Latest Server related questions

Context: I am trying to set up Postgres RDS in a private_isolated subnet of a VPC. I want to use pgAdmin to do work on it, which means I either need a bastion or a VPN connection. A bastion requires a long-running EC2 instance, and I currently don't have any EC2 running at all. I would like to set up the VPN connection as that seems more to-the-point. We don't have AD or a SAML provider though - we have ...

I cannot ping to the default network namespace from a KVM QEMU VM running in a separate network namespace.

Here is my setup:

ip netns add test-ns

# Creating veth
ip link add if-in-ns type veth peer name if-notin-ns
# Default namespace
ip link addr add 10.21.0.10/24 dev if-notin-ns
ip link set dev if-notin-ns up
# Test-ns namespace
ip link set dev if-in-ns netns test-ns
ip netns exec test-ns ip addr a ...

I am trying to make a POST request from my React app deployed locally to my dockerized Djano app deployed in Google Compute Engine. I am receiving this error:

Access to XMLHttpRequest at 'http://X.X.X.X/register/' from origin 'http://localhost:3000' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed.

I have added django-cor ...

I have 5 EC2 servers in the same VPC and all of a sudden yesterday, all of my applications started failing to send email and sms. So I tried doing git pull of my project it also timed out. Then tried to install telnet using yum that to failed with Time out. I have checked almost everything including Network ACLs, Security Groups, Subnets, Iptables, etc and everything is correct. I am not sure why is  ...

I am currently trying to setup a disk, using the raw img format on the host, which is then shared between multiple guest VMs (which are running Alpine Linux), using the libvirt / KVM virtualization platform. While I attached the disk to different guest VMs (the disk is given the <shareable/> tag in the XML configuration), it seems to work fine except that the disk needs to be remounted to check  ...

I'm running a simple registry with podman and bind it to a local private IP address.

podman container create \
   --name insecure-registry \
   --privileged=True \
   --env REGISTRY_HTTP_ADDR=0.0.0.0:5000 \
   --volume /var/lib/registry:/var/lib/registry:rw \
   --publish 10.20.30.40:5000:5000 \
   registry:2 

And when I try to expose the registry using port-forwarding to a limited source IP's, from w ...

I have C# code (at the end) which:

1. Creates a file
2. Prints the current ACL
3. Gives the builtin users group "write permissions" to the previously created file
4. Prints the current modified ACL

The write permissions are successfully assigned via code as you can see in the console ouput.

My question is: Why does the security tab of the file, not reflect this permission change for the Users group ?

C# code ...

I am doing a live migration test in an OpenStack cluster. (Mitaka). I have 3 VMs deployed on 2 compute hosts. The nova-compute state is UP when I start the cluster. But after sometime the although the status is Enabled the state is down because of which my VMs get disrupted.

root@ctl:/var/log/nova# openstack compute service list
+----+------------------+--------------------------------------------- ...

I have Nginx installed and i want to config the forum.

The url EXAMPLE: example.com Forum phpbb3 Access : example.com Another web into the same domain: example.com/web Nginx forum path /var/www/html/foro (example.com) Nginx web path /var/www/html/web (example.com/web)

I created the Nginx configuration, but only let me to access to example.com, if i put example.com/web or example.com/{whatever you li ...

I have a service oriented application where the fornt end is a NextJs application and the backend is a .net core API project.

I want to use Azure AD B2C to provide Authentication.

Should I configure AD on the front end to perform the login and send the token to the backend api or should I do it on the API backend side?

In particular, If I configure also Google login, Can it be done on the APIs with AD  ...

I am using Windows server 2019 and an application that creates .log text files.

I need a way to be able to copy these logs (well their contents) to another location via the internet in near real-time. I know there are a dozen or more complex remote file sync apps. I am looking for simple. The remote PC is running windows.

Thanks Tom

I've created a Dockerfile, and I use the wordpress:php7.4-apache.

I've tried to install the timezonedb extension using 3 different methods separately.

Method 1.

RUN docker-php-source extract \
    && pecl bundle -d /usr/src/php/ext timezonedb \
    && docker-php-ext-configure timezonedb \
    && docker-php-ext-install -j$(nproc) timezonedb \
    && docker-php-source del ...

I had an issue, that the mail server always crashes. after investigations i found out, that it is a system memory issue. server had 8GB Ram and i've increased it to 16GB. it is now much better but still consuming too much memory.

following is top processes in my server:

top

top - 15:36:40 up  7:58,  1 user,  load average: 91.59, 92.19, 91.31
Tasks: 455 total,  92 running, 306 sleeping,   0 stopped,   ...

We have a private on-premises network with some servers that need to remain on-premises. We want to allow pods in our in-cloud kubernetes cluster (linode) to be able to talk to those private servers, without exposing those private servers to the internet as a whole.

If this were not kubernetes, we'd use an IPSec VPN to do this -- but I'm not sure how to get something similar done in kubernetes.  ...

I babysit a Python daemon in an EC2 instance watching incoming jobs and running PyTorch inferences on them in Elastic Inference.

When there are no jobs, I hibernate the instance. When there are jobs, the instance is waken up and the Python script continues its loop from where it was frozen.

When the script tries to run an inference after waking up from hibernation, it throws this error:

EI Error C ...

I have searched a lot about this, this is possible to have many of these commands one for each ip:

/usr/bin/firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -d ::FFFF:85.185.0.0/112 -j REJECT
/usr/bin/firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -d ::FFFF:85.198.0.0/115 -j REJECT
/usr/bin/firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -d ::FFFF:85.198.48.0/116 -j REJECT
...

We are proxying UDP packets for a game server through a Nginx reverse proxy. Clients timeout very often because the Nginx can't handle the requests. Initially it works flawlessly, but when more clients are connected to the game server (40-50), we encounter problems.

How could we make Nginx handle it?

Here is the proxy setup

stream {
    upstream backend {
        server [server-ip]:[port];
    }

    ser ...

I'm routing specific devices through a separate gateway device that connects to a Tailscale VPN exit node.

I'm using this command so my device can act as NAT router to Tailscale:

sudo iptables -t nat -A POSTROUTING -o tailscale0 -j MASQUERADE

But this only works because I've enabled IP forwarding in sysctl:

sudo sysctl net.ipv4.ip_forward=1
sudo sysctl net.ipv6.conf.all.forwarding=1

I'd like to be more ...

I have a KVM based Debian 11 (bullseye) VPS with internet access on eth0 network adapter. The public IP has been assigned by DHCP. The IPs and Routes are as what follows:

ifconfig and iptable BEFORE adding new interface

Note: Due to hide my server IP, the public IP is masked in the images.

Now, I created a dummy network interface named eth1 and assigned a private IP address (10.200.100.50):

modprobe dumm ...

Hi trying to configure conversations android app to make calls through ejabberd, when i debug using adb i get this error in the log returned: "Access denied by service policy". Looks like some permission issue on ejabberd allowing clients access to the built in stun/turn server. please help what i need to tweak.

For some reason, QD2 seems to be the best in terms of raw IOPS...

After seeing an interesting article comparing a couple different drives for SLOG usage, I got curious about the performance of my own system at different queue depths.

The system comprises an i9-13900K, 128GB DDR5-4800 system mem and two Samsung 980 PROs as single mirrored Vdev. The test is running FIO in the following config in a conta ...

In contrast to consumer grade PSUs, server PSUs sometimes come without cables. From what I gather, these are usually of the redundant variety or so called "1+1" configuration. I wander if there is a generic name for the component inside the servers into which these PSUs slot into.

I have seen different types of connectors, both more modern ones (gold finger) that look like a PCIe connector and ol ...

Any VM created in Azure is given a D drive; a temporary storage drive attached to the hypervisor; which gives better performance than the data disks as it's closer to the VM's compute resources. This comes at the cost of the contents not being persisted should the VM be deallocated / move to different host.

When you use Azure Migrate to move a VM from a non-Azure solution (e.g. an on-premise vm ...

I've set up an Apache server on Ubuntu 20.04

The site loads fine when I load the home page first (https://leadzilla.ai) and after that when I click on the pricing button and it takes me to https://leadzilla.ai/pricing and the that page loads fine as well.

But when I go directly to https://leadzilla.ai/pricing in the browser, I get a 404

Here is what I have in /etc/apache2/sites-available/leadzilla.a ...

I have successfully performed a VIP swap on a pair of Azure cloud services (extended support) that had Reserved IP addresses (static, although I don't think it matters).

Now I can Update (by uploading a new package) neither of them, although it had worked like a charm before the swap. In fact, I can't even complete the deployment (update) configuration form because of an error displayed for the P ...

I am trying to create iptables rules to redirect all traffic destined for port 1986 to port 9 to provoke a “connection refused” using the following rule:

iptables -t nat -I PREROUTING -p tcp -m tcp --dport 1986 -j DNAT --to-destination :9

This works great for new connections, but the problem is that established connections seem to skip this rule and are not refused.

I have tried adding a NOTRACK

I am running an Ubuntu 20.04 LEMP (Linux, Nginx, MariaDb, PHP) email/web server. I am also doing some nmap vulnerability tests form my MacOS Client machine. On MacOS, I am using Oh My Zsh! with the nmap plugin enabled. To do some vulnerability tests on my Ubuntu Server from my MacOS client machine, I issued the command:

nmap_check_for_vulns my.server.ip.address

which is an alias command for

nmap  ...

in the newly installed exchange 2019 I'm facing a problem, employees that send mails to outside with IMAP are getting this error in their inbox:

Server error: '550 5.7.54 SMTP; Unable to relay recipient in non-accepted domain'

the receive connector is the default connector and the domain that users are created is different than the email domain, here is the log I found the log

the xxxx.com is the rea ...

Earlier this week, we host a live virtual event on our organization's website that had higher-than-expected attendance. We had several complaints from users saying they either couldn't get into the event or couldn't click on links we were pushing in the chat because of 502 Gateway errors.

I am trying to determine what exactly went wrong to see if we need to move our AWS EC2 instance up a tier or  ...

I am running an Ubuntu 20.04 LEMP (Linux, Nginx, MariaDb, PHP) webserver. I am also doing some nmap vulnerability tests form my MacOS Client machine. On MacOS, I am using Oh My Zsh! with the nmap plugin enabled. To do some vulnerability tests on my Ubuntu Server from my MacOS client machine, I issued the command:

nmap_check_for_vulns my.server.ip.address

which is an alias command for

nmap --script=v ...