Latest Server related questions

I am trying to configure a Network Policy for our OpenVPN server to authenticate using our Radius servers. Our radius servers currently have a bunch of radius clients configured, we use them for switches/routers authentication (network group.) Anyway, I added the IP of our OpenVPN server to the radius clients and a network policy to allow VPN group users to connect and it works. However, looks like VPN  ...

I have a system running on Google Cloud. The system has one DB VM and instance group that runs backend server VMs. All VMs use the cos-stable VM image, and run a single docker container that contains their logic.

The DB VM runs a docker image that contains a MariaDB database.

I want to run a daily job that backs the database up and stores it in a storage bucket. I'm not sure how to approach this. ...

I'm trying to learn nftables/nat and have some simple experimental setup:

Machine1 (router):
    - eth0 192.168.0.1
    - eth1 192.168.1.1

Machine2:
    - eth0 192.168.1.2

For Machine1 I setup NAT:

table ip nat {
        chain postrouting {
                type nat hook postrouting priority srcnat; policy accept;
                ip daddr 192.168.1.2 counter packets 0 bytes 0
                ip s ...

I have an Ubuntu server that has two ethernet connections. One goes to a wall port to a campus network, and the other goes to a LAN switch. While working from home, I will occasionally get disconnected from the server and attempts to reconnect time out. I can connect to another server on the LAN, and then from there ssh into the server. Once logged in, the internet connection can be restored with this c ...

I have a sensitive webapp used only internally. I want to log all the actions of my users for 90 days.

To achieve that, I'm using a nginx reverse proxy that forwards all the requests to the webapp.

I have the following configuration

log_format postdata $request_body;

server {
       access_log  /var/log/nginx/access-post.log  postdata;

       location / {
          proxy_set_header X-Forwarded-Proto $h ...

I followed steps from https://github.com/chobits/ngx_http_proxy_connect_module

wget http://nginx.org/download/nginx-1.9.3.tar.gz -p
tar -xzvf nginx-1.9.3.tar.gz
cd nginx-1.9.3/
patch -p1 < /tmp/ngx_http_proxy_connect_module/patch/proxy_connect_rewrite_1018.patch/proxy_connect.patch
./configure --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --pid-path=/usr/local/nginx/nginx.pid --error-lo ...

I'm having a heck of a time getting WG to tunnel all my traffic back to the server. I thought it would be a simple one line process, but it isn't. I've installed the latest version, removed, reinstalled, done just about everything. iptables changes are made in the server, too, but it isn't even getting that far. It's just not routing to wg0. If I try to manually add the route, it says it's already t ...

We conducted our tests on c6gn.2xlarge AWS instances located is us-east-1 region, which are advertised in AWS documentation to have a network performance of "Up to 25 Gbps" with a baseline bandwidth of 12.5 Gbps.

We ran UDP tests with iperf3, from a client VM in Europe, outside AWS network.

On the server side: iperf3 -s -p 45000

On the client side: iperf3 -c <server_public_IPv4> -p 45000 -u -i 1 ...

To hide a restricted location, e.g.

location /secret/ {
 allow 10.0.0.0/24;
 deny all;
}

one could set

error_page 403 =404 /404.html;
error_page 404 /404.html;

to make impossible to distinguish a non-existing location (404) from a restricted one (403).

Is there a way to perform a similar spoof for subdomains?

I want https://admin.example.org/, which normally returns 403 if not visited via VPN, to show  ...

I've been tasked with setting up our web app on CloudFront. Our web app is hosted on an Ubuntu server that is completely outside AWS.

I have little to no experience with CDNs, but I've made some decent progress on it. Unfortunately, the docs are unhelpful because most of them assume you're using S3, especially hosting a static site or something to that effect.

So, here is what is unique about our se ...

I am trying to build a docker container that advertises an SMB share, then connects to a remote host and tells that host to connect to the SMB share. In my case the remote host is across a VPN tunnel (though it could be accessible via a different interface when I'm on the same LAN as the endpoint), and it can reach my machine's tunnel IP, but I want a programmatic way of passing my machine's IP to the c ...

Had my ssh host key reset by GCE. Found

/var/lib/cloud/instances/iid-datasource-none

was created.

https://cloudinit.readthedocs.io/en/latest/topics/datasources/fallback.html?highlight=iid-datasource-none

is not enlightening as to cause / prevention. Anyone know how this aspect of cloudinit works?

Sorry, newb...

I'm just trying to figure out if it's worth figuring out how to connect JMC remotely to a server to look at a JVM issue... If I use Flight Recorder to record the log, is that log basically the same thing as taking the resulting log file and loading that into the JMC where I can launch the UI?