Latest Server related questions

I am new to Kubernetes and I am trying to install it on an EC2 instance based on Ubuntu 22.04. Initially I was following the tutorial here. However, I believe it might be either misleading or outdated because at the very least, the Docker installation was giving me issues. I overcame those issues by installing Docker with these instructions instead. With that out of the way, I ran sudo kubeadm init

Issue : after server reboot apache2 won't automatically start (have to manually ssh and start via systemctl which starts without any issue)

Error message:

Feb 08 05:53:46 domain1_test.com systemd[1]: Starting The Apache HTTP Server...
Feb 08 05:53:47 domain1_test.com apachectl[834]: (99)Cannot assign requested address: AH00072: make_sock: could not bind to address [xxxx:xxxx::xxxx:xxxx:xxxx:xxxx]:80
F ...

Preface: I've boiled down a problem I'm having to this simple reproduction, which admittedly looks pretty strange out of context.

From powershell (PS), if I use Start-Process to start notepad and capture the process ID, I can kill it with Stop-Process, no problem:

PS > $x = Start-Process notepad.exe -PassThru
...
PS > Stop-Process $x.id

I can do the same with cmd.exe, again without problem: ...

I am struggling to find how to write this scenario 301 redirect to nginx:

https://mydomain/$

to be converted

https://mydomain/en_us/$

Actually I need to add "en_us" just after mydomain and just before my dynamic urls

What I tried is this:

location /
          {
             rewrite ^(/.*)/ $1/en_us/$ last;
          }

But no luck

Any help please?

Hello I have a GCP VM which is out of disk space (a 10 GB disk). I am using ncdu to figure out where all the space is being used.

--- / ---------------------------------------------
.   4.3 GiB [##########] /snap
.   3.2 GiB [#######   ] /var
    2.1 GiB [####      ] /usr
.   1.7 GiB [###       ] /home
...... 

--- /snap ---------------------------------------------
                         /..
    2 ...

I'm trying to configure prometheus alertmanager on Debian 11 with the following unit file:

[Unit]
Description= Prometheus Alertmanager
Wants=network-online.target
After=network-online.target

[Service]
User=alertmanager
Group=alertmanager
Type=simple
ExecStart=/usr/local/bin/alertmanager
--config.file /etc/alertmanager/alertmanager.yml
--storage.path /var/lib/alertmanager/

[Install]
WantedBy=multi-us ...

I have a Laravel app that works perfectly fine when running with php artisan serve but when trying to use nginx as the frontend I'm having all sorts of trouble getting this to work properly.

I basically have this structure:

root@server:/var/www/html# tree -d -L 4
.
`-- app
    |-- C4
    |   `-- www
    |       |-- sites
    |       `-- site-assets
    `-- prod
        |-- app
        |-- bootstrap ...

We are standing up a new environment and will be installing SIEM tools, etc. in the future. We have a few dozen Windows 2019 servers so far. I've been tasked with providing a solution for monitoring Windows Services and Event Logs in the near term until formal tools are put in place. Preferably free and Microsoft, but open to suggestions. This is a disconnected environment, no internet. Thanks in advanc ...

Apache CloudStack v4.17.2

I am trying to setup CloudStack Advance Zone with security groups.

I have two network bridges cloudbr0 (10.4.1.1/16) and cloudbr1 (10.6.1.1/16). I am using cloudbr0 for Management Network and cloudbr1 for the Guest Network.

I am trying to configure the first host and the management server on the same system. Below is configuration for Zone Setup

Zone:
    IPV4 DNS: 8.8.8. ...

I make few similar jails for different ports...

jail names: http_https_deny, dns_deny, ftp_deny, smtp_pop3_deny, ssh_deny

here firewalld and fail2ban settings for http_https_deny(other almost same, just different ports):

LOG_TAG1=HTTP-DENY_
LOG_TAG2=HTTPS-DENY_
F2B_NAME=http_https_deny

sudo firewall-cmd --zone=public --add-rich-rule="rule family=ipv4 port port=80 protocol=tcp log prefix=${LOG_TAG1} drop ...

I have a console application that can be run when a user executes it via the Windows Start Menu; however, if that same application is wrapped into a Windows Service and the same user account is used to run it the Service fails to start with the error "5: Access Denied".

Here are some additional details:

• User account has Log on as a service property set
• No log file is created so the error occurs before ...

I'm executing a crontab where it call the script of python and the crontab are executing very well, but when I execute the crontab I need its will create other file in another directory, but that doesn't do what I want.

But when execute manually script those create the file that i Need

I want know if with linux can I something more or i have check the code of script

this is the crontab

When attempting to access an intranet site, Chrome will ignore our DNS settings and navigate to a public page.

Our computers are referencing only our private DNS server. Last week, I disabled built-in DNS and DoH in Google Workspace Admin (Devices/Chrome/Settings/Users & Browsers) as seen here, and that rule is applied at the top most level, with no overrides at lower levels. That being said, another ...

Did found the similar question earlier but no solution there. How to create cloudwatch alarm for multiple ec2 instances?

Let's say I have 15 ec2 instances, I can group them with a tag, how to create single cloudwatch alarm for only these set of machines?

There are other solutions mentioned to create a script to create individual alarm for all these machines, but how to use a single alarm for all the ...

I have a Windows 11 Pro machine (192.168.2.40 - WiFi Intel Wireless-AC 9560) that having spotty access issue to a local Linux SAMBA server in (192.168.2.33 - wired to the router). Pinging sometime failed as if connection is lost.

The mentioned Windows 11 Pro machine can enjoy steady internet which provided by the router (192.168.2.1). What could be the cause of this?

Many times when the Windows 11  ...

I have a Django website running via nginx under user www-data and gunicorn under user myuser bound at /run/gunicorn.sock.

nginx works just fine; it acts as a proxy to the gunicorn Unix domain socket. I'm not having any problems with nginx.

redis-server also works just fine. It's domain socket is at /var/run/redis/redis-server.sock.

When I enable CACHES in my Django settings file, I get the following ex ...

I have a landing page and a wordpress site in a subfolder

example.com -> landing page
example.com/blog -> wordpress

I want to serve the wordpress site on a different server. I created a server( blog.example.com) and moved all files and databases that belong to wordpress. I have changed nginx configuration (example.com) a bit and added those lines below

  location /blog {
    proxy_set_heade ...

I have a linux box which is an openVPN client all its traffic goes through the tunel , i have an nginx server that i want to go through eth0 and what i tried to do is to reroute all traffic on port 80 through eth0 via 192.168.1.1

root@digger02:~# ip route
0.0.0.0/1 via 10.8.0.1 dev tun0
default via 192.168.1.1 dev eth0 proto dhcp src 192.168.1.154 metric 10
10.8.0.0/24 dev tun0 proto kernel scope l ...

[root@VMkernelPortESXiHost:~] /usr/lib/vmware/secureboot/bin/secureBoot.py - c Secure boot CANNOT be enabled: All vib signatures verified. Failed to validate loaded tardisks: Errors: [ValueError] VIB VMware_locker_tools-light_12.0.6.20104755-20491463 does not have signed XML data Please refer to the log file for more details. . All acceptance levels validated

How can I enable Secure Boot so I can ...

I'm curious how mail servers behave when a hostname is balanced between two machines.

For example, when given these records:

example.com MX 10 mailer.example.com
mailer.example.com A 123.123.123.1
mailer.example.com A 123.123.123.2

When 123.123.123.1 temporarily fails to handle a mail, will the mailer retry immediately with 123.123.123.2? Or will it immediately treat it as a (temporary) failure?

Is there a way to block out a range of ips in the VPC?

Alternatively is there a way to get docker (docker compose) to use dhcp to get ip addresses? If it does so will they be blocked from being assigned to future vms you spin up in the vpc?

How do I get rid of this warning?
The task works as expected but I would like to do it correctly

I have tried to fish out the value for ansible_facts.services["{{ component }}.service"].state and save it in a variable without any success.

---

- hosts: localhost
  become: no
  gather_facts: true

  vars:
    component: firewalld

  tasks:

  - name: Populate service facts
    ansible.builtin.serv ...

i try to access an EKS cluster on AWS with AWS Account (same i use for the console)

steps i followed :

aws configure with info provided in the "Command line or programmatic access" (AWS Access Key Id/AWS Secret access key) + add the AWS session token in the credential file.

aws eks update-kubeconfig --name XXXXXXX --region eu-west-1

in the ConfigMap : aws-auth file i added - system:masters in the gro ...

My SSH server is configured to use certificate authentication, so it will trust anyone who presents a certificate issued by the user CA when they connect.

For reasons related with audit logs, I don't want my server admins to access the server with root. Which would be the standard way to have user accounts created in the server, so admins can log in using their own accounts?

I'm thinking of a flow l ...

Imagine I have two EC2 instances A and B, in the same region/vpc, but in different AZs.

I want to transfer 1TB from A to B.

Now let's imagine two scenarios:

1. I send the data from A to B directly.
2. I upload the data from A to S3, then download the data from S3 to B, and finally delete the data from S3.

Pricing-wise:

1. I get charged at $.01/GB twice (once when data gets out of A, once getting into B), so 1 ...

i have ubuntu vps server, and want to use TPROXY to handle all outgoing traffic by Go Simple Tunnel , i apply these ip table rules

iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT

iptables -t mangle -N GOST
iptables -t mangle -N GOST_LOCAL

iptables -t mangle -A GOST -p  ...

I want to check the SSL/TLS certificate on the server side, so, on the client, when I do

var webHandler = new WebRequestHandler();
var cert = new X509Certificate2(Path, Pass); 
webHandler.ClientCertificates.Add(cert);
webHandler.AuthenticationLevel = AuthenticationLevel.MutualAuthRequired;
var httpClient = new HttpClient(webHandler)

And the posting the request to the GrantResourceOwnerCredential ...

We have a server under DigitalOcean running Ubuntu 22.10

On that server are four processes each of which maintains a socket connection to a service on a different remote machine. So four processes each connected to one of four different remote hosts.

Each process sends a 'ping' to ensure the connection is alive and records the ping time in a database table.

Occasionally we see all four connections dyin ...

I need to get https enabled on a webserver (RHEL 7.9, httpd 2.4.6). We were provided a pem file, with the following format:

-----BEGIN CERTIFICATE-----
//
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
//
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
//
-----END CERTIFICATE-----

and a .key file

-----BEGIN PRIVATE KEY-----
//
-----END PRIVATE KEY-----

I've seen guides and tutorials onl ...

On a VM in azure we mount some blob storage via NFS, which generally works good. I now found though, that df reports wrong values for usage of the NFS storage:

root@myVM:~# df -h /mnt/blob/
Filesystem                                             Size  Used Avail Use% Mounted on
storagename.blob.core.windows.net:/storagename/data  5.0P     0  5.0P   0% /mnt/blob

As you can see, it looks like we don't ...