As a developer tasked with connecting to a vpn without preconfigured profile scripts, i'm fumbling through setting up a strongswan ipsec.conf file. My current hurdle is an "invalid proposal string" message in my syslog after I launch the strongswan-starter service.

The administrator hosting the VPN has only provided a limited set of parameters and the connection profile is not available for downl ...

Environment: Alpine Linux (3.18)

I've got a portainer docker container that can't access the docker socket. I've added my user to the docker group. I make the container with the following command:

docker run -d --restart always -p 9001:9000 -v /var/run/docker.sock:/var/run/d
ocker.sock -v portainer_data:/data portainer/portainer-ce

But it can't connect to the socket (excerpt from the log files below)

Similarly to this Cloudflare blog post, I am trying to setup Nginx with a transparent socket (with the IP_TRANSPARENT socket option). I want to do this to implement a reverse TCP proxy that effectively binds to all ports.

The IP_TRANSPARENT socket option is not natively supported by Nginx for listening so I am trying to create the socket using a Systemd socket unit and then pass it to the Nginx pro ...

I'm using an AWS RDS MySQL 8.0db.t3.micro 100GB DB for an app and am trying to determine the best alarms to set (the Laravel application is served through Vapor and through their UI, you can receive notifications if there are database spikes). Is there common practice for what's consider spikes in the maximum number of connections, average number of connections, and average CPU utilizaion?

I'm trying to implement firewall and port forwarding using iptables on my android box which its os is aarch64.

When I define a new rule in nat or filter table, they won't work. I think it's because of the android default rule that are set on boot. do you guys have any idea what should I do? I want to set my own rules and prevent the android from setting the default rules.

Odoo doesn't work as expected after enabling TLS on Nginx (Ubuntu 22.04). When I click on the editor button on Website or eLearning section, the browser keeps on waiting with the running circle.

I have also tried adding proxy_set_header Content-Security-Policy "upgrade-insecure-request;"; in the configuration file.

These are my 3 servers.

Load Balancer-192.168.1.72
Server-01-192.168.1.79
Server-02-192.168.1.80

In Load Balancer Server, I've configured these things in /etc/nginx/conf.d/load-balancer.conf

upstream backend{
  server 192.168.1.79:80;
  server 192.168.1.80:80;
}

server {
  listen 80;
  server_name localhost;
  
  location / {
  proxy_pass http://backend;
  }
}

In server-01, I've configured this thing i ...

I don't understand exactly how things work and how to solve the following correctly.

I have a mounted HD to my server, to this I upload and download photos from domain X. This works perfectly. Domain x has these owner/group numbers: 2000/5000, I can upload and download the photos from folders with 755 permissions. Now I am working on a second website with domain Y, on the same server and it needs ...

OS: almalinux9

2610:150:c002::1:a563 is the IPv6 address of my local network card eno2.

[root@alpha ~]# ip addr show eno2
3: eno2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether b8:ca:3a:f9:54:f8 brd ff:ff:ff:ff:ff:ff
    altname enp1s0f1
    inet 192.168.3.242/29 brd 192.168.3.247 scope global noprefixroute eno2
       valid_lft forever prefe ...

I have proxmox with an Ubuntu lxc container where docker is installed and containers running. When I reboot my node, although the lxc container starts on boot, docker services start only when I login as root in the console. Is there a way

1. lxc automatically logs in (as root or another user on boot)
2. docker service start automatically irrespective of there been an automatic login or not Thank you in anti ...

I currently have a modern managed Window's 10 workstation on 21H2 which is joined to a Azure Active Directory domain. I am trying to RDP to this workstation from a windows 2016 server that is still on premise (we also have a Domain controller still on premise).

Whenever I try and connect it will not accept my username and password even though they are correct. I have tried email address and passw ...

I'm working on a Postgres upgrade with pg_upgrade, and the meat of the process is copying the database's datafiles [unmodified] from the old cluster directory to the new. In order to not bloat the data volume I've attached a second EBS volume to the instance. Also, in order to get the upgrade completed quickly, I've set the throughput to its maximum value [1000MiB/s] and left the IOPS as default [4000]  ...

I am getting these two errors in my mail logs:

Aug 25 22:51:23 ns1 postfix/smtpd[246267]: warning: unknown[94.156.102.101]: SASL LOGIN authentication failed: authentication failure
Aug 25 22:55:22 ns1 postfix/smtp[247251]: warning: SASL authentication failure: No worthy mechs found

My server is running Webmin & Postfix. I have installed libsasl2-modules, but this was already installed and did not fix ...

Our compliance department wants us to remove the 'Server' header when someone hits our server via IP address. I don't know how to accomplish that, can someone help? To be clear, I know how to do this on a website we are hosting (e.g. www.example.com) I can configure IIS to return the following headers:

HTTP/1.1 200 OK
Transfer-Encoding: chunked
Location: https://www.example.com/
Date: Fri, 25 Aug 2 ...

I have 2 of these cables lying around that come with the used rack that I purchased. I am trying to identify these cables and what KVM switch they connect to.

Belkin KVM switch cable

I'm referring to a VPS that's running software for mail services that's supplied by the VPS host. The VPS has 1 IP address and the mail software license supports only 1 domain.

I'm now adding a second domain to the VPS on the same IP address. There's a quite large increase in cost to license the pre-installed mail software for 2 or more domains. For that reason I'd like to configure a different ...

I'm using borgmatic to backup my whole server. As I'm runing LVM, I mount LVM snapshots to /media/.. and back them up.

   source_directories:
    - /media/snapshot-root/
    - /media/snapshot-var/
    - /data/home

That results in paths inside the backup beginning with /media/snapshot-root/ which is ugly, hard to understand and unnecessary. For example If I want to restore /etc I have to take a look int ...

We have the following DNS records:

www CNAME (ALIAS) webclusters.clubessential.com
@ A 104.18.129.113
@ A 104.18.130.113
* A 104.18.129.113
somesubdomain.ourdomain.com A 34.174.158.48

The wildcard A record seems to be overriding the record pointing to 34.174.158.48 verified by dns propagation tool and a ping to somesubdomain.ourdomain.com (ping results in 104.18.129.113). Note: we are past the normal  ...

I configured auditd to send the logs to SIEM through rsyslog. But when I get those logs the proctitle is in hex.

Ex.:

<134>Aug 25 17:08:44 vmauditd tag_audit_log: node=vmauditd type=PROCTITLE msg=audit(1692983317.146:7444): proctitle=6E63002D6C766E700032323232

I would like it to come like this:

<134>Aug 25 17:08:44 vmauditd tag_audit_log: node=vmauditd type=PROCTITLE msg=audit(1692983317 ...

How does the 64GB physical RAM limit for Windows Server 2019 Essentials apply when it's run as a virtual machine instance on VMware ESXi?

For example, if I had 128GB of physical RAM on the server in total, while only 32GB is allocated to the Windows Server VM, will there be any issue with licensing or making use of the remaining RAM available to other VMs?

As a follow-up question, since Windows Serv ...

I am using l2gateway port to attach a physical L2 segment to a logical network. But both the logical network and the physical segment has one common IP, say 10.0.0.1. I want to prevent the traffic from physical segment to logical network for this IP so that the traffic will always reach the 10.0.0.1 in the physical segment. What is the best way to do this?

I tried creating a port group with just  ...

BLUF: How does VMWare's implementation of RAID5/6 work?

Below is VMWare's chart for RAID5/6 in vSAN:

It seems VMWare is altering RAID's terminology. When I hear RAID6 I think two parity of something; usually two parity drives and subsequently we can tolerate two failures. I'm having trouble making sense of this chart for a couple of reasons:

• What is the difference in row 2/4 between RAID5 and 6? The ...

My company's goal is to route MySQL traffic through an SSH tunnel, but using a reverse proxy through NGINX. We created a Linux box in our Azure environment, but are struggling to complete the process.

I was going to open an SSH tunnel locally, and then route the reverse proxy to the local ssh tunnel address, however I am not sure that will work...

Thoughts?

I am recently facing randomly unresponsive applications. I would like to exactly pinpoint / debug the reason that causes the application to hang.

CPU utilization is low, memory usage is normal. So I assume it must be some kind of I/O wait, but how can I find out for sure?

Has anyone come across a front-end (web based PHP preferably) for generating preseed files for automated server installs? Seems like the backend config changes occasionally so I'm sure keeping it up to date is a pain. Even if just the expert_recipe section, that would be a huge help.

I'm creating a simple Ceph cluster and trying to connect to Ceph Gateway.

This is ceph status output of my Ceph cluster:

  cluster:
    id:     a7f64266-0894-4f1e-a635-d0aeaca0e993
    health: HEALTH_WARN
            mon is allowing insecure global_id reclaim
            1 monitors have not enabled msgr2
            5 pool(s) have no replicas configured

  services:
    mon: 1 daemons, quorum rhcsa (a ...

I'm working on automating the installation of a macOS application using Ansible. I am installing the application by copying its .app folder from a .dmg image to the /Applications/ directory.

After doing this, I attempt to launch the application via SSH with:

sudo -u buildworker open -a /Applications/Name.app

However, I receive the following error message:

The application /Applications/Name.app  ...

I am currently instructed to devise a scheme for managing stack dependencies (10 fixed stack dependencies given) and environments (a combination of stacks) as part of a challenge. There is no documentation and information are rather abstract. I need to find a way to parse stacks and environments (stored in yaml) and iterate through each environment and build dependencies and/or find missing ones. I have ...

I have created a custom OIDC authorizer for a AWS API Gateway (REST). It currently support tokens signed using the RS256 algorithm, and will otherwise fail.

The .well-known OIDC endpoint lists the following supported algorithms, so everything is OK:

"id_token_signing_alg_values_supported":["RS256"]

https://login.microsoftonline.com/1d063515-6cad-4195-9486-ea65df456faa/v2.0/.well-known/openid-configuration ...

I'm getting error 800f0986 when I try to install the july or august update for windows 2019 In the cbs file I get such messages. Tell me how to solve the problem?

2023-08-25 09:52:53, Info                  CSI    00000054 Component Microsoft-Windows-DirectoryServices-Domain-Tools-Command-ldp.Resources, version 10.0.17763.4720, arch x86, culture [l:5]'en-US', nonSxS, pkt {l:8 b:31bf3856ad364e35} doe ...