Latest Server related questions

I tested two scenarios by hashicorp consul

1.I implemented service discovery by hashicorp consul on .net7 , but when i want get service address from consul , it just return http of that service not https. I registered my services by registrator on docker and discover servicces by .net dockerized too.

2.but i test this scenario on my localhost i implemented two apis on localhost and registered one of ...

I've used the below-given sssd.conf file to authorize the users to a server. The issue is some users who are not listed under the DN: cn=authorized,ou=rona,ou=servers,ou=groups,dc=yolo,dc=com still can access it. Users are created here ou=users,dc=yolo,dc=com. Any user listed here can access the resources as mentioned before.

server DN: ou=rona,ou=servers,ou=groups,dc=yolo,dc=com

The configuration

I have a WSUS server running for some time on Windows Server, catering for the needs of my Windows 10 Professional clients. All clients were on version 21H2 up to some days ago. In WSUS under products I had only "Windows 10, version 1903 or later" selected. Not sure if it was the correct one, however I have been receiving updates just fine for my clients in the last year.

Since 21H2 is going EOL, ...

Recently I have deployed my website using node.js server and using Nginx as reverse proxy, also nginx handles SSL, and forwards the HTTPS to HTTP server of node.js running at specific port. I am using UFW firewall and only allowed OpenSSH and Nginx Full. Within a few hours, my access.log fills up with requests as given below. After a day, access.log is around 7 to 8 GB, which is too big for my 10 GB U ...

I have a problem that I can't solve. I have 3 VirtualBox virtual machines: one will act as a RADIUS server (W19Server), another as a VPN server (W16Server), and the last one as a Windows 10 client from which we will connect to the VPN of the VPN server. It should allow me to access the RADIUS server with a user registered in the Active Directory database and within the group of NPS network policies.

I am trying to understand if it is possible to install a dual stack k8s cluster on nodes with only IPv6 network. Nodes don't have any IPv4 addressing. I am using kubespray to install k8s cluster but since kubespray does not support installing pure ipv6 cluster, i am trying to analyse what changes are needed to make kubespray install k8s cluster on nodes that have only IPv6 addresses

I have been trying to get my website up after moving from apache2 to nginx on my AWS Ubuntu 20.04 server. I have translated the relevant files from apache2 over to my nginx configuration, however I can't seem to get secure https access through page. Are my configs able to be sanity checked?

I have allocated an elastic IP on the AWS end and re-routed that with an A name on our web host platform. I have b ...

I googled everything i was able to google, but with no success.
I will simplify my question as much as possible.

Routes before openvpn connection:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         178.xxx.xxx.xxx 0.0.0.0         UG    0      0        0 enp5s0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0

Routes after VPN co ...

We have setup an APIm in Azure with 2 APis. One is a SOAP service that was created from a WSDL. It has a single POST operation which operates just fine using HTTPS. Since we are migrating to cloud and want to keep the migration mostly transparent to clients, it also has a GET operation for exposing the WSDL to clients. This was established using the instructions found here: https://mbraekman.gith ...

I have a zpool called 'temp' with some data I'm trying to move between systems. I used zpool export temp to export the zpool, then I unplugged the disks, and installed them in my new computer. But now when I run zpool import temp it just says "cannot import 'temp': no such pool available" and if I try to get a list of zpools available for import with zpool import it just says "no pools available to impor ...

While working on a remote machine (Debian 11.7 / Kernel 5.10.0-23-amd64) I have installed Strongswan to configure it as a VPN client.

apt install strongswan

after this, the service strongswan-starter.service is being started and the host becomes unreachable. Luckily I could physically disable the service via systemctl disable strongswan-starter.service and reboot.

But whenever I do run ``systemctl  ...

I'm using Exim4 to run PHP scripts when an email is received.

This script should create a file in the /var/log/myapp folder if it doesn't exist, otherwise it should just read the file and add more content to the log.

I performed some tests applying the 777 permission on the folder and I saw that the user used by Exim4 is nobody.

However, in some cases my administrative user (eg bob) can manually  ...

Tomcat cluster in K8s:

Following https://cwiki.apache.org/confluence/display/tomcat/ClusteringCloud

added the following in tomcat server.xml:

<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster">
<Channel className="org.apache.catalina.tribes.group.GroupChannel">
<Membership className="org.apache.catalina.tribes.membership.cloud.CloudMembershipService"/>
</Channel>
 ...

Background

I am adding support for WireGuard VPN to an embedded device. The user will be able to set the AllowedIPs configuration themselves. WireGuard uses the allowed IPs to set routes on the host, so it will be possible for a user to isolate the device (make it impossible to connect via TCP). I have been thinking about ways to prevent this.

Potential Solution

One potential solution is to add IP rule ...

Using below docker compose.yml I am creating 2 containers and a reverse proxy container..

version: '3'

services:
  # SSGTM Tag Server Container
  tagging_server_container:
    image: gcr.io/cloud-tagging-10302018/gtm-cloud-image:stable
    ports:
      - '8080:8080'
    restart: always
    environment:
      PREVIEW_SERVER_URL: https://preview.ssgtm.dev
      CONTAINER_CONFIG: aWQ9...
    networks ...

kubernetes: could not find PersistentVolume hostpath on windows 11.

kubectl describe pv/pvc-4a7bc0ff-9195-4f2f-bd70-9dfd1f8cd065

Name:            pvc-4a7bc0ff-9195-4f2f-bd70-9dfd1f8cd065
Labels:          <none>
Annotations:     docker.io/hostpath: /var/lib/k8s-pvs/my-pv-claim/pvc-4a7bc0ff-9195-4f2f-bd70-9dfd1f8cd065
                 pv.kubernetes.io/provisioned-by: docker.io/hostpath
Fina ...

I am running an Ubuntu 20.04 LEMP server on a Raspberry Pi 4. In my nginx errror logs I am getting the following error:

2023/05/29 11:51:40 [emerg] 3356#3356: cannot load certificate "/etc/letsencrypt/live/postfixadmin.mysite.com/fullchain.pem": BIO_new_file() failed (SSL: error:0200100D:system library:fopen:Permission denied:fopen('/etc/letsencrypt/live/postfixadmin.mysite.com/fullchain.pem','r')  ...

I have an application running in a container with an exposed port 8082. There is also an nginx configuration, part of which is shown below. In a normal situation, I see upstream: 127.0.0.1:8082 in the access log, which is correct. But when I stop the application container and start it again, I see to: localhost in the logs for about 5-6 seconds, which leads to a 502 error on the site. At this time ...

I am trying to create a local replica of wordpress database by exporting it on gcloud console (after logged in via gcloud compute ssh) but facing this problem. Is there a way out to resolve this or is it prohibited from GCP ?

atul7911@my-wordpress-1-vm:~$ mysqldump -u wordpress -p wordpress > data-dump.sql

mysqldump: Error: 'Access denied; you need (at least one of) the PROCESS privilege(s) for this  ...

I have a local network run on an ASUS ZenWifi AX mesh system. Up until last week, I was able to connect to other computers via HTTP or SSH by using their name (eg octopi.local). This abruptly stopped. To the best of my knowledge, there was no update to the software nor was I doing any kind of work on the router or network that I could just undo to get this back.

This happens both across clients a ...

Good day,

I would like your help since I have a NSA 5600 sonicwall and I create 2 vlans on the interface x0 X0:V2 with ip 10.0.0.2/24 and X0:V3 10.0.1.2/24, but at the moment I can place 2 computers, one in vla2. and the other one in vlan3 they take my ip by dhcp but when I test connectivity from the pc that I have in vlan3 that has the ip 10.0.1.218 it gives me a ping to the gateway 10.0.0.2 but ...

I have an Apache httpd v2.4.57 configured on Rocky9 to connect to Tomcat9 / Java17 over a unix domain socket.

SELinux kicks in and says denied, as follows:

type=AVC msg=audit(1685376249.480:134): avc:  denied  { connectto } for  pid=1769 comm="httpd" path="/run/tomcat-xxx2-yyy/socket" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:tomcat_t:s0 tclass=unix_stream_socket permissive=0
ty ...

I have this code in varnish config and not sure what it do! This config will cache or not my client requests? what is wrong with it?

sub vcl_backend_response {
    if (beresp.status != 200) {
        return (pass);
    }
    set beresp.http.X-Backend = beresp.backend.name;


    unset beresp.http.cookie;
    unset beresp.http.Set-Cookie;

    if (bereq.http.x-render-type == "test" && beresp ...

I'm using Openstack Zed on Ubuntu 22.04 deployed using MAAS and Juju. I'm trying to mirroir my traffic to an IDS instance. The option I've found so far is Tap as a Service. I've installed and configured it but my tap ports and flows stay DOWN.

I cant find any up to date deployment methods of TAAS for this architecture. Are there other options?

Per company policy my laptop has to be very secure in case of theft, so I have created an encrypted partition (LUKS) that I want to mount via /etc/fstab.

However, I do NOT want to add passphrase to the volume or use a key file (e.g. per Auto mount encrypted partition using fstab without key prompts), because I feel this is less secure than typing the passphrase at boot time.

I want to be asked for the pas ...

I'm trying to configure a DKIM record on my DNS Server running BIND 9.9.4-RedHat-9.9.4-61.el7_5.1 (Extended Support Version), but I'm getting the following error:

10:36:40 ns1 named[14663]: db.domain.com.br:20: unknown RR type 'mail._domainkey'
10:36:40 ns1 named[14663]: zone domain.com.br/IN: loading from master file db.sencinet.com.br failed: unknown class/type
10:36:40 ns1 named[14663]: zone domain.com ...

devtmpfs                      32G     0   32G   0% /dev
tmpfs                         32G   77M   32G   1% /dev/shm
tmpfs                         32G  3.2G   29G  11% /run
tmpfs                         32G     0   32G   0% /sys/fs/cgroup
/dev/mapper/cloudlinux-root   50G   43G  4.5G  91% /
none                          32G     0   32G   0% /var/lve/dbgovernor-shm
/dev/sda2                    974M  190M  7 ...

The situation is that I've had a VPS created previously. It was all set up, private-public key authentication, root login turned off, password login turned off. Everything was set up.

Then this server gets destroyed and a new server gets spun-off.

So I'm using ssh -v root@new_server_ip_number to log into this newly installed linux instance and this is what I get:

PS C:\Users\roeslermichal> ssh -v r ...

In server1(ubuntu 22.04.2), I have 2 physical 10G port : port1 & port2 and their respective interfaces. Now I have another interface named bond0 which has 2 slave interfaces (the 2 physical ports interfaces). I have some ip's assigned to the bond0 interface. I have previously binded dpdk to single physical interfaces where I manually handled arp/ICMP messages for IP resolve (L2 resolves where I manu ...

I am trying to run a demo Node.js app on a subdomain using Traefik reverse proxy. I am generating the wildcard Let's Encrypt certificate with the security.acme option. When I import the certificate in the Nginx config, it works correctly. However, when I try to add it to Traefik, I get the following error:

Secure Connection Failed

An error occurred during a connection to hello.domain.com SSL peer ...