemd-oom that I am struggling to understand.

I've mapped the /var/lib/postgresql/data volume in the db service to my local /srv/listmonk/data folder and set the SELinux context appropriately.

Here is the issue: as soon as I run sudo docker-compose up -d (I'm using podman-docker), the owner of the

I want to forward all packets coming to 192.168.1.10:8070 on interface wlan0 to 10.59.99.4:8080 on interface wg0.

I added these two rules to iptables:

-A PREROUTING -p tcp --destination 192.168.1.10 --dport 8070 -j DNAT --to-destination 10.59.99.4:8080
-A POSTROUTING -p tcp --destination 10.59.99.4 --dport 8080 -j SNAT --to-source 192.168.1.10:8070

Since I'm using ufw as firewall, i set those in /etc/ufw ...

I'm having difficulties with the following setup:

• AWX deployed in a self hosted k8s cluster
• Playbooks are using the AWX-EE
• Playbooks are executed in a workflow template as follows:

START -> 1. EC2 Inventory Sync -> 2. Playbook Repo Sync -> 3. Playbook Based EC2-Instance Creation (Job) -> 4. EC2 Inventory Sync -> 5. Run Playbook To Apply Roles

In case it is not self-explanatory: I'm tryi ...

We have a Windows Server 2019 box that is hosting some file shares. We also have Previous Versions enabled with a default (for now) schedule for self-service file restore.

When people open the Previous Versions tab, there are two buttons underneath the version list - Open and Restore, both with drop-down arrows. However, nothing happens when they click the arrow. This is somewhat inconvenient bec ...

I'm trying to consume GCC 12.3 in SLES when using the packaged gcc-12 installed with zypper.

The compiler works and it's available on /usr/bin/gcc-12 alongside with /usr/bin/++-12, but I don't have a link to /usr/bin/gcc nor /usr/bin/g++ and I need them to avoid breaking with some packages that look specifically for those binaries.

How is the right way to achieve this on SLES? In the RHEL world there' ...

Goal

I am trying to output the full payload of the request as part of an error message, because I believe the requester is giving me a garbage payload. The original, working log was

  setenv TCP_LOG "%ci:%cp [%t] %ft %b/%s %Tw/%Tc/%Tt %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq"
  log-format "${TCP_LOG} %[var(txn.sendercompid)] %[var(txn.errormessage)] %[var(txn.sendercompid)] %[var(txn.mapped_sendercompid)] ...

HW: HP server ML110G9

SW: Fileserver CT (Proxmox host) - debian 11 - Samba version 4.13.13-Debian UserPC - Windows 8 / Windows 11

ZFS snapshot format: data/[email protected]

smb.conf:

    vfs objects = shadow_copy2 acl_xattr
    acl_xattr:ignore system acls = yes
    shadow: format = GMT-%Y.%m.%d-%H.%M.%S
    shadow: sort = desc
    shadow: snapdir = .zfs/snapshot
    shadow: basedir = ...

In time I have my internal network drops all connections to my locally hosted website. After rebooting the web server all internal connections to the website works again, but it is only a matter of time for it to go down again.

When we goes down outside connections, say by using a proxy or a VPN from inside would still bring the website up; but internally, it appears as though our website is down.

0

I have a web api app hosted over machine A which is called from various machine within a domain.

var data = await model.GetDataAsync();
// Throttle the number of requests returned
return Ok(data.Take(maxRequests));

Total number of result data = 300 which is huge result payload sending over https over the network.

Within entire domain all of the machine which calling above endpoint works well and ...

---
 - name: Extract PS output.
   shell: "ps -ef | grep pmon"
   register: pmon

 - name: Display PS output.
   debug:
     msg:
      - "{{ pmon.stdout_lines }}"

Error:

ERROR! 'shell' is not a valid attribute for a Play

The error appears to be in '/root/ansible_code/roles/sample_exercise/tasks/extractPS.yml': line 2, column 4, but may
be elsewhere in the file depending on the exact syntax pro ...

Made some attempts to configure a reverse proxy for radicale. Site is up and running meaning I can connect to the webui but im getting a 403 error when I attempt to connect it to my client (Calcurse-caldav).

Here is the error in question error: The server at cal.xxx.re replied with HTTP status code 403 (Forbidden) error: while trying to access https://cal.xxx.re/var/lib/radicale/collections/.

Her ...

I set up my strongswan server on a virtual Ubuntu 22 behind a NAT. It works well for RCA using login password. But I need to work using only PSK key. I tried a bunch of options, I can not connect from my android. At the moment the configs are:

cat /etc/ipsec.secrets
: PSK 6VvBHiM3vZlaY4elIgiKhuD/6aAWo5c2


cat /etc/ipsec.conf
config setup
    charondebug="all"
    uniqueids=yes

conn ikev2-ipsec-ps ...

This is a strange issue. I am trying to get a server upgraded from Windows Server 2016 Data Center to anything newer. We have tried 2019, and 2022. This server is an ETL server for running Talend Open Studio, it is a connection between MS Sql Server and IBM DB2 for i. The problem is that the connection to DB2 is 100 times slower when the host is Windows 2019 or 2022, and this is just not workable for us ...

I tried several sql queries but it does not meet my expectations because in the result I cannot have sub-columns

i need to design a sql query for the following result (have sub-columns in the result):

https://i.stack.imgur.com/rkUV8.jpg

How is it possible?

I have a container inside an AWS ECS instance. I want to establish a connection to a WireGuard server from that container.

The connection itself works but I have issues with routing all the traffic from that container through the wg0 interface.

If I just set a default route like the WireGuard docs say, I loose connection with the ECS instance itself (connected via session manager): https://www.wireg ...

I want to setup an IPv4 firewall for UDP connections to port :7777 with the following rules:

• By default block all connections to UDP Port :7777.
• Allow only whitelisted IPs connections to UDP Port :7777.
• If an IP has made a UDP connection to port :8888 then add it to the whitelist.

How can I archive this? Can this be done using IPTables, UFW or something else?

I want to get my DHCP Config from LDAP-Database. Especially the subnet hosts should be migrated there. However, I don't find a lot of information about this procedure. Is it not recommended? I principally found information about DHCP-ISC but the website says they stopped the support since 2022.

LAM has a DHCP support https://www.ldap-account-manager.org/static/doc/manual/ch04s12.html but I cannot find  ...

I know that I can use Kustomize's configMapGenerator to create a configmap from a file that resides in the same Git repository as the "kustomization.yaml" file.

For Example:

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
  - deployment.yaml
configMapGenerator:
- name: my-config
  files:
  - config-file.json

But is it possible to create a configMap from a file that resides in a ...

I need Basic Auth on my website, except if a specific hash is present in the URL.

• www.example.com => Authentication required
• www.example.com/whatever => Authentication required
• www.example.com/whatever?hash=123456 => No Authentication required

AuthUserFile /path/to/.htpasswd
AuthType Basic
AuthName "Dev"

<RequireAny>
    <RequireAll>
        Require expr %{QUERY_STRING} = 'h ...