Recent Questions - Server Fault |
- cert-manager k8s not generating tls.crt
- Google Cloud Load Balancer with App Engine - 404
- configuration management tool that can add text to a file unless already present
- Allowing a single user or domain to relay through Postfix
- GCP site-to-site VPN traffic through Palo Alto
- How important is it to have authentication on a dockerized database
- Kubernetes pods can ping external IPs but not any domain
- How to Configure NGINX to run as user "test-ssh"
- ssh with WAN IP timeout
- ngx_http_proxy_connect_module with user and password
- Installing Kubernetes on Ubuntu 18.04 LTS (with Docker) - fails on init
- dcdiag DNS test fails, but DNS seems to be working properly
- Traefik + k8s + Let's Encrypt wildcard SSL + Cloudflare issue
- DNS Suffix Search list does not work when Group Policy applies the "DNS Suffix Search List"
- optimizing my.cnf for my server - database using all RAM
- Ansible can't git clone from enterprise git server
- Proper way to override Mysql my.cnf on CentOS/RHEL?
- How can a Windows user change the initial password from the command line in a remote domain?
- If you can't change the RDS endpoint of an AWS Beanstalk instance, how do you do a blue/green deployment?
- Office 2013 Slow to Open/Save with Folder Redirection
- Using Webdriver with Chrome — missing Shared Libraries
- Windows 8.1 keeps prompting for Network Share Credentials after every log on or restart
- Trouble with port 80 nating (XenServer to WebServer VM)
- Apache2 virtual host redirection issue on Chrome
- Setting variable depending on NAS-IP-Address in Freeradius
- getpwnam("www") failed in /etc/nginx/nginx.conf
- nginx php5-fpm path_info urls and root location
- IIS bandwidth Monitoring
- Why might `ls --color=always` be slow for a small directory?
- Difference SQLSERVER and MSSQLSERVER services
| cert-manager k8s not generating tls.crt Posted: 30 Oct 2021 10:46 PM PDT I've installed cert-manager exactly as described in this link https://medium.com/@jorge.gongora2610/how-to-get-a-free-ssl-certificate-for-kubernetes-with-cert-manager-26339b95e92e when deployed the ingress.yaml of my node-hello server in my namespace, all I see in secrets is a tls.key without a tls.crt What am I doing wrong? please help Thanks!  |
| Google Cloud Load Balancer with App Engine - 404 Posted: 30 Oct 2021 10:36 PM PDT I'm trying to set up a load balancer using a serverless backend service (App engine). I followed the tutorial here
So, the frontend seems to be functional. The problem I have seems to come from the backend. I selected a Serverless NEG as Backend type; HTTP/2 protocol; I enabled Cloud CDN and the recommended cache static content Cache mode. I added a new backend. The selected region is 'Central US' just like with my AppEngine. As for the NEG Type, I selected App Engine, and the default service name. I think I have the most basic backend configuration we can have here. But something is not working. This : The troubleshooting guide says a 404 is due to the serverless resource that doesn't exist. However, if I reset my custom DNS settings so they don't point to the LB, it does work. My App engine is there and it's operational. The App Engine logs are there to confirm it. It seems to me the problem comes from the backend instance of the LB. Now, in the load balancing menu, I go to the 'Backends' section at the top, and select my backend. Here I have the list of 'General properties' of my backend. Except, under 'Backends', it says the following : From there, I can click the edit link, which redirects me to the 'Backend service edit' menu. I DO have a backend selected in there. I did create a serverless NEG using App Engine, as explained above. We have the option to see a monitoring chart, when we select the LB, then the monitoring section. In my case, it shows traffic is balanced between Europe/America/Asia, the backend service subsection shows the name of my backend service. However, the bottom subsection named 'Backend Instance' shows : I'm assuming this is where the issue is. Has anyone been able to build the same configuration with App Engine ? What does  |
| configuration management tool that can add text to a file unless already present Posted: 30 Oct 2021 10:28 PM PDT I would like to know if any of the widely used tools like Puppet / Chef / Ansible etc. can keep track of state that consists in the presence or otherwise of some stuff in particular file or files, regardless of any other contents of the file. I am asking not just "in theory", i.e. can a clever recipe / extension for the tool be written that does this, but rather: is it reasonably easy or natural to do so, or maybe is there a recipe like this that comes with the distribution? An example would be adding the customary line to Also, this is similar to but not the same as applying patches, because the chunk could be anywhere in the file, not tied to any surrounding context.  |
| Allowing a single user or domain to relay through Postfix Posted: 30 Oct 2021 05:40 PM PDT I'm running Postfix on a RHEL7 server. I've started to use a new iPhone to send email, and I'm seeing this in mail.log: Oct 30 20:15:56 kyushu2 postfix/smtpd[31145]: warning: hostname ue.tmodns.net does not resolve to address 172.58.200.63 Oct 30 20:15:56 kyushu2 postfix/smtpd[31145]: connect from unknown[172.58.200.63] Oct 30 20:15:56 kyushu2 postfix/smtpd[31145]: NOQUEUE: reject: RCPT from unknown[172.58.200.63]: 454 4.7.1 xxx@kxxx.com: Relay access denied; from=tim@timboyer.org to=xxx@xxx.com proto=ESMTP helo=<smtpclient.apple> My assumption is that Postfix sees me as trying to use timboyer.org as an open relay. I don't particularly want to allow all iPhone users to use my mail server as a relay. Is there a way to allow just @timboyer.org to relay? Thanks, Tim  |
| GCP site-to-site VPN traffic through Palo Alto Posted: 30 Oct 2021 05:16 PM PDT I'm looking for some directions. Has anyone implemented the use case described in this lab [Palo Alto Networks: VM-Series Advanced Deployment with site-to-site vpn to onprem? Question. Which vpc did you terminate the vpn traffic for both the inbound and outbound traffic to pass through the firewall? I terminated in a vpc other than the firewall in a peered gcp hub and spoke, now both inbound and outbound traffic are bypassing firewall. Another approach that I took that failed: Make an internal load balancer in the untrusted vpc terminate the vpc traffic on the untrusted piping the inbound traffic through this ilb to the backend service (PAN) instances. The problem with this approach is that the internal load balancer is failing backend healthcheck. Reason being that, I'm unable to add the GCP health check source IP to the untrusted nic, since there route has to be unique. Has anyone implemented something similar, can you share some thoughts and ideas?  |
| How important is it to have authentication on a dockerized database Posted: 30 Oct 2021 03:26 PM PDT The docker-compose example on the MongoDB docker hub page has a root password provided to the database and the app, but as far as I know, with docker's networking, only the other containers defined in the compose file would have access to the database container. So how important is it to have a password on the database if the container isn't exposed externally?  |
| Kubernetes pods can ping external IPs but not any domain Posted: 30 Oct 2021 03:21 PM PDT I have a Kubernetes cluster using the Antrea CNI. The problem is that I can't I can do For example, I can't curl Am I missing something, or is it normal? What do I need to do in order to fix this? Here is the pod's container's My cluster's cidr is 10.42.0.0/16  |
| How to Configure NGINX to run as user "test-ssh" Posted: 30 Oct 2021 03:18 PM PDT User already created "test-ssh" and add group "clp" is it possible to use i created user using command group create  |
| Posted: 30 Oct 2021 05:29 PM PDT I have trouble setting up ssh clone for gitea. I use port I have checked the port forwarding work by launching a http server by I am running the docker image within openmediavault, which runs as a VM in proxmox. I don't touch firewall settings for both of them. Any idea?  |
| ngx_http_proxy_connect_module with user and password Posted: 30 Oct 2021 03:37 PM PDT I am using Nginx with Here my Testing, no luck:  |
| Installing Kubernetes on Ubuntu 18.04 LTS (with Docker) - fails on init Posted: 30 Oct 2021 03:02 PM PDT I am attempting to install Kubernetes on VMs running Ubuntu 10.04 LTS, and running into a problem when trying to initialise the system, the kubeadm init command results in failure (full log below). VM: 2 CPUs, 512mb RAM, 100 gig disk, running under VMWare ESXi6. OS: Ubuntu 18.04 LTS server install, fully updated via apt update and apt upgrade before beginning the Docker and Kubernetes installs. Docker installed as per instructions here, install completes with no errors: https://kubernetes.io/docs/setup/production-environment/container-runtimes/#docker Kubernetes installed as per instructions here, except for the Docker section (as following those instructions produces a PreFlight error re systemd/cgroupfs): https://vitux.com/install-and-deploy-kubernetes-on-ubuntu/ All installation appears to proceed smoothly with no errors reported, however attempting to start Kubernetes then fails, as shown in the log below. I am entirely new to both Docker and Kubernetes though I get the main concepts and have experimented with the on-line tutorials on kubernetes.io, but until I can get a working system installed I'm unable to progress further. At the point at which kubeadm attempts to start the cluster, everything hangs for the four minutes, and then exits with the timeout as shown below. I've had a look at both the log journal data and the docker logs but other than lots of timeouts, can't see anything that explains the actual error. Can anyone advise where I should be looking, and what's most likely to be the cause of the problem? Things already tried: Removing all IPTables rules and setting defaults to "accept". Running with Docker install as per the vitux.com instructions (gives a PreFlight warning but no errors, but same timeout on attempting to init Kubernetes). Update: Following from @Crou's comment, here is what happens now if I try just 'kubeadm init' as root: Re the very high load shown bu uptime, that starts as soon as the init is first attempted and load remains very high unless a kibeadm reset is done to clear everything down.  |
| dcdiag DNS test fails, but DNS seems to be working properly Posted: 30 Oct 2021 10:03 PM PDT Active Directory setup: Single forest, 3 domains, with 1 domain controller each. All running server 2008 R2, with the same domain/forest functional level. DNS clients are configured as follows: DC1 -> DC2 (prim), DC1 (sec) DC2 -> DC1 (prim), DC2 (sec) DC3 -> DC1 (prim), DC3 (sec) All zones are replicated throughout the entire forest, and each DNS server is set-up with 8.8.8.8/8.8.4.4 as forwarders. Problem: Everything appears to be working as should. AD is replicating properly, DNS is responsive and not causing any issues, BUT when I run dcdiag /test:dns, the enterprise DNS test fails on DC2 and DC3 with the following error: TEST: Forwarders/Root hints (Forw) Error: All forwarders in the forwarder list are invalid. Error: Both root hints and forwarders are not configured or broken. Please make sure at least one of them works. Symptoms: Event viewer is constantly showing these 2 event ID's for DNS client: ID 1017 - The DNS server's response to a query for name INTERNAL RECORD indicates that no records of the type queried are available, but could indicate that other records for the same name are present. ID 1019 - There are currently no IPv6 DNS servers configured for any interface on this host. Please configure DNS server settings, or renew your dynamic IP settings. (strange, as IPv6 is disabled on the network card) nslookup is working as expected, and finding any and all records appearing in ID 1017, no matter which DNS server I select to use. While running dcdiag, the following events appear: Event ID 10009: DCOM was unable to communicate with the computer 8.8.4.4 using any of the configured protocols. DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols. Event ID 1014: Name resolution for the name 1.0.0.127.in-addr.arpa timed out after none of the configured DNS servers responded. I've run wireshark while dcdiag is running its test, and the internal DNS servers do resolve anything thrown at them, but then the server continues querying Google DNS and root hints. What the hell is going on? What am I missing here? Edit: The actual enterprise DNS test error messages are: etc., etc.  |
| Traefik + k8s + Let's Encrypt wildcard SSL + Cloudflare issue Posted: 30 Oct 2021 09:03 PM PDT I'm trying to set-up a reverse proxy with wildcard SSL using Traefik, with a DNS challenge against a Cloudflare zone. I have this config in k8s: I'm passing the right
I'm not sure whether this means the CF login is successful and has been updated (but just with the wrong TXT record), or whether that's what it's expecting to see - and nothing is there. Looking at the DNS entries in CF reveals no TXT records at all. (I'm only on the free CF plan, so I don't get any raw logs to see what attempts were made against the DNS) What could be causing the TXT mismatch?  |
| DNS Suffix Search list does not work when Group Policy applies the "DNS Suffix Search List" Posted: 30 Oct 2021 04:04 PM PDT I have a DNS Suffix Search list applied through Group Policy in an AD Domain with Windows 2012 server. When the DNS Suffix Search list is applied with Group Policy to the computers of a domain - those computers cannot ping a single qualified hostname and have it append the fqdn. As soon as the Group Policy is blocked - by doing block inheritance and the same DNS Suffix search list is manually input on the Network Adapter under DNS --> Append These DNS Suffix (in order); then it works - which is the same place the GPO puts those suffix. In Linux it works great and it works in windows but only when done manually. Please help - I know this Group Policy setting is meant to accomplish this.  |
| optimizing my.cnf for my server - database using all RAM Posted: 30 Oct 2021 07:01 PM PDT I have a vps with 12GB RAM. Currently it has one wordpress website hosted. The website gets about 10k UV a day with about 30k views according to Jetpack. I am getting alot of error establishing a database connection errors. Here is my my.cnf file: ( I know I may have done something wrong, but I copied the file from the internet and added it to my server) and this is the output of mysqltuner.pl:  |
| Ansible can't git clone from enterprise git server Posted: 30 Oct 2021 03:02 PM PDT Hi I have enterprise git server where I created a private in
Below are my system details. And I am running this playbook locally on one of my server. Below is the actual error which I get repository not found.
 |
| Proper way to override Mysql my.cnf on CentOS/RHEL? Posted: 30 Oct 2021 06:03 PM PDT Context: I'm porting an opensource server software (and writing associated documentation) from Debian/Ubuntu to CentOS/RHEL. For the software to run correctly, I need to add a dozen of specific parameters to Mysql configuration (example: increase From a Debian point of view, I known I can override Mysql's my.cnf by adding a file to My question is: how to do the same correctly on CentOS/RHEL ? Other infos:
 |
| How can a Windows user change the initial password from the command line in a remote domain? Posted: 30 Oct 2021 04:04 PM PDT We have Windows 7 desktops and a Windows Server 2012R2 server. I have a user who needs to map a network drive which is on a server in a different AD domain from ours (over the WAN). I have created an account for him in AD over there, and I set it to "User must change password at next logon". How can he map the network drive? Mapping is easy to do, ostensibly... But when he attempts to do so, Windows gives an error that he must change his password, yet it does not provide a prompt to do so. I have no desktops in the remote domain that he can log into. Is there a way to set the password remotely? I have checked https://serverfault.com/questions/570476/how-can-a-standard-windows-user-change-their-password-from-the-command-line but I don't think the techniques given work over two separate domains. Furthermore I'm not a Powershell user :-( (I can answer your Bash questions, though! :-) ) Thanks.  |
| Posted: 30 Oct 2021 09:03 PM PDT From what I can tell, one can't change the Amazon RDS (RDS) endpoint of an existing Elastic Beanstalk (EB) instance? If that is the case, than you can't have your code deployed to a stage server, stage DB, tested, then promoted to use the prod DB? So how do you deploy stage without having to test against the prod db? Given prod and stage, I thought the strategy would be something like this:
 |
| Office 2013 Slow to Open/Save with Folder Redirection Posted: 30 Oct 2021 10:03 PM PDT We recently deployed folder redirection for a few individuals in the office. We are using a DFS Namespace share on a Server 2012r2 VM. We are redirecting Desktop and My Documents only. Clients are running 8.1 and 7. When using Word/Excel 2013, there is a popup that says "trying to connect to: \\DFSNAME\userfolder" and its stays there for 1-5 minutes before the browse window opens. This also occurs when trying to attach a file to an email in outlook. There are no delays if the file is double clicked on their desktop. We've tried the following solutions (whcih seemed to describe our problem perfectly aside from the version):
The only thing that is different about this deployment of Folder Redirection is permissions. Instead of following the standard checkbox of exclusive access we used this ancient guide from microsoft - http://support.microsoft.com/kb/288991/. Could our permissions be causing these weird issues?  |
| Using Webdriver with Chrome — missing Shared Libraries Posted: 30 Oct 2021 11:00 PM PDT I am trying to run webdriver, but I keep getting the following error: Is there a way to yum this missing dependencies? Or what seems to be the issue here? This is using the Amazon Linux AMI 2014.09.1 (HVM) Distribution.  |
| Windows 8.1 keeps prompting for Network Share Credentials after every log on or restart Posted: 30 Oct 2021 07:01 PM PDT I have a Network drive Shared in a Workgroup with 3 clients. Two clients with Windows 7 have persistent connections to the Share. No issues with those two. My windows 8.1 client keeps prompting for credentials at every restart / log on. I spent hours looking around for a solution:
Any ideas would be appreciated.  |
| Trouble with port 80 nating (XenServer to WebServer VM) Posted: 30 Oct 2021 08:07 PM PDT I have a rent server running XenServer 6.2 I only have 1 public IP so i did some NAT to redirect ports 22 and 80 to my WebServer VM. I have a problem with the port 80 redirection. When i use this redirection, i can get in the WebServer's Apache but this server lose Web access. I get this kind of error : but i can ping anywhere. XenserverIP:80 redirected to 10.0.0.2:80 (WebServer). This is the port 80 redirection part of my XenServer iptables : What is wrong in my configuration? Is there a problem with XenServer? Thanks for your help ! Edit : Here is my iptables full content : Update : I have a second server with 10.0.0.3 as IP and it has the same problem that 10.0.0.2 has. I think i found a little bit of an explain : I have apache which listen on 10.0.0.2:80 Since i have NAT forwarding rule on my Xenserver, all incoming traffic from external network (website requests, downloads...) is routed to 10.0.0.2:80 because it uses port 80. That is why i have the same problem on my 2nd VM. If i try to do an apt-get update, i make request to websites which return to port 80 therefore is routed to apache. Anybody can help me solve this issue? (It's problematic i can't access websites on my internal LAN if my Apache Server is running ^^)  |
| Apache2 virtual host redirection issue on Chrome Posted: 30 Oct 2021 06:03 PM PDT I am having an extremely bizarre issue that seems only present on Chrome, IE and Firefox are fine. I have 2 website being served by 1 IP address, I have 2 identical files in sites-available named site1.com and site2.com. I run the a2ensite command to create the links to sites-enabled. All redirections are working perfectly, except for site1.com using Chrome. On Chrome, if I type www.site1.com it redirects me to the right folder /var/www/site1.com , if I type http://site1.com it redirects me to the wrong folder /var/www Now this is where it gets bizarre, when I type www.site2.com it redirects me to /var/www/site2.com and when I type http://site2.com it redirects me correctly to /var/www/sites2.com What I don't get, is the virtual host files are identical bar the actual ServerName & Alias and log locations. Site1 Site2  |
| Setting variable depending on NAS-IP-Address in Freeradius Posted: 30 Oct 2021 05:06 PM PDT The setupWe currently have a Freeradius server used to authenticate our Wifi users against our Active Directory server. The link between Freeradius and the Active Directory is done by Winbind. In order for the user to be able to obtain authorization, it needs to be belong to a group in the Activer Directory. This is done by adding an argument to the ntlm_auth command. What we are trying to achieveWe are now adding 802.1X to our cabled networks and would like to re-use the existing Radius server to authenticate against the same Active Directory. Everything will be the same except the authorization will need to be based on whether the user belongs to a different one than that of the Wifi networks. What we have already triedI have read many things on freeradius in the documentation and have seen that it is possible to use conditionnals and variables. My plan therefore was to put a variable in the ntlm_auth command that would contain the group SID (as suggested on Freeradius mailing-lists). The group SID would be dependent on the IP of the network device which should be contained in "NAS-IP-Address". This should just be a case of writing a simple conditionnal statement and setting a variable. Nonetheless, I have not been able to do this as Freeradius will not start everytime I try to add a conditionnal to the configuration files. So my questions are :
 |
| getpwnam("www") failed in /etc/nginx/nginx.conf Posted: 30 Oct 2021 03:13 PM PDT I copied the nginx.conf sample onto my ubuntu 12.04 box (I don't know where to put the other conf files. I'm an nginx noob). When I try to start nginx I get the following error: What does this error mean? How can I fix it? I found this post but my user is already set to www www (if you see in the linked file) How do I change the NGINX user?  |
| nginx php5-fpm path_info urls and root location Posted: 30 Oct 2021 05:06 PM PDT Hello to all nginx & php gurus I'm installing dotclear (a blogging software written in PHP) on my debian, and I have a hard time configuring nginx, php5-fpm and php so that :
It seems that until now, I have to choose 2, that's why I'm asking for help here. So here is my current
# Pretty URLs in dotclear # activate PATH_INFO urls in /admin/blog_pref.php location @pathinfo { rewrite ^ /index.php$uri?$args last; } location = / { rewrite ^ /index.php?start last; } location ~ ^(.+.php)(/.*)?$ { include fastcgi_params_pathinfo ; } } I put everything fastcgi related in a separate fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; #fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; fastcgi_param HTTPS $https; # PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_param REDIRECT_STATUS 200; # this is what I changed fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; Also in security.limit_extensions = .php ; What happen currently ? - example.com/index.php and example.com/post/test are passed to the php interpretor and work - example.com/css/style.css are not passed to php and works - but when I go to example.com, the index.php is just downloaded, not interpreted. My Thanks in advance, Jean-Michel  |
| Posted: 30 Oct 2021 08:07 PM PDT I have a public MS CRM 2011 install and one of my remote users reported using about 10gig of data from their Outlook client. Is it possible in real time to see connected users in IIS and how much data they are consuming ? (Dedicated server no other users on it) I don't have access to the external firewall so all monitoring would have to be taken off the local IIS server. Perfmon I think can do this but wanted to see if there where any other ways of doing this.  |
| Why might `ls --color=always` be slow for a small directory? Posted: 30 Oct 2021 06:51 PM PDT For a certain directory DIR on my system, the Why would  |
| Difference SQLSERVER and MSSQLSERVER services Posted: 30 Oct 2021 11:00 PM PDT I have two SQL Server services in Sql Server Configuration Manager: SQLEXPRESS and MSSQLSERVER. I have no idea what the differences are. I think that SQLEXPRESS is the free version, but I don't know how I got it and I can't remove it either because it doesn't show up in remove programs. But here's where it gets weird: I installed SQL Server Enterprise, and during installation I specified a local user (SQLServices) to be used for all SQL Server services. Okay, so this worked for SQL Server Analysis Services (MSSQLSERVER) and SQL Server Integration Services10.0 (MSSQLSERVER), they are running under this user. But SQL Server (MSSQLSERVER) does NOT run and gives an error that it can't connect/time out etc., and SQL Server (SQLEXPRESS) runs, but under NT AUTHORITY\NETWORK SERVICE. I stopped this, and tried to run the SQL Server (MSSQLSERVER), but it keeps timing out on me. What's going on?  |
| You are subscribed to email updates from Recent Questions - Server Fault. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment