Latest Server related questions

My SSH server is configured to use certificate authentication, so it will trust anyone who presents a certificate issued by the user CA when they connect.

For reasons related with audit logs, I don't want my server admins to access the server with root. Which would be the standard way to have user accounts created in the server, so admins can log in using their own accounts?

I'm thinking of a flow l ...

Imagine I have two EC2 instances A and B, in the same region/vpc, but in different AZs.

I want to transfer 1TB from A to B.

Now let's imagine two scenarios:

1. I send the data from A to B directly.
2. I upload the data from A to S3, then download the data from S3 to B, and finally delete the data from S3.

Pricing-wise:

1. I get charged at $.01/GB twice (once when data gets out of A, once getting into B), so 1 ...

i have ubuntu vps server, and want to use TPROXY to handle all outgoing traffic by Go Simple Tunnel , i apply these ip table rules

iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT

iptables -t mangle -N GOST
iptables -t mangle -N GOST_LOCAL

iptables -t mangle -A GOST -p  ...

I want to check the SSL/TLS certificate on the server side, so, on the client, when I do

var webHandler = new WebRequestHandler();
var cert = new X509Certificate2(Path, Pass); 
webHandler.ClientCertificates.Add(cert);
webHandler.AuthenticationLevel = AuthenticationLevel.MutualAuthRequired;
var httpClient = new HttpClient(webHandler)

And the posting the request to the GrantResourceOwnerCredential ...

We have a server under DigitalOcean running Ubuntu 22.10

On that server are four processes each of which maintains a socket connection to a service on a different remote machine. So four processes each connected to one of four different remote hosts.

Each process sends a 'ping' to ensure the connection is alive and records the ping time in a database table.

Occasionally we see all four connections dyin ...

I need to get https enabled on a webserver (RHEL 7.9, httpd 2.4.6). We were provided a pem file, with the following format:

-----BEGIN CERTIFICATE-----
//
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
//
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
//
-----END CERTIFICATE-----

and a .key file

-----BEGIN PRIVATE KEY-----
//
-----END PRIVATE KEY-----

I've seen guides and tutorials onl ...

On a VM in azure we mount some blob storage via NFS, which generally works good. I now found though, that df reports wrong values for usage of the NFS storage:

root@myVM:~# df -h /mnt/blob/
Filesystem                                             Size  Used Avail Use% Mounted on
storagename.blob.core.windows.net:/storagename/data  5.0P     0  5.0P   0% /mnt/blob

As you can see, it looks like we don't ...

I am running multiple Webservices on my Ubuntu 22.04 Server and want them to bind to specific Ports which works without problem but when trying to connect it is not working and portchecker returned me that the Port is closed.

I tried to open the port via iptables, which did not work and ufw is not even installed. Do you know if there are other Firewalls on Ubuntu my hoster could have installed? I ...

A system I am working on was based on Debian Buster (via Raspberry Pi OS).

I could shut down Wi-Fi by stopping wpa_supplicant, and it worked fine.

I have now updated my system to be based on Debian Bullseye, and things aren't working right any more.

Specifically - when wpa_supplicant finishes closing down, dhcpcd is reporting "carrier acquired" (it would already have seen "carrier lost" at this point)  ...

I run a small business with 5 to 10 computers. We have two optic fiber links plugged into a TP-Link TL-ER605 load balancer. There are 4 Tenda MW6 Mesh routers spread across our place to distribute wifi, plus two computers that are connected through CAT5 cables to the load balancer itself.

The problem is, the Internet is quite unstable. I quite often have to reboot everything manually. But my gues ...

Tell me what this problem may be related to

query: SELECT /*!40001 SQL_NO_CACHE */ * FROM tblLogs;

enter image description here

I have a bunch of indexed pages that start with the same word and they are all 404 so I want to redirect them all to the homepage of the site. The server is Apache, so I would like to use the .htaccess file.

So I need to redirect pages (for example):

https://example.com/page-1.html

https://example.com/page-2.html

https://example.com/page-3.html

https://example.com/page-4.html

https://example.com/page-5.ht ...

I recently wanted to upgrade my Postgres version from 14.2 to 15.

The first thing I did, was delete all postgres related directories:

michael@local var % postgres --version
postgres (PostgreSQL) 14.2

michael@local var % pwd
/usr/local/var

michael@local var % ls
cache   homebrew    mongodb     postgres.old    postgresql@13
db      log         postgres    postgresql@12   run

michael@local var % rm -r ...

hope this question is not too silly.

In Apache I'm using ProxyPass:

<Location />
  ProxyPass http://localhost:3000/
</Location>

However I cannot be sure the http://localhost:3000/ will be available. If not apache will crash. How can I make it still working even though upstream is not available? BTW, I'm using Apache as a container.

I have the following problem. I use Ansible to run an installation script on remote servers, and the script reboots the server in the end. As a result, the task ends with "Failed to connect to the host via ssh: Connection closed" failure. I use ignore_unreachable: true to prevent the task from failing, but my main problem is that I would like to be able to see stdout of the task. For some reason, bot ...

cURL doesn't seem to care about closing the connection to a server even when I include the "Connection: close" header?

It respects the header for http, but not for https, seems like?

curl -v -H "Connection: close" -o nul --http2 http://www.google.com results in

* Closing connection 0

but curl -v -H "Connection: close" -o nul --http2 http://www.google.com results in

* Connection #0 to host www. ...

Our internal Apache instance on a Windows server is regularly filling up the disk with C:\Apache24\logs\ssl_request.log.yyyy-MM-dd.log logs.

They seem to be rotated, although their sizes vary (200 - 700MB).

I see no value in these logs for this internal server. Can I disable them?

I found no entry in the httpd.conf - only for the error and access logs.

Is there any can give a solution about how Nexus 3064 could be configured QoS or shaping on their interface? I'd trying use some policy-map but still doesn't working.

I am trying to find out which data type is better to store time data inside either MySQL or Cassandra database for a big application like Facebook or Instagram? There are a lot of similar questions and answers but I couldn't finally realize which one is the better choice?

So I decided to ask such a question to see if anybody knows what data type do giant applications use to store their time data? ...

I’m confused by all of this and need help. I setup an Azure S2S tunnel from Azure to my On Prem DC. This is for AD and AAD to sync. We have a new billing system coming in and the only way they’ll allow SSO is an IPSec tunnel.

How do I add an additional connection to them? I see the tutorials on how I built what I have already but nothing with my particular scenario. When it’s asking for a  ...

I'm running Ubuntu Server 20.04, and have successfully set up netdata. My netdata's Nginx virtual host file looks like this:

upstream backend {
   server 127.0.0.1:19999;
   keepalive 64;
}

server {

auth_basic "Protected";
auth_basic_user_file /etc/nginx/netdata-passwords;

   server_name netdata.example.com;
   location / {
     proxy_set_header X-Forwarded-Host $host;
     proxy_set_header X-Fo ...

So I am a bit new to the VPN stuff and am currently getting a little desperate.

For what I want to do. I have rented a little server somewhere (static IP, Domain and everything). Now I want to run some services on that server via docker. Those services should not just be accessible by everyone, but only with a valid VPN connection to the server. (The firewall currently blocks access to those port ...

(I know 2013 is shortly out of support, and it will be replaced, but in the interim, I'm experiencing an issue I would like to fix.)

I will use telnet over port 25 as my example, but normal traffic also behaves the same way.

When I send a packet over port 25 to specific nodes in my Exchange cluster, it takes between 11 and 14 seconds before the banner is displayed with a 220 response. Since this aff ...

My WordPress site is sitting on a single EC2 instance. My site has 60GB worth of files and a 800MB database size. My site is running out of space just by running the Duplicator plugin to back it up. What would be your recommended alternative? EBS snapshot? AMI? etc?

UPDATE: I'd like to keep the backup files remotely.

I have a client with a centralized print server (Windows Server 2019) that manages about 65 printers with ~200 users (max). The Windows Print Spooler crashes 5+ times a day, and it's always due to faulting module "wsnmp.dll". From what I've been able to find online so far, I suspect that one or more of the client's Konika-Minolta printers is causing the crashes, but I'd like to be able to know for certa ...

Has anyone else experienced issues with USB SATA HDD adapters working fine for traditional hard disks but not for SSDs?

I haven't been able to find any information about this, but I've now encountered this issue with multiple SSDs and multiple adapters.

The even more wierd thing is that a particular SSD might work once or twice and then it stops working with all the USB adapters I have, even though  ...

I have some IPv6 nodes in two IPv6 networks. There is a single IPv6 router, link-local to all nodes.

The router sends out router advertisements(RA) containing two prefixes for the two networks. The nodes in the network accept the RA and create two random addresses with the prefixes.

I want to configure one node (Alpine Linux) to have a static address for one of the two prefixes, while using SLAAC for  ...

I am writing a TypeScript-NodeJS application and want to handle object ids and created_at TIMESTAMP within the NodeJS application, instead of using MySQL or Cassandra built-in UUID or TIMESTAMP generator.

1- First of all I like to know is this a good idea to generate id and created_at values within a web server application instead of letting databases generate them?

2- Secondly, I want to know if I us ...

I'm adding a preload library using /etc/ld.so.preload. My problem is, it doesn't take effect until a new shell is created. This also happens if I remove the preload library. I get error messages for the missing library until I load a new shell.

So, my question is, How can I force a reload of /etc/ld.so.preload? I looked a the man pages and can't find anything describing the mechanism of when or how it i ...

I just installed nginx poxy menager and nginx. I have a webserver on port 8021 and i want to have it on panel.mydomain.com:80 with https.

I'm trying to forward a webserver on port 8021 to a subdomain at port 80

Tried "Streams" but it dosent support SSL