Latest Server related questions

I am using packet tracer to simulate an enterprise setting.

There would be a "main" office (marked as Bgta) and other minor offices in other cities, such as Mdlln. In the main office there should be some servers and in each city some hosts. The thing is I now added three vlans (10,20,30) for department exclusive content, but I have not been able to make it work with my preexisting OSPF routing.

For  ...

When testing with UTMStack, I was wanting to remove the Linux agent off an Ubuntu server. I'm only seeing in the documentation on installing it, but not removing it. What would be the correct commands to do so?

Thank you

I've enabled "Encrypt connection" I've enabled "Trust server certificate"

I've added the TrustServerCertificate=true to my connection string

I've confirmed the service is running - there is another service called "SQL Server Agent" that refuses to start however

I have a self signed cert that I generated with powershell - and I've added it into SQL Server configuration manager.

Here is the error: A connect ...

How to check a validity of a file using openssl and cms?

I've got a file (foo.bin) and a signature (foo.bin.cms) which is include x509 der format certificate.

is there any way to check validity of the file with it cert?

I can find SHA256 of foo.bin, within the foo.bin.cms.

Also can open foo.bin.cms with ASN1. But can not found any way to verify file using openssl command.

openssl cms verify command  ...

I need to make some cURL requests to a server that doesn't have an ipv6 address, but my machine only seems able to connect when 1) using https, and 2) using ipv6. Other requests hang indefinitely after DNS resolution, before any connection is established.

Would appreciate any guidance on how to resolve this.

The machine is running Ubuntu 18.04.4 with curl 7.58.0 and ufw 0.36.

This happens with any doma ...

I've set up a mailserver with Postfix, Roundcube and Dovecot. All works well - almost.

In my country there's a popular free email service by the name of inbox.lv. And they have an anti-spam rule set up that when a new server tries to send emails to them, they first greylist it for 10 minutes and require the server to re-send the email. Fair enough.

However when using Postfix to send outgoing emails  ...

Install mysql operator:

Following https://dev.mysql.com/doc/mysql-operator/en/mysql-operator-installation-kubectl.html

kubectl apply -f https://raw.githubusercontent.com/mysql/mysql-operator/trunk/deploy/deploy-crds.yaml
kubectl apply -f https://raw.githubusercontent.com/mysql/mysql-operator/trunk/deploy/deploy-operator.yaml

They are from trunk. What are the URLs for latest stable versions?

tried ...

I'm running a UDM Pro with 3 USW24-POE which are connected via fibre (OS2) which is running fine meanwhile.

On the UDM there are a few VLANS which are all managed by the UDM Pro. The Main Lan is 192.168.10.0/24 which is my "tech" Lan, then there is a "facility" lan 192.168.5.0/24 with Vlan-ID of 2 and a "gastronomy" lan 172.168.16.0/24 with Vlan-ID 60.

I'm trying to get a VPN connection directly over ...

We have a header_checks regexp passed to the "cleanup" process, but it's not processing the header as a single header if it's on multiple lines.

header_check (pass value of header to FILTER):

/^X-OurHeader:\s+(.*?)/ FILTER $1

master.cf:

cleanup_service.        unix  n       -       y       -       0       cleanup
  -o header_checks=regexp:/etc/postfix/header_check

Example multi-line header where it fai ...

I need some help with a powershell script clone NSG rules from a particular NSG in 1 subscription to a NSG in another subscription. I have a script that accomplishes this if both NSG's are in the same subscription but not if they are in different subscriptions. Here is what I have. Any help would be appreciated.

#name of NSG that you want to copy 
$nsgOrigin = ""
#name new NSG  
$nsgDestination = " ...

I would like to match all subdomains to return an A record (this works) but I would like to exclude one particular subdomain from resolving (not sending an A record at all).

*.example.com.        IN   A   127.0.0.1
exclude.example.com.  IN   A   [no IP at all]

I would like to configure this directly in bind and also in a plesk environment.

I have a Terraform file called azure.tf which is supposed to deploy a Virtual machine to Azure and afterwards SSH to said machine to run an Ansible playbook. The problem is that everytime i run terraform apply, the old public IP-address of the previous vm gets used.

I've got a file called outputs.tf which outputs this IP-address

output "public_ip_address" {
  value = data.azurerm_public_ip.my_terrafor ...

I need to complete an exercise with iptables on a network (docker containers) configured as follows:

1. A router host with 2 network interfaces (eth0 <- public 10.9.0.0/24; eth1 <- lan 192.168.60.0/24; the router is the x.x.x.254 on both networks) and an SSH server on default port 22;
2. A jumpbox host in lan with IP 192.168.60.10, with SSH and TELNET on default ports 22 and 23;
3. An admin host in  ...

I have a rails 4 application served by nginx that is getting more traffic than the server can handle so i want to run a second instance of that app on another server and load balance the traffic between the two.

This rails app serves a lot of sites coming from a lot of different domains, each site has its own Nginx server block with SSL certificates that proxy_pass the traffic back to the rails app s ...

We have a content switch in front of a virtual server in NetScaler ADC, and it acts as a load balancer. It is tied to a service group that has an HTTP monitor. We cannot get this monitor to work.

The monitor calls an HTTPS endpoint. The endpoint expects a SNI extension (Server Name Indication) in the Client Hello TLS handshake from the NetScaler. The NetScaler doesn’t add this, according to our ...

I have a docker container that manages all of the SSL certificates for my services with Letsencrypt. When the certificate for a certain service is renewed, a post-hook script copies the certificate and key to the folder where the SSL certificate and key for the other container uses are located. This other container then needs to be restarted to use the new, renewed certificate. My current solution is ex ...

I am trying to remove network discovered from cups webpages. I am working on a cloud print service and run a raspbian bulleyes. I will have to deploy my system to customers and I want to remove every printer discovery. Printers will only have a local installation from an engineer. I have tried to configure cups browse protocols and stuff. I have tried to disable and stop avahi daemon and socket. Put ipv ...

I just setup three storage nodes for ceph in a qemu/kvm environment to learn about it. OS is Ubuntu Server 22.04 LTS. The ceph and ceph-common packages are from standard repos. I followed the guidelines on the ceph website. I set up one vm and cloned it before installing ceph. The hosts and the dashboards are up and running. Each host has a empty block device /dev/vdb. According to the guide I tried to  ...

In this case I'm a frustrated user asking as my company (who shall remain nameless) IT department seems unable to diagnose the issue with this, and my own web searching can't find anything either.

My company runs servers hosted as VM's in Azure, part of the structure is our own domain controller which is kept in sync with Azure's user DC.

When ever my corporate domain linked laptop goes into sleep m ...

Can someone explain why I can't access my website running in a docker container thru nomad or what I'm doing wrong ? I'm beginner in system and networking.

I would like to make the container http listen on 127.0.0.1:8088 so that nginx can proxy.

Nomad server and client are running on the same machine

Machine is fedora, disabled SELinux, firewall disabled.

What I expect : Request to <server_ip>:8088  ...

I have a VueJS site on app engine, I would like to use wordpress for a blog placing it on the same domain at the same level at the /blog/ directory.

I can probably do this with dispatch.yaml and having wordpress hosted on the same GAE project as an additional service but then i need to purchase Google Cloud SQL which is overpriced for my use case, Id rather use a compute instance with php and sql ...

Iam running the microk8s in ubuntu in no high availability i.e. there is a single node onto the same machine where it is installed. I updated the certificates and then i issue following command:

sudo microk8s leave

as it was advised that after upgrading the certificates nodes have to leave and rejoin.

It give following messages:

Generating new cluster certificates.
Waiting for node to start. 

and then  ...

I have SSH access for a particular server, but when I am trying to run the playbook for that server. I am trying to do the deployment for that server but I'm facing an issue.

fatal: [lapp999.corp.com]]: UNREACHABLE! => {"changed": false, "msg": "Data could not be sent to remote host \"lapp999.corp.com\". Make sure this host can be reached over ssh: *********************************************** ...

We'd like to use AWS to build code. Below is the specification for the build server, is there any corresponding hardware level for AWS EC2?

Ampere AC-1GB06A1S5 - Mt. Snow SATA DVT L6 2U Altra Server with:

1 x AC-108021002P Ampere AR< Altra processors

• 80 ARMv8.2-A
• 64-bit CPU cores
• 3.0GHz
• 8DDR4-3200 Memory Channels
• 128 PCIe Gen4 Lane

And installed:

• 16 x 16GB RDIMM 3200
• 1 x 4TB SATA 2.5" SSD
• Ubu ...

I am attempting to access a networked http resource from outside the network by using SSH with the -D flag. I'm using the command ssh -v -ND 8090 svr, and svr is set up as a host in the hostsfile.

The connection establishes successfully, but using the proxy causes my browser to hang on the TLS handshake. Sometimes the connections time out, sometimes they go through but either way this is unusable.

I found a pretty old answer from 2014 explaining that domain names in PowerDNS has to be fully qualified, thus CNAME cannot refer to self (@), and enhancements in this regard may have been implemented later, but creating a PowerDNS domain template, if referring to self is not possible using CNAME @, how do one set the domain template to always default a record (like www.example.com) to self (example.com) ...

the teachers in my OpenLDAP are in cn=teachers,ou=groups,dc=school,dc=de

the course creator context in my Moodle installation should then be the same if I am not mistaken. If I query ldap

BINDUSER="my-bind-user"
LDAPDN="dc=school,dc=de"
BINDPASSWORD="somegreatpassword"
ldapsearch -o ldif-wrap=no -H ldaps://school.de:10636 -D "cn=$BINDUSER,ou=ldap,$LDAPDN" -w $BINDPASSWORD -b "cn=teachers,ou=groups,$LD ...

Trying to add a new attribute to a schema by using this command:

ldapmodify -f ./add-id-attribute.ldif -h localhost -p 50389 -D "cn=Directory Manager" -w mySecretPassword

And this LDIF file

dn: cn=schema
changetype: modify
add: attributetypes
attributetypes: ( 1.3.6.1.4.1.32474 NAME 'myAttribute'
    USAGE userApplications )
    DESC 'The attribute'

But it gives me the following response: ldapmodi ...

since two weeks ago spamhaus kept on putting our IP address on the CSS blacklist - we've had few thing to fix from the guideline so we delisted ourselves few times after checking all the requirements.

Now after 3 times they created a ticket for our case and state that our helo response is a localhost:

Then something else is going on:

(IP, UTC timestamp, HELO value) 188.39.** 2023-05-30 18:40:00 loca ...

I think this is going to be my first post on StackExchange side of the house. However, I know that this has to be able to be configured cause I have seen it implemented previously but I don't actually know how it's implemented.

What I'm looking to do is on RedHat 7/8 or derivative... How can I make it so that a user has to conduct the following privilege escalations:

<user> -> <user>.adm  ...