Latest Server related questions

I am coping with an issue for the past days with which I cannot get my head arround, it addresses routing.

Setup and context:

NetworkDiagram

As depicted in the diagram below, my goal is to call the "Remote Target" from the "Source-VM". The packets need to travel through the "Router-VM" and subsequently through a VPN tunnel (here depicted by the name "GatewaySubnet" to the target 128.20.20.5).

The ...

I am trying to redirect the incoming traffic to tcp/80 of the public IP interface of Mikrotik router to the internal server with reverse proxy.

No matter what I do, the NAT rule does not work with tcp/80 as dst-port. If I change it to the tcp/8080 or any other port, it starts working.

With tcp/80 as dst-port, it seems like the packet can reach the target machine but the replies won't make it back. ...

i have this problem:

I have a ionos dedicated server i have installed a proxmox on it, i have an additional ip address for my routeros virtualized machine ionos delivered me this ip via vlan 1010:

enp35s0-vid1010->Vmbr0<--CHR RouterOS ether1 217.xxx.xxx.164/32 gateway 10.255.255.1

Untagged is the server ip 217.xx.xx.10/32 gateway 10.255.255.1 Server is able to go in internet and receive connectio ...

I have a very specific question about DTLS and Windows that I can't seem to find on Google. At our company we recently decided to disable specific cipher suites for TLS and only allow the most secure ones, this is our list:

TLS_AES_256_GCM_SHA384

TLS_AES_128_GCM_SHA256

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_RSA_WI ...

You can say i'm beginner in using Centos. Our regional want to use packages.microsoft.com as repository. We have open the firewall to the packages.microsoft.com. Tracepath is no issue, but when we are doing yum update it is still failed. I try doing openssl to packages.microsoft.com, but only CONNECTED, it didn't get the Certificate.

Can anybody have similar problem? Or anybody know how to solve it?

My topology includes HostA running OpenVPN client connecting to server on HostB. HostB has OpenVPN client connecting to server on HostC. Both tunnels are open and I can send curl requests through each but I cannot get traffic routed from HostA, through HostB, to HostC. For example:

        Public          Private         Client Tunnel   Server Tunnel
HostA   1.1.1.1         10.120.177.168  10.8.0.6 ...

I've been reading the official documentation and various articles but it's unclear to me. My organization has multiple users and multiple repos. It would not be right to merely authenticate as a particular github user (Personal Access Tokens), because a colleague logging into the shared dev server could access another's private personal repos if they can authenticate as a particular github user. Having  ...

So, I'm trying to do a very basic Nginx redirect from https://strnordicfin.eu/magnesium-fakta to https://strnordicse.eu/ntr/some/magnesium/ (just training domains, no worries).

My nginx-config looks like this,

worker_processes  1;
events { worker_connections  1024;
}
http {
server {
listen 80;
location https://strnordicfin.eu/magnesium-fakta {
rewrite   https://strnordicfin.eu/magnesium-fakta htt ...

I'm trying to dockerize a microservice built with Spring Boot that uses the MySQL database and Flyway.

When I run the microservice through the IDE, the flyway manages to connect with MYSQL, but when I run the command sudo docker compose up there is a Communications link failure and a problem creating the 'flywayInitializer'.

I am using Spring Boot 2.7.12, MySQL 8.0.33, Docker 24.0.1 and Ubuntu 20.04 ...

I am trying to limit VPN access to a private network running in Openstack. The wireguard server is inside the private network and the traffic is routed to its private ip address from Openstack. Inside the private network is a Dns Server all clients need to reach and for each client a specific server. The clients should only reach their specific server and the dns server. Administrators should also acces ...

I have a Postfix installed on an Oracle Linux server. This Postfix is configured to receive emails from another Postfix server, which are sent externally through the Fortinet Cloud Email Security Gateway.

From time to time, mail delivery fails and the mail.log displays the following error message:

"Delivery temporarily suspended: Connect to abc.fortimailcloud.com[x.x.x.x]:25: connection timed out."

As far as i know, in docker you have to describe the ports that will be used on container while creating it, and you cannot add any other ports afterwards.

But as i see, in kubernetes you can "expose" the ports after the creation of the pods.

So while docker is not allowing it, how come kubernetes can do that ?

Thanks

I'm trying to setup a reverse proxy to an application that I'm building. The application is split into two docker images. First is a web UI, which can be reached via https://example.com/

The second docker image, has base addresses that I'm interested in. The first, is https://example.com/swagger and the second is https://example.com/api

When I navigate to example.com everything works as expect ...

Have read other posts; they do not yield much light.

Situation:

• Kubernetes cluster with ingress points to
• Several nginx containers that proxy-pass to a
• Node application on a specific URI via location /app/

What we see:

After days of working without problems, at the same time all 3 nginx containers start reporting upstream issues to the node app - that connection is unexpectedly closed by the cli ...

$ docker pull {ACCOUNT-ID}.dkr.ecr.{region}.amazonaws.com/{repository-name}:ecr
Error response from daemon: pull access denied for {ACCOUNT-ID}.dkr.ecr.ap-south-1.amazonaws.com/{repository-name}, repository does not exist or may require 'docker login': denied: User: arn:aws:iam::{ACCOUNT-ID}:user/pull-user is not authorized to perform: ecr:BatchGetImage on resource: arn:aws:ecr:{region}:{ACCOUNT-ID}:repos ...

I've been trying to install monit with an ansible playbook. I'm changing the monitrc file and when the playbook restarts monit, I get :

Jun  8 08:00:30 myserver monit[1857462]: Starting daemon monitor: monit
Jun  8 08:00:30 myserver monit[1857465]: /etc/monit/monitrc:10: invalid mail format '#015'
Jun  8 08:00:30 myserver monit[1857465]: /etc/monit/monitrc:11: syntax error 'subject: $HOST -- $EVENT ...

I encountered an issue while attempting to create a duplicate of an existing mapped drive Group Policy Object (GPO) and modifying it for a different path in my environment. Unfortunately, I made a mistake by specifying an incorrect path, resulting in an error. Although I promptly removed the GPO, I'm still encountering the same error when trying to navigate to the user configuration and preferences sect ...

I use docker on Ubuntu bionic.
docker build and docker run commands work super slow. It takes few minutes to run a container and few minutes to process each RUN command in dockerfile during building it.
Other docker-cli commands work good.

What can be the reason for such a behavior?

Versions of packages:

• containerd.io - 1.6.20-1_arm64
• docker-ce - 24.0.2-1~ubuntu.18.04~bionic_arm64
• docker-ce-cli - 24.0 ...

I have installed SFTP on 3 separate windows server with the same config. One of them is having intermittent slow logins. About a minute to log in but sometimes it logs in within seconds.

I have changed the SSHconfig to not use DNS UseDNS no

I have done a debug ssh -v user@localhost and it looks like its getting stuck on below when it takes a while to log in.

debug1: Local version string SSH-2.0-OpenSSH_ ...

I checked the log using journalctl -u google-cloud-ops-agent-opentelemetry-collector.service and found below erorr

cannot configure Google Cloud metric exporter: stack driver: no project found with application default credentials

I also have set the credential using gcloud config set account [email protected] with role Editor.

it seems it cannot read the credentials or I'm missing othe ...

I have a question. How would the following mod_jk directives be interpreted?

<VirtualHost *:443>
  ServerName backend.example.com

  ...
  JkMount /api/prod     worker1
  JkMount /api/prod/*   worker1

  JkMount /api/prod     worker2
  JkMount /api/prod/*   worker2
  ...

</VirtualHost>

My RAID 1 array has two disks as stated by # mdadm --detail /dev/md0

...
...
...
    Number   Major   Minor   RaidDevice State
       5       8       32        0      active sync   /dev/sdc
       4       8       16        1      active sync   /dev/sdb

Somehow mdadm assigned /dev/sdc on raid device index 0 and /dev/sdb on raid device index 1

Is it possible to reassign driver so /dev/sdb gets raid devi ...

I cannot see my OpenVPN TAP adapters in Hyper-V external switch bridging. Is it even supported in Hyper-V? I do not see any documentation where it says it is either supported or not. I have Windows 11 Enterprise by the way.

I can however see it in other virtualization software such as Virtualbox.

Trying to get Windows Active Directory DC (with SHA1 signed certificate) to accept LDAP(StartTLS) connections from WordPress Server using Next Active Directory Integration plugin. WordPress is running on PHP 8.2.4 and OpenSSL 3.0.8 which by default no longer allows use of certificates signed using SHA1. Want to know if Windows AD LDAP can be configured with multiple/fallback certificates to make this w ...

I'm working with a virtual Windows Server 2016 that's C: drive is filling up due to a high number of Users (over 2,000). The server acts as a Citrix host, which is leading to AppData dirs averaging 100MB or more.

I'm wondering if there's a way to redirect all current and new Users' AppData (ideally their entire Users dir) to another drive. I work in an environment where it would be difficult to ...

I'm having an issue where I receive the following errors when attempting an install with Anaconda Kickstart. The input below is the default when I enter the ‘inst.ks’ option

Input:

setparams 'Install Fedora 38'
    linuxefi /images/pxeboot/vmlinuz inst.stage2=hd:LABEL=Fedora-S-dvd-\x86_64-38 quiet inst.ks=hd:LABEL=LEXAR:/amd64-kickstart.cfg
    initrdefi /images/pxeboot/inird.img

Errors:

dracut- ...

I have an nginx reverse proxy setup to point to my nodejs app. When I enter the server IP in the search bar, the website pulls up as expected. When I enter the domain name I get an ERR_CONNECTION_REFUSED error.

I have the following sites-available file for my site:

server {
    listen   80 default_server;
    listen [::]:80;

    server_name mywebsite.com www.mywebsite.com <server_ip>;

    loca ...

Before adding a rule, ssh was working fine. For Jenkins, I added the custom tcp security group rule (8080) so i could access it. Then jenkins was working fine. Now, ssh does not.

Security Group rules screenshot

Even after removing the custom tcp which should restore the security group back to its original state, it does not ssh.

It gives ssh: connect to host ---.compute-1.amazonaws.com port 22: Conne ...

To set static IP for clients with distinct certs, we can set static IP for clients following jdmorei's answer. However, If duplicate-cn is set on the server side, so that many clients share the same cert, how can I set static IP for a specific client?

I'm trying to help someone resurrect a RAID1 mirrored LVM logical volume on an old server running Fedora 20 (lvm2-2.0.2.106, linux 3.19.8-100). One of the disks in the mirror is dead. The disk belonged to a VG named systemvg. vgchange says:

vgchange -a y --partial systemvg
  PARTIAL MODE. Incomplete logical volumes will be processed.
  PV qtva6m-iBhc-q3Zt-At1U-FiWH-iZd8-tjpR0u not recognised. Is  ...