Latest Server related questions

I am using Docker + NGINX to host two PHP sites. The sites are accessible from the outside but the problem arises when I try to access one site from another using cURL or file_get_contents.

The connection gets refused.

the two sites has two separate .conf files. like the one below.

server {
    listen 80;
    listen [::]:80;

    # For https
    # listen 443 ssl;
    # listen [::]:443 ssl ipv6only=on;
   ...

Our Windows server is having issues but before running disk repair, I want to take a backup. At the moment I'm using SystemRescure (the Linux utility) and I have successfully saved files.

The only problem I have is that I need to take a backup of MSSQL databases. Now for obvious reasons I can't use SSMS software nor command line to get it because MSSQL is not running and it can't be started since ...

I came down to ask here since I am troubleshooting this for days without any success. What I try to accomplish is to set up a reverse proxy to the nodejs/Express backend using apache2. Proxying the http and websocket connections work fine, however, enabling CORS does not work. I need it as the Application provides a widget that will be imported by the client on the external host. The curcial information ...

I want to deploy a new PKI infrastructure on a domain that has several subdomains and trusted domains. I would like to be able to delegate the administration between several administrators corresponding to the subdomains and trusted domains. Would the appropriate implementation for this environment be a root CA (enterprise) and then a subordinate CA for each domain? Would it be necessary a server for ea ...

I have a few users who need admin rights on their win11 PCs to install/remove exotic softwares without asking for IT help. Is it possible to let them know the local admin user account/pwd but force them to login with their AzureAD account and only validate with local admin account when required.

They often find it easier to use the local admin account or even to create an other local admin, which ...

I am trying to add system/device mac address in syslog. No solution is working for me. Following command gives me mac address, just wanted to use in rsyslog template.

mac_addr=$(ifconfig en0 | awk '/ether/ {print $2}')

template

template(name="tpl3" type="string" string="%TIMESTAMP:::date-rfc3339% %HOSTNAME% MAC=%$mac_addr% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n")

Want to replace $mac ...

Documentation for MIB_IPFORWARDROW structure being interestingly vague on this particular point, except for a mention of Windows Vista/Server 2008:

On Windows Vista and Windows Server 2008, the route metric specified in the dwForwardMetric1 member of the MIB_IPFORWARDROW structure represents a combination of the route metric added to the interface metric specified in the Metric member of the MIB_IPIN ...

I'm starting learining and using ansible and struggling a bit with the user ansible uses for ssh.

Is ansible supposed to use my personal admin user to ssh onto the invetory hosts and escalate priviliges there if needed or is it a better way to create a service user called "ansible" on each inventory host with sudo rights so ansible can use this dedicated user for all of its stuff?

if there is dedica ...

TLDR: What driver should I use in Windows (10/11) to connect to CUPS? Alternatively: What is a better way to print from Windows clients to a Linux server?

Hi,

I'm currently having an Ubuntu 18.04 samba domain member (obviosly to be upgraded) with cups and raw queues as a print server for our windows 10 clients. It works mostly well, even though I have the occasional problem adding a printer driver f ...

We are using CoreDNS as a sidecar in our service mesh. CoreDNS is listening on port 15053. Both the application and CoreDNS are docker containers running inside an AWS ECS task using awsvpc mode. To direct all DNS requests from the application to CoreDNS, I am using below mentioned IPTable rules. However, I have been encountering intermittent DNS resolution failures with certain applications.

I a ...

I'm seeing the following error message in nginx logs

[0m[0;33;1mnginx.1     | [0;31;1m2023/05/24 10:16:17 [error] 144#144: *76 connect() failed (111: Connection refused) while connecting to upstream, client: 172.90.174.63, server: api-staging, request: "GET /ws/notifications/?userid=user1 HTTP/1.1", upstream: "https://127.0.0.1:8000/ws/notifications/?userid=user1", host: "api-staging"

nginx conf

Recently the max number of auth for ssh was reduced on some servers at my work from 6 to 3 to comply with new security restrictions. Most of us in IT are seeing "too many failures" and no password prompt at all when we try to connect because ssh is counting all of our ssh keys as authentication attempts, and we have at least 3 keys each.

While this is technically correct, as a key auth is an aut ...

I have a hardware load balancer with multiple Virtual IPs. ie (3.3.3.3, 3.3.3.4).

Behind Virtual IP 3.3.3.3 I am load balancing several web servers.

Behind VIP 3.3.3.4 I have a mail server running CentOS.

Unfortunately, when I send out mail, it appears to be coming from VIP 3.3.3.3 rather than 3.3.3.4. Similarly, if I use the dig +short txt ch whoami.cloudflare @1.0.0.1 command, it returns 3.3.3.3.

I have a working nginx server using an ARM EC2 instance. I tried to follow the steps here to add the module but when I try to run sudo make install the version doesn't update (currently trying to install 1.25 instead of the current 1.22

[... nginx-1.25.0]$ ./configure --add-dynamic-module=../ngx_http_geoip2_module-3.4   --with-http_ssl_module
[... nginx-1.25.0]$ make
[... nginx-1.25.0]$ sudo make instal ...

I'm a little bit lost and need some help understand what exactly is happening with my server.

So this is a Proxmox (Debian) server with several LXC containers running in it, and from time to time everything just starts failing because it seems that new processes/childrens are unable to open. The syslog starts being filled with messages like this:

May 24 18:19:44 pvirtual08 ksmtuned[1645]: /usr/sbin/ks ...

I've got a GKE private k8s cluster with nginx and a django application running with wsgi and asgi. Logs from nginx show that websocket requests get a 403, and the logs on the daphne pod are showing "access denied" type errors. I've also got a cluster running the same application, but not within a VPC where these websockets are working as expected.

I've no issue with nginx traffic passing through  ...

I am using apache 2.4.56 and my site is hosted on Google Cloud Compute. "Require ip ip-number" works for /var/www/html/index.html like mysite.com but it doesn't work for mysite.com/cgi-bin/list_directory_1.cgi?directory=%2CBrasil&submit_directory= In the second case, anybody can access it. This is what I have in the apache configuration file:

<Directory /var/www/>
    Options Indexes Follo ...

I have installed mailman3 and followed this instruction: https://lab.uberspace.de/guide_mailman-3/

My problem is, that css files for HyperKitty (and the login screen) are not available. If I'm on https://example.org/postorius/ everything looks good but on https://example.org/hyperkitty/ the main css file is not found.

In ~/mailman-suite/settings.py I set STATIC_ROOT = '/home/hmail/html/static/' and m ...

I've got a node-react app on port 3000, and a node/express API running on port 3001 (localhost:3001/api). I need a reverse proxy setup in Apache that will put the React app on https://example.domain.com/ and the API on https://example.domain.com/api.

Will this work?

<VirtualHost *:443>
    ServerName example.domain.com
    [SSL Configuration]

    ProxyPreserveHost On
    ProxyPass "/" "http://local ...

I have IPIP tunnel as shown in tcpdump output bellow: IP 192.168.240.112 > 192.168.250.112.

Inside this tunnel, there is a traffic in another IPIP tunnel IP 10.233.86.94.35938 > 10.233.100.199.3306

$ sudo tcpdump -i oet1 -n
09:53:57.455262 IP 192.168.240.112 > 192.168.250.112: IP 10.233.86.94.35938 > 10.233.100.199.3306: Flags [P.], seq 802:865, ack 3295, win 501, options [nop,nop,TS val 32634 ...

Migrating away from BIND9 to Route53 and would prefer not to use the named.stats file for monitoring activity during the migration period. As such, I checked the current named.conf and verified no statistics-channels entry exists, so no http web page for monitoring based on xml channel.

My question is: Because the previous sysadmins that deployed these BIND servers (RHEL 6) did not build it using  ...

I see no traffic in layer 2 and above in an OVS bridge, but I do see layer 1 traffic.

I have the following setup:

I have created a Linux VirtualBox VM with three adapters: NAT with port forwarding the internal SSH (22) port to external port, so that I can manage the VM, a bridged adapter to an ethernet cable connected an external machine (it could be a Raspberry PI or a laptop or ...etc.), and anoth ...

We use fail2ban on a number of our servers for blocking brute-force attempts against services like SSH, SMTP, IMAP, SIP, etc, and it works very well. However, we get a lot of false positives under certain common circumstances.

Most of our clients are small businesses. So all of their users are on a local LAN behind a NAT'd firewall. So it's common for 10 users to authenticate with, say, their ema ...

A macports' installation of apache2 + php82-fpm under macOS Ventura seems to keep php files in cache, even before installing php82-opcache.

I don't know if this is coming from apache2 or php82-fpm, and I tried to set the cache-control in the header of my script like this without any success :

header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Cache-Control: post-check=0,  ...

I host my domain on Gandi and have my nameservers pointed to my Digital Ocean hosting. In my DNS settings on Digital Ocean I have the (old style) MX records set up for Google Mail as such:

I am amalgamating a few of my company's Debian VPSs into 1. I will be serving multiple domains, as well as their sub-domains, all of which will send emails, but not receive them (except for bounces):

• my-company.com
• alpha.my-company.com
• beta.my-company.com
• my-other-company.com

EDIT: The alpha.my-company.com & beta.my-company.com sites are the main focus here. They are privately accessed SAAS apps  ...

my first post here.

I had a postfix that I'm using as a relay. I configured to use authentication with the following main.cf: https://pastebin.com/TQfmAQp2

The problem is: when I try to send an e-mail using "Send-MailMessage" in PowerShell within a host inside "mynetworks" I am able to send it without authentication, in other words: anonymously.

Is there any chance that I'm doing something wrong? ...

I am running an Ubuntu 20.04 based LEMP server on a Raspberry Pi 4. I am working on a Wordpress Woocommerce website at https://www.mcmo.is. Currently on iOS using Safari or Google Chrome, I can't get past the websites Woocommerce checkout page with Modsecurity enabled. When trying to check out an item, the payment method options under "YOUR ORDER" are greyed out (see the photos beneath), blocking  ...

Using IIS 10, I have 3 websites with 3 different hostnames, but the same IP address and port, and each of them has their own SSL certificate.

In the bindings I can see that each has the correct certificate attached (When I click View I see it's the right details for each).

However when I go to the URL in the browser, it says the certificate is not trusted (Except for the 1 site whose this certificat ...

I have a website on example.com, and a WebSocket server on example-websocket-server.com.

Each have an SSL certificate so that I can access them from https://

I am using the websocket server as a websocket server for all the other websites, including example.com (there are more websites). However the wss:// connection fails (ws:// works).

The websocket server uses Laravel-Websocket as the server and it as ...