Recent Questions - Server Fault

---

• Changing vCenter FQDN will affect to connect esxi servers?
• Managing K3s Cluster with AWS EKS
• Can't install geerlingguy.fluentd on Amazon Linux 2
• How to determine disk is busy or not in oracle Linux?
• How do I fwd emails from info@domain1.com to info@domain2.com when domain2.com is hosted on same server as domain1.com but #2 XM records are Google?
• Should I build a web project as microservices from scratch?
• User cannot enter his group's directory despite the directory having the correct permissions and the user being in the proper group
• Route all Internet traffic through TUN interface to remote proxy
• Postfix/Dovecot can't send or receive mail
• Get Wordpress+Apache to work behind nginx reverse-proxy
• Router forces browser to use older, presumably cached, webfiles
• Load balancer or proxy to route traffic to different servers based on their URL
• How to create a virtualhost with a phpmyadmin-like url
• Mikrotik - Route Specific IP over VPN
• socat tun device very low throughput
• Is it possible to convert RAID1 to RAID0 without system reinstalation?
• Getting error with dovecot when authenticating user (Home directory not set for user)
• Getting error while remove docker image_id
• Problems installing pdftk on CentOS7 - libgcj issues
• route entries are getting updated on reboot
• Extract portion of text file between blank lines via batch
• Subdomain resolving to 2 different IP addresses (one unknown)
• fail2ban wont ban ssh from local hosts
• How to set the username and password for smtpd in Postfix?
• Drop packets after NAT in iptables
• linux - disabling and enabling link-local
• Reading exim_mainlog
• Access PHP-FPM's /status page manually (bypass Apache)

Changing vCenter FQDN will affect to connect esxi servers? Posted: 21 Nov 2021 11:30 PM PST I'm planning to change the fqdn (e.g vcenter.abc.com to vcenter.def.com) of vcenter server that connected with three ESXi servers. I want to know if I will change the fqdn with another DNS server in vCenter, the connection between vCenter and ESXi will be affected or not.

Managing K3s Cluster with AWS EKS Posted: 21 Nov 2021 08:50 PM PST I'm wondering if I can use an EKS managed node to be the control plane for a K3s cluster deployed on an edge/IoT device, such as the Intel NUC. My goal is to have a lightweight kubernetes distro to manage containerized applications running on the NUC or theoretically any edge/IoT device, but be able to manage it from the cloud whenever there is internet connectivity. Could I set up a k3s cluster on the NUC (or an edge/IoT device) and then have that communicate with an AWS EKS control plane via the Kubernetes API server?

Can't install geerlingguy.fluentd on Amazon Linux 2 Posted: 21 Nov 2021 08:33 PM PST When install geerlingguy.fluentd on Amazon Linux 2, got this error: fatal: [server]: FAILED! => {"changed": false, "msg": "Failure talking to yum: failure: repodata/repomd.xml from treasuredata: [Errno 256] No more mirrors to try.\nhttp://packages.treasuredata.com/3/redhat/2/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found"} On the remote server, installed ruby as - name: Enable ruby shell: amazon-linux-extras enable ruby2.6 - name: Install ruby shell: amazon-linux-extras install -y ruby2.6 Doesn't this role support the Amazon OS?

How to determine disk is busy or not in oracle Linux? Posted: 21 Nov 2021 07:53 PM PST I am confused, what is the command I can use to determine disk busy in Oracle Linux?. In Solaris iostat command will show %b. What is the command in Oracle Linux to show %b like in Solaris? Please help

How do I fwd emails from info@domain1.com to info@domain2.com when domain2.com is hosted on same server as domain1.com but #2 XM records are Google? Posted: 21 Nov 2021 07:00 PM PST I tried adding the current Google MX records to the zone file but I still get the same error from cPanel : The system could not add the forwarder: (Warning: "XXX@XXXXX.ca" does not refer to a valid local email account or alias. The system will not create a forwarder, because it already sends that email to the default address.) So basically domain1.com is hosted on server1, domain2 website is also hosted on server1, their NS and A records point to server1 and that's all good. However, domain1.com MX records are on server1 and thus I wish to create a forwarder from @domain1.com to @domain2.com (which uses Google MX records/G Suite). I have access to registrar and server for all domains.

Should I build a web project as microservices from scratch? Posted: 21 Nov 2021 06:48 PM PST That is all my question. I have been planning to build a scalable web application in Go language but I am not sure about whether I should design a monolithic or microservices project. I have been reading that is not that hard to migrate an already running monolithic project to microservices. But I didn't find a "lot" of the documentation to start the project from scratch as microservices. Thus, should I design the app as microservices or the classic monolith?

User cannot enter his group's directory despite the directory having the correct permissions and the user being in the proper group Posted: 21 Nov 2021 07:36 PM PST I have a directory called /workspace that looks like this: [root@machine workspace]# ls -al total 7 drwxr-s---. 7 root workspace 4651468242 Nov 16 14:41 . dr-xr-xr-x. 22 root root 4096 Nov 15 11:36 .. (I left out its subdirectories. You can see that /workspace belongs to the group workspace) Then there's a user yang whose id is as follows: [root@machine workspace]# id yang uid=563(yang) gid=1701(yang) groups=1701(yang),1044(workspace) This should allow him to enter /workspace but in reality he couldn't: [root@machine workspace]# su - yang Last login: Mon Nov 22 10:05:41 CST 2021 on pts/46 [yang@machine ~]$ cd /workspace/ -bash: cd: /workspace/: Permission denied However of all users in the group workspace, he's the only one with this problem. Other users can access /workspace just fine, for example: [root@machine workspace]# id zhao uid=651(zhao) gid=651(zhao) groups=651(zhao),1044(workspace) [root@machine workspace]# su - zhao Last login: Mon Nov 22 10:13:27 CST 2021 on pts/103 [zhao@machine ~]$ cd /workspace/ [zhao@machine workspace]$ More details here: [yang@machine ~]$ id uid=563(yang) gid=1701(yang) groups=1701(yang),1044(workspace) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [zhao@machine ~]$ id uid=651(zhao) gid=651(zhao) groups=651(zhao),1044(workspace) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 The frustrating issue is encountered on both CentOS 6.9 and 7.9. Can anybody help me with it? Thanks!

Route all Internet traffic through TUN interface to remote proxy Posted: 21 Nov 2021 08:24 PM PST my network diagram I have a 192.168.1.x home network with a Raspberry Pi device running Linux that connects to the internet fine (whatismyip.com says 44.55.66.77). That device also has a 10.0.0.x hyprspace TUN interface that connects fine to a Cloud VPS server (with public IP address 123.123.123.123). I'd now like to route all Internet traffic from the Raspberry Pi device through the TUN interface so that regular Internet browsing from the device would appear to the world as coming from the VPS server (123.123.123.123). How would I do that? This is similar to a VPN use case but I want to control my own endpoint and logs and I specifically want to use Libp2p/IPFS technology. Here's what I've tried that hasn't worked: # Raspberry Pi ip route del default ip route add default dev utun1 # Cloud VPS sysctl -w net.ipv4.ip_forward=1 iptables -A FORWARD -i utun2 -o enp0s3 -j ACCEPT iptables -A FORWARD -i enp0s3 -o utun2 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE Update: I've also tried this on the Raspberry Pi: sysctl -w net.ipv4.ip_forward=1 iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 10.0.0.2 iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to 10.0.0.2 iptables -t nat -A POSTROUTING -d 10.0.0.2 -j MASQUERADE But I get: $ curl ifconfig.me curl: (7) Failed to connect to ifconfig.me port 80: Connection refused And the corresponding tcpdump log on the Cloud VPS is: 04:22:22.490718 IP instance-20211003-1454.http > 10.0.0.1.48140: Flags [R.], seq 0, ack 3083388886, win 0, length 0

Postfix/Dovecot can't send or receive mail Posted: 21 Nov 2021 10:06 PM PST The error in mail.log says "dovecot Failed to establish relay connection in=0 out=22 (state=GREETING)" Using Dovecot 2.3.7.2 # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.7.2 () # OS: Linux 5.14.17-x86_64-linode150 x86_64 Ubuntu 20.04.3 LTS # Hostname: mail.servicemouse.com auth_verbose = yes mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } plugin { sieve = file:~/sieve;active=~/.dovecot.sieve } protocols = " imap lmtp sieve pop3 submission" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } ssl_cert = </etc/dovecot/private/dovecot.pem ssl_client_ca_dir = /etc/ssl/certs ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it submission_relay_host = 127.0.0.1 submission_relay_ssl = starttls submission_relay_trusted = yes userdb { driver = passwd } Nov 20 23:17:20 mail dovecot: submission-login: Error: smtp-server: conn 71.6.165.200:56956 [1]: Connection lost: read(SSL (conn:71.6.165.200:56956,id=1)) failed: SSL_accept() failed: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol Nov 20 23:17:20 mail dovecot: submission-login: Read failure: user=<>, rip=71.6.165.200, lip=45.79.79.188, TLS handshaking: SSL_accept() syscall failed: Invalid argument, session=<W4HTyETRfN5HBqXI> Nov 20 23:17:20 mail dovecot: submission-login: Error: smtp-server: conn 71.6.165.200:57030 [1]: Connection lost: read(SSL (conn:71.6.165.200:57030,id=1)) failed: SSL_accept() failed: error:142090FC:SSL routines:tls_early_post_process_client_hello:unknown protocol Nov 20 23:17:20 mail dovecot: submission-login: Read failure: user=<>, rip=71.6.165.200, lip=45.79.79.188, TLS handshaking: SSL_accept() syscall failed: Invalid argument, session=<3FXVyETRxt5HBqXI> Nov 20 23:17:21 mail dovecot: submission-login: Error: smtp-server: conn 71.6.165.200:57080 [1]: Connection lost: read(SSL (conn:71.6.165.200:57080,id=1)) failed: SSL_accept() failed: error:1420918C:SSL routines:tls_early_post_process_client_hello:version too low @

Get Wordpress+Apache to work behind nginx reverse-proxy Posted: 21 Nov 2021 07:57 PM PST I'm trying to setup the following: docker container with nginx on localhost as a reverse-proxy for Wordpress, listening on localhost:80. It is also used as a reverse-proxy for other microservices. docker-compose container(s) with Wordpress+Apache, listening on localhost:4261. The docker-compose.yaml was taken from the official example. The 'ports' directive was changed from "8000:80" --> "4261:80". I tried following numerous guides and troubleshooters, but nginx keeps responding with "111 connection refused". Similar questions (which did not work for me): here and here. Any ideas? nginx config: server { # Listen HTTPS listen [::]:443 ssl ipv6only=on; listen 443 ssl; server_name ${NGINX_URL}; ssl_certificate /certs/certificate.pem; ssl_certificate_key /certs/private.key; location /wp/ { rewrite ^/wp/?(.*)$ /$1 break; proxy_pass http://localhost:4261/; proxy_http_version 1.1; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port 443; proxy_set_header Host $http_host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_pass_request_headers on; } ... } wp-config.php: ... // If we're behind a proxy server and using HTTPS, we need to alert WordPress of that fact // see also https://wordpress.org/support/article/administration-over-ssl/#using-a-reverse-proxy if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) { $_SERVER['HTTPS'] = 'on'; } ...

Router forces browser to use older, presumably cached, webfiles Posted: 21 Nov 2021 06:26 PM PST We are trouble shooting website where we deploy a new version but our Computer browser still pulls the older pages. When we disconnect from the router (WiFi) and connect to a hotspot (mobile phone/data), the browser correctly pulls the new pages. If we switch back to the router (WiFi), the problem returns. We have tried trouble shooting We have confirmed the new files were successfully deployed We have confirmed the old files are being downloaded (by looking at Inspect > Sources) Disabling cache in Inspect>Network Clearing all browser cache Purging cache on Cloudflare Setting Cloudflare Cache to Developer Mode Using different browsers (Chrome and Brave) Using different computers (both connected to same WiFi) We have tried simple tests on computers in different locations (different countries). One test simply loaded the old page. The second test loaded the new page. We can't really draw any conclusions from this test. The web pages are static HTML and JS files only. Anyone know what the possible source for this bizarre behavior could be?

Load balancer or proxy to route traffic to different servers based on their URL Posted: 21 Nov 2021 11:35 PM PST I have many clients with their own nameservers, I want to give them all the same DNS details like how Squarespace or Shopify do (eg an @ A record and a www. CNAME that is always the same), and then manage which server their traffic is routed to on my end. This would help massively when I need to migrate a lot of websites onto a new infrastructure and I don't want to spend weeks speaking to different IT departments at different companies asking them to update their DNS settings for their domains and all the management thereof. Is there a load balancer or proxy available for this purpose? I'm interested to know what is considered best practice. What would you recommend?

How to create a virtualhost with a phpmyadmin-like url Posted: 21 Nov 2021 07:58 PM PST I have been trying to create a virtualhost that has a similar url to localhost/phpmyadmin in the context of the technique itself. I need the new virtualhost to have its url like localhost/some_service while localhost still runs the normal web which is the same case with localhost/phpmyadmin. I have tried using Alias and the ServerPath directive as shown below but all failed. <VirtualHost *:80> ServerName localhost ServerAdmin admin@example.com DocumentRoot "/var/www/websites/new_app" Alias "/new_app" "/var/www/websites/new_app" ServerPath "/new_app" </VirtualHost> Result: when I use Alias, this works but also redirects to the specified url which we don't want. This also results into taking over the existing virtualhosts that are already running on *:80 and I can't really figure out what am doing wrong. ServerPath does absolutely nothing to help me out. Nothing happens. Basically what I need is to make the new virtualhost point to a desired url like "http://localhost/phpmyadmin" without disrupting the existing localhost services or apps. Any help is greatly appreciated, thanks.

Mikrotik - Route Specific IP over VPN Posted: 21 Nov 2021 10:03 PM PST I have a PPTP VPN connection setup on my Mikrotik router. I would like to route only one IP on my local network over that VPN Connection. All traffic for that IP address can be routed over VPN. How does one go about setting it up on the Mikrotik router? Is it even possible?

socat tun device very low throughput Posted: 21 Nov 2021 07:35 PM PST I was tinkering around with socat and tried to use socat for creating a TUN device for tunneling between two debian stretch servers. However, throughput seemed very low and comparing with iperf against TCP/TCP-Listen on localhost, TUN has about 5 orders of magnitude less throughput. Here is a "minimum working example" to show how speed is affected. socat with TUN device Server side: # socat socat TUN:10.10.0.2/16,iff-up TCP4-LISTEN:54321,bind=192.168.1.2,fork # iperf service iperf -s -p 15001 -B 10.10.0.2 Client side: # socat socat TUN:10.10.0.1/16,iff-up TCP4:192.168.1.2:54321 # iperf iperf -c 10.10.0.2 -p 15001 -t 30 socat with TCP/TCP-LISTEN Server side: # socat socat TCP4-LISTEN:12345,bind=192.168.1.2,fork TCP4:127.0.0.1:15001 # iperf service iperf -s -p 15001 -B 127.0.0.1 Client side: # socat socat TCP4-LISTEN:54321,bind=127.0.0.1,fork TCP4:192.168.1.2:12345 # iperf iperf -c 127.0.0.1 -p 54321 -t 30 Results TUN device: [ ID] Interval Transfer Bandwidth [ 3] 0.0-39.7 sec 640 KBytes 132 Kbits/sec TCP/TCP-LISTEN: [ ID] Interval Transfer Bandwidth [ 3] 0.0-30.0 sec 3.30 GBytes 944 Mbits/sec If you want to reproduce the results using the lines above, you need to somehow run socat lines and the iperf serverside in the background or daemonized, I just used screen sessions. So, while I assumed that throughput will suffer to some degree, it seems strange to me that it will degrade from the assumed gigabit (both servers on same switch) to a mere 100KBit. A quick glance at atop shows no significant bottlenecks, so it isn't just CPU capped or eating RAM. Why is throughput that low? Some logic error I did? Or a problem in the kernel, bad implementation in socat, or using iperf wrong? Are there any parameters or settings (kernel, socat, anything) to improve this? Anything I could check for? And, most important, is there a way I can use the TUN device which gives me useful throughput?

Is it possible to convert RAID1 to RAID0 without system reinstalation? Posted: 21 Nov 2021 10:55 PM PST I bought the E3-SSD-3-32 server from the SoYouStart offer. There is a 3x120 GB SSD drive. Unfortunately, after some time, there was a lack of disk space. Is there any way to convert RAID1 to RAID0? The operating system is Debian 9. web1@ns510077:~$ cat /proc/mdstat Personalities : [linear] [raid0] [raid1] [raid10] [raid6] [raid5] [raid4] [multipath] [faulty] md1 : active raid1 sdc1[2] sdb1[1] sda1[0] 20478912 blocks [3/3] [UUU] md2 : active raid1 sdc2[2] sdb2[1] sda2[0] 96211904 blocks [3/3] [UUU] unused devices: <none> web1@ns510077:~$ df -h Filesystem Size Used Avail Use% Mounted on /dev/root 20G 1.6G 17G 9% / devtmpfs 16G 0 16G 0% /dev tmpfs 16G 0 16G 0% /dev/shm tmpfs 16G 530M 16G 4% /run tmpfs 5.0M 4.0K 5.0M 1% /run/lock tmpfs 16G 0 16G 0% /sys/fs/cgroup /dev/md2 91G 77G 9.3G 90% /var

Getting error with dovecot when authenticating user (Home directory not set for user) Posted: 21 Nov 2021 10:03 PM PST I am trying to set up a relatively basic postfix/dovecot IMAP/SMTP server with a MySQL backend. It appears that the authentication is successful, I just seem to be getting this error: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/myserver.io/mail/ The error I am getting is this, along with DEBUG: Feb 8 04:27:13 localhost dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth Feb 8 04:27:13 localhost dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_mysql.so Feb 8 04:27:13 localhost dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Feb 8 04:27:13 localhost dovecot: auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat Feb 8 04:27:13 localhost dovecot: auth: Debug: auth client connected (pid=9974) Feb 8 04:27:13 localhost dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured#011session=IeV306tkgAB/AAAB#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=50816#011resp=AG1haWxAdmVuZ2VhbmNlLmlvAENyM2F0MXZlLS0= (previous base64 data may contain sensitive data) Feb 8 04:27:13 localhost dovecot: auth-worker(9977): Debug: Loading modules from directory: /usr/lib64/dovecot/auth Feb 8 04:27:13 localhost dovecot: auth-worker(9977): Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_mysql.so Feb 8 04:27:13 localhost dovecot: auth-worker(9977): Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so Feb 8 04:27:13 localhost dovecot: auth-worker(9977): Debug: sql(mail@myserver.io,127.0.0.1): query: SELECT username, domain, password, CONCAT('maildir:~/', maildir) AS userdb_home, '1000' AS userdb_uid, '1000' AS userdb_gid FROM mailbox WHERE username = 'mail' AND domain = 'myserver.io' Feb 8 04:27:13 localhost dovecot: auth: Debug: client passdb out: OK#0111#011user=mail@myserver.io Feb 8 04:27:13 localhost dovecot: auth: Debug: master in: REQUEST#0112229403649#0119974#0111#011aaa130ec6f6296678ec1e9e7866efbaf#011session_pid=9980#011request_auth_token Feb 8 04:27:13 localhost dovecot: auth-worker(9977): Debug: sql(mail@myserver.io,127.0.0.1): SELECT CONCAT('maildir:~/', maildir) as mail, '1000' AS uid, '1000' as gid FROM mailbox WHERE username = 'mail' AND domain = 'myserver.io' Feb 8 04:27:13 localhost dovecot: auth: Debug: master userdb out: USER#0112229403649#011mail@myserver.io#011mail=maildir:~/myserver.io/mail/#011uid=1000#011gid=1000#011auth_token=d72ede03452694f33b4b1c759539f7ec613cab95 Feb 8 04:27:13 localhost dovecot: imap-login: Login: user=<mail@myserver.io>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=9980, secured, session=<IeV306tkgAB/AAAB> Feb 8 04:27:13 localhost dovecot: imap: Debug: Added userdb setting: mail=maildir:~/myserver.io/mail/ Feb 8 04:27:13 localhost dovecot: imap(mail@myserver.io): Debug: Effective uid=1000, gid=1000, home= Feb 8 04:27:13 localhost dovecot: imap(mail@myserver.io): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/myserver.io/mail/ Feb 8 04:27:13 localhost dovecot: imap(mail@myserver.io): Error: user mail@myserver.io: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/myserver.io/mail/ Feb 8 04:27:13 localhost dovecot: imap(mail@myserver.io): Error: Invalid user settings. Refer to server log for more information. p=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/myserver.io/mail/ My dovecot config is: [root@postfix webmail]# dovecot -n # 2.2.10: /etc/dovecot/dovecot.conf # OS: Linux 4.14.14-x86_64-linode94 x86_64 CentOS Linux release 7.4.1708 (Core) auth_debug_passwords = yes disable_plaintext_auth = no mail_debug = yes mail_gid = vmail mail_privileged_group = mail mail_uid = vmail namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / type = private } passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } protocols = imap service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { group = vmail mode = 0660 user = vmail } user = $default_internal_user } ssl = no userdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } Finally, my MySQL conf driver = mysql # The mysqld.sock socket may be in different locations in different systems. # Use "host= ... pass=foo#bar" with double-quotes if your password has '#' character. connect = host=localhost dbname=postfix user=root password=supersecretpass default_pass_scheme = MD5-CRYPT # Alternatively you can connect to localhost as well: #connect = host=localhost dbname=mails user=admin password=pass # port=3306 password_query = SELECT username, domain, password, \ CONCAT('maildir:~/', maildir) AS userdb_home, \ '1000' AS userdb_uid, '1000' AS userdb_gid \ FROM mailbox WHERE username = '%n' AND domain = '%d' user_query = SELECT CONCAT('maildir:~/', maildir) as mail, '1000' AS uid, '1000' as gid FROM mailbox WHERE username = '%n' AND domain = '%d' # For using doveadm -A: iterate_query = SELECT username, domain FROM mailbox I am at a complete loss!

Getting error while remove docker image_id Posted: 21 Nov 2021 09:02 PM PST docker images -a REPOSITORY TAG IMAGE ID CREATED SIZE node test 337b7fc90dbc 2 hours ago 301.8 MB <none> <none> 60d47994bba8 2 hours ago 301.8 MB <none> <none> 987deffef7bf 2 hours ago 196.7 MB docker.io/centos centos7 970633036444 4 weeks ago 196.7 MB docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 774f0d06ec9a 970633036444 "bash" 2 hours ago Exited (1) 30 minutes ago elated_cray b1f9481f6eae 337b7fc90dbc "bash" 2 hours ago Exited (0) 30 minutes ago serene_stallman But,when I run docker rmi 987deffef7bf,get the error Failed to remove image (987deffef7bf): Error response from daemon: conflict: unable to delete 987deffef7bf (cannot be forced) - image has dependent child images

Problems installing pdftk on CentOS7 - libgcj issues Posted: 21 Nov 2021 07:04 PM PST I'm trying to install a command line pdf manipulation program called "pdftk" on CentOS 7. I've tried several ways to get it installed and running into issues. If I try to install the rpm I get this error: sudo rpm -i pdftk-2.02-1.el6.i686.rpm error: Failed dependencies: libgcj.so.10 is needed by pdftk-2.02-1.el6.i686 However, I have installed these libs: Package libgcj-4.8.2-16.el7.i686 already installed and latest version Package libgcj-devel-4.8.2-16.el7.i686 already installed and latest version I have even tried to compile from the source and I run into: make -f Makefile.Redhat with these errors: /bin/sh: gcjh: command not found Any ideas?

route entries are getting updated on reboot Posted: 21 Nov 2021 11:27 PM PST I have 2 NIC on server one is for internal communication with 10.10.10.X IP and other is 172.X.X.X IP for external communication. I have route table like this [root@hadoopslave1 ~]# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.10.10.0 * 255.255.255.0 U 0 0 0 em1 172.X.X.0 * 255.255.255.0 U 0 0 0 em3 link-local * 255.255.0.0 U 1002 0 0 em1 link-local * 255.255.0.0 U 1004 0 0 em3 default 10.10.10.1 0.0.0.0 UG 0 0 0 em1 here the default route is through 10.10.10.1 gateway. i removed the default route and added new route for 172.X.X.1 Gateway but on reboot this is getting restored. What changes are need to be made to make sure these changes will stay even after reboot.

Extract portion of text file between blank lines via batch Posted: 21 Nov 2021 08:06 PM PST I need to be able to extract a portion of a text file that occurs between two blank lines. The text file looks something like this... This is line 01 of the text file. This is line 02 of the text file. This is line 03 of the text file. This is line 05 of the text file. This is line 06 of the text file. This is line 07 of the text file. > VALUE TO SEARCH < This is line 09 of the text file. This is line 10 of the text file. This is line 12 of the text file. This is line 13 of the text file. So, I can search and locate the "> VALUE TO SEARCH <" within the text file, but then I need to be able to grab everything up to the preceding blank line and everything down to the trailing blank line of that one section. Does that make sense? Anyway, the number of lines per section varies, but there is always a single blank line between sections. Can this be done via batch file? If so, how? Thanks in advance!

Subdomain resolving to 2 different IP addresses (one unknown) Posted: 21 Nov 2021 09:02 PM PST I have a domain registered with Fasthosts (animesoc.co.uk). I've recently hosted a forum on an external server (with IP address 51.254.128.170), and pointed the subdomain http://forums.animesoc.co.uk/ to this by adding the corresponding A record. The issue is that when I try accessing 'forums.animesoc.co.uk' through a browser (tried from multiple different computers), it keeps switching between the website I actually want and a blank domain parking page with advertisements. It resolves to the IP address I mentioned above for about 1 hour or so, then starts giving me the domain parking page, switches back again to the forums and so on and so forth. On using a DNS resolver service like http://tracert.com/resolver to check what the 'forums' subdomain resolves to, I get the following result Resolution of forums.animesoc.co.uk resulted in the following IPv4 addresses: 51.254.128.170 213.171.195.105 I'm not sure why it's resolving to two IP addresses when I have only the single A record for forums (pointing to 51.254.128.170). Furthermore, I do not have the IP '213.171.195.105' present anywhere in my DNS settings so I'm not sure where that's come from. I assume that the switching between the actual website and the domain parking page is occurring due to the subdomain resolving to this extra '213.171.195.105' IP address as well. How can I make the subdomain 'forums.animesoc.co.uk' resolve to just one single IP address (51.254.128.170)?

fail2ban wont ban ssh from local hosts Posted: 21 Nov 2021 08:06 PM PST I'm trying to configure fail2ban to block ssh from a local hosts. Fail2ban is install on CentOS 7 with firewall (Linux 3.10.0-229.4.2.el7.x86_64 x86_64 ). I have copied the jail.conf to jail.local i have change the following parameters in jail.local: banaction = firewallcmd-new [sshd] enabled = true maxretry = 5 port = ssh logpath = /var/log/secure action = firewallcmd-ipset And i have no results. Any idea ? Some log info: Jun 23 07:21:33 localhost.localdomain fail2ban-client[2486]: 2015-06-23 07:21:33,351 fail2ban.server [2487]: INFO Starting Fail2ban v0.9.1 Jun 23 07:21:33 localhost.localdomain fail2ban-client[2486]: 2015-06-23 07:21:33,351 fail2ban.server [2487]: INFO Starting in daemon mode Jun 23 07:21:33 localhost.localdomain systemd[1]: Started Fail2Ban Service. 2015-06-23 07:14:27,571 fail2ban.server [1926]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.1 2015-06-23 07:14:27,710 fail2ban.database [1926]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3' 2015-06-23 07:14:27,788 fail2ban.jail [1926]: INFO Creating new jail 'sshd' 2015-06-23 07:14:27,923 fail2ban.jail [1926]: INFO Jail 'sshd' uses poller 2015-06-23 07:14:27,985 fail2ban.filter [1926]: INFO Set jail log file encoding to UTF-8 2015-06-23 07:14:27,985 fail2ban.jail [1926]: INFO Initiated 'polling' backend 2015-06-23 07:14:28,063 fail2ban.filter [1926]: INFO Added logfile = /var/log/secure 2015-06-23 07:14:28,064 fail2ban.filter [1926]: INFO Set maxRetry = 2 2015-06-23 07:14:28,066 fail2ban.filter [1926]: INFO Set jail log file encoding to UTF-8 2015-06-23 07:14:28,066 fail2ban.actions [1926]: INFO Set banTime = 86400 2015-06-23 07:14:28,067 fail2ban.filter [1926]: INFO Set findtime = 600 2015-06-23 07:14:28,068 fail2ban.filter [1926]: INFO Set maxlines = 10 2015-06-23 07:14:28,158 fail2ban.server [1926]: INFO Jail sshd is not a JournalFilter instance 2015-06-23 07:14:28,459 fail2ban.jail [1926]: INFO Jail 'sshd' started 2015-06-23 07:21:32,667 fail2ban.server [1926]: INFO Stopping all jails 2015-06-23 07:21:33,181 fail2ban.jail [1926]: INFO Jail 'sshd' stopped 2015-06-23 07:21:33,188 fail2ban.server [1926]: INFO Exiting Fail2ban 2015-06-23 07:21:33,404 fail2ban.server [2489]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.1 2015-06-23 07:21:33,406 fail2ban.database [2489]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3' 2015-06-23 07:21:33,409 fail2ban.jail [2489]: INFO Creating new jail 'sshd' 2015-06-23 07:21:33,413 fail2ban.jail [2489]: INFO Jail 'sshd' uses poller 2015-06-23 07:21:33,433 fail2ban.filter [2489]: INFO Set jail log file encoding to UTF-8 2015-06-23 07:21:33,433 fail2ban.jail [2489]: INFO Initiated 'polling' backend 2015-06-23 07:21:33,438 fail2ban.filter [2489]: INFO Added logfile = /var/log/secure 2015-06-23 07:21:33,439 fail2ban.filter [2489]: INFO Set maxRetry = 3 2015-06-23 07:21:33,440 fail2ban.filter [2489]: INFO Set jail log file encoding to UTF-8 2015-06-23 07:21:33,441 fail2ban.actions [2489]: INFO Set banTime = 86400 2015-06-23 07:21:33,442 fail2ban.filter [2489]: INFO Set findtime = 600 2015-06-23 07:21:33,442 fail2ban.filter [2489]: INFO Set maxlines = 10 2015-06-23 07:21:33,501 fail2ban.server [2489]: INFO Jail sshd is not a JournalFilter instance 2015-06-23 07:21:33,599 fail2ban.jail [2489]: INFO Jail 'sshd' started And SELinux is disabled.

How to set the username and password for smtpd in Postfix? Posted: 21 Nov 2021 06:50 PM PST I've set up Postfix as SMTP server by adding this configuration to main.cf: myhostname = foo.com mydomain = foo.com myorigin = $mydomain smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname smtpd_recipient_restrictions = reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd The sasl_passwd file looks like this: foo.com user:pass And I've generated a sasl_passwd.db from that file. Unfortunately, when connecting to my server with the username and password, I keep getting authentication failures. What am I doing wrong?

Drop packets after NAT in iptables Posted: 21 Nov 2021 11:01 PM PST I'm trying to rate limit traffic to a certain client behind the NAT (using hashlimit combined with DROP target) using iptables rule but due to my rudimentary knowledge of this area, I'm not sure which table and which chain I'm supposed to add this rule in or whether this is at possible. This exact scenario has been asked before but the answer does not give any concrete solutions.

linux - disabling and enabling link-local Posted: 21 Nov 2021 07:04 PM PST I'm trying to find out how to disable and enable link local addresses, on my linux machine(also on arm). So basically for IPv4 and IPv6 I would like to either disable (or bring down) both addresses together or even individually if needs be. Then to enable both again. I would also like to check if they have been disabled and enabled each time. Is it possible to execute system command line scripts to achieve this, for instance *ip -f inet route* or *ip -f inet6 route* Is it possible to do this without restarting the network? Also, I have, using the 2 examples above, obtained both IPv4 and IPv6 addresses. For example, ip -f inet route | grep \"dev eth0\" | cut -d' ' -f1 ip -f inet route | grep \"dev eth0\" | cut -d' ' -f1 but I am concerned that the grep string is not unique enough to search for the line(s) where the address(es) are. Is there a better way to do this? Thanks.

Reading exim_mainlog Posted: 21 Nov 2021 11:01 PM PST I have a question about exim_mainlog. I am currently investigating a server that was used to send out spam. The log is full of messages (about 12 per min) that read; 2012-04-04 11:42:55 1SFNfz-0005Nv-EN => user R=localuser T=local_delivery I have omitted the domain and user. Does this log indicate that this server is not sending mail, but receiving mail from some other source?

Access PHP-FPM's /status page manually (bypass Apache) Posted: 21 Nov 2021 08:34 PM PST There is a PHP5.3.3 bug that won't allow me to view php-fpm's /status page via Apache2. Is there a way to manually access this data? I cannot upgrade the box (Ubuntu 10.10, php5.3.4 not supported). I've tried connecting using the technique here: http://inode.co.nz/testing-a-fastcgi-service, but no luck.

You are subscribed to email updates from Recent Questions - Server Fault. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States