Latest Server related questions

I cannot figure out why this behavior. I have two pihole instances running in docker containers on 10.0.2.205 and 10.0.2.206 (sync'd). Running resolvectl status on the local pc/server results in the correct DNS Resolvers being used, including the tertiary IP 1.1.1.1; all handed out by my DHCP server. Both local DNS (pihole) resolve as expected.

My problem, I spin up a new server and run into this iss ...

I am using Nginx for my web server, but when I go to a PHP page it downloads it to me.
I realized that my pterodactyl panel (which is in php) was still working, so I used the fastcgi and other parts of its config, without this changing my problem
I have Nginx last version and PHP 8.0 installed on a Debian 11 VPS.
The files are under permission 775 and owned by the group www-data. The logs aren't givin ...

I'm trying to add authentication to squid installed on windows, here is the config:

auth_param basic program C:\Squid\lib\squid\basic_ncsa_auth.exe C:\Squid\etc\squid\.htpasswd
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users

http_port 2001

http_access allow localnet
http_access deny all

In .htpasswd

admin:$apr1$kWA/DRFy$klaeXRe3S3jIPqc64HTMA0

This corresponds to username admin and ...

We have cloud infrastructure based on VMWare with Windows and Linux VMs. After last reboot 4 of the Ubuntu (3 Ubuntu 20.04 and one Ubuntu 16.04) servers did not start network interface. With lshw -class network I see correct network interface listed. There is no DHCP in the network, all servers use static IP's. After reboot in networkctl OPERATIONAL column for the specific interface is OFF. Only w ...

I've got a server in my lan that connects to a rented server on the internet via vpn, which publishes the service via https on a specific subdomain.

I want machines connected to the lan to use the lan to connect to the service using the same subdomain as those elsewhere that go though the internet server. I can add an entry on the lan's dns to "shortcut" the public subdomain to the local ip, but  ...

I am using Sublime Text editor with its SFTP plugin to edit files (also root files) on my server. I thought there is some linux command or file that can be edited that would enable me to execute sudo at every file save, and even at every file open. At every file operation. Because I connect the editors SFTP client with a user from the wheel group that can be root in a passwordless way when executing sud ...

I have been backing up my ZFS pool in Server A to Server B (backup server) via zfs send/recv, and using daily incremental snapshots.

Due to hardware issues, the ZFS pool in Server A is now gone - and I want to restore/recover it asap.

Currently the snapshot list in my Server B is as follows :

zfs49/tank@2021Nov301705   368G      -     3.52T  -
zfs49/tank@2021Dec011705  65.2G      -     3.52T  -
zfs49/ ...

I have a database instance (MySQL 8) on Google Cloud and since 20 days ago, the instance's storage usage just keeps increasing (approx 2Gb every single day!). But I couldn't find out why.

What I have done:

1. Take a look at Point-in-time recovery "Point-in-time recovery" option, it's already disabled.
2. Binary logs is not enabled.
3. Check the actual database size and I see my database is just only 10GB ...

In our application whenever a token (that arrives in a header) is invalid - it is practically guaranteed there won't be an exact valid token. So I'm trying to offload the responsibility of responsding 401 to nginx (with or without njs) Trying to avoid maintaining a service with a cache that is being hammered by invalid requests.

I was thinking to js_content each call and check in a local "in memo ...

I just ran against a strange problem a few weeks ago, and I'm still scraching my head about it.

We have an auth server (WServ 2016) running ADDS/ADFS/DNS/DHCP, having 172.17.0.5/24 as static IP and GW set to 172.17.0.1. The 172.17.0.5/24 subnet is dedicated to common services used by each subnet.

There are other subnets, such as 172.17.1.0/24 (managed services), 172.17.127.0/24 (storage ressources)  ...

Should a wheel user that was created to disable root login and secure SSH have the same ownership as root from a security point of view?

I am having some issues with Windows Server 2022's DNS resolution and was hoping to get some insights. I have included some screenshots throughout the post

The server in question is running on HyperV, and is setup as an Active Directory Domain Controller with the DNS and DHCP roles installed. I have setup my DNS Forwarders as shown in this screenshot

I've noticed an event showing up in the event l ...

I am using Google Cloud Platform and have manually setup a NAT gateway to peer two networks A and B so that workloads in network A have a default gateway which routes packets into network B. The gateway is implemented as a managed instance group (MIG) where each instance has a primary interface in network A and a secondary interface in network B. An internal load balancer in network A is then configured ...

I've two interfaces, let's say eth0 and eth0.4000 as vlan. Both have a default-gateway. Everything works as expected when a process listens on the interface directly.

But not for hostPort bindings of Kubernetes.

vlan.gw-mac > eth0-mac,    ethertype 802.1Q (0x8100), length 78: vlan 4000, p 0, ethertype IPv4 (0x0800), clientIP.38712 > vlanIP.80: Flags [S]
eth0-mac    > eth0.gw-mac, ethertype IPv ...

I have an LDAP server that accepts request through ldaps on port 636. I already use it for many of my applications and I want to have my dovecot server use that for authentication as well.

dovecot ldap config:

uris = ldaps://<<ldap-url>>:636
auth_bind = yes
dn = <<dn>>
dnpass = <<pw>>
ldap_version = 3
base = <<base>>
deref = never
scope = subtree
default ...

I have a problem that when I use an SSL reverse proxy from site1 to site2, it works quite well except for the peculiar fact that all images are of the incorrect height. Everything else seems to be in order, only image height is affected.

Here's how my ReverseProxy is set up:

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName site2.com
    ServerAlias www.site2.com

    SSLProxyEngine  ...