Recent Questions - Server Fault

---

• AWS Tag Editor - Region "Africa (Cape Town)" not available in list of regions?
• How to identify which MSI installation is in progress that throw the error message : "Another program is being installed."
• nginx 404 .php extension with fpm
• kvm and libvirt: hotplug virtual disk as USB storage
• microk8s: pod resource usage metrics not available from all nodes
• Apache server is very slow for high traffic
• What path on disk does a containerd snapshot key map to?
• Wildfly double proxy nginx
• Windows 10 configured with RAW discs to increase Hyper V performance takes minutes to boot
• How to define www.*.abc.example.com wildcard domain in nginx server block?
• DKIM: Can I safely add a DomainKey policy record without breaking existing email?
• Set two IP addresses for parallel data transfers
• How to force disconnect from Windows Remote Apps command line
• Cant't acces to localhost mysql server. ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock'
• Possible exposable asset type on Google Cloud
• What is causing BadRequestException when calling the ExecuteStatement operation on Aurora Serverless db
• Why is there a ping difference between AWS Lightsail and EC2?
• Sendmail does not masquerade the hostname.domain combination
• How do I Generate a Bearer Token for cURL to Get Thru IAP (GCP)?
• PowerDNS: spoof NXDOMAIN response from "forward-zones" server and forward it
• why doesn't arp-scan find any devices when nmap does?
• How to Retain Proxy URL for all request using Apache load balancer
• nginx points the sub-directory of an alias folder to the base directory
• Unable to install Certificate Enrolment Policy Web Service
• MySQL tmp tables: how to clean up diskspace after killing a copying to tmp table process?
• Cloudwatch alarms from Amazon AWS EC2 instance are always in UT, how can I change the alarm time zone to Eastern?
• Amazon EC2 instance missing Network Interface
• How to change Windows DFS replication log file path?
• SQL 2005/2008 and sp_add_jobstep fails

AWS Tag Editor - Region "Africa (Cape Town)" not available in list of regions? Posted: 27 Jan 2022 03:25 AM PST In the Tag Editor (Resource Groups & Tag Editor) you can select the applicable regions in the "Select regions" dropdown. Most of the AWS regions are there, but I do not see af-south-1 which is "Africa (Cape Town)". I tried my best to find information about this in the AWS documentation, but so far no luck. If anyone could elaborate on this, that would be greatly appreciated.

How to identify which MSI installation is in progress that throw the error message : "Another program is being installed." Posted: 27 Jan 2022 03:09 AM PST We're building Automation deployment through Ansible that have several .msi to install. And we encountered, rather randomly the following error message during deployment : Another program is being installed. Please wait until that installation is complete, and then try installing this software again. Our goal is to trigger a retry time out whenever this occur and provide a logging message that will describe what is most likely provoking this error. We don't want to reboot the server or force-kill any in-progress installation. I found some leads to explore to identify which process is causing this TLDR; I'm looking for a consistent reproductible way of checking what is actually throwing this error 1) The msiexec.exe process The common answer to this question on Google is to check the Task manager for a msiexec.exe process and kill it before restarting the install. This is not an alternative for this case. 2) There seems to be a Registry key that says whether or not there is an installation in progress HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress But I couldn't find any trace of this key in the registry of several windows machine (we tried refreshing it while installing and uninstalling .msi) 3) In the services.msc GUI there is a WindowsInstaller Service that has no state at rest : This service got into the Running state when we triggered an MSI installation, but it then never went out of this state even several minutes after the msi was finished. 4) On going Windows Updates Another common lead found out there is that on going Windows Update are preventing any other .msi to be installed Is there a consistent way to automate the checking of this ?

nginx 404 .php extension with fpm Posted: 27 Jan 2022 03:08 AM PST When I visit a non-existent url with .php extension I get a ngnix 404 error page, however url without .php extension it works as expected using the try_files. Where the 404 is handled via php application. It has happened since I added this code as suggested fastcgi_split_path_info ^(.+?\.php)(/.*)$; if (!-f $document_root$fastcgi_script_name) { return 404; } Reason for adding this was to fix error in logs: FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream This error was happening when I visited non-existent.php file. I read lots of posts about the problem being to do with 'SCRIPT_FILENAME' being missing but this wasn't the case for me. example.conf server { listen 443 ssl; listen [::]:443 ssl; server_name example.com; root /var/www/example/public/public; access_log /var/log/nginx/example.access.log main_ext; error_log /var/log/nginx/example.error.log warn; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; include /etc/nginx/include.d/ssl.conf; # Laravel rewrite ^/index.php/(.*) /$1 permanent; location = / { try_files /page-cache/pc__index__pc.html /index.php?$query_string; } location / { try_files $uri $uri/ /page-cache/$uri.html /index.php?$query_string; } location ~ [^/]\.php(/|$) { include /etc/nginx/include.d/php.conf; fastcgi_pass unix:/var/run/php/php8.0-fpm-example.sock; } } php.conf # Check file exists try_files $uri =404; # https://www.nginx.com/nginx-wiki/build/dirhtml/start/topics/examples/phpfcgi/ fastcgi_split_path_info ^(.+?\.php)(/.*)$; if (!-f $document_root$fastcgi_script_name) { return 404; } fastcgi_index index.php; # Mitigate https://httpoxy.org/ vulnerabilities fastcgi_param HTTP_PROXY ""; fastcgi_intercept_errors off; # include the fastcgi_param setting include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; Example URL: https://example.com/foo - Works fine shows pretty 404 inside php app. https://example.com/foo.php - Shows default ngnix 404.

kvm and libvirt: hotplug virtual disk as USB storage Posted: 27 Jan 2022 02:27 AM PST Observations (1) A new virtual disk can be hot plugged into a KVM/qemu VM as a qemu virtio device, e.g. see question KVM and Libvirt - How do I hotplug a new virtio disk?. However, this requires PCI hot-plugging support from the guest OS and this is not always available. (2) Hot plugging of USB storage is well supported in many systems and there are guides how to forward a physical USB disk to a guest VM, e.g. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/virtualization_administration_guide/sect-managing_guest_virtual_machines_with_virsh-attaching_and_updating_a_device_with_virsh. Question Can kvm/qemu's virtual USB system be used to attach a virtual disk (image file or a block device that is not a USB device) as a USB storage device to the guest VM so that it appears in the active VM?

microk8s: pod resource usage metrics not available from all nodes Posted: 27 Jan 2022 02:25 AM PST I am running microk8s v1.22/stable on a Linux cluster with 11 nodes. I have enabled the metrics-server plugin and installed Prometheus via the Helm chart with nodeExporter and kubeStateMetrics enabled. I get all sort of other metrics, but I have noticed that pod metrics (e.g., container_cpu_usage_seconds_total) are available for pods running on just one of the nodes. I didn't notice anything special about this node. I have tried disabling and re-enabling the metrics-server plugin and added spec.template.spec.hostNetwork: true to the metrics-server deployment as suggested elsewhere, but to no avail. Here's the result of running microk8s status: $ microk8s status microk8s is running high-availability: yes datastore master nodes: ... datastore standby nodes: ... addons: enabled: dns # CoreDNS ha-cluster # Configure high availability on the current node ingress # Ingress controller for external access metrics-server # K8s Metrics Server for API access to service metrics storage # Storage class; allocates storage from host directory disabled: .... What could I be missing and what should I check?

Apache server is very slow for high traffic Posted: 27 Jan 2022 01:18 AM PST I am using Apache 2 on AWS ec2 instance. I have application load balancer with 2 instances/servers attached to it. Each instance type is m5.8XLarge. My application is developed in Laravel, I am using RDS. I am having 300,000 visitors per day and 10,000 visitors at a time. My website is very slow and initial server response time is very high upto 8 sec. Note: I can not use autoscalling because my contents are dynamic, and changing frequently. Autoscaling is using old IMG. I am having below extra settings on httpd.conf file MaxKeepAliveRequests 500 Keepalive On KeepAliveTimeout 5 HostnameLookups Off <IfModule prefork.c> StartServers 5 MinSpareServers 20 MaxSpareServers 40 MaxClients 200 MaxRequestsPerChild 4000 </IfModule> How i can improve the server speed and allow apache to handle much load/visitors

What path on disk does a containerd snapshot key map to? Posted: 27 Jan 2022 12:12 AM PST I want to remove a snapshot from a node in our Kubernates cluster: /var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/NNNN But I am unable to map this path to any snapshots as reported by ctr -n k8s.io snapshots list. I have tried the usage command, but the INODE does not seem to map to the NNNN entry in the snapshots directory, because the "usage" list is not a subset of the entries in the directory. Is there a way to understand if snapshot/NNNN is in use?

Wildfly double proxy nginx Posted: 27 Jan 2022 02:03 AM PST I have a Cloudflare VM with Ubuntu, where I have Wildfly installed and NGINX, which will be used as reverse proxy. (When I configure my home DNS server to points to this VM and use domain, everything works as it should -> classic reverse proxy setup) Problem is, when I try to setup DNS domain which I have at cloudflare, which I also point to the same Ubuntu server with wildly and nignx, it doesn't work OK, because I enabled Proxy option on DNS at cloudflare to hide IP. Does thing configuration works or even makes sense?

Windows 10 configured with RAW discs to increase Hyper V performance takes minutes to boot Posted: 26 Jan 2022 11:48 PM PST Long story short: If I configure discs on the machine as a RAW partition so Hyper V works directly with them to increase performance then the machine takes minutes to boot with the blue circle going in rounds. If I put the discs offline then it boots in seconds. Any ideas on how to avoid this?

How to define www.*.abc.example.com wildcard domain in nginx server block? Posted: 26 Jan 2022 11:37 PM PST I want to define my own domain something like this - www..abc.example.com in nginx server blocks . i have tried to do like this - www(.).abc.example.com * & it throws error like - nginx: [emerg] invalid server name or wildcard "www(.*).abc.example.com" on 0.0.0.0:443

DKIM: Can I safely add a DomainKey policy record without breaking existing email? Posted: 26 Jan 2022 11:26 PM PST I need to setup DKIM to validate an email provider we are using. In the provider's documentation, they require us to add two records, a selector record and a policy record, like this: selector._domainkey.mydomain.com TXT "k=rsa; p=mykeyhere" _domainkey.mydomain.com TXT "t=y; o=~" I'm concerned about adding this new policy, because we have quite a few DKIM selectors setup in our DNS zone already, with no existing policy record (we use multiple third party providers that need to send email on our behalf). I want to make sure I don't break existing functionality by creating this record. From what I've read, you can only have a single policy per zone, so it is "shared", so to speak. I've researched this a bit, and the policy the vendor is requiring, t=y; o=~, should be pretty harmless. It seems to say some emails may be signed, and to treat verified/unverified emails in the same way (reference). Still, this would impact our production application, and I'm hoping to get some confidence that this is safe to add. Am I correct in my assumption that I can add this record without causing a bunch of our outbound email to be marked as spam? Or am I missing something?

Set two IP addresses for parallel data transfers Posted: 27 Jan 2022 12:31 AM PST I need to transfer massive amounts of data to my server from different client systems around the world as fast as possible. My organisation has two redundant lines from different service providers (150 Mbps + 150 Mbps) which are not used at night. They are mapped to different public IP addresses. I have been given permission to use both lines in parallel to get the maximum possible throughput. How do I configure the network settings (on my server) for a 2nd parallel connection? (I'm on CentOS). I'm using a java based file transfer tool (fdt) that transfers data over sockets. The client (uploading the data) will run this tool on their system by specifying a public IP address (corresponding to Provider 1 or 2). This public IP is mapped to a private IP address on my server (by our company firewall/router). This works well. However, I now want the client to run two instances of the tool - one for each provider (thereby doubling the transfer bandwidth). We have two public IP addresses (one corresponding to each provider). So on my side (on the CentOS server), I have created another private IP address, and asked our IT team to map the 2nd public IP to that. There will be two fdt instances running in server-mode on my server. I need each one to receive data from the respective client instances I tried adding the 2nd IP address as an alias, with netmask = 255.255.255.255 but unable to ping it. What is the right way to achieve this.

How to force disconnect from Windows Remote Apps command line Posted: 26 Jan 2022 11:46 PM PST I have a RDP connection that is initiated by a RD Gateway website. Login and everything works well. But sometimes the connection becomes a ghost, or if i want to login as another user on the same RD Gateway via RDP i have to manually press the Disconnect from all connection/apps Does anyone know how i get the that disconnect function by command line? The connection does not appear in Query Uers for example

Cant't acces to localhost mysql server. ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' Posted: 27 Jan 2022 02:14 AM PST I have inherited an ubuntu machine with mysql installed and I don't know how. My problem is that i can't access to mysql. Here some info of my host: cat /etc/os-release NAME="Ubuntu" VERSION="20.04.1 LTS (Focal Fossa)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 20.04.1 LTS" VERSION_ID="20.04" HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" VERSION_CODENAME=focal UBUNTU_CODENAME=focal MySQl version mysql Ver 8.0.27-0ubuntu0.20.04.1 for Linux on x86_64 ((Ubuntu)) This is error message: $ mysql -u root -p ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' --- $ service mysqld start Failed to start mysqld.service: Unit mysqld.service not found. This file /var/run/mysqld/mysqld.sock dosn't exist. EDIT WITH MORE INFO $ netstat -tlpn Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 99/systemd-resolved tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 136/sshd: /usr/sbin tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 303/master tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 313/sshd: root@pts/ tcp6 0 0 :::80 :::* LISTEN 138/apache2 tcp6 0 0 :::22 :::* LISTEN 136/sshd: /usr/sbin tcp6 0 0 ::1:25 :::* LISTEN 303/master tcp6 0 0 ::1:6010 :::* LISTEN 313/sshd: root@pts/ $ systemctl start mysql Job for mysql.service failed because the control process exited with error code. See "systemctl status mysql.service" and "journalctl -xe" for details. $ systemctl status mysql.service * mysql.service - MySQL Community Server Loaded: loaded (/lib/systemd/system/mysql.service; disabled; vendor preset: enabled) Active: failed (Result: exit-code) since Thu 2022-01-27 08:32:50 CET; 10s ago Process: 5687 ExecStartPre=/usr/share/mysql/mysql-systemd-start pre (code=exited, status=0/SUCCESS) Process: 5696 ExecStart=/usr/sbin/mysqld (code=exited, status=1/FAILURE) Main PID: 5696 (code=exited, status=1/FAILURE) Status: "Server startup in progress" Error: 2 (No such file or directory) Jan 27 08:32:50 osticket systemd[1]: mysql.service: Main process exited, code=exited, status=1/FAILURE Jan 27 08:32:50 osticket systemd[1]: mysql.service: Failed with result 'exit-code'. Jan 27 08:32:50 osticket systemd[1]: Failed to start MySQL Community Server. Jan 27 08:32:50 osticket systemd[1]: mysql.service: Scheduled restart job, restart counter is at 5. Jan 27 08:32:50 osticket systemd[1]: Stopped MySQL Community Server. Jan 27 08:32:50 osticket systemd[1]: mysql.service: Start request repeated too quickly. Jan 27 08:32:50 osticket systemd[1]: mysql.service: Failed with result 'exit-code'. Jan 27 08:32:50 osticket systemd[1]: Failed to start MySQL Community Server. $ pwd && ls /var/log alternatives.log apache2 auth.log.4.gz dpkg.log.1 lastlog mysqld.err php7.4-fpm.log.2.gz php7.4-fpm.log.8.gz syslog.3.gz wtmp alternatives.log.1 apt btmp dpkg.log.2.gz mail.log php7.4-fpm.log php7.4-fpm.log.3.gz php7.4-fpm.log.9.gz syslog.4.gz wtmp.1 alternatives.log.2.gz auth.log btmp.1 dpkg.log.3.gz mail.log.1 php7.4-fpm.log.1 php7.4-fpm.log.4.gz private syslog.5.gz alternatives.log.3.gz auth.log.1 dist-upgrade dpkg.log.4.gz mail.log.2.gz php7.4-fpm.log.10.gz php7.4-fpm.log.5.gz syslog syslog.6.gz alternatives.log.4.gz auth.log.2.gz dmesg faillog mail.log.3.gz php7.4-fpm.log.11.gz php7.4-fpm.log.6.gz syslog.1 syslog.7.gz alternatives.log.5.gz auth.log.3.gz dpkg.log journal mail.log.4.gz php7.4-fpm.log.12.gz php7.4-fpm.log.7.gz syslog.2.gz ubuntu-advantage.log $ cat /var/log/mysqld.err 2022-01-26T12:23:07.952718Z 0 [ERROR] [MY-010083] [Server] --verbose is for use with --help; did you mean --log-error-verbosity? 2022-01-26T12:23:07.952814Z 0 [ERROR] [MY-010095] [Server] Failed to access directory for --secure-file-priv. Please make sure that directory exists and is accessible by MySQL Server. Supplied value : /var/lib/mysql-files 2022-01-26T12:23:07.953735Z 0 [ERROR] [MY-010119] [Server] Aborting I have tried to fix it in many ways but I can't. Someone could help me? Thanks.

Possible exposable asset type on Google Cloud Posted: 27 Jan 2022 02:25 AM PST One of the ways to secure a cloud environment is to monitor all of the assets that we have. Recently, I made a script to get information regarding those assets by using GCP API, but I need to do it one by one, for each asset by using the describe command to determine if it is public or not. Do you know which asset type on Google Cloud that can be publicly accessible? I found some but I want to make sure that I cover every asset type that can be public. Here is what I found: Bucket Instance Firewall Forwarding Rule Backend Service Cluster Storage Is there anything else that I missed? or is there a way to get all information regarding public asset on GCP?

What is causing BadRequestException when calling the ExecuteStatement operation on Aurora Serverless db Posted: 27 Jan 2022 01:06 AM PST I have a lambda function that retrieves records from AWS Aurora Serverless db. Now I thought of adding api gateway to trigger the lambda function but I get this error Connect an AWS Lambda function triggered by API Gateway to Aurora Serverless MySQL database. [ERROR] BadRequestException: An error occurred (BadRequestException) when calling the ExecuteStatement operation: Access denied for user 'admin'@'10.x.xx.xxx' (using password: YES); Error code: 1045; SQLState: 28000 Traceback (most recent call last): File "/var/task/index.py", line 11, in handler sql="SELECT * FROM ecomdev.Customer;" What is causing BadRequestException when calling the ExecuteStatement operation on Aurora Serverless db. I have used AWS CDK to create the stacks. I went through this question But it follows a different which I feel is not necessary. Please help me out if you have encountered this error.

Why is there a ping difference between AWS Lightsail and EC2? Posted: 27 Jan 2022 01:01 AM PST I've recently made a CS:GO server in AWS Lightsail under the Mumbai region. Its ping keeps spiking at random times and it's not only the case with me but all my friends. Meanwhile, EC2 stays stable and never spikes. I've also attached screenshots for a public service measuring the ping delay for the Mumbai region in both Lightsail and EC2. Lightsail ping results for Mumbai region EC2 ping results for Mumbai region Why does this difference occur when both are in the same region and both are created by AWS? Is there no way to make it work in Lightsail and I have to shift to EC2?

Sendmail does not masquerade the hostname.domain combination Posted: 26 Jan 2022 11:39 PM PST My MASQUERADE settings looks as follows... dnl # Also accept email sent to "localhost.localdomain" as local email. dnl # LOCAL_DOMAIN(`localhost.localdomain')dnl dnl # dnl # The following example makes mail from this host and any additional dnl # specified domains appear to be sent from mydomain.com dnl # MASQUERADE_AS(`wantedomain.com')dnl dnl # dnl # masquerade not just the headers, but the envelope as well dnl # FEATURE(masquerade_envelope)dnl dnl # dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well dnl # FEATURE(masquerade_entire_domain)dnl dnl # MASQUERADE_DOMAIN(localhost)dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl MASQUERADE_DOMAIN(localhost02.ux.com.tus)dnl MASQUERADE_DOMAIN(localhost02)dnl dnl MASQUERADE_DOMAIN(mydomain.lan)dnl My hosts file contains... 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.101.129 localhost02.ux.com.tus localhost02 [root@localhost02 mail]# hostname -s localhost02 [root@localhost02 mail]# hostname -f localhost02.ux.com.tus [root@localhost02 mail]# When I'm trying to send a mail, sendmail keeps try to send this with localhost02.ux.com.tus and does not take into account the MASQUERADING settings (I'm expecting user@wantedomain.com as the sender)... [root@localhost02 mail]# mail dzsordzs.kluni@heretofind.com Subject: TEST Hello World. . EOT [root@localhost02 mail]# mailq /var/spool/mqueue (1 request) -----Q-ID----- --Size-- -----Q-Time----- ------------Sender/Recipient----------- 20JB4OZi054827* 13 Wed Jan 19 12:04 <user@localhost02.ux.com.tus> <dzsordzs.kluni@heretofind.com> Total requests: 1 Any help would be much appreciated! 20222.01.27 - UPDATE I have created a short shell script, containing the followings... #!/bin/sh RECIPIENT=dzsordzs.kluni@heretofind.com SENDER=user@wantedomain.com /usr/sbin/sendmail -i -v -Am -f$SENDER $RECIPIENT <<END Subject: TEST From: $SENDER Hello World. END After executing the shell script, I still get a time out error from the SMTP server... [root@localhost02 mail]# ./sendmail.sh dzsordzs.kluni@heretofind.com... Connecting to email-smtp.eu-central-1.amazonaws.com. port 587 via relay... dzsordzs.kluni@heretofind.com... Deferred: Connection timed out with email-smtp.eu-central-1.amazonaws.com. [root@localhost02 mail]# mailq /var/spool/mqueue (6 requests) -----Q-ID----- --Size-- -----Q-Time----- ------------Sender/Recipient----------- 20R7JX1b017298 13 Thu Jan 27 08:19 user@wantedomain.com (Deferred: Connection timed out with email-smtp.eu-central-1.) dzsordzs.kluni@heretofind.com However telnet connection to the server via port 587 looks OK... [root@localhost02 mail]# telnet email-smtp.eu-central-1.amazonaws.com 587 Trying 172.27.1.14... Connected to email-smtp.eu-central-1.amazonaws.com. Escape character is '^]'. 220 email-smtp.amazonaws.com ESMTP SimpleEmailService-d-B4HOZL4HF JJQ6jMD4ztoBhcmitWhE 451 4.4.2 Timeout waiting for data from client. Connection closed by foreign host. [root@localhost02 mail]# ...and finally the content of the /var/log/maillog file... Jan 27 08:19:33 localhost02 sendmail[17298]: 20R7JX1b017298: from=user@wantedomain.com, size=57, class=0, nrcpts=1, msgid=<202201270719.20R7JX1b017298@localost02.ux.com.tus>, relay=root@localhost Jan 27 08:25:33 localhost02 sendmail[17298]: 20R7JX1b017298: to=dzsordzs.kluni@heretofind.com, ctladdr=user@wantedomain.com (0/0), delay=00:06:00, xdelay=00:06:00, mailer=relay, pri=30057, relay=email-smtp.eu-central-1.amazonaws.com. [18.158.92.82], dsn=4.0.0, stat=Deferred: Connection timed out with email-smtp.eu-central-1.amazonaws.com.

How do I Generate a Bearer Token for cURL to Get Thru IAP (GCP)? Posted: 27 Jan 2022 12:33 AM PST I need to cURL a web app hosted behind IAP on GCP. Normally, users log in through IAP and use the web app, but I need to run some cURL commands (interactive and non-interactive) that hit the web app URLs (for example: https://myapp.com/get_pics/1) I cannot figure out how to get a Bearer token from GCP that I can use in the authorization header for cURL. I can set up a service account with "IAP Secured Web App User" role and I have the JSON key for this service account, but I am not sure where to go after that to get a proper Bearer token that IAP will accept.

PowerDNS: spoof NXDOMAIN response from "forward-zones" server and forward it Posted: 27 Jan 2022 02:25 AM PST I faced an issue trying to setup PowerDNS for my local network. I have a domain example.com managed by Cloudflare. For instance I have A record on Cloudflare like server.example.com pointing to 1.1.1.1 but my local clients should resolve server.example.com to 10.10.10.1 and it's not a problem by using forward-zones="example.com=127.0.0.1:54"; in recursor config, but I have another record like mail.example.com pointing to 2.2.2.2, that server is outside of my local network and I have to copy A record from Cloudflare to my local PowerDNS by hands otherwise local client gets NXDOMAIN. Looks like I need to spoof NXDOMAIN response from local PowerDNS and query forwarder. Is it possible? EDIT: I started with LUA script and is able to catch NXDOMAIN response. But I can't forward it. function nxdomain(dq) pdnslog("Intercepting NXDOMAIN for: "..dq.qname:toString()) if dq.qtype == pdns.A then dq.rcode=0 -- make it a normal answer dq:addAnswer(pdns.A, "10.10.10.10") return true end return false end

why doesn't arp-scan find any devices when nmap does? Posted: 27 Jan 2022 12:58 AM PST When I run nmap -sn 192.168.0.0/24 I get the result: Nmap scan report for 192.168.0.1 Host is up (0.16s latency). Nmap scan report for 192.168.0.103 Host is up (0.19s latency). Nmap scan report for 192.168.0.124 Host is up (0.11s latency). Nmap done: 256 IP addresses (3 hosts up) scanned in 124.31 seconds Though when I run arp-scan 192.168.0.0/24 (the default interface is the one I'm targeting) I get: Interface: wlp6s0, datalink type: EN10MB (Ethernet) Starting arp-scan 1.9.5 with 256 hosts (https://github.com/royhills/arp-scan) 0 packets received by filter, 0 packets dropped by kernel Ending arp-scan 1.9.5: 256 hosts scanned in 1.986 seconds (128.90 hosts/sec). 0 responded Why does nmap detect devices on the local network and arp-scan doesn't? Is my arp-scan not working (broken in some way), or am I missing something? The local network is enabled by an old d-link router.

How to Retain Proxy URL for all request using Apache load balancer Posted: 27 Jan 2022 02:07 AM PST I am trying to serve the requests to my Site through Proxy machine using Load balancer. When i try to access the Site by hitting http://PROXYSERVER.com, the HomePage comes up fine retaining the address bar URL with http://PROXYSERVER.com. Now, when i try to access internal links for example, http://PROXYSERVER.com/services/ then the address bar URLchanges to the APPSERVER URL http://APPSERVER01.com/services/ NOTE: The Page comes up fine but the address bar URL is getting changed. Expected behaviour is when user requests http://PROXYSERVER.com/services/ then the address bar should retain the proxy URL while serving the request Here is my code for load balancing, ProxyRequests off ServerName PROXYSERVER.com # WebHead1 BalancerMember http://APPSERVER01:80/ route=node1 # WebHead2 BalancerMember http://APPSERVER02:80/ route=node2 Order Deny,Allow Deny from none Allow from all ProxySet lbmethod=byrequests #ProxySet lbmethod=bybusyness ProxySet stickysession=BALANCEID SetHandler balancer-manager Order deny,allow Allow from all # Point of Balance ProxyPass /balancer-manager ! ProxyPass / balancer://mycluster/ Any suggestions will be appreciated.

nginx points the sub-directory of an alias folder to the base directory Posted: 27 Jan 2022 01:05 AM PST I am new to Nginx. Now I have a confusion on nginx configurations: My web site contains folders in different locations: location / { root /Path1; } location ^~ /download { alias /Path2; } When I query http://mysite/download, I am accessing the content of /Path2 instead of /Path1 Now I want to add a sub-directory under download containing my private files, and I want to add password protection. So I add: location /download/personal { auth_basic "Admin Login"; auth_basic_user_file Path_to_htpasswd; } But I got 404 error when querying http://mysite/download/personal after key in my credentials. According to nginx error log, I am directed to /Path1/download/personal, which does not exist. How can I configure nginx, such that all access to http://mysite/download/* will be directed to the same directory in /Path2? Update: I may find a solution: just put the sub-directory configuration in the parent conf: location ^~ /download { alias /Path2; location /download/personal { auth_basic "Admin Login"; auth_basic_user_file Path_to_htpasswd; } } Is it correct? Or are there better solutions?

Unable to install Certificate Enrolment Policy Web Service Posted: 27 Jan 2022 12:04 AM PST I'm running on Windows 2k8 Enterprise edition, and when adding the Active Directory Certificate Services, I don't see the option to add the Certificate Enrolment Policy Web service in the dialog box. Please let me know if I'm doing something wrong. Thanks!

MySQL tmp tables: how to clean up diskspace after killing a copying to tmp table process? Posted: 27 Jan 2022 12:04 AM PST i ran out of disk space while running an alter table on a large table. I restarted MySQL afterwards and checked the MySQL tmp dir. A show status like '%tmp%' lists 5 tmp files and 4 tmp tables. A df still shows 99% disk usage (was like 72% before the alter table). Running a "check table" returns "OK". How to clean up the disk space used by the alter table command? I'm running MySQL 5.5.31 on Ubuntu 12.04. Thanks: Lars

Cloudwatch alarms from Amazon AWS EC2 instance are always in UT, how can I change the alarm time zone to Eastern? Posted: 27 Jan 2022 02:35 AM PST I am running an Amazon linux AMI and the alarms that I've setup are coming in all showing UT (universal time). It is inconvenient reading these alarms and I'd like them setup to read in eastern time zone (or America/New_York). I've already set my /etc/localtime to point to -> /usr/share/zoneinfo/America/New_York ln -s /usr/share/zoneinfo/America/New_York /etc/localtime But it is still sending alarms in the UT timezone. Does anyone have a solution to this?

Amazon EC2 instance missing Network Interface Posted: 27 Jan 2022 03:11 AM PST I am running Linux on a t1.micro instance at Amazon EC2. Once I noticed bruteforce ssh login attemtps from a certain IP, after litle Googling I issued the two following commands (other ip): iptables -A INPUT -s 202.54.20.22 -j DROP iptables -A OUTPUT -d 202.54.20.22 -j DROP Either this, or maybe some other actions like yum upgrade perhaps, caused the follwing fiasco: after rebooting the server, it came up without the Network Interface! I only can connect to it through AWS Management Console JAVA ssh client - via local 10.x.x.x address. Console's Attach Network Interface as well as Detach.. are greyed out for this instance. Network Interfaces item at the left does not offer any Subnets to choose from, to create a new N.I. Please advice, how can I recreate a Network Interface for the instance? Upd. The instance is not accessible from outside: cannot be pinged, SSH'ed or connected by HTTP on port 80. Here's the ifconfig output: eth0 Link encap:Ethernet HWaddr 12:31:39:0A:5E:06 inet addr:10.211.93.240 Bcast:10.211.93.255 Mask:255.255.255.0 inet6 addr: fe80::1031:39ff:fe0a:5e06/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1426 errors:0 dropped:0 overruns:0 frame:0 TX packets:1371 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:152085 (148.5 KiB) TX bytes:208852 (203.9 KiB) Interrupt:25 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) What is also unusual: a new micro instance I created from scratch, with no relation to the troubled one, was not pingable too.

How to change Windows DFS replication log file path? Posted: 27 Jan 2022 02:07 AM PST I have enabled DFS replication for a couple shares on my Windows Server 2003 machine and it works fine, except that I would like the debug logs to be written to a different drive (it logs in to the windows folder on the C drive by default) and also change the logging levels so it's not logging as much. I found some information here at technet (see the section titled DFS replication) and a couple other sites with similar information. The problem is, I do not have the registry keys (HKLM\SYSTEM\CurrentControlSet\Services\Dfsr\Parameters) - I do not have the "Dfsr" container. Also, if I try the wmi command (wmic /namespace:\root\microsoftdfs path dfsrmachineconfig set debuglogseverity=5) it says invalid namespace 0x8004100e. I do have a "dfs" container at that registry path (dfs instead of dfsr) and \Parameters, but none of the registry keys mentioned on that technet site. How can I change the path and/or log level?

SQL 2005/2008 and sp_add_jobstep fails Posted: 27 Jan 2022 01:05 AM PST I have a job that is being created by a non-sysadmin user. This job fails because the @database_user_name setting with the error "Only a sysadmin can specify '@database_user_name' parameter" If I read BOL this would be ignored in SQL 2008 R2 which I have confirmed I am running with @@version. Any thoughts? EXECUTE @ReturnCode = msdb.dbo.sp_add_jobstep @job_id = @JobID, @step_id = 1, @step_name = N'Delete From TmpEmployee', @command = N'Delete From TmpEmployee', @database_name = @Database, @server = N'', @database_user_name = N'', @subsystem = N'TSQL', @cmdexec_success_code = 0, @flags = 0, @retry_attempts = 0, @retry_interval = 1, @output_file_name = N'', @on_success_step_id = 2, @on_success_action = 4, @on_fail_step_id = 0, @on_fail_action = 2 IF (@@ERROR <> 0 OR @ReturnCode <> 0) GOTO QuitWithRollback

You are subscribed to email updates from Recent Questions - Server Fault. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States