| Apache redirects - issue with redirects in query string Posted: 25 May 2022 06:49 AM PDT I have lots of apache permanent redirects for site that look like this: Redirect 301 /old-path https://new.com/lang/new-path/?utm_source=old.lang&utm_medium=301
When the path doesn't match any old path, it redirects to root like this: Redirect 301 / https://new.com/lang/?utm_source=old.lang&utm_medium=301
As you can see, there has to be this part at the end of url: ?utm_source=old.lang&utm_medium=301
Problem The issue is when i input old.com/test123 and it doesn't match any redirect in .htaccess file, it redirects to root (like it should) but adds the "test123" at the end of url, so it looks like this: https://new.com/lang/?utm_source=old.lang&utm_medium=301test123
Instead of that, there should be a clean url like this one: https://new.com/lang/?utm_source=old.lang&utm_medium=301
Am I missing something? |
| linux SFTP client fails to connect Posted: 25 May 2022 06:46 AM PDT I am attempting to a linux server to a SFTP site for the intent of pulling files. The linux server is a Google Compute Engine (Virtual Machine). When connecting from my Google CE linux to the SFTP Server, I get the below error: [Server1@airflow-pipeline User1]$ sftp SFTPUSER@12.34.56.78 Permission denied (password). Couldn't read packet: Connection reset by peer [Server1@airflow-pipeline User1]$ ssh SFTPUSER@12.34.56.78 Permission denied (password). [Server1@airflow-pipeline User1]$
Note: code block sanitized Historically, This kind of error indicates to me that the server is not allowing username/password authentication. However, if I do the same connection from my local development box (Mac m1 Max, Terminal), it works just fine. Additionally, from the development station, FileZilla connects immediately. How can I troubleshoot this? Thank you |
| I faced a probelm in bash plz help me Posted: 25 May 2022 06:34 AM PDT how to use "sudo su" -> pwd and then execute some commands under sudo privileges? the screen get stucked in root it doesnt execute the other commands PLZ HELP ME |
| use external webserver in local Active Directory Posted: 25 May 2022 05:21 AM PDT i have a local active directory domain (for example : sample.net ) and i have a website hosted with same domain name in a shared server . i can't access my website in local network. i have added a www A record for website but www.sample.net redirects to sample.net and there still unavailable in local network. what should i do in cPanel or my windows server ? |
| GCP's autoscaler fails to scale NodePool with Ephemeral Storage Posted: 25 May 2022 05:28 AM PDT We have a NodePool dedicated to CI agents. When everything works properly, our CI controller will create a pod for a CI agent, and the NodePool will be scaled automatically by GCP's autoscaler. This means that the pods will have the following event saying that no nodes match their affinities: 0/3 nodes are available: 3 node(s) didn't match Pod's node affinity/selector. And the new Nodes will eventually be online after a short time. However, most of the time, the autoscaler will fail saying that: pod didn't trigger scale-up: 3 Insufficient ephemeral-storage, 6 node(s) didn't match Pod's node affinity/selector When this occurs, I have to manually scale the NodePool through the GCP's UI on the NodePool section, which works immediately. I'm pretty confident saying that there is a bug somewhere between Kubernetes and GCP's infrastructure, maybe the autoscaler. What do you think? Here is the configuration of the NodePool, if it can help: autoscaling: enabled: true maxNodeCount: 3 config: diskSizeGb: 100 diskType: pd-standard ephemeralStorageConfig: localSsdCount: 2 imageType: COS_CONTAINERD labels: _redacted_: 'true' machineType: c2-standard-16 metadata: disable-legacy-endpoints: 'true' oauthScopes: - https://www.googleapis.com/auth/cloud-platform preemptible: true serviceAccount: _redacted_ shieldedInstanceConfig: enableIntegrityMonitoring: true tags: - gke-main taints: - effect: NO_SCHEDULE key: _redacted_ value: 'true' workloadMetadataConfig: mode: GKE_METADATA initialNodeCount: 1 instanceGroupUrls: - _redacted_ locations: - europe-west1-c - europe-west1-b - europe-west1-d management: autoRepair: true autoUpgrade: true maxPodsConstraint: maxPodsPerNode: '110' name: gha networkConfig: podIpv4CidrBlock: 10.0.0.0/17 podRange: main-europe-west1-pods podIpv4CidrSize: 24 selfLink: _redacted_ status: RUNNING upgradeSettings: maxSurge: 1 version: 1.21.11-gke.900
Thanks! |
| Change requests to arrive at loopback address under specific port Posted: 25 May 2022 05:13 AM PDT I have the following setup: - A Vodafone GigaCube providing internet access
- A couple of DYMO LabelWriter Printers connected through a switch to the GigaCube
- A Laptop thats connected to the gigacube network running the DYMO webservice
- A phone thats also connected to the gigacube network
- A Website that uses the DMYO JavaScript SDK to send a request to the webservice on 127.0.0.1
What I'm trying to do: Print a label with the DYMO LabelWriter by accessing a website on the phone. If I try it on the PC thats running the webserver it works. On the phone it can't connect to 127.0.0.1:41951/DYMO/DLS/Printing/StatusConnected Even if I change 127.0.0.1 to the Laptops IP Address (e.g. 192.168.8.123) it doesn't work. I've googled a lot and my network skills are pretty basic. But I think the issue is that the webserver is only listening to 127.0.0.1:41951 and nothing else. I can't change the underlying code. So my question is: Can i make my PC "forward" an incoming request to it's local IP (192.168.8.123) to its own loopback (127.0.0.1)? I want to: Open the website on the phone, send the request to 127.0.0.1 on the PC and have the printer print out the label. |
| Repair "error" sub-lv after a disk went bad Posted: 25 May 2022 07:07 AM PDT We had a disk go bad (disk commands timed out and took many seconds to do so) in our LVM installation with mirroring. With some trouble, we managed to pvremove the offending disk, and used lvconvert --repair -y nova/$lv to repair (restore redundancy) the logical volumes. One logical volume still seems to have trouble though. In lvs -o devices -a it shows no devices for 2 of its subvolumes: LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert Devices lvname nova Rwi-aor--- 800.00g 100.00 lvname_rimage_0(0),lvname_rimage_1(0),lvname_rimage_2(0),lvname_rimage_3(0) [lvname_rimage_0] nova iwi-aor--- 400.00g /dev/sdc1(19605) [lvname_rimage_1] nova iwi-aor--- 400.00g /dev/sdi1(19605) [lvname_rimage_2] nova vwi---r--- 400.00g [lvname_rimage_3] nova iwi-aor--- 400.00g /dev/sdj1(19605) [lvname_rmeta_0] nova ewi-aor--- 64.00m /dev/sdc1(19604) [lvname_rmeta_1] nova ewi-aor--- 64.00m /dev/sdi1(19604) [lvname_rmeta_2] nova ewi---r--- 64.00m [lvname_rmeta_3] nova ewi-aor--- 64.00m /dev/sdj1(19604)
and also according to lvdisplay -am there is a problem with ..._rimage2 and ..._rmeta2: --- Logical volume --- Internal LV Name lvname_rimage_2 VG Name nova LV UUID xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx LV Write Access read/write LV Creation host, time xxxxxxxxx, 2021-07-09 16:45:21 +0000 LV Status NOT available LV Size 400.00 GiB Current LE 6400 Segments 1 Allocation inherit Read ahead sectors auto --- Segments --- Virtual extents 0 to 6399: Type error --- Logical volume --- Internal LV Name lvname_rmeta_2 VG Name nova LV UUID xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx LV Write Access read/write LV Creation host, time xxxxxxxxx, 2021-07-09 16:45:21 +0000 LV Status NOT available LV Size 64.00 MiB Current LE 1 Segments 1 Allocation inherit Read ahead sectors auto --- Segments --- Virtual extents 0 to 0: Type error
We tried various combinations of lvconvert --repair -y nova/$lv and lvchange --syncaction repair on it without effect. lvchange -ay doesn't work either: $ sudo lvchange -ay nova/lvname_rmeta_2 Operation not permitted on hidden LV nova/lvname_rmeta_2. $ sudo lvchange -ay nova/lvname $ # (no effect) $ sudo lvconvert --repair nova/lvname_rimage_2 WARNING: Disabling lvmetad cache for repair command. WARNING: Not using lvmetad because of repair. Command on LV nova/lvname_rimage_2 does not accept LV type error. Command not permitted on LV nova/lvname_rimage_2. $ sudo lvchange --resync nova/lvname_rimage_2 WARNING: Not using lvmetad because a repair command was run. Command on LV nova/lvname_rimage_2 does not accept LV type error. Command not permitted on LV nova/lvname_rimage_2. $ sudo lvchange --resync nova/lvname WARNING: Not using lvmetad because a repair command was run. Logical volume nova/lvname in use. Can't resync open logical volume nova/lvname. $ lvchange --rebuild /dev/sdf1 nova/lvname WARNING: Not using lvmetad because a repair command was run. Do you really want to rebuild 1 PVs of logical volume nova/lvname [y/n]: y device-mapper: create ioctl on lvname_rmeta_2 LVM-blah failed: Device or resource busy Failed to lock logical volume nova/lvname. $ lvchange --raidsyncaction repair nova/lvname # (took a long time to complete but didn't change anything)
Any idea how to restore redundancy on this logical volume? It is in continuous use, of course... It seems like somehow we must convince LVM to allocate some space for it, instead of using the error segment (there is plenty available in the volume group). |
| Router [ER-X] as WireGuard Client to hide Office IP on Debian Server. Cannot bind to WireGuard IP from the server Posted: 25 May 2022 04:52 AM PDT Dear ServerFault community I have a problem with my WireGuard Tunnel overall configuration. I have an OVH VPS with 4 public IPs (MY_PUBLIC) acting as a WireGuard server and forwarding all the traffic (and ports) to my EdgeRouter-X router (192.168.255.1) (which acts as a WireGuard client) and that, then, forwards it to my Debian server (192.168.255.10). The problem is that when on the Debian server I try to bind to any of the OVH VPS WireGuard's public IPs (MY_PUBLIC) [I tried making Apache bind to them, along with MariaDB and Docker but nothing] I get a bind error telling me that it is not possible. bind: cannot assign requested address.
After some research I found this: The message "Cannot assign requested address" suggests that the hostname/IP you are trying to bind does not resolve to a local network interface.
From online research this seems to suggest a NAT being somewhere between the VPS and the server. I am a newbie with networks and I have no idea how to solve this issue. This is a major issue as the server can only use those IPs binding to 0.0.0.0. My ER-X configuration: firewall { all-ping enable broadcast-ping disable group { address-group MY_PUBLIC { // OVH VPS's IPs address 92.CENSORED.CENSORED.108 address 149.CENSORED.CENSORED.64 address 37.CENSORED.CENSORED.244 address 149.CENSORED.CENSORED.244 } } ipv6-name WANv6_IN { default-action drop description "WAN inbound traffic forwarded to LAN" enable-default-log rule 10 { action accept description "Allow established/related sessions" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } } ipv6-name WANv6_LOCAL { default-action drop description "WAN inbound traffic to the router" enable-default-log rule 10 { action accept description "Allow established/related sessions" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } rule 30 { action accept description "Allow IPv6 icmp" protocol ipv6-icmp } rule 40 { action accept description "allow dhcpv6" destination { port 546 } protocol udp source { port 547 } } } ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable modify wireguard_route { rule 5 { action modify destination { group { address-group MY_PUBLIC } } modify { table main } } rule 7 { action modify destination { address 172.16.1.0/24 } modify { table main } } rule 10 { action modify description wireguard-vpn modify { table 1 } source { address 192.168.255.0/24 } } } name WAN_IN { default-action drop description "WAN to internal" rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } } name WAN_LOCAL { default-action drop description "WAN to router" rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } rule 30 { action accept description openvpn destination { port 1194 } protocol udp } } receive-redirects disable send-redirects enable source-validation disable syn-cookies enable } interfaces { ethernet eth0 { address dhcp description Internet dhcpv6-pd { pd 0 { interface eth1 { service dhcpv6-stateful } interface eth2 { service dhcpv6-stateful } interface eth3 { service dhcpv6-stateful } interface switch0 { host-address ::1 service slaac } prefix-length /64 } rapid-commit enable } duplex auto firewall { in { ipv6-name WANv6_IN name WAN_IN } local { ipv6-name WANv6_LOCAL name WAN_LOCAL } } ipv6 { address { autoconf } dup-addr-detect-transmits 1 } speed auto } ethernet eth1 { description Local duplex auto speed auto } ethernet eth2 { description Local duplex auto speed auto } ethernet eth3 { description Local duplex auto speed auto } ethernet eth4 { description Local duplex auto poe { output off } speed auto } loopback lo { } openvpn vtun0 { mode server server { name-server 192.168.255.1 push-route 192.168.255.0/24 subnet 172.16.1.0/24 } tls { ca-cert-file /config/auth/cacert.pem cert-file /config/auth/server.pem dh-file /config/auth/dh.pem key-file /config/auth/server.key } } switch switch0 { address 192.168.255.1/24 description Local firewall { in { modify wireguard_route } } mtu 1500 switch-port { interface eth1 { } interface eth2 { } interface eth3 { } interface eth4 { } vlan-aware disable } } wireguard wg0 { address 10.0.0.2/30 description Wireguard listen-port 51821 mtu 1420 peer CENSORED+CENSORED+CENSORED= { allowed-ips 0.0.0.0/0 endpoint 92.CENSORED.CENSORED.108:51821 persistent-keepalive 25 preshared-key /config/auth/wg-preshared.key } private-key /config/auth/wg.key route-allowed-ips false } } port-forward { auto-firewall enable hairpin-nat enable lan-interface switch0 rule 1 { description "Allow ALL" forward-to { address 192.168.255.10 } original-port 1-65535 protocol tcp_udp } wan-interface wg0 } protocols { static { table 1 { description "table to force wg0:aws" interface-route 0.0.0.0/0 { next-hop-interface wg0 { } } route 0.0.0.0/0 { blackhole { distance 255 } } } } } service { dhcp-server { disabled false hostfile-update disable shared-network-name LAN-X { authoritative disable subnet 192.168.255.0/24 { default-router 192.168.255.1 dns-server 192.168.255.1 lease 86400 start 192.168.255.2 { stop 192.168.255.254 } static-mapping iDRAC { ip-address 192.168.255.120 mac-address CENSORED:CENSORED:CENSORED:CENSORED:CENSORED:CENSORED } static-mapping node2 { ip-address 192.168.255.10 mac-address CENSORED:CENSORED:CENSORED:CENSORED:CENSORED:CENSORED } } } static-arp disable use-dnsmasq disable } dns { forwarding { cache-size 150 listen-on switch0 listen-on vtun0 } } gui { http-port 80 https-port 443 older-ciphers enable } nat { rule 5001 { description wireguard-nat log disable outbound-interface wg0 protocol all source { address 192.168.255.0/24 } type masquerade } rule 5002 { description "masquerade for WAN" log disable outbound-interface eth0 protocol all type masquerade } } ssh { port 22 protocol-version v2 } unms { } } system { analytics-handler { send-analytics-report false } crash-handler { send-crash-report false } host-name EdgeRouter-X-5-Port login { user ubnt { authentication { encrypted-password CENSORED } level admin } } ntp { server 0.ubnt.pool.ntp.org { } server 1.ubnt.pool.ntp.org { } server 2.ubnt.pool.ntp.org { } server 3.ubnt.pool.ntp.org { } } offload { hwnat enable ipsec enable } syslog { global { facility all { level notice } facility protocols { level debug } } } time-zone UTC }
My OVH VPS's WG config: [Interface] Address = 10.0.0.1/30 ListenPort = 51821 PrivateKey = CENSORED ### Client vpn [Peer] PublicKey = CENSORED PresharedKey = CENSORED AllowedIPs = 10.0.0.2/30
My OVH IPTables: # Generated by iptables-save v1.8.7 on Sun Jan 9 11:04:33 2022 *filter :INPUT ACCEPT [971:145912] :FORWARD ACCEPT [920:137172] :OUTPUT ACCEPT [637:108812] :f2b-sshd - [0:0] COMMIT # Completed on Sun Jan 9 11:04:33 2022 # Generated by iptables-save v1.8.7 on Sun Jan 9 11:04:33 2022 *nat :PREROUTING ACCEPT [133:6792] :INPUT ACCEPT [61:2272] :OUTPUT ACCEPT [3:228] :POSTROUTING ACCEPT [66:4011] -A PREROUTING -i ens3 -p udp -m multiport --dports 1000:51820 -j DNAT --to-destination 10.0.0.2 -A PREROUTING -i ens3 -p udp -m multiport --dports 51822:65534 -j DNAT --to-destination 10.0.0.2 -A PREROUTING -i ens3 -p tcp -m multiport --dports 51822:65534 -j DNAT --to-destination 10.0.0.2 -A PREROUTING -i ens3 -p tcp -m multiport --dports 1000:51820 -j DNAT --to-destination 10.0.0.2 -A PREROUTING -i ens3 -p tcp -m multiport --dports 21,22,80,25,995,110,443,465,993,143 -j DNAT --to-destination 10.0.0.2 -A PREROUTING -i ens3 -p udp -m multiport --dports 21,22,80,25,995,110,443,465,993,143 -j DNAT --to-destination 10.0.0.2 -A POSTROUTING -o ens3 -j MASQUERADE COMMIT # Completed on Sun Jan 9 11:04:33 2022
Just for troubleshooting I tried binding to my Office IP which, as expected and wanted, does not work as behind ER-X's WireGuard Tunnel. Here are some topics that helped me set my current WireGuard structure UP: https://community.ui.com/questions/EdgeRouter-X-as-WireGuard-Client-Forward-ports-from-WG-tunnel-to-LAN/f19957fb-70be-485f-832d-381c6ea4b306 https://community.ui.com/questions/EdgeRouter-X-as-a-WireGuard-client-with-port-forwarding-or-User-IP-is-shown-to-be-WireGuard-tunnels/2a8b19ab-ac0c-48ed-b367-afd3914de9c2 Thank you in advance for your help! |
| routing connection trough bridge to a gsm modem Posted: 25 May 2022 04:44 AM PDT I have a linux box with gsm modem on interface wwan0 which is managed by network manager, and I want to give it a static ip, the idea is to use a bridge and a veth interface with set ip address. I'm unsure on how to setup routes so that packet will go trough vlnk1 and out of wwan0. the overall goal is to connect to contact a server on the internet. Currently what I have looks like this: linux <- vlnk1 --- vlnk0 - app-br0 - wwan0 -> internet . vlan vlan bridge gsm modem
vlnk1 has ip 192.168.69.69 These are commands for creating this monstrosity: nmcli connection add type bridge ifname app-br0 nmcli con modify bridge-app-br0 bridge.stp no nmcli con modify netplan-cdc-wdm0 connection.master "app-br0" connection.slave-type "bond" ip link add dev vlnk0 type veth peer name vlnk1 ip link add ip link set dev vlnk0 up ip link set vlnk0 master app-br0 ip addr add 192.168.69.69/24 dev vlnk1 ip link set dev vlnk1 up
linux is 5.4.0-1056-raspi #63-Ubuntu aarch64 |
| How to set up DNS on google domains to host tomcat websites on the internet Posted: 25 May 2022 06:09 AM PDT Excpectations / Target - We have a domain as (say) example.com bought on Google Domains and a PC running with windows 10 Pro
- We intend to make this PC a server for hosting 2 of our web-apps app1 and app2 Currently we do not own a static IP address so lets refer the public address as: 192.0.2.0
- Web-applications app1 and app2 are running on tomcat in separate app-bases and port 8081 & 8082
- We want to run app1 and app2 on the subdomains app1.example.com and app2.example.com respectively.
Here are all the things that are working: - the web-applications running on the separate app-base in tomcat (v9) on separate ports and are accessible locally and from intranet.
- the web-applications are also accessible from the internet with successful port forwarding (192.0.2.0:8081 and 192.0.2.0:8082 successfully load app1 and app2 respectively).
Problem: URL domain gets replaced with public IP address: Now that the port forwarding was successful I tried domain forwarding (before reading much about how DNS configuration is supposed to be done). This is how I did domain forwarding: - I went in the website section (website_section_cropped_screen_shot.png), there clicked on Add a forwarding address(Add_a_forwarding_address_SS_cropped.png).
- Then in the resulting form, the filled the text-boxes labeled Forward From and Forward to with app1.example.com and 192.0.2.0:8081 respectively.
Now after doing this the address app1.example.com would redirect to app1 but the URL would would replace app1.example.com with 192.0.2.0:8081 Then, I read many articles and blogs telling to add an A type record or a CNAME type record but I could not understand how should I do it or what are the combination of records needed to make it work properly. I tried the combination (in the Domain section): Combination 1: { hostname=example.com, type=A, TTL=3600, Data:192.0.2.0 } { hostname=app1.example.com, type=CNAME, TTL=3600, Data:192.0.2.0:8081 }
Combination 2: { hostname=app1.example.com, type=TXT, TTL=3600, Data:192.0.2.0:8081 }
But none worked and later it stopped making sense to me. Please help me with this I do not have any experience in setting up DNS for a website and/or whatever else is needed to meet the above mentioned expectations. |
| Specify different broadcast IPs for different Windows machines Posted: 25 May 2022 03:46 AM PDT I run some high-frequency trading software from home across multiple accounts. Sometimes during very volatile conditions, I run into issues with rate limits restricted by IP address. I was assuming I could get a batch of IP addresses, which I've done, and split the accounts across different computers to reduce the likelihood of hitting rate limits. Is there a way I can assign a public IP to be used for a specific Windows 10 machine, for both sending and receiving data? I guess the control of this may be router related. I'm using a FRITZ!Box 7530, supplied by Zen. |
| How to use DNS to reference instances of a Server Posted: 25 May 2022 05:33 AM PDT I would like to use our internal DNS server for linking names from provisioning to final use. So I imagine it like this. A server comes into our network and gets a DHCP or a static address and then has a DNS entry with its hardware name, for example ilocz1234xyz with an HP server. Later the server is provisioned and gets a name and a function in the process. I would like to merge these names. we are currently doing this by giving the server a name during provisioning, for example pegasus in the DNS we then create the names: - ilocz1234xyz.example.com
- ilo.pegasus.example.com
- pegasus.example.com
After that, the server is installed by the OP team with a specific role and gets a working name, for example "webserver" and the DNS entries are adjusted: - ilocz1234xyz.example.com
- ilo.pegasus.example.com
- pegasus.example.com
- webserver.example.com
My question now is how do I get the names to be referenced, so that I can see the names belong together. I initially thought it like this: - ilocz1234xyz.example.com A record -> 10.0.0.100
- ilo.pegasus.example.com C-NAME -> ilocz1234xyz.example.com
- pegasus.example.com A record -> 10.0.0.200
- webserver.example.com C-NAME -> pegasus.example.com
My goal now is that I can make a query on pegasus.example.com and then get the entries for ilo.pegasus.example.com and webserver.example.com but that doesn't work because CNAME is just an alias and I cannot search DNS recursively. You could certainly also write a script that queries the DNS and collects all the data for me, but my question is whether there is an easier way to solve this, maybe even with on-board tools. |
| How to resize partition to maximum size on Debian 8? Posted: 25 May 2022 05:52 AM PDT My question is how to resize partition on Debian 8 without losing any data? I have 90 GB partition but my disk has 150 GB space on VPS server, so 50 GB is free and I want to add this 50 GB without losing any data, this is how it presents: 
I've tried using resize2fs command but this didn't helped me because it shows me an error : Filesystem is already n blocks long. Nothing to do! I've already extended a partition on Debian 11 with resize2fs and everything was fine, here I don't know why but It doesn't want to work. EDIT 
|
| NAT-Reflection on Cisco ASA 5508-X Posted: 25 May 2022 04:00 AM PDT We have 2 internal networks in our environment. 10.1.x as a main network (with different vlans) and 192.168.1.x/24 as WiFi for our travelling users. Both are connected to our Cisco ASA 5508-X and then connected to WAN Our ERP server provides an app, which contacts a DynDNS Address and is then redirected to our server IP in 10.1.x network. If the app is executed while in 10.1.x networks, it can look up the DNS forward lookup zones in our Active Directory and is then redirected to the internal IP of the server. In the "guest" network 192.168.1.x there is no such zone. I also do not seem to have a possibility to maintain such a host entry in our Cisco 2500 WLC (which would be a solution like the DNS forward lookup zone in AD). Something like DNSMasq, i presume. Which means, the app contacts the DynDNS Address via WAN and is redirected back. The Cisco ASA seems to judge this as a security risk and denies the connection. Is it good practice to implement an exception? Or is there a better way? I am not able to maintain the ASA myself - I have to open a ticket to request changes. |
| postfix removing body of bounced messages Posted: 25 May 2022 05:10 AM PDT I've noticed for messages that fail to deliver with postfix, the body of the message is removed. Here's an example (real emails replaced with temps): --5F54EFCA0A.1653443634/MYDOMAIN.COM Content-Description: Delivery report Content-Type: message/delivery-status Reporting-MTA: dns; MYDOMAIN.COM X-Postfix-Queue-ID: 5F54EFCA0A X-Postfix-Sender: rfc822; FROM@MYDOMAIN.COM Arrival-Date: Wed, 25 May 2022 01:47:13 +0000 (UTC) Final-Recipient: rfc822; TO@GMAIL.COM Original-Recipient: rfc822;TO@GMAIL.COM Action: delayed Status: 4.2.1 Remote-MTA: dns; alt1.gmail-smtp-in.l.google.com Diagnostic-Code: smtp; 450-4.2.1 The user you are trying to contact is receiving mail at a rate that 450-4.2.1 prevents additional messages from being delivered. Please resend your 450-4.2.1 message at a later time. If the user is able to receive mail at that 450-4.2.1 time, your message will be delivered. For more information, please 450-4.2.1 visit 450 4.2.1 https://support.google.com/mail/?p=ReceivingRate i9-20020a544089000000b0032b06b69e67si10079646oii.275 - gsmtp Will-Retry-Until: Mon, 30 May 2022 01:47:13 +0000 (UTC) --5F54EFCA0A.1653443634/MYDOMAIN.COM Content-Description: Undelivered Message Headers Content-Type: text/rfc822-headers Content-Transfer-Encoding: 8bit Return-Path: <FROM@MYDOMAIN.COM> Received: from [XX.XX.XX.XX] (localhost [127.0.0.1]) by MYDOMAIN.COM (Postfix) with ESMTP id 5F54EFCA0A for <TO@GMAIL.COM>; Wed, 25 May 2022 01:47:13 +0000 (UTC) Content-Type: multipart/mixed; boundary="===============9070788644322080819==" MIME-Version: 1.0 Subject: MY SUBJECT From: FROM@MYDOMAIN.COM To: TO@GMAIL.COM Message-Id: <20220525014713.5F54EFCA0A@MYDOMAIN.COM> Date: Wed, 25 May 2022 01:47:13 +0000 (UTC) --5F54EFCA0A.1653443634/MYDOMAIN.COM-- *** HEADER EXTRACTED deferred/3/3E377FD67F *** named_attribute: encoding=8bit *** MESSAGE FILE END deferred/3/3E377FD67F ***
I'm wondering are any of the below options possible? Just trying to find a way to avoid losing the original message whenever there's a bounce. - Is there a way to stop postfix from generating this message and instead just place the original message in the deferred queue?
- Or, can I change how quickly it removes the original message and replaces it with this one?
- Or, is there a way to customize the format to make sure the original message's body content is included?
|
| Regarding how Big companies set up their databases [closed] Posted: 25 May 2022 04:29 AM PDT I am trying to understand how do companies which handle a large database requests set up their infrastructure. I have recently created a few python applications which store data in PostGres and requests to read/write take time; since they are not stored on RAM and they are massive bottleneck to speed. Which would still work if the numbers of users are less than 10 and even with 100 with queuing it could work but with thousands of requests, how is data stored, since it would slow down during the reading and writing. In a recent website project which I am working on, I had the idea to read the entire database and store it in pandas and periodically write its altered entries to the database. This approach seems dangerous in situations where if OS would happen to crash and has to be restarted, this would cause loss of data. Is this the approach large companies? Where they read the entire database to RAM? If not could you please advise what possible ways I could handle large data for say a blog website, where the read/write time could be reduced. Even if you can point me to pages where I can educate myself more about it, would be enough. Thanks |
| Hyper-V virtual machine management service stuck at ‘Stopping’ Posted: 25 May 2022 05:51 AM PDT After installing the KB5009624 monthly rollup from Microsoft, we are experiencing a problem wherein suddenly both the Hyper V instance and the Host Machine become unreachable using the virtual switch. When we try to shut down the virtual machine using Hyper-V manager, we get an 'Access Denied' error and also we are unable to shut down the virtual machine using the command prompt. We have also installed the Update (KB5010419) that was supposed to fix the errors mentioned in the previous KB5009624 update. But our problem has repeated even after installing the update (KB5010419). We have gone through the below article which suggests a similar problem, but according to Microsoft this error exists with "Broadcom NetXtreme 1-gigabit network adapters", but we are using an Intel X540 network adapter. https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/vm-lose-network-connectivity-broadcom Environment: The host machine is running Windows Server 2012 R2 and the virtual machine is Windows 10. What we have tried so far: - Disabling and enabling the adapters inside the VM.
- Disabled & enabled host network adapter (Both physical and virtual switch)
|
| Solved - Router as WireGuard client | External User IP is shown to be WireGuard tunnel's local IP on home server [EdgeRouter] Posted: 25 May 2022 04:44 AM PDT I have set up my EdgeRouter-X as a WireGuard client (using IPv6) so that my public IP is shown to be the WireGuard server's public IP. This is because I want to host an home server using OVH's IP and Anti-DDoS instead of my own public ip which is unprotected. I have 4 public IPs: 22.22.22.22 33.33.33.33 44.44.44.44 55.55.55.55
The graph for my connection is like this: OVH VPS Wireguard Server WG0 Tunnel (LOCAL Tunnel 10.0.0.1) [Port forwarding with IPTables] <-----> (LOCAL Tunnel 10.0.0.2) EdgeRouter X EdgeRouter-X (LOCAL 192.168.1.1) [Port forwarding with EdgeRouter] <-----> (LOCAL 192.168.1.10) HOME-SERVER
I am forwarding all the ports from OVH's VPS (1-65535) with IPTables to my EdgeRouter through the wg0 tunnel and then to my homeserver and that works. The issue is that when a user connects let's say to 22.22.22.22:80 he is displayed succesfully the web page, but his IP to the server results to be 10.0.0.1 and not the user public IP. This is my WG Server configuration: [Interface] Address = 10.0.0.1/30 ListenPort = 51821 PrivateKey = CENSORED ### Client vpn [Peer] PublicKey = CENSORED PresharedKey = CENSORED AllowedIPs = 10.0.0.2/30
This is my WG Server IPTables configuration to forward the ports to the EdgeRouter through WG0: # Generated by iptables-save v1.8.7 on Sun Jan 9 11:04:33 2022 *filter :INPUT ACCEPT [971:145912] :FORWARD ACCEPT [920:137172] :OUTPUT ACCEPT [637:108812] :f2b-sshd - [0:0] COMMIT # Completed on Sun Jan 9 11:04:33 2022 # Generated by iptables-save v1.8.7 on Sun Jan 9 11:04:33 2022 *nat :PREROUTING ACCEPT [133:6792] :INPUT ACCEPT [61:2272] :OUTPUT ACCEPT [3:228] :POSTROUTING ACCEPT [66:4011] -A PREROUTING -i ens3 -p udp -m multiport --dports 1000:51820 -j DNAT --to-destination 10.0.0.2 -A PREROUTING -i ens3 -p udp -m multiport --dports 51822:65534 -j DNAT --to-destination 10.0.0.2 -A PREROUTING -i ens3 -p tcp -m multiport --dports 51822:65534 -j DNAT --to-destination 10.0.0.2 -A PREROUTING -i ens3 -p tcp -m multiport --dports 1000:51820 -j DNAT --to-destination 10.0.0.2 -A PREROUTING -i ens3 -p tcp -m multiport --dports 80,25,995,110,443,465,993,143 -j DNAT --to-destination 10.0.0.2 -A PREROUTING -i ens3 -p udp -m multiport --dports 80,25,995,110,443,465,993,143 -j DNAT --to-destination 10.0.0.2 -A POSTROUTING -j MASQUERADE COMMIT # Completed on Sun Jan 9 11:04:33 2022
This is my EdgeRouter-X configuration with WG0 client and port forwarding to the home server: firewall { all-ping enable broadcast-ping disable group { address-group MY_PUBLIC { address 22.22.22.22 address 33.33.33.33 address 44.44.44.44 address 55.55.55.55 } } ipv6-name WANv6_IN { default-action drop description "WAN inbound traffic forwarded to LAN" enable-default-log rule 10 { action accept description "Allow established/related sessions" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } } ipv6-name WANv6_LOCAL { default-action drop description "WAN inbound traffic to the router" enable-default-log rule 10 { action accept description "Allow established/related sessions" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } rule 30 { action accept description "Allow IPv6 icmp" protocol ipv6-icmp } rule 40 { action accept description "allow dhcpv6" destination { port 546 } protocol udp source { port 547 } } } ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable modify wireguard_route { rule 5 { action modify destination { group { address-group MY_PUBLIC } } modify { table main } } rule 10 { action modify description wireguard-vpn modify { table 1 } source { address 192.168.1.0/24 } } } name WAN_IN { default-action drop description "WAN to internal" rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } } name WAN_LOCAL { default-action drop description "WAN to router" rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } } receive-redirects disable send-redirects enable source-validation disable syn-cookies enable } interfaces { ethernet eth0 { address dhcp description Internet dhcpv6-pd { pd 0 { interface eth1 { service dhcpv6-stateful } interface eth2 { service dhcpv6-stateful } interface eth3 { service dhcpv6-stateful } interface switch0 { host-address ::1 service slaac } prefix-length /64 } rapid-commit enable } duplex auto firewall { in { ipv6-name WANv6_IN name WAN_IN } local { ipv6-name WANv6_LOCAL name WAN_LOCAL } } ipv6 { address { autoconf } dup-addr-detect-transmits 1 } speed auto } ethernet eth1 { description Local duplex auto speed auto } ethernet eth2 { description Local duplex auto speed auto } ethernet eth3 { description Local duplex auto speed auto } ethernet eth4 { description Local duplex auto poe { output off } speed auto } loopback lo { } switch switch0 { address 192.168.1.1/24 description Local firewall { in { modify wireguard_route } } mtu 1500 switch-port { interface eth1 { } interface eth2 { } interface eth3 { } interface eth4 { } vlan-aware disable } } wireguard wg0 { address 10.0.0.2/30 description Wireguard listen-port 51821 mtu 1420 peer CENSORED { allowed-ips 0.0.0.0/0 endpoint [2001:41d0:52:400::6e3]:51821 persistent-keepalive 25 preshared-key /config/auth/wg-preshared.key } private-key /config/auth/wg.key route-allowed-ips false } } port-forward { auto-firewall enable hairpin-nat enable lan-interface switch0 rule 1 { description "Allow ALL" forward-to { address 192.168.1.10 } original-port 1-65535 protocol tcp_udp } wan-interface wg0 } protocols { static { table 1 { description "table to force wg0:aws" interface-route 0.0.0.0/0 { next-hop-interface wg0 { } } route 0.0.0.0/0 { blackhole { distance 255 } } } } } service { dhcp-server { disabled false hostfile-update disable shared-network-name LAN { authoritative enable subnet 192.168.1.0/24 { default-router 192.168.1.1 dns-server 192.168.1.1 lease 86400 start 192.168.1.38 { stop 192.168.1.243 } static-mapping Node2 { ip-address 192.168.1.10 mac-address 90:b1:1c:44:f6:da } static-mapping iDRAC { ip-address 192.168.1.120 mac-address E0:DB:55:06:2D:14 } } } static-arp disable use-dnsmasq disable } dns { forwarding { cache-size 150 listen-on switch0 } } gui { http-port 80 https-port 443 older-ciphers enable } nat { rule 5002 { description wireguard-nat log disable outbound-interface wg0 protocol all source { address 192.168.1.0/24 } type masquerade } rule 5003 { description "masquerade for WAN" log disable outbound-interface eth0 protocol all type masquerade } } ssh { port 22 protocol-version v2 } unms { } } system { analytics-handler { send-analytics-report false } crash-handler { send-crash-report false } host-name EdgeRouter-X-5-Port login { user ubnt { authentication { encrypted-password } level admin } } ntp { server 0.ubnt.pool.ntp.org { } server 1.ubnt.pool.ntp.org { } server 2.ubnt.pool.ntp.org { } server 3.ubnt.pool.ntp.org { } } offload { hwnat enable ipsec enable } syslog { global { facility all { level notice } facility protocols { level debug } } } time-zone UTC }
|
| Digital Ocean Droplet spikes to 100% CPU usage without any traffic Posted: 25 May 2022 06:02 AM PDT I recently setup a new Droplet (most basic one) and running react app with very light express server with pm2 (server has been running 16h with 0% cpu usage and 90mb ram). I started the server, no issues there cpu was around 3% and I was testing the website, loading videos etc. I left it overnight and once I loaded the stats it was showing that the droplet was using CPU at 100% for the past 10h or so and I could see the spike going within couple of minutes from 3% to full 100%. Note, my website doesnt have any traffic, nor the domain yet so there was no usage. In fact the bandwidth was at 0mb/s for the whole time. I just restarted the pm2 server and its seems like the cpu is dropping once again. Why is the droplet jumps to 100% cpu usage for no reason when its not even used? |
| HAPROXY : reverse proxy with TLS termination Posted: 25 May 2022 04:01 AM PDT I'm a newbie with HAProxy, and I want to use it to redirects HTTPS incoming requests to my HTTP backends servers. I know, how it is possible to do it with Nginx, like this : #SSL for all server { listen 443 ssl ; server_name www.example.com; absolute_redirect off; proxy_redirect off; access_log /var/log/nginx/example.com-ssl-access.log; error_log /var/log/nginx/example.com-ssl-error.log; ssl_protocols TLSv1.2 TLSv1.1 TLSv1 ; ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem; location / { proxy_pass http://bo.example.com; } }
But I don't know how I can do it with HAProxy ? I have already tried several things. But each time I only had HTTPS to HTTPS redirects. Can you help me ? This is my current HAProxy configuration : global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners stats timeout 5s user haproxy group haproxy daemon tune.ssl.default-dh-param 2048 defaults log global mode http option httplog option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http stats enable stats hide-version stats refresh 30s stats uri /hastats frontend www-http # Frontend listen port - 80 bind *:80 #Mode de fonctionnement mode http reqadd X-Forwarded-Proto:\ http # Test URI to see if its a letsencrypt request acl letsencrypt-acl path_beg /.well-known/acme-challenge/ use_backend letsencrypt-backend if letsencrypt-acl # Set the default backend default_backend www-backend # Enable send X-Forwarded-For header #option forwardfor #option httpchk GET / # log reqs http #option httplog # acl #acl prod_acl hdr(host) prod.local #use_backend apache_backend_servers if prod acl # Define frontend ssl frontend www-ssl bind *:443 ssl crt /etc/haproxy/certs/example.com.pem reqadd X-Forwarded-Proto:\ https default_backend www-backend # define backend backend www-backend mode http option httpchk option forwardfor except 127.0.0.1 http-request add-header X-Forwarded-Proto https if { ssl_fc } redirect scheme http if { hdr(Host) -i example.com } { ssl_fc } balance roundrobin #Define the backend servers server web1 XXX.XXX.XXX.101 check inter 3s port 80 server web2 XXX.XXX.XXX.102 check inter 3s port 80 backend letsencrypt-backend server letsencrypt 127.0.0.1:8080
|
| Why is UUID missing after creating ext4 filesystem on RHEL7 ec2 instance Posted: 25 May 2022 05:55 AM PDT I'm using Ansible to configure a server. This server is running on AWS Ec2 and I'm attaching to it four EBS drives. When I run my ansible playbook it will fail about 50% of the time. The failure is when I mount a path to a newly formatted drive. While investigating I noticed that one of the four drives appears to not have a filesystem and is missing it's UUID. Ansible does not show any errors in the task for creating the filesystem.
Task: - name: Create File Systems filesystem: fstype: ext4 dev: /dev/{{ item }} with_items: "{{ ansible_devices }}" register: filesystem when: item != "nvme0n1"
I skip the root volume ^. TASK [Create File Systems] **************************************************************************************************************************************************************************************************************************************************************************************************** changed: [10.76.22.196] => (item=nvme3n1) changed: [10.76.22.196] => (item=nvme4n1) changed: [10.76.22.196] => (item=nvme1n1) changed: [10.76.22.196] => (item=nvme2n1) skipping: [10.76.22.196] => (item=nvme0n1)
So when it fails and I log in to investigate I get this... [ec2-user@ip-10-76-22-196 ~]$ lsblk -f NAME FSTYPE LABEL UUID MOUNTPOINT nvme0n1 ├─nvme0n1p1 └─nvme0n1p2 xfs de4def96-ff72-4eb9-ad5e-0847257d1866 / nvme1n1 ext4 35546ab6-8a1f-401f-97fa-7c9daf9005eb /couchbase/DATA nvme2n1 ext4 379a603a-2726-437f-ad25-14fd43358e96 /couchbase/INDEX nvme3n1 ext4 b0ceae1f-e902-44d5-a63f-2ef81bb62f21 /couchbase/LOGS nvme4n1
Next I tried creating the file system again [root@ip-10-76-22-196 ~]# mkfs.ext4 /dev/nvme4n1 mke2fs 1.42.9 (28-Dec-2013) Filesystem label= OS type: Linux Block size=4096 (log=2) Fragment size=4096 (log=2) Stride=0 blocks, Stripe width=0 blocks 1638400 inodes, 6553600 blocks 327680 blocks (5.00%) reserved for the super user First data block=0 Maximum filesystem blocks=2155872256 200 block groups 32768 blocks per group, 32768 fragments per group 8192 inodes per group Superblock backups stored on blocks: 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 4096000 Allocating group tables: done Writing inode tables: done Creating journal (32768 blocks): done Writing superblocks and filesystem accounting information: done [root@ip-10-76-22-196 ~]# lsblk -f NAME FSTYPE LABEL UUID MOUNTPOINT nvme0n1 ├─nvme0n1p1 └─nvme0n1p2 xfs de4def96-ff72-4eb9-ad5e-0847257d1866 / nvme1n1 ext4 35546ab6-8a1f-401f-97fa-7c9daf9005eb /couchbase/DATA nvme2n1 ext4 379a603a-2726-437f-ad25-14fd43358e96 /couchbase/INDEX nvme3n1 ext4 b0ceae1f-e902-44d5-a63f-2ef81bb62f21 /couchbase/LOGS nvme4n1
but no luck =/ I also tried other ways to get this information. [ec2-user@ip-10-76-22-196 ~]$ ls /dev/disk/by-uuid/ 35546ab6-8a1f-401f-97fa-7c9daf9005eb 379a603a-2726-437f-ad25-14fd43358e96 b0ceae1f-e902-44d5-a63f-2ef81bb62f21 de4def96-ff72-4eb9-ad5e-0847257d1866
fsck seems to think its ext2? [ec2-user@ip-10-76-22-196 ~]$ fsck -N /dev/nvme4n1 fsck from util-linux 2.23.2 [/sbin/fsck.ext2 (1) -- /dev/nvme4n1] fsck.ext2 /dev/nvme4n1 [ec2-user@ip-10-76-22-196 ~]$ fsck -N /dev/nvme3n1 fsck from util-linux 2.23.2 [/sbin/fsck.ext4 (1) -- /couchbase/LOGS] fsck.ext4 /dev/nvme3n1 [ec2-user@ip-10-76-22-196 ~]$ lsblk -f NAME FSTYPE LABEL UUID MOUNTPOINT nvme0n1 ├─nvme0n1p1 └─nvme0n1p2 xfs de4def96-ff72-4eb9-ad5e-0847257d1866 / nvme1n1 ext4 35546ab6-8a1f-401f-97fa-7c9daf9005eb /couchbase/DATA nvme2n1 ext4 379a603a-2726-437f-ad25-14fd43358e96 /couchbase/INDEX nvme3n1 ext4 b0ceae1f-e902-44d5-a63f-2ef81bb62f21 /couchbase/LOGS nvme4n1
Eventually, I found this... [ec2-user@ip-10-76-22-196 ~]$ sudo sudo file -s /dev/nvme* /dev/nvme0: ERROR: cannot read (Invalid argument) /dev/nvme0n1: x86 boot sector; partition 1: ID=0xee, active, starthead 0, startsector 1, 20971519 sectors, code offset 0x63 /dev/nvme0n1p1: data /dev/nvme0n1p2: SGI XFS filesystem data (blksz 4096, inosz 512, v2 dirs) /dev/nvme1: ERROR: cannot read (Invalid argument) /dev/nvme1n1: Linux rev 1.0 ext4 filesystem data, UUID=35546ab6-8a1f-401f-97fa-7c9daf9005eb (needs journal recovery) (extents) (64bit) (large files) (huge files) /dev/nvme2: ERROR: cannot read (Invalid argument) /dev/nvme2n1: Linux rev 1.0 ext4 filesystem data, UUID=379a603a-2726-437f-ad25-14fd43358e96 (needs journal recovery) (extents) (64bit) (large files) (huge files) /dev/nvme3: ERROR: cannot read (Invalid argument) /dev/nvme3n1: Linux rev 1.0 ext4 filesystem data, UUID=b0ceae1f-e902-44d5-a63f-2ef81bb62f21 (needs journal recovery) (extents) (64bit) (large files) (huge files) /dev/nvme4: ERROR: cannot read (Invalid argument) /dev/nvme4n1: Linux rev 1.0 ext4 filesystem data, UUID=caf9638a-9d10-482e-a554-ae8152cd2fdb (extents) (64bit) (large files) (huge files)
So something is not right |
| RDP session Flickering - Only one user Posted: 25 May 2022 07:01 AM PDT So, This is a tricky one. I use a system where users connects via VPN to a Terminal Server on an other site. It is working fine for everybody but one user. For this user the screen is flickering/flashing/refreshing constantly and the session is unusable. It did work two days ago. No changes know by the user since then. Computer in Win10 and Server 2016 What I did is: play around with caching, resolution, color depth (in mstsc settings) ... > same flickering erase the remote desktop cache > same flickering log with mstsc on an other server with his computer > works fine try to connect with his user on my own computer > same flickering download the other remote desktop from microsoft store > same flickering try to update network card driver, video driver > all up to date windows update > same flickering check network settings > everything is fine properly sign out the session of the user on the server > same flickering erase the user profile from the server > same flickering
Performance of the PC are all good. No overload network, ram or cpu So I am clueless...any other ideas woudl be greatly appreciated. Ben |
| Ability to view SonicWall WAN bandwidth in real time? Posted: 25 May 2022 06:02 AM PDT We have a SuperMassive 9200 and a 100Mbit circuit, we have PRTG monitoring the connection and will error when it hits 90%, we have times where that happens and its 100% or higher. We have not found a good way of viewing the bandwidth breakdown in realtime to determine what is utilizing the connection. We also have GMS implemented with this device in it. I have already looked through the various dashboards but these are not that useful. |
| How to send text to stdin of docker container? Posted: 25 May 2022 05:55 AM PDT I have a docker container which runs a java program in foreground on startup. The java program listens to input on stdin. How can I programmatically send text to the java program? The container is started with -it, so I can docker attach <container-name>, type my text, send it with enter and detach using ^p ^q. I tried docker exec <container-name> echo my-text, but this gets echoed to stdout, not the java program. Can I somehow pipe this to the java program? I also found a similar question in the Docker forums, but the solution uses screen and I'd rather have a cleaner solution. |
| htaccess conditional header set is ignoring the condition Posted: 25 May 2022 04:01 AM PDT I'm trying to set headers if the origin is a particular site to solve a resource conflict I'm having (using Mautic hosted on a subdomain). If I add the headers for any situation I get a 500 error when I try to use Mautic, but the resource being accessed from my site works, hence I only want to set them when my site is the origin. This is what I have: RewriteEngine On #preserve HTTP(S) RewriteCond %{HTTPS} =on RewriteRule ^(.*)$ - [env=proto:https] RewriteCond %{HTTPS} !=on RewriteRule ^(.*)$ - [env=proto:http] <IfModule mod_headers.c> SetEnvIfNoCase Origin %{ENV:proto}://mysite.com ENV_SET SetEnvIfNoCase Origin %{ENV:proto}://mautic.mysite.com ENV_SET=0 Header add Access-Control-Allow-Origin %{ENV:proto}://mysite.com env=ENV_SET Header set Access-Control-Allow-Credentials true env=ENV_SET Header set Access-Control-Allow-Methods: GET, POST, PATCH, PUT, OPTIONS env=ENV_SET Header set Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token env=ENV_SET </IfModule>
As far as I understood that would make the headers set conditionally on existence of the environment variable, but they're being set no matter what. If I remove the SetEnvIf lines they're still set. I did find this which suggests that it should be placed in configuration instead of .htaccess, but I'm not sure what that means. Any suggestions on how I can fix this, or another way to make it work? Thanks EDIT: syntax updated with advice from w3dk, now looks like SetEnvIfNoCase Origin "%{ENV:proto}://mysite.com" ENV_SET SetEnvIfNoCase Origin "%{ENV:proto}://mautic.mysite.com" !ENV_SET Header set Access-Control-Allow-Origin "%{ENV:proto}://mysite.com" env=ENV_SET Header set Access-Control-Allow-Credentials "true" env=ENV_SET Header set Access-Control-Allow-Methods "GET, POST, PATCH, PUT, OPTIONS" env=ENV_SET Header set Access-Control-Allow-Headers "Origin, Content-Type, X-Auth-Token" env=ENV_SET
EDIT 2: Turns out it doesn't like the %{ENV:proto} part, so I've changed that to http and added another line for https. The subdomain is working fine and the headers are setting, except that I'm getting 'Credentials flag is 'true', but the 'Access-Control-Allow-Credentials' header is 'true, true'.' in the console. It's only being set once (I also tried 'merge', and I'm using set for the Allow-Origin; I can't figure out where else this would be set. |
| Two mx records for two different mail servers in the same domain? Posted: 25 May 2022 04:04 AM PDT I have a domain named example.com. I want to set two mail servers on this domain. The main purpose to set these mail servers is to have two different mail server, as if we have two different domains => so it is not one main server and the other one for backup. An MX record for domain example.com is already existing (all mails sent to user@example.com are delivered to smtp.example.com), so we have @ 3600 IN MX 1 smtp.example.com
The A records are set like this: @ 600 IN A 12.12.12.12 smtp 3600 IN A 13.13.13.13 relay 3600 IN A 14.14.14.14</pre>
Can we add new MX records for the second mail server? For example, we set up a new subdomain relay.example.com that points to our new mail server (at ip 14.14.14.14). So that all mail that are sent to user@relay.example.com will be sent to relay.example.com. |
| Exchange 2010 HELO header change Posted: 25 May 2022 05:02 AM PDT I couldn't find any appropriate step by step guide for changing HELO header values in Exchange 2010. The problem is that the server doesn't allow changing the Default FQDN in: EMC -> Server configuration -> Hub transport -> Receive Connectors -> Default entry. The problem comes from the reason it is Default. I've read that I have to use Power Shell to change it. If someone knows the correct commands to change this in Exchange 2010 I'd be rather thankful for this major help. Regards! |
| Why is this upstart script not stopping my process? Posted: 25 May 2022 05:02 AM PDT I am trying to write an upstart script that checks if my process is running by pinging it's HTTP interface. So far, I just can't get the post-start clause to work. Here's a simplified version that I've tried: description "my application" start on runlevel [2345] stop on runlevel [!2345] respawn respawn limit 360 180 setuid myuser setgid mygroup chdir /my/directory exec /bin/sleep 60 post-start script sleep 5 stop exit 1 end script
From terminal: /etc/init$ sudo start myapp # returns after 5 seconds myapp start/running, process 27477 jrantil@myserver:/etc/init$ ps -ef|grep sleep 107 27477 1 0 16:56 ? 00:00:00 /bin/sleep 60 jrantil 27482 26900 0 16:56 pts/1 00:00:00 grep --color=auto sleep
Could anyone tell me why my application is not shutting down after 5 seconds? As far as I've understood, if I don't call stop it will simply respawn. |
| SBS 2011 Folder Redirection not working after migration Posted: 25 May 2022 07:01 AM PDT I followed the Migrate SBS 2008 to SBS 2011 guide which worked well. However RedirectedFolders haven't migrated over properly - Windows 7 workstations are still actively connecting to the old RedirectedFolders shared folder on an old file server, as well as the new RedirectedFolders shared folder on the new SBS server. Can someone please assist? Group Policies were updated under User Configuration -> Policies -> Windows Settings -> Folder Redirection, using the following settings for required folders. 
Below is a screenshot of one user's two RedirectedFolders, with the new server on the right. As you can see the old server's RedirectedFolders are being updated (Desktop, My Docs etc), but the new server isn't. 
On the Windows 7 workstations, event logs are seen: ID 502 "Failed to apply policy and redirect folder "Desktop" to "\New-Server\RedirectedFolders\User\Desktop". Redirection options=0x80001021.". |
| "POSSIBLE BREAK-IN ATTEMPT!" in /var/log/secure — what does this mean? Posted: 25 May 2022 04:23 AM PDT I've got a CentOS 5.x box running on a VPS platform. My VPS host misinterpreted a support inquiry I had about connectivity and effectively flushed some iptables rules. This resulted in ssh listening on the standard port and acknowledging port connectivity tests. Annoying. The good news is that I require SSH Authorized keys. As far as I can tell, I don't think there was any successful breach. I'm still very concerned about what I'm seeing in /var/log/secure though:
Apr 10 06:39:27 echo sshd[22297]: reverse mapping checking getaddrinfo for 222-237-78-139.tongkni.co.kr failed - POSSIBLE BREAK-IN ATTEMPT! Apr 10 13:39:27 echo sshd[22298]: Received disconnect from 222.237.78.139: 11: Bye Bye Apr 10 06:39:31 echo sshd[22324]: Invalid user edu1 from 222.237.78.139 Apr 10 06:39:31 echo sshd[22324]: reverse mapping checking getaddrinfo for 222-237-78-139.tongkni.co.kr failed - POSSIBLE BREAK-IN ATTEMPT! Apr 10 13:39:31 echo sshd[22330]: input_userauth_request: invalid user edu1 Apr 10 13:39:31 echo sshd[22330]: Received disconnect from 222.237.78.139: 11: Bye Bye Apr 10 06:39:35 echo sshd[22336]: Invalid user test1 from 222.237.78.139 Apr 10 06:39:35 echo sshd[22336]: reverse mapping checking getaddrinfo for 222-237-78-139.tongkni.co.kr failed - POSSIBLE BREAK-IN ATTEMPT! Apr 10 13:39:35 echo sshd[22338]: input_userauth_request: invalid user test1 Apr 10 13:39:35 echo sshd[22338]: Received disconnect from 222.237.78.139: 11: Bye Bye Apr 10 06:39:39 echo sshd[22377]: Invalid user test from 222.237.78.139 Apr 10 06:39:39 echo sshd[22377]: reverse mapping checking getaddrinfo for 222-237-78-139.tongkni.co.kr failed - POSSIBLE BREAK-IN ATTEMPT! Apr 10 13:39:39 echo sshd[22378]: input_userauth_request: invalid user test Apr 10 13:39:39 echo sshd[22378]: Received disconnect from 222.237.78.139: 11: Bye Bye
What exactly does "POSSIBLE BREAK-IN ATTEMPT" mean? That it was successful? Or that it didn't like the IP the request was coming from? |
No comments:
Post a Comment