I have a web server running on Beanstalk that is associated with mydomain.org on Route53. The access to this web server is restricted by a security group. I have also a Lambda running in the same VPC, specifically in a private subnet with NAT gateway, that needs to call this webserver. The problem is that the call mydomain.org/api/dostuff from the Lambda goes out on the public internet instead of  ...

I am building a server that will be used by interns in my company to connect to and perform some tasks. The server is running AlmaLinux 9 and using KVM to run Windows 11 guests.

The server has 2 CPU sockets, each running 8-core CPU's.

After reading about this for hours, I wish to ask about topology.

What is the best topology for CPU's in the Windows 11 VMs?

On one hand I thought that since I can explore L ...

I currently have a LAMP on a dedicated server but with serious problems with MariaDB (MySQL).

I have installed a website with 100k daily pageviews and due to the need for the queries it is necessary for the database server to have a cache or the site would be very slow.

The problem is that I have a bad configuration in the parameters of the file:

/etc/my.cnf.d/server.cnf

The server goes up to 100% C ...

The pod is not getting restarted, No ongoing rebalance to finish consumer group experiences no frequent changes, but still rebalancing issue occurs. is there anything wrong with the configuration?

This is the Kafka configuration,

spring.kafka.consumer.properties.partition.assignment.strategy=org.apache.kafka.clients.consumer.RoundRobinAssignor
spring.kafka.consumer.auto-offset-reset = earliest
spring. ...

Running git clone [email protected]/repo.git warns me of a potential man-in-the-middle attack when GitHub change their SSH key, and that's cool. I then get the new key by running ssh-keyscan -t rsa github.com and carry on cloning the repo.

Both of these commands run against the same domain. I'm thinking that if the attacker got me to connect to their server to clone, they can just do the same for the

I have VMs spread across multiple ESXi hosts (using Vcenter/vSphere). They have private addresses. Like 192.168.1.x. When on the same host, they can communicate with each other. But, when they are on different hosts, they can't communicate. The interfaces are the same labeled vSwitch. (NOTE: the VMs do have multiple NICS. Private 192.x.x.x just for VM to VM and routable addresses - 10.x.x.x stuff going  ...

I need to run an application on X11 in Rocky Linux 9.2, on a machine that uses a touchscreen monitor in addition to a mouse and physical keyboard.

When I launch the application by touching its icon, the application window comes up together with the on-screen keyboard. The application window shifts up to make room for the keyboard. The user must dismiss the keyboard to make the window move down  ...

I am running a mail server with Postfix, and I have set this line in /etc/postfix/header_checks.pcre:

/^To: [email protected]/  PREPEND Reply-To: [email protected]

[email protected] is a forwarding address. If someone sends an email to [email protected], it'll forward to a number of other addresses. However, I want the Reply-To line to be [email protected], so all replies go to everyone.

My line works, b ...

I´ve created a html site with a Calendly widget embedded to allow clients to scheduled meetings with me. Webpage is being tracked by Google Tag Manager, which is set up to listen events each time a meeting is scheduled (viewed event, date and time selected in an event, and scheduled event). On scheduling meetings, GTM data layer is receiving the information below, which includes uri (uuid event and uui ...

I am trying to set up my postfix using Gmail smtp relay server. I have set it up in other servers without issues, but I am having difficulty getting it to work in my work network.

I tested if there is a network blockage by using telnet smtp.gmail.com with ports 25, 587 and 465, and in all instances I successfully connect to the server (msg 220), but I get no more output, even when typing EHLO.

I  ...

I'm a little bit confused about user management / authentication systems.

I would like to achieve the following:

• Have a central database of users / organization units (like Active Directory) - FreeIPA
• Have SSO capabilities (SSO login page, etc), easy to integrate into self-developed systems Keycloak
• Also being able to authenticate with Radius in several applications with the central user database

you are my only hope. I'm pulling my hair out. I try to do an incredibly simple thing, pair Woodpecker CI instance with Gitea instance.

1. I have a running Gitea on a separate host.
2. I have an oauth2 application for Woodpecker created in my user's configuration in Gitea.
3. I have an Woodpecker CI instance configured for Gitea, actually accessible through the https. It works, there is a "Login" button.

I've moved to using AWS Identity Center for creds.
I follow the instructions and have a way to set the profile in the linux/mac CLI via a browser. I can then instantiate traditional AWS creds for third party pipelines by copy/pasting them from the browser onto the CLI.

Is there a way to do this workflow entirely from the CLI? Using an admin test setup, I still get not authorized from aws sts . ...

Every now and then I fail to get unprivileged LXC containers running. For some of them I find knowledge from others e.g., which sandboxing options should be disabled to make it work. This time with freeradius, I don't.

freeradius runs nicely in an unprivileged container, if I start it manually, without the sandboxing of systemd. However, I'd like to stay close to the Debian default setting.

Setting

I'm using KVM to create two VMs for hosting NMS servers for the company's devices. I want to manually assign a public ip to both VMs and the host machine (Ubuntu 22.04 desktop [although I mostly use CLI I'm not completely comfortable with it so I went for the desktop and not the server version]. I followed this suggestion: https://unix.stackexchange.com/questions/245628/configure-public-ip-addresse ...

I have a wsus server(windows server 2019), some of the clients are correctly in the console and getting updates.(No need for internet or VPN) But some clients face the following error for updating: "we couldn't check for updates, because you aren't connected to the internet. make sure you have a cellular data or wi-fi connection and try again." And if they connect to the Internet or VPN, they will ...

I see paths that are no longer valid along with valid ones. How do I prevent them showing up in the output. I expect four valid paths.

The volume was earlier exported with LUN 13 and later 14 which shows as failed paths in the below output. The volume was properly flushed from the host and later exported to host with LUN 12. I made sure "multipath -ll" output did not have this volume before expor ...

If I had a web application with a Flask/Django backend, I could use a single host to run both the WSGI server and the nginx web server/reverse proxy. Nginx would handle incoming requests, serving static files, caching, SSL termination, etc. It would forward API requests to the WSGI server over localhost and run the backend Django API logic. However it's not clear to me how I would scale out this setup.

I'm trying to install new mod_ecaptcha mod in ejabberd-contrib. But ejabberd crashed after enabling it. My initial data: ejabberd 23.01 erlang 25.2.3

1. I have enabled ejabberd-contrib by ejabberdctl modules_update_specs

2. Installed and recompiled mod_ecaptcha

   ejabberdctl module_install mod_ecaptcha make -C .ejabberd-modules/sources/ejabberd-contrib/mod_ecaptcha/deps/ecaptcha/c_src ejabberdctl module_upgrad ...

Can we use memberUid for bind dn string.

Here is my sample ldif file

dn: cn=posixgroup,dc=memtesting,dc=com
objectClass: top
objectClass: posixGroup
gidNumber: 1001
cn: posixgroup
memberUid: posixuser

dn: cn=posixuser,cn=posixgroup,dc=memtesting,dc=com
objectClass: top
objectClass: person
objectClass: uidObject
cn: posixuser
uid: posixuser
sn: posixuser
userPassword: posixuser123

Thanks & Regards, R ...

We are in the process of transitioning to Amazon Gnu/Linux 2023, and during the course of this migration, I came across some Ansible code that modifies kernel parameters.

I would greatly appreciate it if you could review the parameters below and provide me with your feedback and comments.

Server Type: Web servers (w/ NGINX) - EC2 Instances t3a.medium

Stacks: PHP & Golang

# Tune Kernel
sysctl_p ...

I have an smtp relay server on ubuntu 22.04.Config below:

main.cf(Postfix 3.6.4)

# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending  ...

I have a Linux server, on which several users are present (all members of the group users). They already can connect to this server via the standard means of accessing the machine (tty login, SSH etc.).

I want to know if it is possible or not for them to access a SMB share on the same server with the system username/password, without setting up any NIS/LDAP/AD/Winbind detours, and without a separate use ...

I would like to ask you about your opinions. I have two servers (both WS 2019, which are not domain controllers) where DFS replication is not working (at all). I'm getting error 1753: "There are no more endpoints available on endpoint mapper.". It's supposed to replicate all files on drive (D:). DNS is also configured properly and I'm out of ideas what to check next. Could you advise, please?

Alr ...

The existing configuration of the server is as below for redirect

host: animal.ca

<VirtualHost *:80> ServerName animal.ca:80

    RewriteEngine On
    LogLevel alert rewrite:trace6
    RewriteCond %{HTTP_HOST} ^animal\.ca\connectee$ [NC]
    RewriteRule ^(.*)$ https://www.animal.ca/fr_ca/connect.html [R=301,L,QSA]

I don't do very heavy linux sysadmin, but we are up to ~35 servers that I run. I'm an engineer by trade and just know enough about linux to be able to help when things go wrong. Now that we have a decent amount of servers registered on the company DNS. It is hard to track which computer to use, so that you aren't bombarded by people training models or running some crazy sim on it. We have a dashboard th ...

On a clean install of CentOS 8 Stream I run the following commands

yum install httpd -y  
yum install mod_ssl -y  
httpd -k start  
systemctl enable httpd

At this point Apache is running and pages are being served, but if I execute systemctl status httpd it will show me the following:

Does anybody have any idea what is happening?

Apache version is 2.4.37 and there are no errors in the logs.

I have a Proxmox VE 7.4 installed on a server (that's debian 11-based distro).

On this server I have 2 x 1 Gbps network interfaces. On top of them i have Linux bond (LACP mode, but probably unimportant here). Then, on top of bond0 I have Linux bridge vmbr0, that is "VLAN aware". vmbr0 is primarily used for VM-s. A VLAN interface will be used to access the host (host management) and it needs to be ...

This is not a question, I solved it. I set up Asterisk trunks between offices, with encryption, some offices do not have fixed IP and login in to the central server. That all went well. Anybody needs it I will help with config files.

In each office we have PAP2Ts attached to the local asterisk server and talking to Sipgate for their local phone service. It worked. Again, anybody needs the configs ...

I want to make sure and provide as much detail as possible to try to get this resolved or at the very least, figured out. If you need more information, please let me know and I will happily provide it.

Our servers are located within an external data center/colo (not sure if this has any bearing on the issue or not but wanted to include just in case). There are a few physical Windows servers conne ...