Latest Server related questions

I continue down the frustratingly stop-start road of learning Kubernetes (specifically MicroK8S).

I build an image locally on a development laptop thus:

docker build -t k8s-workload .

This is a simple PHP web app that reports some request metadata. It builds successfully:

Sending build context to Docker daemon  13.82kB
Step 1/5 : FROM php:8.2-cli-alpine
 ---> c5f1f9770838
Step 2/5 : WORKDIR /root ...

My Nginx config file is:

server {
    listen 80;
    server_name localhost;
    location /a/ {
        return 404;
    }
    return 301;
}

When I run a request:

curl -v http://localhost/a/

I expect to see 404 code. But I receive 301 code. Why location /a/ {} directive is not working?

What is please the correct way to set Content-Type HTTP header for files uploaded on S3 bucket? We use S3 bucket as an origin server for hosting static websites. Bucket is accessed through the Cloudflare CDN.

After copying the files, the Content-Type by default is set to binary/octet-stream.

• Of course, I can set it up when copying via the AWS CLI for individual files, but even with reasonable automati ...

Is there any virus scanner installed on Azure App Service machines? When my web application is receiving a file, is it scanned on the wire? Or could I save it to disk, wait 2 seconds and if it disappears, assume that the machine's antivirus had removed it?

If this is not possible by default, would Microsoft Defender for Cloud enable this? It costs 15€/month/App Service so not bad if it contains ...

The problem was identified in the CI/CD environment - they are a group of server machines on redhat 7.9 (docker 19.x)

When trying to run docker build the following line fails:

RUN microdnf install yum

We are using a redhat image (redhat/ubi9-minimal) as base image. The above command is run on that.

The error:

(microdnf:6): GLib-ERROR **: 14:57:32.900: file ../glib/gthread-posix.c: line 1338 (g_system_t ...

I've just discovered I've inherited two WSUS servers. The person who looked after them left before I found out.

Some non-prod servers should be patched by these WSUS servers - setting are enforced by a GPO.

Servers that should be patched by them say 'Your device is up to date' with a last checked date of today but they aren't up to date so I started to investigate assuming some patches needed to be  ...

For my client, I'm migrating domain to point to a new website server. In order to do that, I'm changing A records to point to new server IP. After such change, client has lost possibility to send e-mails from his mail accounts located on old server. DNS Configuration is as follows:

Domain name: example.com

One should mean that this is a prette strait forward task.

I am using Windows Server 2022 and installed the "Server Role" "NFS Server". I shared the D:\ drive as "dev_files" by using the Explorer Properties dialog window on that drive. After that I was able to use this share on several UNIX based machines. Same directory is also shared via CIFS with the same name.

Later I decided to change the drive ...

i configure haproxy, when i type test.example.com it redirect me to example.com/test

This is what i want but the problem i want this happen without changing the url on the browser, i want it to keep test.example.com but send request to example.com/test

Here is my haproxy.cfg

**frontend tt bind *:80 bind *:443 mode http default_backend ss bind :443 ssl crt /etc/ssl/certs/ssl.pem

 http-request redir ...

Maybe a dumb question. In order to install a extra 3.5" drive I must shutdown the server and install? Or can I pop-out a front bay and install while powered on? And later format the new drive.

Today clamAV scanned my AWS instances and detect 24 infected files on each. It looks like false positive due to several reasons:

1. All these files are created in October 2022 (why were they detected only now?)
2. SSH port for each instance is protected by MFA + password + VPN.

So, my question, what my next steps should be in this case? Should I remove these files, as I understood it can be system files ...

Objective: I want to trigger a webhook on a private linux-machine (its a local system not connected to internet), which can delete the spool data generated by CUPS server in /var/tmp folder.

To achieve this

Approach1 I 1st checked the default CUPS configuration files and edited the files there. Lines like in /etc/cups/cupsd.conf

PreserveJobFiles No

and in /etc/cups/cups-files.conf

RequestRoot /var/t ...

I know that there are already many similar queries on this site, but I could not find a solution for myself in any of them. I have postfix version 3.6.4 configured for smtp. I need it to forward mail to recipients only from google. But when I try to send the mail, I get an error:

Jun  7 12:23:01 ubuntu-2gb-hel1-1 postfix/smtpd[20535]: connect from mail-wm1-f72.google.com[209.85.128.72]
Jun  7 12:23 ...

AWS ECR Login error: command: aws ecr get-login-password --region ap-south-1 | docker login --username AWS --password-stdin {id}.dkr.ecr.{region}.amazonaws.com

An error occurred (AccessDeniedException) when calling the GetAuthorizationToken operation: User: arn:aws:iam::{id}:{user/username}not authorized to perform: ecr:GetAuthorizationToken on resource: * because no identity-based policy allows the ecr ...

I have a react app that listening to localhost:3939

Then, I configured a Virtualhost like this to proxy pass the port 3939 on https://test.example.com:

<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName test.example.com

[SSL]

ProxyPass / http://localhost:3939/
ProxyPassReverse / http://localhost:3939/
ProxyPreserveHost On

</VirtualHost>
</IfModule>

I have another app listenin ...

my website which I host on a VM in Google Cloud was unresponsive, so I stopped and tried to restart the VM. Stopping didn't work without a hard stop. Restarting doesn't work either.

"A g1-small VM instance is currently unavailable in the europe-north1-c zone. Alternatively, you can try your request again with a different VM hardware configuration or at a later time. For more information, see the  ...

I have to deploy a new PKI hierarchy I have one domain and several subdomains I had thought about having a Root CA and a Sub CA.

What are the advantages of this option over having a root CA only?

Do you advise that the Root CA and the Sub CA should be of type "Enterprise" or would it be better to have the Root CA of type Standard and keep it off and the Sub CA of type Enterprise?

Thanks

I have recently built a physical server, this is a first for me as I've previously been using VPS's and other cloud-based solutions. I'm currently planning on hosting a few containers on this server:

• A Minecraft server to play with friends
• A website under the same hostname

• An Angular-powered website under a different hostname
• A Spring backend for that website
• A Mongo database for the backend

I have one Rhel7 and one Rhel9 server running in my local lab. When I'm listing all the installed packages uring rpm -qa | grep -i package I get following result: Package-12.2.5.-1.x86_64

The name of the rpm package is: Package_linux_v12_2_5_1.rpm.
I want to be able to query rpm using that name. This works for Rhel9 but not Rhel7

Rhel9

$ rpm -q Package_linux_v12_2_5_1.rpm
Package_linux_v12_2_5_1.rpm

I want to configure an nginx server to accept HTTP requests only from a specific server.

I am not sure if this should be accomplished through the listen directive, or by using allow/deny rules in location. Or another method that I am not aware of.

When trying to find documentation about listen, I haven't found an example that uses an actual external IP, only stuff like localhost or other interfaces.

I have two Ubuntu machines A and B in my local network.

Computer B has an openmediavault instance set up via KVM.

Computer B has the IP address 192.168.177.58, the openmediavault instance provides a service that I can access in the browser at the address http://192.168.122.153:3670 .

I cannot access this address in A's browser; but I can do so in B's browser.

How can I access the service of the openme ...

I'm currently trying to install node18 on a amazoncorretto:11 base image. I'm getting the error

#6 11.04 Error: Package: 2:nodejs-18.16.0-1nodesource.x86_64 (nodesource)
#6 11.04            Requires: libc.so.6(GLIBC_2.28)(64bit)
#6 11.04 Error: Package: 2:nodejs-18.16.0-1nodesource.x86_64 (nodesource)
#6 11.04            Requires: libm.so.6(GLIBC_2.27)(64bit)

which is described here: https://github.com/ ...

I'm facing an issue where the browser is not sending the username with the request headers in my web application. I've tried using Google chrome and Edge for testing purposes.

I have observed this problem specifically with the following request:

Method: GET URL: /AcimProxy/v1/results/e347969bbcf23c1ad009da6227560f85958ee441

In the log, the username is not included in the request headers, and as  ...

I ran into a weird situation when the time counted by the application running in docker is a lot faster that the time elapsed in the host system running docker. And we're not talking about some milliseconds, but straight 7 times faster.

Here's the last line in the log that tracks the application running in docker:

07:03.06969>  Time: 00:58.84

The time on the right (58 seconds) is the time counted by t ...

Here is what I consider a quite generic situation for which I'm not sure what the best solution is.

Consider you have a k8s workload where pods need 10-30seconds to be Ready. If at some point you get a load spike that start to crash your pods for some reason (OOMKills, threadpool overload making the probe unresponsive, whatever). Even though you have an HPA configured, the traffic might only go u ...

I have installed and configured AD FS services on a Microsoft Windows Server 2016 Standard.

Through Azure AD Connect we were able to configure our domain as a federated domain on our Microsoft 365 tenant. Besides that the Azure AD Connect also automatically configured a Relying Party Trust for Microsoft Office 365 Identity Platform Worldwide

We created a TestUser in our domain with the UPN testuse ...

I created a k8s Cluster v1.26.0 with kubeadm and I am using Calico as CNI. I deploy calico with the helm chart and I followed the steps by the Calico official page and chart.

The container engine is containerd. The nodes Node are Centos 8 and we configured iptables in firewalld as this thread suggested: Link

The problem is that when we are trying to run nslookup with a dnsutils pod. It does not work.  ...

I am having trouble running Solr 9.2 on the above virtual machine (Rhel9.1 on Azure, image from CIS).

The problem is low entropy as seen in the logs below:

Started Apache Solr 9.
Java 17 detected. Enabled workaround for SOLR-16463
Warning: Available entropy is low. As a result, use of the UUIDField, SSL, or any other features that require
RNG might not work properly. To check for the amount of ava ...

I setup a Room resource recipient in Exchange so that users could book the associated conference room. This part works, but when I attempt to view the room's schedule in Scheduling Assistant, the room shows as Out of Office for regular working hours.

I've tried searching for a solution to this problem and found this other question, but the room does not appear in Recipient Mailboxes, but Recipient Re ...

I followed the https://docs.aws.amazon.com/msk/latest/developerguide/public-access.html guide, but the Properties → Network settings → Edit public access option doesn't appear at all. Could it be that it only applies to provisioned clusters? Or I might be missing something?