| Intel x550 NIC rx_dropped packet on Debian 10 Posted: 17 Dec 2021 07:51 AM PST I have just added an Intel x550T2 10Gb NIC on my Debian 10 server, and noticed that I have a lot of rx_dropped errors. The card is on a correct PCIe extension slot (PCIe3.0 x8). At the moment, it is linked to a 1Gb switch which run perfect with the native onboard Intel i210 NICs. No drop or error on those ones. Here are some infos for the i210 NIC : # ethtool -i enp35s0 driver: igb version: 5.10.0-0.bpo.9-amd64 firmware-version: 3.16, 0x800004d6 expansion-rom-version: bus-info: 0000:23:00.0 supports-statistics: yes supports-test: yes supports-eeprom-access: yes supports-register-dump: yes supports-priv-flags: yes
Anf for the x550 NIC now: # ethtool -i enp1s0f0 driver: ixgbe version: 5.10.0-0.bpo.9-amd64 firmware-version: 0x80000c67, 1.1276.0 expansion-rom-version: bus-info: 0000:01:00.0 supports-statistics: yes supports-test: yes supports-eeprom-access: yes supports-register-dump: yes supports-priv-flags: yes # ethtool -S enp1s0f0 | grep rx_dropped rx_dropped: 238664 # ifconfig -a enp1s0f0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.100 netmask 255.255.255.0 broadcast 192.168.1.255 ether b4:96:91:8d:8f:c8 txqueuelen 1000 (Ethernet) RX packets 1146605303 bytes 1252350638244 (1.1 TiB) RX errors 0 dropped 239154 overruns 0 frame 0 TX packets 1237206229 bytes 1474837845271 (1.3 TiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 enp35s0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 ether d0:50:99:d8:dd:5f txqueuelen 1000 (Ethernet) RX packets 128548674 bytes 92790323605 (86.4 GiB) RX errors 0 dropped 4654 overruns 0 frame 0 TX packets 310482004 bytes 401876909266 (374.2 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device memory 0xf7500000-f757ffff lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 2768489 bytes 43506238580 (40.5 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 2768489 bytes 43506238580 (40.5 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
I have already tried to max the buffer ring but still have the error: # ethtool -g enp1s0f0 Ring parameters for enp1s0f0: Pre-set maximums: RX: 4096 RX Mini: 0 RX Jumbo: 0 TX: 4096 Current hardware settings: RX: 1024 RX Mini: 0 RX Jumbo: 0 TX: 1024 # ethtool -G enp1s0f0 rx 4096 tx 4096 # ethtool -g enp1s0f0 Ring parameters for enp1s0f0: Pre-set maximums: RX: 4096 RX Mini: 0 RX Jumbo: 0 TX: 4096 Current hardware settings: RX: 4096 RX Mini: 0 RX Jumbo: 0 TX: 4096
Any help or idea is welcome to sort this out. Thanks. |
| Searching for a tool for Infrastructure Capacity planning Posted: 17 Dec 2021 07:09 AM PST I am searching for a tool to perform Capacity planning on IT Infrastructures. Currently trying to control this in Excel sheets, it's really not practical and efficient. I have the typical DEV-TEST-ACCEPTANCE-PROD environment growing rapidly over years and it's difficult to maintain a real inventory of resources needs and how they will evolve in time. |
| Linux Server Online File Hosting Solution with flexible controls Posted: 17 Dec 2021 06:31 AM PST Apologies for the vague question. I currently have a Web App that I'm running on an Ubuntu Server with a LAMP Stack. I'm planning on adding a feature that lets my users create a record (using a form) of a document submission (like a homework) and upload attachments to go along. The form data can easily be stored in the database, and the attached files can be sorted in an orderly fashion as well, as they'll be uploaded in the server's file system. I'm planning to get the URL of the upload path (e.g. myapp.com/some/folder/structure/myUploadFolder) and attach it to the database record. This way, there's an easy link between the record data of the homework and the files that were uploaded along with it. However, the default linux file browser is just terrible as it just lists the files, along with the file size and the modification date. What I want is that when the link to the upload folder is clicked, a file viewer like DropBox/OneDrive would appear, and the attached files (PDFs, Photos, etc) can be viewed and printed. This would be convenient as the users won't have to download the files just to see and print them. It would be amazing if the solution would have the following: - Won't interfere with the server setup. I should be able to install it and point it to the parent folder of the upload destination and it should be able to work with that without screwing up my current server setup.
- Folder control and privacy. I should be able to create a folder via PHP and indicate which emails/users would have access to those folders, programatically.
- OTP for file access. An OTP should be sent when the users try and view the file.
- User interface and user experience should be intuitive in terms of file navigation, viewing, and printing.
- File Encryption is always a plus.
I did a short research and so far, I'm planning to look into NextCloud and OwnCloud. However, I'm having difficulties with looking up any server side integration with them. Has anyone encountered this situation before? Any will be appreciated. |
| SPF Records: Outlook shows fail, Google shows pass Posted: 17 Dec 2021 07:00 AM PST I am using Office 365 for emails, and have configured the DNS SPF record as: v=spf1 include:spf.protection.outlook.com ~all
When I send emails to Google recipients, the email headers show Received-SPF: pass (google.com: domain of user@domain.com designates 2a01:111:f400:fe14::71b as permitted sender) client-ip=2a01:111:f400:fe14::71b; and the message is delivered. But for Outlook recipients, , the email headers show Received-SPF: Fail (protection.outlook.com: domain of domain.com does not designate 192.162.217.24 as permitted sender) and the email is marked as spam. I don't know why the two mailbox providers are treating the record differently? Thanks. |
| Is there a daemon that can poll Prometheus targets and relay to Graphite? Posted: 17 Dec 2021 06:14 AM PST I am running a Graphite based collection, and have a couple of Prometheus only apps that I would like to be able to monitor through that. Does anyone know of a proxy-like piece of software that can poll Prometheus targets, and relay that information into a Graphite based backend? |
| Rsync from MacOS to Synology NAS: "@ERROR: host is denied to login" Posted: 17 Dec 2021 06:05 AM PST I'm using a Synology S420j (running DSM 6.2.4-25556) to backup files from my Mac (Monterey v12.1) using the following command: rsync -avz --backup rsync-user@nas.local::backups/
This has previously worked, but I've been changing a few things recently and now I'm getting this error: @ERROR: host is denied to login rsync error: error starting client-server protocol (code 5) at /System/Volumes/Data/SWE/macOS/BuildRoots/5b2e67f8af/Library/Caches/com.apple.xbs/Sources/rsync/rsync-55/rsync/main.c(1402) [receiver=2.6.9]
|
| KeepAlived UDP Load Balancer with DTLS Posted: 17 Dec 2021 06:03 AM PST I have a cluster of servers that rely on UDP for client communications. Among the few LBs that support UDP there is KeepAlived which however operates at layer 4: I have a minimum of experience with LB of layer 7 therefore, if with KeepAlived I wanted to use DTLS or similar protocols, how should I act at LB level to operate in accordance with DTLS? From my modest knowledge I don't think it's possible: so what other solutions are possible? |
| Latest 0.39.1 version does not allow accessing objects without listing the directory content before Posted: 17 Dec 2021 07:17 AM PST Our servers restart nightly and we noticed that as of yesterday (with the release of 0.39.1) our servers did not properly start up anymore. We noticed that when we try to access files on a bucket (mounted through gcsfuse) - we get access denied / file not found errors. So for example the following structure: (BUCKET) -(DIR) --FILE_A cp /dir/file_a /tmp --> File not found ls /dir/file_a --> not found ls /dir -- shows FILE_A as part of the directory content We first need to run the "ls" command inside the subdirectory, where the file is located - only then can we see file_a. If we run the same cp command after listing the directories content, immediately again - then it works fine. cp /dir/file_a /tmp --> Success For some odd reason, we can only access a file, once we have done a "ls" in the directory beforehand. I reverted back to 0.38.0 and there it works fine?! Is this an issue on our side? |
| change root directive value in server block with root directive in location block Posted: 17 Dec 2021 05:52 AM PST I have set a default directory for the nginx to look for the files, but when I try to access a certain location nginx such as / looks the default root folder /var/www/html/LiveStream/LiveStream-backend instead of what I specified in the location block /var/www/html/LiveStream/LiveStream-frontend/users/build for further detail my nginx configuartion file log_format upstreamlog '$server_name to : $upstream_addr [$request]' 'upstream_response_time $upstream_response_time' 'msec $msec request-time $request_time'; upstream load_balance{ ip_hash; server localhost:3016; } server { # SSL configuration # # listen 443 ssl default_server; # listen [::]:443 ssl default_server; # # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 # # Read up on ssl_ciphers to ensure a secure configuration. # See: https://bugs.debian.org/765782 # # Self signed certs generated by the ssl-cert package # Don't use them in a production server! # # include snippets/snakeoil.conf; # listen [::]:443 ssl ipv6only=on; # managed by Certbot listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/ethiolive.net/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/ethiolive.net/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot add_header Content-Security-Policy upgrade-insecure-requests; #SetEnvIf X-Forwarded-Proto https HTTPS=on #root /var/www/html/LiveStream/LiveStream-frontend; # Add index.php to the list if you are using PHP #index index.html index.htm index.nginx-debian.html; root /var/www/html/LiveStream/LiveStream-backend; server_name ethiolive.net www.ethiolive.net; location /api/ { root /var/www/html/LiveStream/LiveStream-backend; #alias /var/www/html/LiveStream/LiveStream-backend/public/; proxy_pass http://load_balance; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_ssl_server_name on; proxy_cache_bypass $http_upgrade; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_read_timeout 3600; proxy_headers_hash_max_size 512; proxy_headers_hash_bucket_size 128; proxy_set_header Content-Security-Policy upgrade-insecure-requests; # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. } location / { root /var/www/html/LiveStream/LiveStream-frontend/users/build; #add_header Content-Type text/plain; #return 200 'hello'; index index.html index.htm; try_files $uri /index.html; } location /admin { alias /var/www/html/LiveStream/LiveStream-frontend/admin/build/; index index.html index.htm; #add_header Content-Type text/plain; #return 200 index.html; try_files $uri $uri/ /index.html; } location /socket/ { proxy_pass http://load_balance/socket.io/; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_headers_hash_max_size 512; proxy_headers_hash_bucket_size 128; } location /socket.io/{ # add_header 'Access-Control-Allow-Origin' '*' always; #add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; #add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always; proxy_pass http://load_balance/socket.io/; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_http_version 1.1; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_headers_hash_max_size 512; proxy_headers_hash_bucket_size 128; } }
|
| Restricting traffic between AWS VPCs Posted: 17 Dec 2021 08:40 AM PST I have two VPCs: A and B. I want any node in A to be able to open a TCP connection to any node in B, but not the other way around. Any node in B must also be able to open outgoing connections to public internet hosts. What is the best way to achieve this? VPC peering allows direct connections between any nodes in A and B - this cannot be restricted on a routing level. Security groups can be used to block outgoing connections, but is slightly tricky to configure since there is no DENY rule. Network ACLs aren't useful here, since return traffic must be allowed back from B -> A. Are there any other options? Something like a NAT gateway, that only allows opening connections in one direction? AWS does support private NAT gateways, but I cannot find any documentation for a configuration like this. |
| Apache mpm event-increasing StartServers has no effect on memory Posted: 17 Dec 2021 04:25 AM PST I'm using apache mpm event on centos server with the following configs: <IfModule event.c> StartServers 8 ServerLimit 64 ThreadsPerChild 256 MaxRequestWorkers 16384 MaxConnectionsPerChild 10000 MinSpareThreads 125 MaxSpareThreads 250 ThreadLimit 256 KeepAlive On KeepAliveTimeout 2 MaxKeepAliveRequests 500 </IfModule>
I then increased the value of StartServers from 8 to 32 and rebuilt and restarted apache, but I can't see any difference in free memory of system. I expected to see more ram is being used by apache when I increase the value of startServers. why no change is happening in ram usage? does it mean I'm doing something wrong? |
| Google Cloud Platform instances: Unstable network bandwidths with long-distance connections Posted: 17 Dec 2021 05:57 AM PST I'm trying to deploy a data processing system over a wide area covering multiple regions of GCP. Before doing this, I've been profiling the network connections over the variety of distances, but I've been experiencing frequent sudden drops in the bandwidth over long-distance networks. I'm wondering what would be the root cause of the issue? The cluster is set up with e2-standard-4 (4 vCPU, 16GB memory) instances on five regions: us-west1-b, us-east1-b, us-central1-a, europe-west1-b, asia-east1-b. Below is a screenshot of the different bandwidths, and we're seeing the most bandwidth drops between the regions us-west1-b and asia-east1-b. Any insights would be welcome! Bandwidths |
| Error trying to reset service account password Posted: 17 Dec 2021 08:06 AM PST Some background: I installed Windows Server Essentials and ran the Essentials Configuration Wizard, which created a new AD forest with a single domain. However, I needed the AD from a previously-replicated DC for that new Essentials server. What I had here was two separate forests, each with a single domain. Of course that wouldn't work. So I demoted the WSE server, joined the domain of the previously-replicated DC, and then promoted the WSE server into a DC. Everything worked fine, except for one little hitch: the service account for the WSE Media Streaming Service now has mismatched passwords. The service is configured with the new password that was created when I ran the wizard, and the service account has the old password from the previously-replicated AD. So the service fails to start, leaving nasty nasties in the System Event Log (specifically, EventID 7038 - bad password). Well and good, I told myself. We'll just reset that password and we'll be up and running in no time. Not so fast. Here's the cmdlet I used: Get-ADServiceAccount -Identity MediaAdmin | Reset-ADServiceAccountPassword
Here's the error: Object reference not set to an instance of an object. Now isn't that strange? There's no question that the MediaAdmin service account exists: 
How can I reset that service account password so that I can start the service? |
| How do I update CentOS 6.3 to 6.10? Posted: 17 Dec 2021 06:20 AM PST I'm getting yum SSL connection error when updating CentOS 6.3 to 6.10 today. Is it possible to run yum update to update CentOS 6.3? |
| Slow File Transfer Macbook to Synology/Proxmox Server using AFP Posted: 17 Dec 2021 07:13 AM PST Noticed slow transfer speeds of ~35 MB/s when sending a single 5 GB file from my Macbook Pro to my NAS running on Xpenology/Synology in a Proxmox VM. The NAS is first mounted onto the Macbook Pro using AFP over TCP , then the file is dragged and dropped into the mounted drive. The Proxmox server is connected to a 1G network switch port, and the Macbook Pro is tested over both Wifi 802.11ac and a wired ethernet connection connected to the same network switch. The Xpenology VM uses a RAID-0 ZFS array as its storage which is made up of four 16 TB 5400 rpm HDD. Do you expected the transfer speeds to be closer to the read speeds of a 5400 rpm drive? I believe this value is around 70-80 MB/s. Furthermore, RAID-0 should make this above 100 MB/s. Otherwise, how do we troubleshoot the slow transfer speed? iperf3 Tests
Results with Proxmox as iperf server, Macbook (wifi) as client: ----------------------------------------------------------- Server listening on 5201 ----------------------------------------------------------- Accepted connection from 192.168.1.138, port 57104 [ 5] local 192.168.1.2 port 5201 connected to 192.168.1.138 port 57105 [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 36.6 MBytes 307 Mbits/sec [ 5] 1.00-2.00 sec 37.7 MBytes 316 Mbits/sec [ 5] 2.00-3.00 sec 36.4 MBytes 305 Mbits/sec [ 5] 3.00-4.00 sec 36.0 MBytes 302 Mbits/sec [ 5] 4.00-5.00 sec 36.6 MBytes 307 Mbits/sec [ 5] 5.00-6.00 sec 36.8 MBytes 309 Mbits/sec [ 5] 6.00-7.00 sec 36.1 MBytes 303 Mbits/sec [ 5] 7.00-8.00 sec 34.7 MBytes 291 Mbits/sec [ 5] 8.00-9.00 sec 34.1 MBytes 286 Mbits/sec [ 5] 9.00-10.00 sec 30.0 MBytes 252 Mbits/sec [ 5] 10.00-10.03 sec 578 KBytes 177 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate [ 5] 0.00-10.03 sec 356 MBytes 298 Mbits/sec receiver
Results with Proxmox as the iperf client, Macbook (wifi) as server: Connecting to host 192.168.1.138, port 5201 [ 5] local 192.168.1.2 port 53068 connected to 192.168.1.138 port 5201 [ ID] Interval Transfer Bitrate Retr Cwnd [ 5] 0.00-1.00 sec 12.3 MBytes 103 Mbits/sec 13 50.9 KBytes [ 5] 1.00-2.00 sec 13.0 MBytes 109 Mbits/sec 11 35.4 KBytes [ 5] 2.00-3.00 sec 10.6 MBytes 89.2 Mbits/sec 13 48.1 KBytes [ 5] 3.00-4.00 sec 12.5 MBytes 105 Mbits/sec 10 62.2 KBytes [ 5] 4.00-5.00 sec 11.8 MBytes 98.6 Mbits/sec 15 69.3 KBytes [ 5] 5.00-6.00 sec 11.1 MBytes 93.1 Mbits/sec 16 63.6 KBytes [ 5] 6.00-7.00 sec 12.2 MBytes 102 Mbits/sec 15 17.0 KBytes [ 5] 7.00-8.00 sec 10.3 MBytes 86.7 Mbits/sec 18 49.5 KBytes [ 5] 8.00-9.00 sec 11.2 MBytes 93.6 Mbits/sec 13 45.2 KBytes [ 5] 9.00-10.00 sec 10.9 MBytes 91.7 Mbits/sec 19 26.9 KBytes - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 116 MBytes 97.2 Mbits/sec 143 sender [ 5] 0.00-10.00 sec 115 MBytes 96.8 Mbits/sec receiver
Results with Proxmox as iperf server, Macbook (ethernet) as client: ----------------------------------------------------------- Server listening on 5201 ----------------------------------------------------------- Accepted connection from 192.168.1.99, port 57137 [ 5] local 192.168.1.2 port 5201 connected to 192.168.1.99 port 57138 [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 81.7 MBytes 685 Mbits/sec [ 5] 1.00-2.00 sec 87.8 MBytes 737 Mbits/sec [ 5] 2.00-3.00 sec 87.5 MBytes 734 Mbits/sec [ 5] 3.00-4.00 sec 87.1 MBytes 731 Mbits/sec [ 5] 4.00-5.00 sec 88.4 MBytes 742 Mbits/sec [ 5] 5.00-6.00 sec 86.4 MBytes 725 Mbits/sec [ 5] 6.00-7.00 sec 88.2 MBytes 740 Mbits/sec [ 5] 7.00-8.00 sec 87.1 MBytes 730 Mbits/sec [ 5] 8.00-9.00 sec 86.3 MBytes 724 Mbits/sec [ 5] 9.00-10.00 sec 85.5 MBytes 717 Mbits/sec [ 5] 10.00-10.01 sec 423 KBytes 653 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate [ 5] 0.00-10.01 sec 866 MBytes 726 Mbits/sec receiver
Results with Proxmox as the iperf client, Macbook (ethernet) as server: Connecting to host 192.168.1.99, port 5201 [ 5] local 192.168.1.2 port 50916 connected to 192.168.1.99 port 5201 [ ID] Interval Transfer Bitrate Retr Cwnd [ 5] 0.00-1.00 sec 77.8 MBytes 653 Mbits/sec 92 28.3 KBytes [ 5] 1.00-2.00 sec 87.2 MBytes 732 Mbits/sec 87 29.7 KBytes [ 5] 2.00-3.00 sec 87.0 MBytes 730 Mbits/sec 91 26.9 KBytes [ 5] 3.00-4.00 sec 76.1 MBytes 638 Mbits/sec 106 126 KBytes [ 5] 4.00-5.00 sec 81.2 MBytes 681 Mbits/sec 103 41.0 KBytes [ 5] 5.00-6.00 sec 90.4 MBytes 759 Mbits/sec 93 65.0 KBytes [ 5] 6.00-7.00 sec 88.5 MBytes 742 Mbits/sec 83 35.4 KBytes [ 5] 7.00-8.00 sec 79.8 MBytes 669 Mbits/sec 108 32.5 KBytes [ 5] 8.00-9.00 sec 90.4 MBytes 759 Mbits/sec 75 39.6 KBytes [ 5] 9.00-10.00 sec 85.8 MBytes 720 Mbits/sec 78 228 KBytes - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 844 MBytes 708 Mbits/sec 916 sender [ 5] 0.00-10.00 sec 843 MBytes 707 Mbits/sec receiver iperf Done.
Network Diagram =====: Wired Cat6 connection -----: Wifi 802.11ac
Proxmox ===== Unifi Switch ===== Unifi Access Point ------- Macbook Pro (wifi) | ====== Macbook Pro (USB-c ethernet adapter)
Access point is placed on top of the switch, which is very hot. Maybe the access point is overheating, causing the slow speeds? Update: Changing 5Ghz channel after doing a RF scan and going from 4 to 8 channel widths helped achieve 500 Mbps over wifi |
| How to resize a volume in an instance on OpenStack? Posted: 17 Dec 2021 08:11 AM PST check using volume from list openstack volume list
set status to available to a volume openstack volume set --state available [volume id]
resize the volume openstack volume set --size 40 [volume id]
check size and status again Openstack volume show [volume id]
status become in-use, size become 40. It's attached to /dev/vda. However, login into the vm, use df -h check, didn't find /dev/vda. Filesystem Size Used Avail Use% Mounted on /dev/vda1 20G 1.8G 19G 9% / devtmpfs 1.9G 0 1.9G 0% /dev tmpfs 1.9G 0 1.9G 0% /dev/shm tmpfs 1.9G 17M 1.9G 1% /run tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup tmpfs 379M 0 379M 0% /run/user/1000
Why it doesn't change? |
| Googlecast SSDP and MDNS queries on network despite not having any chromecast applications installed in main computer Posted: 17 Dec 2021 06:56 AM PST As title states, Ive detected some MDNS queries from a googlecast address, which is strange since i don't have any googlecast apps or similar installed. Additionally My PC is sending SSDP packets to 239.255.255.250 (subnet?) regarding 'M-Search: HTTP/1.1' strings to Chrome OS machine. MDNS Packet : 192.168.1.65 224.0.0.251 MDNS 119 Standard query 0x000b PTR _674A0243._sub._googlecast._tcp.local, "QM" question PTR _8E6C866D._sub._googlecast._tcp.local, "QM" question PTR _googlecast._tcp.local, "QM" question SSDP Packet: 192.168.1.67 239.255.255.250 SSDP 216 M-SEARCH * HTTP/1.1 Perhaps its good to mention that i noticed the specified 'User-agent' for these SSDP packets are stated as either 'Google Chrome' or 'Chrome OS'. Is this just a default function of Google chrome to include their DIAL tech. |
| Windows Firewall causes TCP inbound connection time-out instead of connection refused when no server is connecting clients Posted: 17 Dec 2021 07:04 AM PST So we noticed a different behavior from W7 systems with no firewall/av to W10 systems with firewall/av that causes our thir-party clients to raise a false positive error that is new to these W10 firewalled systems. The problem can summarize as we get a 'TimeOut' (Socket ErrorCode 10060) after more than 20s instead of getting almost instantly before a 'ConnectionRefused' (Socket ErrorCode 10061). Please note that the issue only manifests when our tcp socket server does not connect to clients yet on that port (process is not launched yet), it works fine when it is connecting so the port is not blocked by our firewall. When disabling completely our firewall this issue disappears as Windows now again actively refuses connections, making our third party system to behave as expected again. How to keep my FW on and it setup such as I get the old behavior on our new W10 firewalled server side machine (i.e. simply raise a connection refused (10061) error instead of a timeout (10060) error) ? |
| hostapd not working anymore Posted: 17 Dec 2021 07:04 AM PST I had a working hostapd file and a functioning wifi hotspot (device is busybox, iMX6 board). While the hotspot was up and running, I was doing manual routing connected to the device via ssh (I'm able to connect this device via another device's access point, I first connect to the access point using my PC and then ssh into the aforementioned device). However, during my last command, ssh got stuck, hence I decided to power cycle. After the power cycle, the previous commands (which used to work everytime, even after power cycles) does not work anymore. Here is how I normally would setup the hotspot. First I would create a virtual interface from wlan0, which is active on startup. iw dev wlan0 interface add wlan0_ap2 type managed addr 12:34:56:78:ab:ce
wlan0 interface is also what allows me to ssh into this device. wlan0 is connected to wlan0-ap of another board. My PC is also connected to wlan0-ap network. After ssh'ing into the device, I would start hostapd config like so: hostapd -dd /etc/hostapd_build_ap.conf
After that, hotstop would be detectable and connectable by external devices. I do not normally setup a dhcp server, static IP is okay for me. Here is the hostapd_build_ap.conf file: interface=wlan0_ap2 #bridge=br0 ssid=myhotspot driver=nl80211 country_code=US hw_mode=g channel=10 max_num_sta=5 wpa=2 auth_algs=1 wpa_passphrase=ABABABABAB wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP
After certain routings are done via "route add ..." I would normally be able to use both devices as access points connected to each other. Yet, after my last routing, like said, ssh got inresponsive and I had to power cycle. (There is no other way of accessing the device at the moment) Now, when I try to start hostapd, I get this: random: Trying to read entropy from /dev/random Configuration file: /etc/hostapd_build_ap.conf rfkill: Cannot open RFKILL control device nl80211: RFKILL status not available nl80211: TDLS supported nl80211: TDLS external setup nl80211: Supported cipher 00-0f-ac:1 nl80211: Supported cipher 00-0f-ac:5 nl80211: Supported cipher 00-0f-ac:2 nl80211: Supported cipher 00-0f-ac:4 nl80211: Supported cipher 00-0f-ac:10 nl80211: Supported cipher 00-0f-ac:8 nl80211: Supported cipher 00-0f-ac:9 nl80211: Supported cipher 00-0f-ac:6 nl80211: Supported cipher 00-0f-ac:13 nl80211: Supported cipher 00-0f-ac:11 nl80211: Supported cipher 00-0f-ac:12 nl80211: Using driver-based off-channel TX nl80211: Use separate P2P group interface (driver advertised support) nl80211: interface wlan0_ap2 in phy phy0 nl80211: Set mode ifindex 4 iftype 3 (AP) nl80211: Setup AP(wlan0_ap2) - device_ap_sme=0 use_monitor=0 nl80211: Subscribe to mgmt frames with AP handle 0x57d950 nl80211: Register frame type=0xb0 (WLAN_FC_STYPE_AUTH) nl_handle=0x57d950 match= nl80211: Register frame type=0x0 (WLAN_FC_STYPE_ASSOC_REQ) nl_handle=0x57d950 match= nl80211: Register frame type=0x20 (WLAN_FC_STYPE_REASSOC_REQ) nl_handle=0x57d950 match= nl80211: Register frame type=0xa0 (WLAN_FC_STYPE_DISASSOC) nl_handle=0x57d950 match= nl80211: Register frame type=0xc0 (WLAN_FC_STYPE_DEAUTH) nl_handle=0x57d950 match= nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x57d950 match= nl80211: Register frame type=0x40 (WLAN_FC_STYPE_PROBE_REQ) nl_handle=0x57d950 match= nl80211: Add own interface ifindex 4 nl80211: if_indices[16]: 4 phy: phy0 BSS count 1, BSSID mask 00:00:00:00:00:00 (0 bits) wlan0_ap2: interface state UNINITIALIZED->COUNTRY_UPDATE Previous country code 98, new country code US Continue interface setup after channel list update ctrl_iface not configured! random: Got 20/20 bytes from /dev/random nl80211: Event message available nl80211: BSS Event 59 (NL80211_CMD_FRAME) received for wlan0_ap2 nl80211: MLME event 59 (NL80211_CMD_FRAME) on wlan0_ap2(12:34:56:78:ab:ce) A1=ff:ff:ff:ff:ff:ff A2=bc:a9:20:47:0d:ee nl80211: MLME event frame - hexdump(len=130): 40 00 00 00 ff ff ff ff ff ff bc a9 20 47 0d ee ff ff ff ff ff ff d0 6d 00 04 41 52 4f 58 01 04 02 04 0b 16 32 08 0c 12 18 24 30 48 60 6c 03 01 0b 2d 1a 21 40 17 ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7f 08 04 00 08 84 00 00 00 40 6b 07 0f ff ff ff ff ff ff dd 0b 00 17 f2 0a 00 01 04 00 00 00 00 dd 08 00 50 f2 08 00 0e 00 00 dd 09 00 10 18 02 01 00 10 00 00 nl80211: Frame event nl80211: RX frame sa=bc:a9:20:47:0d:ee freq=2462 ssi_signal=-43 fc=0x40 seq_ctrl=0x6dd0 stype=4 (WLAN_FC_STYPE_PROBE_REQ) len=130 nl80211: Event message available nl80211: BSS Event 59 (NL80211_CMD_FRAME) received for wlan0_ap2 nl80211: MLME event 59 (NL80211_CMD_FRAME) on wlan0_ap2(12:34:56:78:ab:ce) A1=ff:ff:ff:ff:ff:ff A2=bc:a9:20:47:0d:ee nl80211: MLME event frame - hexdump(len=130): 40 00 00 00 ff ff ff ff ff ff bc a9 20 47 0d ee ff ff ff ff ff ff f0 6d 00 04 41 52 4f 58 01 04 02 04 0b 16 32 08 0c 12 18 24 30 48 60 6c 03 01 0b 2d 1a 21 40 17 ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7f 08 04 00 08 84 00 00 00 40 6b 07 0f ff ff ff ff ff ff dd 0b 00 17 f2 0a 00 01 04 00 00 00 00 dd 08 00 50 f2 08 00 0e 00 00 dd 09 00 10 18 02 01 00 10 00 00 nl80211: Frame event nl80211: RX frame sa=bc:a9:20:47:0d:ee freq=2462 ssi_signal=-43 fc=0x40 seq_ctrl=0x6df0 stype=4 (WLAN_FC_STYPE_PROBE_REQ) len=130 nl80211: Event message available nl80211: BSS Event 59 (NL80211_CMD_FRAME) received for wlan0_ap2 nl80211: MLME event 59 (NL80211_CMD_FRAME) on wlan0_ap2(12:34:56:78:ab:ce) A1=ff:ff:ff:ff:ff:ff A2=bc:a9:20:47:0d:ee nl80211: MLME event frame - hexdump(len=130): 40 00 00 00 ff ff ff ff ff ff bc a9 20 47 0d ee ff ff ff ff ff ff 00 6e 00 04 41 52 4f 58 01 04 02 04 0b 16 32 08 0c 12 18 24 30 48 60 6c 03 01 0b 2d 1a 21 40 17 ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7f 08 04 00 08 84 00 00 00 40 6b 07 0f ff ff ff ff ff ff dd 0b 00 17 f2 0a 00 01 04 00 00 00 00 dd 08 00 50 f2 08 00 0e 00 00 dd 09 00 10 18 02 01 00 10 00 00 nl80211: Frame event nl80211: RX frame sa=bc:a9:20:47:0d:ee freq=2462 ssi_signal=-37 fc=0x40 seq_ctrl=0x6e00 stype=4 (WLAN_FC_STYPE_PROBE_REQ) len=130 nl80211: Event message available nl80211: BSS Event 59 (NL80211_CMD_FRAME) received for wlan0_ap2 nl80211: MLME event 59 (NL80211_CMD_FRAME) on wlan0_ap2(12:34:56:78:ab:ce) A1=ff:ff:ff:ff:ff:ff A2=bc:a9:20:47:0d:ee nl80211: MLME event frame - hexdump(len=130): 40 00 00 00 ff ff ff ff ff ff bc a9 20 47 0d ee ff ff ff ff ff ff 50 6e 00 04 41 52 4f 58 01 04 02 04 0b 16 32 08 0c 12 18 24 30 48 60 6c 03 01 0b 2d 1a 21 40 17 ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7f 08 04 00 08 84 00 00 00 40 6b 07 0f ff ff ff ff ff ff dd 0b 00 17 f2 0a 00 01 04 00 00 00 00 dd 08 00 50 f2 08 00 0e 00 00 dd 09 00 10 18 02 01 00 10 00 00 nl80211: Frame event nl80211: RX frame sa=bc:a9:20:47:0d:ee freq=2462 ssi_signal=-41 fc=0x40 seq_ctrl=0x6e50 stype=4 (WLAN_FC_STYPE_PROBE_REQ) len=130 Channel list update timeout - try to continue anyway nl80211: Regulatory information - country=98 nl80211: 2402-2482 @ 40 MHz 20 mBm nl80211: 5170-5250 @ 80 MHz 23 mBm nl80211: 5250-5330 @ 80 MHz 23 mBm (DFS) nl80211: 5735-5835 @ 80 MHz 30 mBm nl80211: Added 802.11b mode based on 802.11g information Allowed channel: mode=1 chan=1 freq=2412 MHz max_tx_power=20 dBm Allowed channel: mode=1 chan=2 freq=2417 MHz max_tx_power=20 dBm Allowed channel: mode=1 chan=3 freq=2422 MHz max_tx_power=20 dBm Allowed channel: mode=1 chan=4 freq=2427 MHz max_tx_power=20 dBm Allowed channel: mode=1 chan=5 freq=2432 MHz max_tx_power=20 dBm Allowed channel: mode=1 chan=6 freq=2437 MHz max_tx_power=20 dBm Allowed channel: mode=1 chan=7 freq=2442 MHz max_tx_power=20 dBm Allowed channel: mode=1 chan=8 freq=2447 MHz max_tx_power=20 dBm Allowed channel: mode=1 chan=9 freq=2452 MHz max_tx_power=20 dBm Allowed channel: mode=1 chan=10 freq=2457 MHz max_tx_power=20 dBm Allowed channel: mode=1 chan=11 freq=2462 MHz max_tx_power=20 dBm Allowed channel: mode=1 chan=12 freq=2467 MHz max_tx_power=20 dBm Allowed channel: mode=1 chan=13 freq=2472 MHz max_tx_power=20 dBm Allowed channel: mode=0 chan=1 freq=2412 MHz max_tx_power=20 dBm Allowed channel: mode=0 chan=2 freq=2417 MHz max_tx_power=20 dBm Allowed channel: mode=0 chan=3 freq=2422 MHz max_tx_power=20 dBm Allowed channel: mode=0 chan=4 freq=2427 MHz max_tx_power=20 dBm Allowed channel: mode=0 chan=5 freq=2432 MHz max_tx_power=20 dBm Allowed channel: mode=0 chan=6 freq=2437 MHz max_tx_power=20 dBm Allowed channel: mode=0 chan=7 freq=2442 MHz max_tx_power=20 dBm Allowed channel: mode=0 chan=8 freq=2447 MHz max_tx_power=20 dBm Allowed channel: mode=0 chan=9 freq=2452 MHz max_tx_power=20 dBm Allowed channel: mode=0 chan=10 freq=2457 MHz max_tx_power=20 dBm Allowed channel: mode=0 chan=11 freq=2462 MHz max_tx_power=20 dBm Allowed channel: mode=0 chan=12 freq=2467 MHz max_tx_power=20 dBm Allowed channel: mode=0 chan=13 freq=2472 MHz max_tx_power=20 dBm Completing interface initialization Mode: IEEE 802.11g Channel: 10 Frequency: 2457 MHz DFS 0 channels required radar detection nl80211: Set freq 2457 (ht_enabled=0, vht_enabled=0, bandwidth=20 MHz, cf1=2457 MHz, cf2=0 MHz) * freq=2457 * vht_enabled=0 * ht_enabled=0 RATE[0] rate=10 flags=0x1 RATE[1] rate=20 flags=0x1 RATE[2] rate=55 flags=0x1 RATE[3] rate=110 flags=0x1 RATE[4] rate=60 flags=0x0 RATE[5] rate=90 flags=0x0 RATE[6] rate=120 flags=0x0 RATE[7] rate=180 flags=0x0 RATE[8] rate=240 flags=0x0 RATE[9] rate=360 flags=0x0 RATE[10] rate=480 flags=0x0 RATE[11] rate=540 flags=0x0 hostapd_setup_bss(hapd=0x57cf48 (wlan0_ap2), first=1) wlan0_ap2: Flushing old station entries nl80211: flush -> DEL_STATION wlan0_ap2 (all) wlan0_ap2: Deauthenticate all stations nl80211: send_mlme - da= ff:ff:ff:ff:ff:ff noack=0 freq=0 no_cck=0 offchanok=0 wait_time=0 fc=0xc0 (WLAN_FC_STYPE_DEAUTH) nlmode=3 nl80211: send_mlme -> send_frame nl80211: send_frame - Use bss->freq=2457 nl80211: send_frame -> send_frame_cmd nl80211: CMD_FRAME freq=2457 wait=0 no_cck=0 no_ack=0 offchanok=0 CMD_FRAME - hexdump(len=26): c0 00 00 00 ff ff ff ff ff ff 12 34 56 78 ab ce 12 34 56 78 ab ce 00 00 02 00 nl80211: Frame command failed: ret=-16 (Device or resource busy) (freq=2457 wait=0) wpa_driver_nl80211_set_key: ifindex=4 (wlan0_ap2) alg=0 addr=(nil) key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_nl80211_set_key: ifindex=4 (wlan0_ap2) alg=0 addr=(nil) key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_nl80211_set_key: ifindex=4 (wlan0_ap2) alg=0 addr=(nil) key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_nl80211_set_key: ifindex=4 (wlan0_ap2) alg=0 addr=(nil) key_idx=3 set_tx=0 seq_len=0 key_len=0 Using interface wlan0_ap2 with hwaddr 12:34:56:78:ab:ce and ssid "myhotspot" Deriving WPA PSK based on passphrase SSID - hexdump_ascii(len=9): 6d 79 68 6f 74 73 70 6f 74 myhotspot PSK (ASCII passphrase) - hexdump_ascii(len=10): [REMOVED] PSK (from passphrase) - hexdump(len=32): [REMOVED] Get randomness: len=32 entropy=108 GMK - hexdump(len=32): [REMOVED] Get randomness: len=32 entropy=76 Key Counter - hexdump(len=32): [REMOVED] WPA: Delay group state machine start until Beacon frames have been configured nl80211: Set beacon (beacon_set=0) nl80211: Beacon head - hexdump(len=60): 80 00 00 00 ff ff ff ff ff ff 12 34 56 78 ab ce 12 34 56 78 ab ce 00 00 00 00 00 00 00 00 00 00 64 00 11 04 00 09 6d 79 68 6f 74 73 70 6f 74 01 08 82 84 8b 96 0c 12 18 24 03 01 0a nl80211: Beacon tail - hexdump(len=41): 2a 01 04 32 04 30 48 60 6c 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00 7f 08 00 00 00 00 00 00 00 40 nl80211: ifindex=4 nl80211: beacon_int=100 nl80211: dtim_period=2 nl80211: ssid - hexdump_ascii(len=9): 6d 79 68 6f 74 73 70 6f 74 myhotspot * beacon_int=100 nl80211: hidden SSID not in use nl80211: privacy=1 nl80211: auth_algs=0x1 nl80211: wpa_version=0x2 nl80211: key_mgmt_suites=0x2 nl80211: pairwise_ciphers=0x18 nl80211: group_cipher=0x10 nl80211: SMPS mode - off nl80211: beacon_ies - hexdump(len=10): 7f 08 00 00 00 00 00 00 00 40 nl80211: proberesp_ies - hexdump(len=10): 7f 08 00 00 00 00 00 00 00 40 nl80211: assocresp_ies - hexdump(len=10): 7f 08 00 00 00 00 00 00 00 40 nl80211: Beacon set failed: -16 (Device or resource busy) Failed to set beacon parameters wlan0_ap2: Flushing old station entries nl80211: flush -> DEL_STATION wlan0_ap2 (all) wlan0_ap2: Deauthenticate all stations nl80211: send_mlme - da= ff:ff:ff:ff:ff:ff noack=0 freq=0 no_cck=0 offchanok=0 wait_time=0 fc=0xc0 (WLAN_FC_STYPE_DEAUTH) nlmode=3 nl80211: send_mlme -> send_frame nl80211: send_frame - Use bss->freq=2457 nl80211: send_frame -> send_frame_cmd nl80211: CMD_FRAME freq=2457 wait=0 no_cck=0 no_ack=0 offchanok=0 CMD_FRAME - hexdump(len=26): c0 00 00 00 ff ff ff ff ff ff 12 34 56 78 ab ce 12 34 56 78 ab ce 00 00 03 00 nl80211: Frame command failed: ret=-16 (Device or resource busy) (freq=2457 wait=0) wpa_driver_nl80211_set_key: ifindex=4 (wlan0_ap2) alg=0 addr=(nil) key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_nl80211_set_key: ifindex=4 (wlan0_ap2) alg=0 addr=(nil) key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_nl80211_set_key: ifindex=4 (wlan0_ap2) alg=0 addr=(nil) key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_nl80211_set_key: ifindex=4 (wlan0_ap2) alg=0 addr=(nil) key_idx=3 set_tx=0 seq_len=0 key_len=0 hostapd_free_hapd_data(wlan0_ap2) Interface initialization failed wlan0_ap2: interface state COUNTRY_UPDATE->DISABLED wlan0_ap2: AP-DISABLED hostapd_interface_deinit_free(0x57c308) hostapd_interface_deinit_free: num_bss=1 conf->num_bss=1 hostapd_interface_deinit(0x57c308) wlan0_ap2: interface state DISABLED->DISABLED hostapd_bss_deinit: deinit bss wlan0_ap2 wlan0_ap2: Deauthenticate all stations nl80211: send_mlme - da= ff:ff:ff:ff:ff:ff noack=0 freq=0 no_cck=0 offchanok=0 wait_time=0 fc=0xc0 (WLAN_FC_STYPE_DEAUTH) nlmode=3 nl80211: send_mlme -> send_frame nl80211: send_frame - Use bss->freq=2457 nl80211: send_frame -> send_frame_cmd nl80211: CMD_FRAME freq=2457 wait=0 no_cck=0 no_ack=0 offchanok=0 CMD_FRAME - hexdump(len=26): c0 00 00 00 ff ff ff ff ff ff 12 34 56 78 ab ce 12 34 56 78 ab ce 00 00 03 00 nl80211: Frame command failed: ret=-16 (Device or resource busy) (freq=2457 wait=0) wlan0_ap2: AP-DISABLED hostapd_cleanup(hapd=0x57cf48 (wlan0_ap2)) hostapd_free_hapd_data: Interface wlan0_ap2 wasn't started hostapd_interface_deinit_free: driver=0x977b0 drv_priv=0x57d818 -> hapd_deinit nl80211: deinit ifname=wlan0_ap2 disabled_11b_rates=0 nl80211: Remove monitor interface: refcount=0 nl80211: Remove beacon (ifindex=4) netlink: Operstate: ifindex=4 linkmode=0 (kernel-control), operstate=6 (IF_OPER_UP) nl80211: Set mode ifindex 4 iftype 2 (STATION) nl80211: Teardown AP(wlan0_ap2) - device_ap_sme=0 use_monitor=0 nl80211: Unsubscribe mgmt frames handle 0x88df51d9 (AP teardown) hostapd_interface_free(0x57c308) hostapd_interface_free: free hapd 0x57cf48 hostapd_cleanup_iface(0x57c308) hostapd_cleanup_iface_partial(0x57c308) hostapd_cleanup_iface: free iface=0x57c308
Could it be that hostapd got corrupted during power cycle? What could be the cause of this? Does the problem start here? nl80211: Frame command failed: ret=-16 (Device or resource busy) (freq=2457 wait=0)
|
| Nginx Try_files redirection losing query string Posted: 17 Dec 2021 05:01 AM PST I am trying to setup a specific redirection to force redirection to index.php (for Laravel) for a specific subdirectory, bypassing existing index.html. The url i want to catch looks like this app/kit//?email= . In each directory there's a index.html file (and for some business reasons it's hard to change this) The redirection seems to work, but when i parse $_SERVER in index.php, i lose the query string. My Nginx configuration look like this: server { server_name somedomain.com; root /home/www/preprod/current/public/; rewrite_log on; access_log /var/log/nginx/preprod-access.log; error_log /var/log/nginx/preprod-error.log notice; location ~* /kit/(.*)/index\.html { error_log /var/log/nginx/preprod-kit-error.log debug; try_files /index.php?$query_string /dev/null; } location / { index index.php index.html; try_files $uri $uri/ /index.php?$query_string; client_max_body_size 0; autoindex off; allow all; } location ~ \.php$ { error_log /var/log/nginx/preprod-php-error.log debug; #try_files $uri =404; #fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_intercept_errors off; fastcgi_connect_timeout 300s; fastcgi_read_timeout 15m; fastcgi_send_timeout 600s; fastcgi_keep_conn on; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; client_max_body_size 0; include snippets/fastcgi-php.conf; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } }
All the application works fine, except this one. Edit 1: snippets/fastcgi-php.conf # regex to split $uri to $fastcgi_script_name and $fastcgi_path fastcgi_split_path_info ^(.+\.php)(/.+)$; # Check that the PHP script exists before passing it try_files $fastcgi_script_name =404; # Bypass the fact that try_files resets $fastcgi_path_info # see: http://trac.nginx.org/nginx/ticket/321 set $path_info $fastcgi_path_info; fastcgi_param PATH_INFO $path_info; #fastcgi_index index.php; include fastcgi.conf;
|
| awslinux /etc/cron.daily doesn't execute logrotate file Posted: 17 Dec 2021 04:01 AM PST sorry about low level english IN MY STAGING SERVER I want logrotate every day(nginx) so I create logrotate file in /etc/logrotate.d/ /etc/logrotate.d/nginx /var/log/nginx/*log { create 0644 nginx nginx daily rotate 30 missingok notifempty nocompress dateext dateformat -%Y%m%d sharedscripts postrotate if [ -f /var/run/nginx.pid ]; then kill -USR1 `cat /var/run/nginx.pid` fi endscript }
and I insert logrotate file in cron.daily /etc/cron.daily/logrotate #!/bin/sh /usr/sbin/logrotate -f /etc/logrotate.conf EXITVALUE=$? if [ $EXITVALUE != 0 ]; then /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]" fi exit 0
and I check /etc/anacrontab /etc/anacrontab # /etc/anacrontab: configuration file for anacron # See anacron(8) and anacrontab(5) for details. SHELL=/bin/sh PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root # the maximal random delay added to the base delay of the jobs RANDOM_DELAY=45 # the jobs will be started during the following hours only START_HOURS_RANGE=3-22 #period in days delay in minutes job-identifier command 1 5 cron.daily nice run-parts /etc/cron.daily 7 25 cron.weekly nice run-parts /etc/cron.weekly @monthly 45 cron.monthly nice run-parts /etc/cron.monthly
and I check ls -la /var/spool/anacron/cron.daily /var/spool/anacron/cron.daily 20180221
nginx logs will rotate like access.log, access.log-20180222 but when i command run-parts /etc/cron.daily It doesn't working... strangly when i insert command line /usr/sbin/logrotate -f /etc/logrotate.conf it work very well! I think /etc/cron.daily/logrotate not executed when run-parts /etc/cron.daily but In my local docker I command run-parts /etc/cron.daily, It works only staging server is not working ,, why /etc/cron.daily/logrotate file not working when I command run-parts /etc/cron.daily?? |
| Nginx uWSGI responses truncated Posted: 17 Dec 2021 03:35 AM PST I tried to write a web service as a joke today at http://dont-tread-on-memes.controversial.io. It's a flask app that serves fairly large images. The Flask app works well on its own, as does an independent uWSGI server, but when I try to plug uWSGI into NGINX via uwsgi_pass, suddenly every other request is truncated at 9.99KB across browsers. After reading about similar truncation with proxy_pass I tried: - Setting
uwsgi_buffering to off in my config file - Increasing the buffer size to
1024k with uwsgi_buffers 1024 1024k; uwsgi_buffer_size 1024k; sendfile: off- Checking buffer file permissions (all the files in
/var/lib/uwsgi are owned by the www-data user and the www-data group, so I think my permissions are good.) I'm left with my current config, which still exhibits the issue: server { listen 80; server_name dont-tread-on-memes.controversial.io; location / { include uwsgi_params; uwsgi_pass unix:/var/www/dont-tread-on-memes/dont_tread_on_memes.sock; uwsgi_buffers 1024 1024k; uwsgi_buffer_size 1024k; } }
The strangest part is that this issue appears only on every second request. It has to be something to do with NGINX cache, since I'm not using multiple NGINX instances or anything. Yet it has to be something to do with my NGINX config, since uWSGI running on its own does not exhibit the issue. Any thoughts on what could be causing this issue, and how to fix it? |
| Securely copy file from one Salt minion to another Posted: 17 Dec 2021 05:01 AM PST How do I use Salt to securely copy a sensitive file (a cryptographic key) from one specific minion to another specific minion? I don't want any other minion to be able to read the file. Salt Mine? The Salt Mine seems to be a logical place to start, but the documentation says: The Salt Mine is used to collect arbitrary data from Minions and store it on the Master. This data is then made available to all Minions via the salt.modules.mine module. I don't want the data to be made available to all minions, just one. In addition I don't need the periodic refresh—I only need the file to be read whenever I run state.highstate for the destination minion. cp.push?
Salt's cp.push function seems like a good way to get the file to the master, except: - it uses the
salt.transport.Channel.send() method which is not guaranteed to be confidential - the master gives the files pushed by
cp.push global read permissions in the master's file system - once the file is on the master, it's not obvious how to get it to the destination minion
Custom External Pillar? I could write a custom external pillar that somehow reads the file from the source minion (how?) and then makes the file's contents available via a pillar to a second minion. That seems like a lot of effort for a behavior that should be built-in. |
| Use of ProxyPassReverse to change Location response header Posted: 17 Dec 2021 08:02 AM PST I am implementing a reverse http proxy: proxy.example.com This will forward requests to servers based on URI: proxy.example.com/server1 -> server1.example.com When a user requests proxy.example.com/server1, server1 sends a programatically generated (Ruby Devise Gem) 302 response with the following "Location" value: proxy.example.com/users/sign_in I need this to be: proxy.example.com/server1/users/sign_in I have implemented the following config in Apache: ProxyPass "/server1/" "http://server1.example.com/" ProxyPassReverse "/server1/" "http://server1.example.com/"
as per: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypassreverse "This directive lets Apache adjust the URL in the Location, Content-Location and URI headers on HTTP redirect responses. This is essential when Apache is used as a reverse proxy (or gateway) to avoid bypassing the reverse proxy because of HTTP redirects on the backend servers which stay behind the reverse proxy." But the Location header that is being returned by server1 is still: proxy.example.com/users/sign_in Is there something wrong with my config? thx |
| HowTo: OpenWRT routing/tunneling all traffic through an inline Snort sensor Posted: 17 Dec 2021 04:01 AM PST I want all traffic that hits the OpenWRT router redirecting/tunneling through a dedicated Snort/Suricata machine before it leaves the local network. The Snort/Suricata machine should act as an inline passive (!) IDS, but does only have 1 eth0 device. - OpenWRT Router Barrier Breaker (
192.168.1.1) provides ethernet LAN, WiFi and OpenVPN. - Clients (
192.168.1.x) - VPN Clients (
192.168.10.x) - Snort/Suricata machine (
192.168.1.200) What iptables do I have to use on the OpenWRT router to redirect/ tunnel all traffic through the IDS sensor? What iptables do I have to use on the Snort/Suricata machine? As the traffic comes in at eth0, gets inspected, and then exits the machine at eth0 to the router and to its destination. I know that usually packet-mirroring is used, but I am only interested in the scenario as described. |
| rsync: mkdir "2014-11/." failed: No such file or directory (2) Posted: 17 Dec 2021 08:24 AM PST i'm write a script for automation copying file with rsync from server-a to server-b this is my script : #!/bin/bash NOW=$(date +"%Y-%m") rsync -au --ignore-existing /var/www/uploads/$NOW/* -e root@1.1.2.2:/var/www/uploads/$NOW/.
when we are going to an next month like from October to November , i get this error on my script : ` rsync: mkdir "/var/www/uploads/2014-11/." failed: No such file or directory (2) rsync error: error in file IO (code 11) at main.c(605) [Receiver=3.0.9] rsync: connection unexpectedly closed (9 bytes received so far) [sender] rsync error: error in rsync protocol data stream (code 12) at io.c(605) [sender=3.0.9]
` how should i fix this error ? please help me |
| How to config Squid SSL bump to let Paloalto PA series firewall recognize App-ID Posted: 17 Dec 2021 06:02 AM PST A Paloalto firewall(PA-2050,POS 4.1x) was capable of recognizing the websites which users are visiting(thru http/https) then flag them with a App-ID and apply application control on the traffic, for instance blocking all webmail/file sharing/social media... etc. But PA-2050 can only recognize those traffic visiting websites with https as "SSL" after we setup a Squid proxy 3.4 with SSL bump before the firewall. This crippling the application control mechanism of PA firewall. Anyone knows how to config Squid 3.4 (or PA-2050) so as to recover the application control capability on https traffic thru Squid proxy? |
| How to fill up linux cache? Posted: 17 Dec 2021 06:02 AM PST I am well aware on how to drop (e.g. /sbin/sysctl vm.drop_caches=3 ) caches in Linux, but for benchmarking I'd like to do the reverse, fill up the caches up to 100% RAM if possible. How would I do that pragmatically? |
| IP Conflicts from mikrotik router for multiple ip addresses (that it isnt assigned) Posted: 17 Dec 2021 08:02 AM PST I have a point to point wireless connection using two mikrotiks. When I plug the mikrotik into a switch with just my laptop I get an IP address conflict on my machine no matter what IP I am assigned. Using wireshark i see the conflicts are from the mac address of the mikrotik on the other end of the wireless connection. Why is it conflicting with multiple IP addresses when the router itself is assigned a single IP address with no NAT entries or anything like that? I included a little diagram to help visualize my issue [me] [mikrotik] --------------[problem mikrotik]----(other equipment on diff subnet) The problem mikrotik has a wan on the same subnet as my machine. The lan is a different subnet. Any ideas? When I plug the equipment into my network I get IP conflicts on a lot of different servers. Took me forever to isolate it to this mikrotik! Thanks Oh and all this equipment has been working previously with no known changes made to the configs. It just started acting up recently. |
No comments:
Post a Comment