Latest Server related questions

I have a setup like this on Ubuntu

Browser --> HAProxy --> Backend server

The backend server is an ASP.NET Core web application.

It works 99.9% of the time except when a binary file is being uploaded (simple POST with multipart form-data), in which case I get the error:

System.IO.IOException: Unexpected end of Stream, the content may have already been read by another component. 

   at Micro ...

I have IPSec (Libreswan) Server B (10.0.0.2) and a Server A (10.0.0.1) within the same network. Both servers have only one external network interface. I want to route the packets from Server A with source IP belonging to remote network (192.168.1.1, right side of IPSec) via Server B.

Server A ====> Server B == IPSEC ==> Remote IP

I add a route on server A like:

ip route add 192.168.1.1 via 10. ...

I'm using oauth2-proxy/oauth2-proxy with Keycloak-oidc provider for authentication for some pods in my Kubernetes cluster.

I can specify which groups are allowed to access a resource using the --allowed-group argument such as below

- --allowed-group="/vm-users/vm-editors/vm-admins"

Which restricts login to members of the vm-admins group.

But when I set it to /vm-users/vm-editors to login, I'm n ...

Qualys vulnerability scan recently identified a Nettle Cryptographics Library Vulnerability:

The vulnerability in ECDSA signature verification that could lead to a denial of service attack

The recommendation is to upgrade to version 3.7.2. However the latest rpm for Centos 7 that I can find is the 2.7.1 version that is already installed. Should I be able to remove the currently installed nettle using ...

I am trying to bypass password ask and use host based authentification.

Client is in shosts.equiv, client public key in ssh_known_hosts and yet it forces to ask me password

Does it have to do with SELInux and PAM?

openssh-8.7p1-3.fc35 and openssh-server-8.7p1-3.fc35

Server

-rw-r--r--. 1 root root /etc/ssh/ssh_known_hosts    
H,H.lan,H.lan.,192.168.1.86 ssh-rsa <Hpublickey1>
H,H.lan,H.lan.,192.168. ...

I set up replication for 1 database with binlog_do_db setting. But there are some queries like:

USE replicated_db;
DELETE not_replicated_db.table;

Which breaks replication (with an error about not_replicated_db is not existing on the slave)

How I can ignore not_replicated_db.table queries? I tried to change binlog_format from MIXED to ROW/STATEMENT but it didn't affect it.

I'm creating a SSL communication between a pg DB Server and a node client. After following some docs and implemented with openssl, node complaints "self signed certificate in certificate chain". Adding cert to Windows' cert store doesn't help.

openssl for DB Server based on pg doc:

openssl req -new -x509 -days 3650 -nodes -text -out serverdb.crt -keyout serverdb.key -subj "/CN=localhost"
Generating a  ...

I was using salt-sproxy for a while with our Juniper-based network, and all was working fine.

I started to find some problems with the new Junos code we use (18.x)

I can communicate with the device (net.connected, net.cli, grains....etc), but I can't configure anything on it via neither net.cli nor net.load_config/template, the device isn't reporting back any diff, and sees that the new configs are  ...

I am needing to create multiple instances of a systemd service. Is it possible to pass the parameters when starting the service, which would be the params for a php script?

For example, let's say I have a script, test_systemd.php, with two parameters, mod and rem respectively.

The php:

<?php
$val = getopt(null, ['mod:','rem:']);
echo $val['mod']."\n";
echo $val['rem']."\n";
echo "\n";

?>

If  ...

I have two PC in local subnet (192.168.0.0). One of them have connected through VPN to another subnet(10.0.0.0).

[192.168.0.0]
| - - PC1
| - - PC2 - - vpn - - [10.0.0.0]
Router -- [Internet]

Is there any way to get access to [10...] subnet for PC1 from local subnet?

I'm restarting an attempt to make a case for a Wiki at my workplace. Our IT is very difficult to work with and unfortunately, it looks like we will have to do this somehow without installation or admin permissions until the test case is a success. Thankfully DokuWiki has a simple version (https://www.dokuwiki.org/install:dokuwiki_on_a_stick) with a provided stripped down apache webserver that still allow ...

Should the zone file only contain the KSK's DNSKEY record, or should it contain the ZSK's DNSKEY record as well?

I am trying to add in the postfix header_checks, using PREPEND, some X-Mailgun-Tag headers.

When using the following expressions in the header_checks, it applies without issues to all domain emails.

/^From:.*@example.com.*/i PREPEND X-Mailgun-Tag: Newsletters

But I'd like to restrict it only to a specific email address, something like info@example.com.

I tried /From:info@example.com/ PREPEND X-Ma ...

I've been doing some experimenting with Docker and Portainer on Ubuntu Server, and I had a use case pop up that I was curious to know if it would be possible to implement.

• The Docker host is on 192.168.1.100
• I set up macvlan network
• I create a new container (App A) that uses port 1000 and give it the macvlan IP address 192.168.1.200
• I then want to create a new container (App B) that uses port 2000 ...

I'm having an issue with a centos 7 apache server running PHP 7.3.27 in PHP-FPM mode. Apache is running in mpm-worker mode. The server hosts WordPress sites running w3 Total Cache. Redis version 3 is being used for the w3tc cache storage.

We've been getting CPU spikes that last 1-3 minutes every 10-12 hours. This started last week without any known changes. Ram is good with more than 50% remainin ...

If I want to deploy to multiple regions on Amazon ECS, would I be able to do a Blue/Green deployment from one region to all? I can't find any indication on how to achieve this without having a Blue/Green deployment pipeline in each region. As I have the exact same infrastructure on each region it feels redundant to have to generate a pipeline for each one.