Latest Server related questions

I'm trying to use Freeradius 3.0.20 on Ubuntu. I use the users file to authenticate wireless users and that's working just fine. (This is a home system, not at work).

For the moment I have a couple of new users for whom I have created a new SSID (Cisco aironet controller and access points).

I would like to allow the new users to connect ONLY to the new SSID.

So let's call the old SSID SSID1 and the new ...

Summary: I've got a domain hosted with Cloudflare that works for the root, but not any subdomains. Instead, subdomains return a Cloudflare Error 1016 - Origin DNS Error.

Detail: I have several domains hosted with cloudflare. Most of them are simple and only have a root URL (e.g., acme.com). For these, there are only two DNS records (other than NS records):

An A record for "@" that points to an IP address, ...

I have Windows Server 2022 in its latest version 21H2. I installed a Domain Name System server + Active Directory Domain Services on the server and promoted it to a domain controller.

After the automatic restart of the server, a black screen with a rotating wheel will appear and this state will remain forever.

The server is virtualized using the type-1 hypervisor Proxmox Virtual Environment. I use R ...

I am trying to use fail2ban in a docker-container to block incoming connections to my nextcloud (also running in a docker container). However I only can get fail2ban to change the iptables of its own container and not the one of the docker host.

My current setup looks like this:

docker-compose

  app:
    image: nextcloud:latest
    container_name: nextcloud_app
    restart: always
    ports:
     ...

I have found these codes on www to create a proxy for a software:

sysctl net.ipv4.ip_forward=1
sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -t nat -A PREROUTING -p udp --dport 2442 -j DNAT --to-destination some.ip.address:some.port

The 2442 is the port that I use to connect the software. The some.ip.address:some.port is destination's ip address and port. After  ...

I installed clamav-daemon on Debian 11 and when I try to start it, it doesn't create the LocalSocket /var/run/clamd.ctl.

LocalSocket in my /etc/clamav/clamd.conf:

LocalSocket /var/run/clamav/clamd.ctl

systemctl status clamav-daemon.service brings:

● clamav-daemon.service - Clam AntiVirus userspace daemon
     Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled ...

I'm testing a fastapi http server on Windows 11 running on 127.0.0.1:8000. In another terminal, a request is sent to the server on 127.0.0.1:8000. The result is a Bad Request and the server says it happened on 127.0.0.1:50340. The port number changed from 8000 to 50340. Re-running the query again will change the port to a different number again. Details are in the outputs:

The Server output is:

INFO:  ...

Is it possible to set the WinHTTP proxy using a PAC file? Currently, our org sets the following registry key to point to a PAC file... can this be used for WinHTTP as well? If so, what commands are needed?

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL" = URL TO PAC FILE

Thanks in advance for the help.

I'm trying to migrate a 3 node zookeeper ensemble from VMs to a kubernetes cluster without downtime.

I know there are a lot of blog posts and other articles on how to migrate zookeeper without downtime VMs to VMs to bare mettal to Vms etc. but couldn't find one which migrates w/o downtime to k8s.

This is the config on all zk nodes (zoo.cfg):

autopurge.purgeInterval=1
initLimit=10
syncLimit=5
autopurge ...

I have 2 Openwrt routers one is on front, another is on the back.

Back router's WAN connected to LAN of front router and have it's own subnet. Back router WAN DNS configured to a front router.

Front router has several local DNS records in hostnames, but it doesn't resolve them for a back router.

Windows computer connected to a front router directly resolves those hostnames no problem.

Why front router do  ...

'Amazon EFS now supports AWS VPN', but that was published 23 October 2018; Client VPN was announced on 19 December that year, so 'AWS VPN' referred to what is in current docs usually called 'AWS Site-to-Site VPN'.

Can an EFS filesystem be mounted on a development machine, connected to a Client VPN endpoint?

When i try to tailoring this datastream file, i get following error:

Opened file '/Applications/scap-workbench.app/Contents/Resources/ssg/ssg-rhel7-ds.xml'.

Error while opening file.

There was a problem with ScanningSession! Failed to reload session. OpenSCAP error message: Could not extract scap_org.open-scap_cref_ssg-rhel7-xccdf-1.2.xml with all dependencies from datastream. [ds_sds_session.c:211]

I have nginx upstream with multiple backends. I use pre_tasks in playbook for disabling backends in the upstream config during deployment:

- name: Deploy
  hosts: '{{ list_hosts }}'
  serial: 4

  pre_tasks:

  - name: Disable hosts in nginx upstream
    replace:
      path: /etc/nginx/conf.d/upstream.conf
      regexp: '^        server {{ LAN }}:'
      line: '        #server {{ LAN }}:5001;'
    delegat ...

OS: Oracle Linux 8.7 vCenter: 7.0.3 build 20051473 hypervisor: VMware ESXi, 7.0.3, 19193900 ansible-playbook [core 2.13.5] python version = 3.8.10 (default, Nov 14 2022, 12:59:47) [GCC 9.4.0] jinja version = 3.1.2 libyaml = True

I'm deploying a VM from a template using the following Ansible task:

- name: Create a new virtual machine {{ hostname }} on vCenter {{ vcenter_hostname }} from template {{ sou ...

OS: macOS Mojave 10.14.6
HTTP Server: Apache 2.4.55

When trying to restart apache server, I get "Address already in use..." message. Hm, so there must be a process that listens to that port, right? With this line (from elsewhere) in Terminal to see what's up:

ps auxw | grep  httpd

it gives

_www              1317   0.0  0.1  4361716   7452   ??  S    12:39AM   0:00.10 /usr/sbin/httpd -D FOREGROUN ...

I'm using a raspberry pi with apache2 to manage my websites. I have multiple docker images running on different ports. I want to redirect (without url changes) scanner.raspberry.local to localhost:1234. To do so, I've followed these two posts :

• post #1
• post #2

In the end, I only have one virtualhost working (the first one). Here is my config :

# Home page : working properly
<VirtualHost *:80 ...

I have created a load balancer pointing at my api instances. I got an automatically generated url which looks something like this: xxx-xx-xxxxxxxxxx.us-east-2.elb.amazonaws.com I want to connect it to my own domain name via cname, but before doing this, I wanted to make sure that the url will always stay the same, unless I delete the lb of course. Thanks for the kind help.

just a quick question. I have a php webapp that sets a session cookie with values for username, isAdmin, etc. Is there any way that I could extract that information in the nginx config file?

log_format custom ' "TEST: $cookie_PHPSESSID"';

This will give me the session ID of the cookie but I need its content and I cant find any way to retrieve it.

Using a permanent cookie would work but is a bad idea beca ...

Please help me. I find instruction in this question: Chaining WireGuard Servers: Can ping both from client, but can't access internet. IP routing issue? and https://allanjohn909.medium.com/vpn-chaining-with-wireguard-ec2bd500509e https://www.procustodibus.com/blog/2022/06/multi-hop-wireguard/ https://superuser.com/questions/1708311/internet-access-through-wireguard-over-multiple-hops

But i try this ...

I already have a t2.micro instance, but the git clone is t2.micro, and it was successfully cloned without error. fetch-pack: invalid index-pack output. I tried git clone again with another newly created t2.micro instance and received the same fatal error: fetch-pack: invalid index-pack output

I've Googled many different combinations of terms to find out what concepts and features Kong Konnect expects sysadmins to use to represent different environments (e.g. staging, production) and tenants (e.g. US, Canada), to no avail.

The only documentation I can find (from Kong themselves) suggests the use of multiple runtime groups, but this requires an Enterprise subscription; this seems overkill t ...

I'm trying to implement a fleet engine with this tutorial , but no matter how I setup super user, or driver or sth I always have this issue enter image description here

(gcloud.services.enable) PERMISSION_DENIED: Permission denied to enable service [fleetengine.googleapis.com]
Help Token: AVUsNs3Wtcdk7TuM22t0dk4DIXfv3wEx6pDMCyw4bpLdRP0vHLf9gwfcTAbvZRb3VZJwarDhr_95sK-b6PiEZsOz7fihm7Us0_NDPOAor8qy9B ...

here is my setup

10.1.0.2 - Master (slave-priority 10)
10.1.0.3 - Slave (slave-priority 100)

10.1.0.2 - Sentinel1
10.1.0.3 - Sentinel2
10.1.0.4 - Sentinel3

The failover is working as expected when the Master is down. However, when the original Master already recovered it is not switching back to old Master.

I have a Postfix instance that has 4 domains listed in the mydestination option. Dovecot LMTP is setup as the mailbox_transport. We can refer to these as domain1.tld through domain4.tld. I also have a second Postfix instance that does "stuff" with any mail relayed through it, the details of which are irrelevant for this question.

I would like email sent from domain1.tld to domain2.tld to be relaye ...

I have run my postfix/dovecot server for 6 years with out config change. I have just noticed recently that new users emails are getting delivered to another location. current users are going to /home/vmail/(email@address)/ new users are going to /home/vmail/(domain)/(user)/ HOWEVER, the checking of all emails are read at /home/vmail/(email@address)/ there for new users are not able to read emails becaus ...

I am observing some strange behavior I cannot explain.

• I am using chrome Version 110.0.5481.77 (Official Build) (64-bit)

• I am running nginx/1.22.1 to serve a bundled front end app.

• When I request my app bundle at IP:443 I receive an incomplete bundle that is not in my public directory and there is an error in the console: net::ERR_INCOMPLETE_CHUNKED_ENCODING 200 (OK).

• The server's remote addre ...

Trying to build a custom package fails like this:

~/deploy# dpkg-buildpackage -us -uc 
dpkg-buildpackage: info: source package deploy
dpkg-buildpackage: info: source version 1.0-1
dpkg-buildpackage: info: source distribution unstable
dpkg-buildpackage: info: source changed by Foo Bar <[email protected]>
dpkg-buildpackage: info: host architecture amd64
 dpkg-source --before-build .
 debian/rul ...

I've been trying to troubleshoot an issue where using a curl lookup command takes a long time (sometimes) and is quick some other time.

TL;DR Question: how do i troubleshoot further.

Connecting directly to an ip-address has no issues.

I've tried two different locations, multiple machines (RPi, debian vm, Windows10).

I've tried to set nameservers to both 1.1.1.1 and to 8.8.8.8 with the same result

i ...

I am using dovecot version 2.3.4.1 with SQL authentication and it works perfectly fine. I see in the logs though that when I use a PHP script to email a list of users, that dovecot is trying to authenticate the recipients? I might be wrong in reading the log but if the email is leaving from [email protected] to [email protected], why would dovecot try to authenticate [email protected]? The following are the re ...

I need help to solve this error, please

/etc/ssh/ssh_config line 19: bad include path ~/.ssh/id_rsa.conf. /etc/ssh/ssh_config: terminating, 1 bad configuration options