| How does nginx behave when fail_timeout and proxy_connect_timeout are inconsistent? Posted: 24 Oct 2021 09:42 PM PDT This question is about proxy_connect_timeout and fail_timeout and how nginx determines failed upstream servers. Nginx documentation states that fail_timeout: sets the time during which the specified number of unsuccessful attempts to communicate with the server should happen to consider the server unavailable The documentation states the following about proxy_connect_timeout: Defines a timeout for establishing a connection with a proxied server. It should be noted that this timeout cannot usually exceed 75 seconds. The documentation also states that the default values of fail_timeout and proxy_connect_timeout are 10 and 60 seconds, respectively. How does nginx deal with inconsistencies between these two configuration parameters? Does one take precedence over the other? Does it take the shorter period of the two?  |
| Dovecot does not send the CA file unless ssl_verify_client_cert is set to yes Posted: 24 Oct 2021 10:07 PM PDT I have a Postfix / Dovecot / MySQL email server with user password login configured. Everything works fine except for the fact that Dovecot does not send the chain CA file to the client. I have ssl_cert = </etc/apache2/ssl/apache.crt ssl_key = </etc/apache2/ssl/apache.key ssl_ca = </etc/apache2/ssl/apache.pem
in my /etc/dovecot/conf.d/10-ssl.conf. However, the CA file is not sent. openssl s_client -connect server.com:143 -starttls imap CONNECTED(00000003) depth=0 CN = server.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 CN = server.com verify error:num=21:unable to verify the first certificate verify return:1 ...
If I add ssl_verify_client_cert = yes, everything works fine. openssl s_client -connect server.com:143 -starttls imap CONNECTED(00000003) depth=2 C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Root Certificate Authority - G2 verify return:1 depth=1 C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", OU = http://certs.starfieldtech.com/repository/, CN = Starfield Secure Certificate Authority - G2 verify return:1 depth=0 CN = server.com verify return:1
I am not using client certificate authorization though. Have I misunderstood the Dovecot configuration or is this expected behavior? Should I leave it like this?  |
| Keep windows offline but allow connectivity for specific apps Posted: 24 Oct 2021 09:17 PM PDT A while back I tried blocking windows via a 3rd party firewall on system level, just to find out that once that was the case, all apps would lose connectivity. At the time it was just a curiosity, so I let it go. Recently, since I have an ageing but still perfectly usable windows 7 pc and software that goes with it, that unfortunately falls out of the hardware requirements (for no technical but for business reasons in all likelihood) to update to a supported version, and since it is no longer supported with security updates, I restarted the effort to cut off the system off the internet entirely for security reasons, save for a browser and a few programs that I trust and need to be able to access the internet. I already have one, albeit mostly untested strategy. I noticed that when I run a VM with a bridged vlan adapter, I can set the VM IP to my router subnet, then set the host IP to a different one, and the VM would have internet access while the host would not. So I think I can easily add another virtual lan to the VM, set its IP to the same subnet, then run a simple proxy server inside the vm, set up to require authentication, and add the proxy to only the software I want to have internet access. So, by default all software, including the OS will effectively be on a subnet that has no internet connectivity, while select apps will still be able to connect through the proxy in the VM. My question is how viable this approach is in terms of security? I don't care about the overhead from running the VM, as I already run a headless linux server for testing pretty much 24/7. I am also open to suggestions for better solutions that I might be overlooking.  |
| How to connect to VPN Server over Internet? Posted: 24 Oct 2021 08:40 PM PDT So I have been using a Windows 2019 server VM to create a VPN server. I have been able to set it up and if I connect to it from my Windows 10 computer inside my network, it connects and allows me to browse the internet. It is a L2TP/IPSEC VPN. My next step I want to do is to connect and utilize it over the internet to browse the internet securely if I am away from home. I think I have to do something in regards to port forwarding, but I am not sure what I have to do to do so? Any assistance would be great.  |
| Why windows search index differently on each Windows server? Posted: 24 Oct 2021 07:40 PM PDT I need to check the patching status on 20 Windows Server 2016 with similar configuration. So I remote control (mstsc) into each server, click the Window icon at left bottom, type in "installed" to look for View installed updates. 
All the servers were established since 2019, with similar configuration. However the search results are not the same. In some servers I cannot find View installed updates. I have to key in "view" or "updates" in locate this item. In some cases I cannot find this item at all. My question is, since the item is built-in component (not 3rd party add-on), why Windows in different server index it differently? Can I enforce the indexing to work in same way across all Windows servers?  |
| Apache Header set missing in server response when php-fpm is active, shown when php-fpm is inactive Posted: 24 Oct 2021 07:38 PM PDT Problem: When php-fpm is enabled, cors headers set in .htaccess are not shown in response. When php-fpm is disabled, cors headers are shown in the response. Current setup: Server: - Ubuntu 20.04 on Aliyun cloud (Shanghai region)
- Apache 2.4, headers module enabled
- php 7.4 with php7.4-fpm enabled.
In .htaccess I've set: Header always set Access-Control-Allow-Origin "*" Header always set Access-Control-Allow-Headers "origin, x-requested-with, content-type" Header always set Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
In vhost config I have set: <VirtualHost *:443> ServerName api.test.com DocumentRoot /path/to/www ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/path/to/www/$1 ErrorLog /path/to/log CustomLog /path/to/log <Directory /path/to/www/ > Options Indexes FollowSymlinks Includes execCGI AllowOverride All Require all granted </Directory> SSLCErtificateFile /path/to/pem SSLCertificateKeyFile /path/to/key Include /etc/letsencrypt/options-ssl-apache.conf </VirtualHost>
If I comment the line # ProxyPassMatch .... and restart apache and php-fpm, headers for cors set in .htaccess above are shown as expected. However if php-fpm is set in vhost, after restart apache and php-fpm, headers listed in .htaccess are not provided in response. Response in both cases (with and without php-fpm) is still valid, code 200, with some echo text I've set as output. No errors logged. I've never encountered this issue on AWS instances, neither when developing in my local environment. Can anyone point me how php-fpm affects response headers, am I doing something wrong in vhost / htaccess or missing .ini settings?  |
| Why brctl stp cannot prevent the loop? Posted: 24 Oct 2021 05:52 PM PDT Even the STP is enabled through brctl stp switch on on a looped network, the packets cannot be forwarded successfully. Please note that if there is no loop in the network, then everything is ok. The problem is described as followed. I have three Linux boards (i.e., SW1, SW2, SW3) with the ring topology as shown: SW1 / \ SW2 ———— SW3
The IP configurations are: SW1:192.168.20.2 SW2:192.168.20.3 SW3:192.168.20.4
Each Linux board has 4 physical ports, and the connections are: SW1.swp2 <---> SW2.swp2 SW1.swp0 <---> SW3.swp1 SW2.swp3 <---> SW3.swp3
The bridge configuration of SW1 is as shown below, the others are as same as this one except for the IP address of "switch". ifconfig switch 192.168.20.2 # the "192.168.20.2" is the IP of SW1, ip link set switch up ip link set swp0 master switch && ip link set swp0 up ip link set swp1 master switch && ip link set swp1 up ip link set swp2 master switch && ip link set swp2 up ip link set swp3 master switch && ip link set swp3 up route add default gw 192.168.20.1 brctl stp switch on ip link set up dev switch
The STP is enabled successfully: brctl show switch bridge name bridge id STP enabled interfaces switch 8000.06f5bc4466d2 yes swp0 swp1 swp2 swp3
The STP status for SW1: brctl showstp switch switch bridge id 8000.06f5bc4466d2 designated root 8000.067b22fa77a2 root port 1 path cost 4 max age 20.00 bridge max age 20.00 hello time 2.00 bridge hello time 2.00 forward delay 15.00 bridge forward delay 15.00 ageing time 300.00 hello timer 0.00 tcn timer 0.00 topology change timer 0.00 gc timer 239.55 flags swp0 (1) port id 8001 state forwarding designated root 8000.067b22fa77a2 path cost 4 designated bridge 8000.067b22fa77a2 message age timer 19.82 designated port 8002 forward delay timer 0.00 designated cost 0 hold timer 0.00 flags swp1 (2) port id 8002 state disabled designated root 8000.06f5bc4466d2 path cost 100 designated bridge 8000.06f5bc4466d2 message age timer 0.00 designated port 8002 forward delay timer 0.00 designated cost 0 hold timer 0.00 flags swp2 (3) port id 8003 state forwarding designated root 8000.067b22fa77a2 path cost 4 designated bridge 8000.06f5bc4466d2 message age timer 0.00 designated port 8003 forward delay timer 0.00 designated cost 4 hold timer 1.41 flags swp3 (4) port id 8004 state disabled designated root 8000.06f5bc4466d2 path cost 100 designated bridge 8000.06f5bc4466d2 message age timer 0.00 designated port 8004 forward delay timer 0.00 designated cost 0 hold timer 0.00
The STP status for SW2: brctl showstp switch switch bridge id 8000.9a32d1ec24fe designated root 8000.067b22fa77a2 root port 4 path cost 4 max age 20.00 bridge max age 20.00 hello time 2.00 bridge hello time 2.00 forward delay 15.00 bridge forward delay 15.00 ageing time 300.00 hello timer 0.00 tcn timer 0.00 topology change timer 0.00 gc timer 58.07 flags swp0 (1) port id 8001 state disabled designated root 8000.9a32d1ec24fe path cost 100 designated bridge 8000.9a32d1ec24fe message age timer 0.00 designated port 8001 forward delay timer 0.00 designated cost 0 hold timer 0.00 flags swp1 (2) port id 8002 state disabled designated root 8000.9a32d1ec24fe path cost 100 designated bridge 8000.9a32d1ec24fe message age timer 0.00 designated port 8002 forward delay timer 0.00 designated cost 0 hold timer 0.00 flags swp2 (3) port id 8003 state blocking designated root 8000.067b22fa77a2 path cost 4 designated bridge 8000.06f5bc4466d2 message age timer 19.43 designated port 8003 forward delay timer 0.00 designated cost 4 hold timer 0.00 flags swp3 (4) port id 8004 state forwarding designated root 8000.067b22fa77a2 path cost 4 designated bridge 8000.067b22fa77a2 message age timer 19.43 designated port 8004 forward delay timer 0.00 designated cost 0 hold timer 0.00 flags
The STP status for SW3: brctl showstp switch switch bridge id 8000.067b22fa77a2 designated root 8000.067b22fa77a2 root port 0 path cost 0 max age 20.00 bridge max age 20.00 hello time 2.00 bridge hello time 2.00 forward delay 15.00 bridge forward delay 15.00 ageing time 300.00 hello timer 0.62 tcn timer 0.00 topology change timer 0.00 gc timer 98.80 flags swp0 (1) port id 8001 state forwarding designated root 8000.067b22fa77a2 path cost 4 designated bridge 8000.067b22fa77a2 message age timer 0.00 designated port 8001 forward delay timer 0.00 designated cost 0 hold timer 0.00 flags swp1 (2) port id 8002 state forwarding designated root 8000.067b22fa77a2 path cost 4 designated bridge 8000.067b22fa77a2 message age timer 0.00 designated port 8002 forward delay timer 0.00 designated cost 0 hold timer 0.00 flags swp2 (3) port id 8003 state forwarding designated root 8000.067b22fa77a2 path cost 19 designated bridge 8000.067b22fa77a2 message age timer 0.00 designated port 8003 forward delay timer 0.00 designated cost 0 hold timer 0.00 flags swp3 (4) port id 8004 state forwarding designated root 8000.067b22fa77a2 path cost 4 designated bridge 8000.067b22fa77a2 message age timer 0.00 designated port 8004 forward delay timer 0.00 designated cost 0 hold timer 0.00 flags
In SW1, I ping SW2: ping 192.168.20.3 PING 192.168.20.3 (192.168.20.3): 56 data bytes 64 bytes from 192.168.20.3: seq=9 ttl=64 time=0.330 ms 64 bytes from 192.168.20.3: seq=37 ttl=64 time=0.291 ms 64 bytes from 192.168.20.3: seq=63 ttl=64 time=0.289 ms 64 bytes from 192.168.20.3: seq=90 ttl=64 time=0.310 ms 64 bytes from 192.168.20.3: seq=117 ttl=64 time=0.305 ms 64 bytes from 192.168.20.3: seq=145 ttl=64 time=0.286 ms 64 bytes from 192.168.20.3: seq=172 ttl=64 time=0.311 ms
As we can see, the ping packets can not be transmitted continually. Is there any good idea? Again, when I disconnected the loop, the ping is ok.  |
| User can't send mail depending on ISP, unknown user error Posted: 24 Oct 2021 09:31 PM PDT Ubuntu server 18.04.6 LTS, with functional postfix/dovecot mailserver. When using his phone to send mail, user Joe gets the following error : An error occurred while sending mail. The mail server responded: 4.7.25 Client host rejected: cannot find your hostname, [178.197.200.200]. Please check the message recipient "joe@domainname.ch" and try again.
with the following in /var/log/mail.log Oct 24 08:49:23 vps postfix/submission/smtpd[25163]: connect from unknown[178.197.200.200] Oct 24 08:49:23 vps postfix/submission/smtpd[25163]: NOQUEUE: reject: RCPT from unknown[178.197.200.200]: 450 4.7.25 Client host rejected: cannot find your hostname, [178.197.200.200]; from=<joe@domainname.ch> to=<recipient@whatever.ch> proto=ESMTP helo=<[192.168.184.19]>
When he gets home and uses another ISP, the mail is sent without error. /var/log/mail.log reads as follow : Oct 24 08:59:21 vps postfix/submission/smtpd[25331]: connect from 84-75-202-59.dclient.hispeed.ch[84.75.202.59] Oct 24 08:59:22 vps postfix/submission/smtpd[25331]: 386394150E: client=84-75-202-59.dclient.hispeed.ch[84.75.202.59], sasl_method=PLAIN, sasl_username=joe@domainname.ch Oct 24 08:59:22 vps postfix/cleanup[25335]: 386394150E: message-id=<f4c2c1ed-c786-c8ed-d3a6-43aff78e5153@domainname.ch> Oct 24 08:59:22 vps postfix/qmgr[6203]: 386394150E: from=<joe@domainname.ch>, size=1105, nrcpt=1 (queue active)
At first I thought that the submission port might be blocked by the ISP, but I don't get why the mailserver would even be reachable in this case. In /etc/postfix/main.cf I set up the following restrictions : smtpd_client_restrictions = permit_mynetworks reject_unknown_client_hostname check_client_access hash:/etc/postfix/access_client smtpd_helo_restrictions = permit_mynetworks reject_non_fqdn_helo_hostname reject_invalid_helo_hostname check_helo_access hash:/etc/postfix/access_helo smtpd_sender_restrictions = permit_mynetworks reject_unknown_sender_domain reject_non_fqdn_sender check_sender_access hash:/etc/postfix/access_sender smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
I could allow unknown_client_hostname, but isn't it detrimental to security to let anyone's fridge connect here? Is it ok to remove restrictions for reject_non_fqdn_helo_hostname and reject_invalid_helo_hostname to let the user authenticate? This means giving a chance to a bot to try for credentials. Is there a way to allow the user to send mail without sacrificing on security in this case?
Edit 1 : Postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes compatibility_level = 2 content_filter = amavisfeed:[127.0.0.1]:10024 disable_vrfy_command = yes home_mailbox = Maildir/ inet_interfaces = all inet_protocols = all mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/dovecot.conf -m "${EXTENSION}" mailbox_size_limit = 0 message_size_limit = 26214400 milter_default_action = accept milter_protocol = 6 mydestination = vps.chollet-page.ch,localhost.chollet-page.ch,localhost myhostname = chollet-page.ch myorigin = /etc/mailname non_smtpd_milters = unix:var/run/opendkim/opendkim.sock,local:opendmarc/opendmarc.sock readme_directory = no receive_override_options = no_address_mappings recipient_delimiter = _ relayhost = smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_use_tls = yes smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_client_restrictions = permit_mynetworks reject_unknown_client_hostname check_client_access hash:/etc/postfix/access_client smtpd_delay_reject = yes smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks reject_non_fqdn_helo_hostname reject_invalid_helo_hostname check_helo_access hash:/etc/postfix/access_helo smtpd_milters = unix:var/run/opendkim/opendkim.sock,local:opendmarc/opendmarc.sock smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination check_policy_service unix:private/policy-spf smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = private/dovecot-auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = permit_mynetworks reject_unknown_sender_domain reject_non_fqdn_sender check_sender_access hash:/etc/postfix/access_sender smtpd_tls_cert_file = /etc/letsencrypt/live/smtp.chollet-page.ch/fullchain.pem smtpd_tls_key_file = /etc/letsencrypt/live/smtp.chollet-page.ch/privkey.pem smtpd_tls_mandatory_ciphers = medium smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,mysql:/etc/postfix/mysql-virtual-alias-maps-self.cf virtual_mailbox_base = /var/vmail/vhosts virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf virtual_mailbox_limit = 0 virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf virtual_transport = lmtp:unix:private/dovecot-lmtp
 |
| Why wasn't my network disrupting spray command detected earlier? [closed] Posted: 24 Oct 2021 10:55 PM PDT My claim to fame for network disruption is that as a student I once managed to set the spray command with a ridiculous count (1,000,000 give or take). I don't remember the exact command I typed as this is many years ago. The next day I came back to see if the command finished, meanwhile hearing something along the lines of the university computer science network experiencing a "network degradation" and an "ongoing investigation into what causes it". Something dawned to me that moment and I rushed back to interrupt my spray experiment. Not long after, a senior sysadmin sent me an email asking me if I could please explain what I was thinking executing this command and what it was that I intended to do. I apologised, of course, saying I was curious what spray did and for adding a few too many zeroes. Luckily, no further disciplinary action. The fact that I invoked that on SunOS 5 might give you some indicators of how long ago that was, but what has stayed in my mind all these years was why the admins only found out about that after I stopped the command. Would there have been a way for sysadmins to find out what was blocking the network while spray was sending packages, and if so, how?  |
| Website worked perfectly when I used a hosting company, but not with my own server Posted: 24 Oct 2021 09:40 PM PDT In January, I began creating a new website. It's a member website in which users sign up, have their own folders, and have the option of posting text content and uploading photos and videos. I completed it around the middle of September. I want to host this site myself, so I set up a server with CentOS 8, because of the graphic interface. While creating this site, I had the files in a sub-directory in one of my other websites because I wanted to test everything in a live setting instead of the localhost. Everything I did worked perfectly. When I put the website on my server, my next step was to do the final testing before the site goes live. The only thing that works is a user's ability to log in. Nothing else works at all. Posting text, uploading photos, and even the php function, 'mkdir()' doesn't work. For the most part, nothing works. It's as if I lived in a place where there were rules that I abided by, and now, I'm living in a place with a different set of rules. I tried disabling Selinux, and nothing changed. Recently, like about an hour ago, I changed Selinux to 'Permissive', but I'm almost afraid to test it again. The site is coded with php and ajax, mostly. The coding if fine, since it worked before, so I don't need to show it here. I somehow believe that Selinux is the reason for this. I really want to get this site live by November 1, but I have no clue what to do. Can someone please help me?  |
| Steps to update certificate in edge servers Posted: 24 Oct 2021 06:46 PM PDT Onprem mailbox servers is in exchange 2013 and edge servers in dmz. Can someone please share the steps to renew third part cert in edge servers. I am unable to find a ms article. Please help  |
| Exchange Journaling - What happens with delivery failure on certain recipients Posted: 24 Oct 2021 07:02 PM PDT If there are three users (A, B, C) in an exchange (O365 or recent Exch versions), and there is an incoming email To: A, B, C, where B and C got some delivery failures, will the exchange journal report mention only A? Are there any resources that talk about journaling behaviors in-depth? I searched, couldn't find any.. One more question, can we assume the exchange journal report as source of truth for the message-delivery?  |
| How to prevent public access to GKE Ingress and make it accessible just for Apigee X Posted: 24 Oct 2021 08:02 PM PDT I am new in Cloud stuff, and my question may be basic, but this problem has bugged me for a week, and I don't know how to fix it. I deployed my first Cloud project on GCP using GKE. After that, I used Kubernetes Ingress to expose its service. On the API gateway side, I used Apigee X. And successfully created a proxy and used the Ingress's IP address as the proxy's backend. Up to now, everything is fine. My problem is to prevent public access to GKE Ingress and make it accessible just for Apigee X to communicate with it. I am thinking of creating an internal ingress ( I know we have both external and internal options for Ingress in GKE) and giving the internal IP address to the Apigee proxy's backend. But I am unsure if and how to make Apigee load balancer talk to an internal IP address.  |
| PHP file_get_contents sometimes returns 502 on 1 of 2 Servers Posted: 24 Oct 2021 11:00 PM PDT I have two virtual servers. The old: Ubuntu 12.04 with PHP 7.2. The new: CentOS 7.9 with PHP 8.0. On both servers the same application is running. A cron is minutely getting some details from another website. similar to the following code file_get_contents("http://mirror.facebook.net/centos/timestamp.txt")
On the old server, it worked well. I never had issues. On the new server, I have sometimes this Message Warning: file_get_contents(mirror.facebook.net/centos/timestamp.txt): Failed to open stream: HTTP request failed! HTTP/1.0 502 Bad Gateway
I have no idea why this happens. It affects about 1% of the calls. Does anyone have an idea where I could look and what I could do to solve the issue? [EDIT] I implemented the error and time tracking as mentioned below. First the code: $t0 = microtime(true); $jsonString = file_get_contents($pageUrl); if ($jsonString === false) { $t1 = microtime(true); var_dump(sprintf( 'Fehler beim Abruf der URL %s', $pageUrl, )); var_dump($t1 - $t0); var_dump(error_get_last()); return 0; }
Now the result. array(4) { ["type"]=> int(2) ["message"]=> string(145) "file_get_contents(https://www.example.com/): Failed to open stream: HTTP request failed! HTTP/1.0 502 Bad Gateway " ["file"]=> string(62) "/path/to/src/Service/WebcrawlerService.php" ["line"]=> int(61) }
The result is sadly NOT providing many more details. It's still 502  |
| Cannot access my website with the custom domain name when using VPN Posted: 24 Oct 2021 08:38 PM PDT I developed a website and deployed it using EC2 on AWS and redirected the domain name which I bought from domain.com to the EC2 IP address with Route 53. The site is accessible when I'm not using VPN. However, when I start using the VPN, I cannot access the website and redirect to a page that shows the site is under development. How can I fix this problem? Many thanks!!
The picture is the records of my R53 hosted zone
I also have added the values which generate by the AWS to the nameservers of domain.com. The domain name was bought last year and started using it from June.
Information of ip and nslookup:
(1) website ip: 18.222.135.126
(2) domain name: weiyipeng.com
(3) nslookup with VPN off: 18.222.135.126
(4) nslookup with VPN on: 240.0.0.6
 |
| Automatic file backup management? Posted: 24 Oct 2021 07:23 PM PDT I have a bunch of files (about 50 MB total) that I would like to back up every 20 minutes. Each backup should be compressed into a single (.tar.gz) file, and backups older than 24h should be removed. This process should be automated. (I imagine this functionality is something that is widely sought for) Short of writing my own application for this, what are my options?  |
| hyper-v failed to start worker process: ran out of memory 0x800700E Posted: 24 Oct 2021 07:03 PM PDT I have a Windows Server 2016 DataCenter with 0.5TB of RAM (there is a 497GB of RAM currently available) and I have three hyper-v virtual machines there. They have been running perfectly until we added a few discs into the physical server. Suddenly I cannot start any of them and even newly created VM cannot be started as well. Every VM request maximum 16GB of RAM. I receive the "failed to start worker process: ran out of memory 0x800700E" error. 
I have tried to alter the virtual images to the minimal configuration possible (one processor, dynamic RAM with 512MB min memory) without any success. There are no Hyper-V events in the log. What can be possibly wrong?  |
| Apache2 - default php7.2-fpm.conf has to be included in every virtual host? Posted: 24 Oct 2021 11:04 PM PDT I'm trying to move from mod_php to php-fpm using mod_proxy_fcgi. After installing the needed modules I tried following the notice I got during install: Not enabling PHP 7.2 FPM by default. To enable PHP 7.2 FPM in Apache2 do: a2enmod proxy_fcgi setenvif a2enconf php7.2-fpm After doing that and restarting Apache my website served me the php files as plain text. Only after adding Include conf-enabled/php7.2-fpm.conf to my virtual host configuration file (after setting up letsencrypt I have two for all of my virtual hosts and it had to be added to both). I'm a bit reluctant to do that - in the future php7.2-fpm.conf will probably move to php7.3-fpm.conf and I have to add touch all the configuration files again. This is the content of php7.2-fpm.conf: # Redirect to local php-fpm if mod_php is not available <IfModule !mod_php7.c> <IfModule proxy_fcgi_module> # Enable http authorization headers <IfModule setenvif_module> SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1 </IfModule> <FilesMatch ".+\.ph(ar|p|tml)$"> SetHandler "proxy:unix:/run/php/php7.2-fpm.sock|fcgi://localhost" </FilesMatch> <FilesMatch ".+\.phps$"> # Deny access to raw php sources by default To re-enable it's recommended to enable access to the # files only in specific virtual host or directory Require all denied </FilesMatch> # Deny access to files without filename (e.g. '.php') <FilesMatch "^\.ph(ar|p|ps|tml)$"> Require all denied </FilesMatch> </IfModule> </IfModule>
So I'm wondering is there a way to change the behavior that the php-fpm mechanism works without touching all of my virtual host configuration files?  |
| Connected my domain to a bucket on google cloud and getting bucket does not exist error Posted: 24 Oct 2021 06:04 PM PDT I connected my domain to serve static content by linking it to a bucket on google cloud , however I am getting the following error message when i type the website address on the browser NoSuchBucket The specified bucket does not exist. Any help in resolving the issue would be appreciated.  |
| Nginx + PHP index.php not found 404 Posted: 24 Oct 2021 09:06 PM PDT I'm running debian 9 with nginx 12 and php7.1 I've set evrrything up. Nginx does not give me anything in error log, all the PHP scripts are working 100% fine. Nginx indexes index.html as index but DOES NOT find index.php and returns 404, even though I have it set in the nginx config. Here is my nginx config: server { listen 80 default_server; listen [::]:80 default_server; # SSL configuration # # listen 443 ssl default_server; # listen [::]:443 ssl default_server; # # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 # # Read up on ssl_ciphers to ensure a secure configuration. # See: https://bugs.debian.org/765782 # # Self signed certs generated by the ssl-cert package # Don't use them in a production server! # # include snippets/snakeoil.conf; root /var/www/html; # Add index.php to the list if you are using PHP index index.php index.html index.htm; server_name _; server_tokens off; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri /index.html index.php; } # pass PHP scripts to FastCGI server # location ~ \.php$ { # With php-fpm (or other unix sockets): try_files $uri =404; include fastcgi.conf; fastcgi_pass unix:/var/run/php/php7.1-fpm.sock; fastcgi_index index.php; } # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #}}
 |
| Randomly lost folder permissions Posted: 24 Oct 2021 05:06 PM PDT I found that many subfolders in my shared folder lost all their permission. I cannot understand why and I did not find something relevent in event logs. I also cannot understand which folder are affected, seems to be a random selection. I had to take ownership of all files then replace them from the parent folder (replace all child object permissions with inharitable permissin from this object). This is a Windows Server 2012 virtual machine with only shared folder service, there is a daily machine backup with Veeam and the shadow volume copy is enabled. It never happened to any of you? What can be?  |
| Apache and php7.0-fpm – sporadically error 500 Posted: 24 Oct 2021 07:03 PM PDT I am running an office server based on Debian (for developing websites based on TYPO3) and have changed from mod_fcgid to PHP FPM – just to have two PHP versions available in an easy way... Now I am working on a project/vhost with PHP 7.0 running and get sporadically error 500. When I refresh the same page / or do the same action it works – so it's really annoying since I cannot find any solution for that. I am using the default php7.0-fpm config. My vhost config looks like this: <VirtualHost 192.168.2.10:80> ServerName mdo.ka.dev ServerAlias mdo.ka.dev DocumentRoot /var/www/git_websites/MDO SuexecUserGroup myuser mygroup ServerAdmin info@myemail UseCanonicalName Off DirectoryIndex index.htm index.html index.php AddType application/x-httpd-fastphp7---mdo .php Action application/x-httpd-fastphp7---mdo /php7-fcgi---mdo Alias /php7-fcgi---mdo /usr/lib/cgi-bin/php7-fcgi---mdo FastCgiExternalServer /usr/lib/cgi-bin/php7-fcgi---mdo -socket /run/php/php7.0-fpm.sock -idle-timeout 900 -pass-header Authorization <Directory /var/www/git_websites/MDO> AllowOverride FileInfo </Directory> </VirtualHost>
And I am getting the folling errors: [Mon Apr 10 10:02:37.341218 2017] [fastcgi:error] [pid 20539] (104)Connection reset by peer: [client 192.168.2.54:60604] FastCGI: comm with server "/usr/lib/cgi-bin/php7-fcgi---mdo" aborted: read failed, referer: http://mdo.ka.dev/kontakt/distributoren/ [Mon Apr 10 10:02:37.341271 2017] [fastcgi:error] [pid 20539] [client 192.168.2.54:60604] FastCGI: incomplete headers (0 bytes) received from server "/usr/lib/cgi-bin/php7-fcgi---mdo", referer: http://mdo.ka.dev/kontakt/distributoren/
I don't understand where the problem is. I am getting the same error 500 / the sam log message when I stop the PHP FPM service. So I thought "he" can't connect to the FPM server. But when I increase the processes in the config or switch from dynamic to static mode nothing changes. I am the only user using this webserver on that machine – so there cannot be too few processes. I also turned off the Zend Opcode and the APCU module. Also nothing changed. Hope someone can help – it's a annoying to work with these errors.  |
| Windows Server Backup is doing incremental instead of full backup of Exchange data Posted: 24 Oct 2021 10:02 PM PDT I am backing up an Exchange Server database to a backup volume on Windows Server 2012 R2, using Windows Server Backup. I mostly followed the tutorial shown at http://exchangeserverpro.com/backup-exchange-server-2013-databases-using-windows-server-backup/ I hope to backup data, and also remove old Exchange log files. The backup is successful, but the log files are not being removed/truncated. Exchange does not record a full backup in the database settings page. The "Details" panel for the last backup records the last backup as VSS Full backup, successful, but in the "items" list, both C and D are described as "Backup Type": "Incremental". I cannot find any further settings to control if backup is "Full" or "Incremental" except on the VSS settings, which is set to Full. Any suggestions?  |
| RTNETLINK answers: Invalid argument while specifying packet loss by tc command Posted: 24 Oct 2021 06:04 PM PDT I am trying to specify packet loss by tc command on interface (port) 1 of switch part of network I have created using mininet : sudo tc qdisc change dev s1-eth1 root netem loss 0.1% but gettring error: RTNETLINK answers: Invalid argument Any help would be appreciated Network Details: It is a tree topology based mininet network on Ubuntu 14.04 with depth = 2 and fanout = 5. On first level, a switch is connected to 5 switches which are connected to 5 hosts each. All switches are OpenvSwitch. Other details that MAY be required: /etc/network/interfaces: # interfaces(5) file used by ifup(8) and ifdown(8) auto lo iface lo inet loopback iface eth0 inet static address 10.0.0.1 network 10.0.0.0 broadcast 10.0.0.255 netmask 255.255.255.255
ifconfig: eth0 Link encap:Ethernet HWaddr f8:bc:12:57:a2:25 inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.255 inet6 addr: fe80::fabc:12ff:fe57:a225/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:373 errors:0 dropped:371 overruns:0 frame:0 TX packets:101 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:70350 (70.3 KB) TX bytes:14244 (14.2 KB) eth1 Link encap:Ethernet HWaddr 00:e0:4c:36:02:e1 inet addr:192.168.0.103 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::2e0:4cff:fe36:2e1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:47853 errors:0 dropped:0 overruns:0 frame:0 TX packets:45502 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:25038783 (25.0 MB) TX bytes:6855972 (6.8 MB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:91530 errors:0 dropped:0 overruns:0 frame:0 TX packets:91530 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:17283542 (17.2 MB) TX bytes:17283542 (17.2 MB) s1 Link encap:Ethernet HWaddr 12:d6:3f:00:7e:4c inet6 addr: fe80::c80a:80ff:fef9:446/64 Scope:Link UP BROADCAST RUNNING MTU:1500 Metric:1 RX packets:748 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:127789 (127.7 KB) TX bytes:648 (648.0 B) s2 Link encap:Ethernet HWaddr 96:44:d2:f0:2d:41 inet6 addr: fe80::90d6:48ff:fed5:4f06/64 Scope:Link UP BROADCAST RUNNING MTU:1500 Metric:1 RX packets:744 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:126441 (126.4 KB) TX bytes:648 (648.0 B) s3 Link encap:Ethernet HWaddr 46:fa:d0:0f:03:41 inet6 addr: fe80::b04e:e2ff:fee8:2b83/64 Scope:Link UP BROADCAST RUNNING MTU:1500 Metric:1 RX packets:748 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:127813 (127.8 KB) TX bytes:648 (648.0 B) s4 Link encap:Ethernet HWaddr a6:37:27:fe:63:40 inet6 addr: fe80::dc77:94ff:fe7f:20d3/64 Scope:Link UP BROADCAST RUNNING MTU:1500 Metric:1 RX packets:747 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:128003 (128.0 KB) TX bytes:648 (648.0 B) s5 Link encap:Ethernet HWaddr da:69:62:24:87:47 inet6 addr: fe80::e0da:a3ff:fe72:34d5/64 Scope:Link UP BROADCAST RUNNING MTU:1500 Metric:1 RX packets:744 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:127945 (127.9 KB) TX bytes:648 (648.0 B) s6 Link encap:Ethernet HWaddr 9a:f8:f6:55:22:43 inet6 addr: fe80::fc44:bdff:fe7c:e15a/64 Scope:Link UP BROADCAST RUNNING MTU:1500 Metric:1 RX packets:732 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:127241 (127.2 KB) TX bytes:648 (648.0 B) s1-eth1 Link encap:Ethernet HWaddr 32:d3:9d:d3:d4:bc inet6 addr: fe80::30d3:9dff:fed3:d4bc/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:149 errors:0 dropped:0 overruns:0 frame:0 TX packets:735 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:26351 (26.3 KB) TX bytes:126071 (126.0 KB) s1-eth2 Link encap:Ethernet HWaddr 76:b0:08:e5:69:9e inet6 addr: fe80::74b0:8ff:fee5:699e/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:156 errors:0 dropped:0 overruns:0 frame:0 TX packets:732 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:26921 (26.9 KB) TX bytes:126873 (126.8 KB) s1-eth3 Link encap:Ethernet HWaddr b2:81:d3:9c:56:50 inet6 addr: fe80::b081:d3ff:fe9c:5650/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:175 errors:0 dropped:0 overruns:0 frame:0 TX packets:709 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:27595 (27.5 KB) TX bytes:125363 (125.3 KB) s1-eth4 Link encap:Ethernet HWaddr 3a:93:8f:d3:07:0a inet6 addr: fe80::3893:8fff:fed3:70a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:132 errors:0 dropped:0 overruns:0 frame:0 TX packets:755 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:24305 (24.3 KB) TX bytes:129143 (129.1 KB) s1-eth5 Link encap:Ethernet HWaddr 0a:0f:79:25:78:17 inet6 addr: fe80::80f:79ff:fe25:7817/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:155 errors:0 dropped:0 overruns:0 frame:0 TX packets:730 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:25551 (25.5 KB) TX bytes:127465 (127.4 KB) s2-eth1 Link encap:Ethernet HWaddr 9e:96:38:d2:34:03 inet6 addr: fe80::9c96:38ff:fed2:3403/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:735 errors:0 dropped:0 overruns:0 frame:0 TX packets:149 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:126071 (126.0 KB) TX bytes:26351 (26.3 KB) s2-eth2 Link encap:Ethernet HWaddr 5a:fb:8a:b7:b7:24 inet6 addr: fe80::58fb:8aff:feb7:b724/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:872 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:648 (648.0 B) TX bytes:149922 (149.9 KB) s2-eth3 Link encap:Ethernet HWaddr c6:2b:eb:d9:2f:d7 inet6 addr: fe80::c42b:ebff:fed9:2fd7/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:874 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:648 (648.0 B) TX bytes:150858 (150.8 KB) s2-eth4 Link encap:Ethernet HWaddr 72:f5:87:f4:fd:99 inet6 addr: fe80::70f5:87ff:fef4:fd99/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:872 errors:0 dropped:1 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:648 (648.0 B) TX bytes:150174 (150.1 KB) s2-eth5 Link encap:Ethernet HWaddr da:45:73:53:cd:4e inet6 addr: fe80::d845:73ff:fe53:cd4e/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:873 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:648 (648.0 B) TX bytes:150516 (150.5 KB) s2-eth6 Link encap:Ethernet HWaddr ae:7f:87:58:cb:95 inet6 addr: fe80::ac7f:87ff:fe58:cb95/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:876 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:648 (648.0 B) TX bytes:151522 (151.5 KB) s3-eth1 Link encap:Ethernet HWaddr 22:d9:0d:21:e1:12 inet6 addr: fe80::20d9:dff:fe21:e112/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:732 errors:0 dropped:0 overruns:0 frame:0 TX packets:156 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:126873 (126.8 KB) TX bytes:26921 (26.9 KB) s3-eth2 Link encap:Ethernet HWaddr 52:b5:31:10:93:e4 inet6 addr: fe80::50b5:31ff:fe10:93e4/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:877 errors:0 dropped:1 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:648 (648.0 B) TX bytes:151616 (151.6 KB) s3-eth3 Link encap:Ethernet HWaddr 9a:61:a2:cc:2f:ac inet6 addr: fe80::9861:a2ff:fecc:2fac/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:873 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:648 (648.0 B) TX bytes:151004 (151.0 KB) s3-eth4 Link encap:Ethernet HWaddr 4a:be:3f:ef:41:0c inet6 addr: fe80::48be:3fff:feef:410c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:874 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:648 (648.0 B) TX bytes:151366 (151.3 KB) s3-eth5 Link encap:Ethernet HWaddr c6:65:d5:c3:4a:10 inet6 addr: fe80::c465:d5ff:fec3:4a10/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:876 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:648 (648.0 B) TX bytes:152070 (152.0 KB) s3-eth6 Link encap:Ethernet HWaddr da:b3:6b:a2:6f:0c inet6 addr: fe80::d8b3:6bff:fea2:6f0c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:881 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:648 (648.0 B) TX bytes:152984 (152.9 KB) s4-eth1 Link encap:Ethernet HWaddr 86:be:94:0d:d3:24 inet6 addr: fe80::84be:94ff:fe0d:d324/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:709 errors:0 dropped:0 overruns:0 frame:0 TX packets:175 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:125363 (125.3 KB) TX bytes:27595 (27.5 KB) s4-eth2 Link encap:Ethernet HWaddr 6e:81:e3:26:5b:62 inet6 addr: fe80::6c81:e3ff:fe26:5b62/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:871 errors:0 dropped:1 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:648 (648.0 B) TX bytes:150852 (150.8 KB) s4-eth3 Link encap:Ethernet HWaddr c6:a7:d9:91:06:a1 inet6 addr: fe80::c4a7:d9ff:fe91:6a1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:877 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:648 (648.0 B) TX bytes:152420 (152.4 KB) s4-eth4 Link encap:Ethernet HWaddr 66:13:80:61:af:c2 inet6 addr: fe80::6413:80ff:fe61:afc2/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:9 errors:0 dropped:0 overruns:0 frame:0 TX packets:871 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:738 (738.0 B) TX bytes:151124 (151.1 KB) s4-eth5 Link encap:Ethernet HWaddr 76:d2:7a:bb:25:c8 inet6 addr: fe80::74d2:7aff:febb:25c8/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:876 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:648 (648.0 B) TX bytes:152294 (152.2 KB) s4-eth6 Link encap:Ethernet HWaddr 42:d4:ef:4f:09:ba inet6 addr: fe80::40d4:efff:fe4f:9ba/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:875 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:648 (648.0 B) TX bytes:152240 (152.2 KB) s4-eth7 Link encap:Ethernet HWaddr 16:32:4f:72:b3:ed inet6 addr: fe80::1432:4fff:fe72:b3ed/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:874 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:648 (648.0 B) TX bytes:152130 (152.1 KB) s4-eth8 Link encap:Ethernet HWaddr ee:e2:6a:5c:56:49 inet6 addr: fe80::ece2:6aff:fe5c:5649/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:875 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:648 (648.0 B) TX bytes:152512 (152.5 KB) s4-eth9 Link encap:Ethernet HWaddr 26:a8:9a:c7:51:bd inet6 addr: fe80::24a8:9aff:fec7:51bd/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:874 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:648 (648.0 B) TX bytes:151918 (151.9 KB) s4-eth10 Link encap:Ethernet HWaddr be:fa:e6:5f:20:d5 inet6 addr: fe80::bcfa:e6ff:fe5f:20d5/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:877 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:648 (648.0 B) TX bytes:152632 (152.6 KB) s4-eth11 Link encap:Ethernet HWaddr b6:06:34:c6:79:48 inet6 addr: fe80::b406:34ff:fec6:7948/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:871 errors:0 dropped:1 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:648 (648.0 B) TX bytes:151376 (151.3 KB) s5-eth1 Link encap:Ethernet HWaddr f2:05:3d:e5:42:48 inet6 addr: fe80::f005:3dff:fee5:4248/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:755 errors:0 dropped:0 overruns:0 frame:0 TX packets:132 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:129143 (129.1 KB) TX bytes:24305 (24.3 KB) s6-eth1 Link encap:Ethernet HWaddr 52:af:4c:06:07:27 inet6 addr: fe80::50af:4cff:fe06:727/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:730 errors:0 dropped:0 overruns:0 frame:0 TX packets:155 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:127465 (127.4 KB) TX bytes:25551 (25.5 KB) s6-eth2 Link encap:Ethernet HWaddr 12:54:88:74:e6:6d inet6 addr: fe80::1054:88ff:fe74:e66d/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:857 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:648 (648.0 B) TX bytes:150452 (150.4 KB) s6-eth3 Link encap:Ethernet HWaddr e2:f5:35:b9:e4:08 inet6 addr: fe80::e0f5:35ff:feb9:e408/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:858 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:648 (648.0 B) TX bytes:150774 (150.7 KB) s6-eth4 Link encap:Ethernet HWaddr c2:f4:84:7d:bc:a4 inet6 addr: fe80::c0f4:84ff:fe7d:bca4/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:859 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:648 (648.0 B) TX bytes:151136 (151.1 KB) s6-eth5 Link encap:Ethernet HWaddr d2:23:0b:30:1c:77 inet6 addr: fe80::d023:bff:fe30:1c77/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:860 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:648 (648.0 B) TX bytes:150962 (150.9 KB) s6-eth6 Link encap:Ethernet HWaddr 76:f0:05:6d:48:92 inet6 addr: fe80::74f0:5ff:fe6d:4892/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:862 errors:0 dropped:1 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:648 (648.0 B) TX bytes:152414 (152.4 KB)
 |
| Hosting multiple sites on same domain Posted: 24 Oct 2021 09:06 PM PDT I need to host multiple sites on same domain in IIS (local). I have two sites : - Site 1
- Site 2
Both have different root folders and one is a CMS application (Site 1) while the other is a pure HTML site (Site 2). I need to host it as such : www.mytestsite.com (Site 1) www.mytestsite.com/childtestsite (Site 2)
I can get the first one working by making the necessary changes in the host file. However, as I understand, I need to host the Site 2 on a different port in IIS. Due to this, I am unable to use the host file. So, what would be the best way to get this working?  |
| lamp -- edit PHP file but doesn't change web output -- including die() Posted: 24 Oct 2021 08:07 PM PDT Server is standard Linux server on Amazon Web Services. Cent OS 5/Apache/PHP 5.3. No APC. It's worked fine for over a year, but now when I edit some but not all PHP files on the server using vi, the changes don't affect the web output. For example, I edit myfile.php and put a die() at the top, but when I load the page in my web browser, instead of the die() I see the content that would show up if the die() weren't there. svn updating the file in question doesn't help either. Files are on an Amazon EBS partition symlinked to /var/www/html. Just to reiterate -- this has worked fine for a long time. Restarting apache didn't help, nor did rebooting the server. What's weird is that it's just some of the files but not all. File ownership/permissions are the same for the "good" and "problem" files. I'm not a Linux newbie but am at a complete loss with this, and couldn't find anything on Google either. Any hints would be much appreciated!  |
| Groups with local and LDAP users Posted: 24 Oct 2021 05:06 PM PDT I'm exploring the idea of authenticating users on some RHEL 6.4 boxes using LDAP. I'm using sssd with an LDAP provider, and setting the nsswitch.conf file to use sss for passwd/shadow/group. How can I set things up so that system users (which don't come from LDAP) can be in the same groups as LDAP users? For example, I might want some LDAP users to be in a "svn" group, so they have access to a SVN repository. But I also need the SVN server to run as a user in that group, and that user doesn't come from LDAP. Is this possible?  |
| Windows event viewer application logs lost after reboot Posted: 24 Oct 2021 10:02 PM PDT I need to check event viewer's application logs for uninstall events. So, I filtered them on MSIInstaller. Turns out I can see logs only upto last reboot which was just a few hours ago from writting this question. But I need to see logs upto last 30 days. Can anyone help me out here ? Thanks in Advance !!!  |
| Troubleshooting Redmine (Bitnami Stack) performance Posted: 24 Oct 2021 08:07 PM PDT I've got a Redmine instance (Bitnami Stack) that's unusually slow. Because I'm just trying to get to the bottom of this, I have some theories which I'd like to discuss here. So, if anybody has any ideas about this, please feel free to help :-) System: Bitnami Stack with Redmine 1.4.x upgraded to Bitnami Stack with Redmine 2.1.0 like this: - mysqldump'd the old database
- installed new Bitnami Stack with Redmine 2.1.0
- imported the dump cleanly with recreating all tables
- rake db:migrate and all that
The stack is running on a Virtual Machine with OpenSUSE 12.1. The resources shouldn't be a problem, as there are always multiple gigabytes of free RAM and CPU spikes on Redmine requests go only up to 50% of 2 CPU cores. Also, there are only a few users accessing it. What may be totally important: User login is handled via LDAP (ActiveDirectory). Problem: On each request, Redmine reacts unusually slow. Sometimes it takes 3 seconds, sometimes even up to 10 seconds to deliver the page. My thoughts: - I don't know if "On-the-fly user creation" is checked in Redmine's LDAP settings, I can only check this one later today. But could the lack of a check here be a problem? Authentication takes a moment when logging in that's normal and acknowledged. But when not creating the user on the fly, does it keep a session only or does it re-authenticate on each request, so that could be the problem?
- Is Redmine 2.x maybe so much slower than 1.4.x that it's just plain normal?
- Is Bitnami's Apache2+Passenger config faulty?
- MySQL indexes wouldn't be a problem given the fact that MySQL is very calm on the CPU, would it?
One more thing that seems very odd to me, but maybe a false measurement result (need to re-check this tomorrow when I see the machine): I tried to check if it's a network problem (network reacting slow, maybe DNS or something; server is in the local network). It seemed like requests on localhost (Browser directly on the OpenSUSE VM) were fast, but requests over the network weren't. Usually, I would think of a network problem, but the strange thing is: When actually measuring connect times, the network is fast as hell. Ping is good, static delivery times too. It seemed like only Redmine-side calculated pages are slowly sent by the application server while Apache's still fast - but only when the request is a remote LAN request. Very strange … but as I mentioned above, I have to re-check this one. It just seems illogical to me.  |
| What Puppet resource types require an audit metaparameter to force Puppet to manage the resource if it's removed? Posted: 24 Oct 2021 11:04 PM PDT Until recently, I was under the impression that merely declaring a resource with various attributes would ensure that Puppet manages the resource and brings it back to the configured state if it were to change. Today, I found that wasn't the case for a yumrepo resource I have configured, until I added an audit => all metaparameter to the resource. I deleted /etc/yum.repos.d/foo.repo and ran puppetd --test. Puppet did not recreate the resource. Does that indicate a Puppet defect? If that's the intended behavior, it begs the question, what other resources require audit => all to tell Puppet to manage the resource's state if it changes on the system under management? Here is the repository class: class yum::therepo { # Temporarily remove the Yum repo configuration if we don't have # httpd yet. exec { 'disable-the-repo-to-get-its-dependencies': provider => shell, command => 'rm -f /etc/yum.repos.d/the.repo', unless => 'rpm -q httpd', onlyif => 'test -f /etc/yum.repos.d/the.repo', before => [Package['httpd'], Exec['httpd-for-yum'],], path => '/bin:/usr/bin', } # Ensures httpd is running as a Yum server before anything else # tries to install packages from it. exec { 'httpd-for-yum': provider => shell, command => '/sbin/service nginx stop || true ; /sbin/service httpd restart', require => Class['yum::server'], } yumrepo { "the": require => [Exec['httpd-for-yum'],], descr => "The YUM Repo", baseurl => "http://yum/repos/redhat/5/x86_64/", gpgcheck => "0", enabled => "1", # One puppet run failed to recreate the.repo. I added audit # => all, and the next puppet run did recreate the.repo. # Possibly a red herring. I'd like to understand why it # worked in one case and not in the other. #audit => all, } }
And the Yum server class: class yum::server { include httpd include iptables package { ['createrepo']: ensure => present; } exec { 'update-repo-metadata': require => [ Package['createrepo']], cwd => '/var/www/html/yum', command => '/usr/bin/createrepo --update -d repos/redhat/5/x86_64/', creates => '/var/www/html/yum/repos/redhat/5/x86_64/repodata/repomd.xml', } file {'/etc/httpd/conf.d/yum.conf': ensure => file, mode => 0644, source => "puppet:///modules/yum/yum_httpd.conf", require => Package['httpd'], notify => Service['httpd'], } }
 |
No comments:
Post a Comment