Recent Questions - Server Fault

---

• Calculating the difference of size between fdisk and df
• docker compose smb bind password
• nginx redirect loop on reverse proxy
• Accessing Azure resources from an offsite location
• EKS: kubectl exec does not respect streamingConnectionIdleTimeout
• Windows: saving logs of disk accesses?
• How do I install PHP 5.5 on a new version of CentOS or Amazon Linux or Redhat or Ubuntu?
• How to use "fence_vbox" as fencing device in Virtual Box?
• Client packets not arriving to wireguard server
• Unknown process responding to web requests on AWS server copy
• SCAP Compliance Checker 5.4.2 Uninstall Error
• Optimal use of multiple interfaces do download a large file (a riff on load balancing)
• Postfix - receiving response was: 550 5.1.1 - User unknown in local recipient table
• Redirecting traffic via Wireguard VPN
• Can you use ostree to manage chroots?
• GCP instance is not able to ping to external server
• ESXi: DNS appears not working properly
• MongoDB keeps failing on startup with exit code, status=100
• Difference between cryptographic providers for Windows Server 2019 certificate authority private key?
• How to debug frequent "connection reset by peer"
• Docker, csf and mariadb connection
• How to setup a different root for an Nginx location?
• Apache 2.4.23 reports "server certificate does NOT include an ID", but everything works
• caching system between nginx and gunicorn for django
• SCP copy windows local file to linux remote folder
• Ubuntu server not using localhost IP for internal communication
• How to create client SSL certificates for staff using CaCert CA?
• HKEY_USERS entry for service account
• Difference between "NT AUTHORITY\NETWORK SERVICE" and "NT AUTHORITY\SYSTEM"
• Is the context of local user of AD-joined machine a domain machine account or of local machine account?

Calculating the difference of size between fdisk and df Posted: 11 Jun 2022 04:08 PM PDT Say I have a 1TB SSD and I want to create a 400GB partition with ext4. So I use fdisk and mkfs to achieve that: #### fdisk #### sudo fdisk /dev/sdb # New primary partition, with partition 1 starts with 2048 sector: n p 1 2048 # The last sector +400G #### Configure the file system #### sudo mkfs -t ext4 /dev/sdb1 sudo tune2f -m 0 /dev/sdb1 It turns out that the size I saw in df is less than I expected: # expected: 400 * 1024 * 1024 = 419430400 /dev/sdb1 411725224 So now I use +408G instead of +400G in fdisk to "achieve" what I want, but obviously it was not the smartest solution. I've also tried to use +419430400K instead of +400G in fdisk but the result is same. Is there any formula to create a partition with the size I want?

docker compose smb bind password Posted: 11 Jun 2022 02:26 PM PDT I've currently got the following in my docker-compose: volumes: run_vol: driver_opts: type: tmpfs device: tmpfs kimai_public: driver_opts: type: cifs o: username=docker,password=xxxxx,vers=3.0 device: //192.168.0.2/kimai/public kimai_var: driver_opts: type: cifs o: username=docker,password=xxxxx,vers=3.0 device: //192.168.0.2/kimai/var How do I get my password out of here, ideally into a docker secret? I'm not bound to cifs, alternatives are possible.

nginx redirect loop on reverse proxy Posted: 11 Jun 2022 02:30 PM PDT I ve this nginx configuration. Everything was working well but it suddenly began to make a 302 redirect loop on /wagtail endpoint. The root endpoint is working well. I ve tried to put and remove proxy_set_header Host $host but it is the same. Here is the nginx.conf : server { listen 80; server_name localhost; location / { proxy_pass http://172.20.128.3:3000; proxy_set_header Host $host; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Script-Name /wagtail; client_max_body_size 20M; } location /wagtail { proxy_pass http://172.20.128.2:8000; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Script-Name /wagtail; client_max_body_size 20M; } location /static/ { alias /app/static/; } location /media/ { alias /app/media/; } } And here is the associated docker-compose.yml file : version: '3.7' services: nginx: build: context: . dockerfile: ./compose/production/nginx/Dockerfile restart: always ports: - 80:80 depends_on: - backend - frontend networks: spa_network: frontend: build: context: . dockerfile: ./compose/production/frontend/Dockerfile restart: always stdin_open: true command: yarn start ports: - 3000:3000 depends_on: - backend networks: spa_network: ipv4_address: 172.20.128.3 backend: build: context: . dockerfile: ./compose/production/django/Dockerfile restart: always command: /start volumes: - staticfiles:/app/static - mediafiles:/app/media - sqlite_db:/app/db ports: - 8000:8000 env_file: - ./env/prod-sample networks: spa_network: ipv4_address: 172.20.128.2 networks: spa_network: ipam: config: - subnet: 172.20.0.0/16 volumes: sqlite_db: staticfiles: mediafiles: It is the same when i update the version of nginx

Accessing Azure resources from an offsite location Posted: 11 Jun 2022 12:40 PM PDT I have an azure application that runs on PaaS architecture. To access azure resources like sql or add, I would like that to go through a secure virtual machine instead of from personal devices which is what happens today. The problem today is that access is from personal devices which can be a personal Pc or laptop, secondly if the personal laptop is compromised this presents a risk. Third point, IP addresses change from ISP's when coming from a personal device this means that multiple up address entries are required for the sql firewall, if access is from a VM, the hassle of managing public IP address entries can be eliminated. What is the best way to configure this (jump host, bastion host, VPN) and is it possible to have more than one virtual machine for access from a disaster recovery perspective. I am after a few options with some comments on the cost implication please., and if it can be on demand.

EKS: kubectl exec does not respect streamingConnectionIdleTimeout Posted: 11 Jun 2022 11:48 AM PDT Using EKS with Kubernetes 1.21, managed nodegroups in a private subnet. I'm trying to set the cluster up so that kubectl exec times out after inactivity regardless of the workload being execed into, and without any client configuration. I'm aware of https://github.com/containerd/containerd/issues/5563, except we're on 1.21 with Docker runtime, not containerd yet. I set streamingConnectionIdleTimeout: 3600s on the kubelet in the launch template: cat /etc/kubernetes/kubelet/kubelet-config.json | jq '.streamingConnectionIdleTimeout = "3600s"' > /etc/kubernetes/kubelet/kubelet-config.json /etc/eks/bootstrap.sh {{CLUSTER_NAME}} And confirmed with curl -sSL "http://localhost:8001/api/v1/nodes/(node name)/proxy/configz". However, kubectl exec still does not time out. I confirmed /proc/sys/net/ipv4/tcp_keepalive_time = 7200 on both the client and the node, so we should be hitting the streaming connection idle timeout before Linux starts sending keepalive probes. Reading through How kubectl exec Works, it seems possible that the EKS managed control plane is keeping the connection alive. There are people online who have the opposite problem - their connection times out regardless of streamingConnectionIdleTimeout - and they solve it by adjusting the timeout on the load balancer in front of their k8s API server. However, there are no knobs (that I know of) to tweak in that regard on the EKS managed control plane. I would appreciate any input on this topic.

Windows: saving logs of disk accesses? Posted: 11 Jun 2022 11:34 AM PDT The concrete thing I'd like to get is a tshark-like program (with the command line and log-saving support, that is) that instead of monitoring network packets monitors disk requests. Do you know any program like this? SysInternal's DiskMon would be good enough if it had a "continuous saving" and command line support as tshark does.

How do I install PHP 5.5 on a new version of CentOS or Amazon Linux or Redhat or Ubuntu? Posted: 11 Jun 2022 02:00 PM PDT I just joined a new company. I've been asked to build a CI/CD pipeline for a Laravel app. It is very fragile. It was built for PHP 5.5 and it breaks when they've tried to upgrade to 5.6 or 7. They don't have the time or resources to repair the app, or modernize it any way. Therefore we must keep running PHP 5.5. On Amazon, I"m free to spin up any kind of EC2 instance. I can run with Redhat or CentOS or Ubuntu or Amazon Linux. But once I've launched the instance, I need to find a way to install PHP 5.5. Does anyone know which of these different flavors of Linux is the most likely to support PHP 5.5? I think most of these run newer versions of PHP by default, so I would need to downgrade the versions. Can anyone point me to information about that?

How to use "fence_vbox" as fencing device in Virtual Box? Posted: 11 Jun 2022 12:05 PM PDT I'm just learning about clustering. And now I'm so curious about fencing device using stonith fence_vbox for Virtual Box. I'm searching for documentation about fence_vbox, but no found specific documentation about how to use it. If you have experience using stonith fence_vbox as fencing device, I'm really apreciate if you want to share with me about how to use it.

Client packets not arriving to wireguard server Posted: 11 Jun 2022 11:56 AM PDT This is my wireguard client config: [Interface] Address = 9.0.0.2/32 PrivateKey = <private> [Peer] PublicKey = <server-pubkey> Endpoint = <server-ip>:50123 PersistentKeepalive = 25 AllowedIPs = 9.0.0.0/24 I see in wireshark Handshake Initiation and Source and Destination addresses are correct, but I am not getting responses from server. But when I run tcpdump -n -X -i ens160 udp port 50123 on server I see nothing. I thought there was a problem with the firewall, but no. I tried to send something over socat socat udp:<server-ip>:50123 - and it worked (tcpdump printed results). But server cant still receive packets (datagrams) from wireguard client. I tried workaround using socat as a relay: socat udp-listen:50123 udp:<server-ip>:50123 and changed Endpoint = <server-ip>:50123 to Endpoint = 127.0.0.1:50123 And it started to work. But why it works over socat and not using direct connection? I have this versions: client: wireguard-tools 1.0.20210914-1 (archlinux) server: wireguard-tools 1.0.20200513-1~20.04.2 (Ubuntu 20.04 LTS) PS: I tried same client setup on android and it worked, there must be some problem with archlinux version. Dmesg says this (on achlinux): [12592.005135] wireguard: wg0: No peer has allowed IPs matching 239.255.255.250 [12595.005999] wireguard: wg0: No peer has allowed IPs matching 224.0.0.251 [12595.006217] wireguard: wg0: No peer has allowed IPs matching 224.0.0.251 [12595.014611] wireguard: wg0: No peer has allowed IPs matching 224.0.0.22 [12595.777939] wireguard: wg0: No peer has allowed IPs matching 224.0.0.22 [12596.007290] wireguard: wg0: No peer has allowed IPs matching 224.0.0.251 [12596.007428] wireguard: wg0: No peer has allowed IPs matching 224.0.0.251 [12596.817910] wireguard: wg0: Handshake for peer 43 (195.181.212.101:50123) did not complete after 5 seconds, retrying (try 2) [12596.817942] wireguard: wg0: Sending handshake initiation to peer 43 (<serverip>:50123) Where <serverip> is IP of server but I must keep ip secret so I replaced it by keyword

Unknown process responding to web requests on AWS server copy Posted: 11 Jun 2022 11:22 AM PDT I am trying to work on a web site bug that, at the moment, only manifests in production. Since I can't take down that environment I'm trying to create a copy that is as close as possible. The site is Kentico 11-based, running on Windows Server 2019 Datacenter on an Amazon EC2 t2 instance, backed by an RDS SQL Server Web Edition instance. To create the test environment I make a backup dump of the database and restore it to a different database on the instance, and create an AMI of the EC2 and use that launch a new EC2 instance. This process has worked dozens of times in the past but this time, and I've done it four times so far today, the web site on the new instance will never return anything but a generic 404 status (that is, the minimal 404 page returned by IIS itself, not from Kentico). Oddly, these requests to the copy are not being logged in its IIS request log. I cannot see anything that's different between the production instance and the copy except for details like the IP address and database connection string, and I cannot imagine any reason why there would be any difference; I created the AMI only minutes before launching the new instance. I've spent an entire day trying again and Googling until my fingers are numb...Does anyone have any ideas or suggestions at all on why the copy isn't working as expected or how to get it to? EDIT: Wondering what was responding to HTTP requests if IIS was not, I took a look at the response header, which includes this: Server: Microsoft-HTTPAPI/2.0. I found this: https://docs.microsoft.com/en-us/windows/win32/http/http-api-start-page which really only deepens the mystery. What is getting in front of IIS and how? And again, since this instance is launched from an AMI based on a working site, how did this change come to be? EDIT: I updated the title for more clarity

SCAP Compliance Checker 5.4.2 Uninstall Error Posted: 11 Jun 2022 03:36 PM PDT Does anyone have problems with the SCAP Compliance Checker 5.4.2 on Windows 10 Uninstall Process. I am trying to uninstall it but it keeps showing an error msg.Err_MSG I've tried restarting, checking for the SCC_Client Service or exe running but I cannot find anything. I've tried with PS Explorer and TaskManager to trace down any service which may run but to no success. Does anyone have any pointers on how to uninstall the program? First I tried restarting and uninstalling it again from the Control Panel Then I checked the services for any SCC_Service (nothing there) Then checked for any scc.exe or cscc.exe to try to terminate it.(found nothing) (Using Task Manager and Process Explorer) Tried over the command line uninstall.exe file Ran the whole process twice using an Administrator account.

Optimal use of multiple interfaces do download a large file (a riff on load balancing) Posted: 11 Jun 2022 04:01 PM PDT Lets assume a simple setup: A linux box with 2 interfaces, each with a 5mbps download cap, so a theoretical total download bandwidth of 10mbps. A remote server unlimited in bandwidth holds a file of 1TB. Correct me if I'm wrong, but I'm under the impression that a typical rsync job over ssh would be bound to one interface in this case, so you'd see a 5mbps download. What solutions could one explore to get the 10mbps? Network configuration and software (presumably along the lines of BitTorrent) solutions are all welcome as the ultimate goal is an optimal download.

Postfix - receiving response was: 550 5.1.1 - User unknown in local recipient table Posted: 11 Jun 2022 03:20 PM PDT I'm trying to setup a webmin - postfix server Because im using cloudflare i follow: https://developers.cloudflare.com/dns/manage-dns-records/how-to/email-records/ this tutorial how to make a mail record Than i follow: https://www.trustfm.net/ebooks/DedicatedServer.php?page=EmailAccounts This tutorial so i can make the inbox and user now when i try to send email to the maail@domain.net i got this message The response from the remote server was: 550 5.1.1 maail@domain.net: Recipient address rejected: User unknown in local recipient table im new at postfix and webmin Could someone help me by fixing the issue ?

Redirecting traffic via Wireguard VPN Posted: 11 Jun 2022 03:35 PM PDT I have a public IPv6 address but not an IPv4. Therefore I want to route the traffic via a VPS with a public IPv4 and an IPv6 address. My question is how to create this type of tunnel with Wireguard. The tunnel from the VPS to a device in my network is not the challenge, but rather how to redirect the packets on the server to that tunnel. I've done a bit of research and my approach would look like this. My Network device [Interface] Address = <DEVICE IPv6> PrivateKey = <private key> ListenPort = <DEVICE PORT> # Peer to VPS [Peer] PublicKey = [PUBLIC KEY VPS] AllowedIPs = [VPS IPv6] Endpoint = [VPS IPv6]:[VPS PORT] VPS [Interface] Address = <VPS IPv6> Address = <VPS IPv4> PrivateKey = <private key> ListenPort = <VPS PORT> # Peer to device [Peer] PublicKey = [PUBLIC KEY DEVICE] Endpoint = [DEVICE IPv6]:[DEVICE PORT] AllowedIPs = 0.0.0.0/0, ::/0 # Example peer of client [Peer] PublicKey = <client public key> AllowedIPs = 0.0.0.0/0, ::/0 Example Client [Interface] PrivateKey = <private key> ListenPort = <CLIENT PORT> [Peer] PublicKey = [PUBLIC KEY VPS] Endpoint = [VPS IPv4]:[VPS PORT], [VPS IPv6]:[VPS PORT] AllowedIPs = 0.0.0.0/0 Is this possible? Or do I need to create two WG interfaces and route the traffic between?

Can you use ostree to manage chroots? Posted: 11 Jun 2022 03:35 PM PDT I've recently started managing a personal server running a fedora derivative. I really like the idea of ostree, but the toolbox seems to get in the way more than I'd like for the tasks I'm working on. Coming from the FreeBSD world, I wanted something akin to jails, which seemed a bit more like chroots than containers. Is there any way to deploy versions of the ostree to a chroot? I'd like to have a shared base across all chroots, but then be able to change the software via rpm-ostree once inside (possibly still seeing those layers from the global ostree). Is this possible? Does it even make sense to take this approach?

GCP instance is not able to ping to external server Posted: 11 Jun 2022 03:36 PM PDT I have a python script that is executed by a newly created GCP instance every day at a specific time. The instance is destroyed after that. This has been working fine for the past few months. I noticed that for the past few days the script was not working. The GET endpoint fired from the script was timing out. I tried curl from the GCP instance and that too timed out. In fact, I am not able to even ping the external web server. I tried recreating the instance but nothing has worked. I use the default network, default subnet, and default firewall rules. Nothing has changed from my side. Could someone please give me some pointers?

ESXi: DNS appears not working properly Posted: 11 Jun 2022 04:01 PM PDT I have a working ESXi instance. Until recently, domain resolution worked this way: esxi.example.com is resolved to ESXi host instance (hereinafter "Host") within LAN. A VM ("Guest1") on Host runs Linux, and it's hostname is configured as 'guest1.example.com' on guest OS. Then, guest1.example.com is resolved to Guest1 within LAN. Today I realised things aren't working this way. i.e. within LAN, guest1.example.com is not resolved at all. I've confirmed these things: nslookup on Host SSH, Guest1 shell, and another PC within LAN, all fail. /etc/hostname on Guest1 is left unchanged. i.e. the content was 'guest1.example.com'. The VM list on ESXi web client (esxi.example.com/ui) shows 'guest1.example.com' as the hostname value of Guest1, which is correct. I'm totally at lost how I can resolve this issue. Any hint would be appreciated. ESXi client version 1.33.5 (build 15102916) ESXi version 6.7.0 (build 15160138)

MongoDB keeps failing on startup with exit code, status=100 Posted: 11 Jun 2022 04:01 PM PDT Everytime I start MongoDB, it runs for about 1 second before crashing with the following error: Active: failed (Result: exit-code) since Thu 2020-03-12 09:47:17 EDT; 6s ago Docs: https://docs.mongodb.org/manual Process: 1931 ExecStart=/usr/bin/mongod --config /etc/mongod.conf (code=exited, status=100) Main PID: 1931 (code=exited, status=100) Mar 12 09:47:14 myServer systemd[1]: Started MongoDB Database Server. Mar 12 09:47:17 myServer systemd[1]: mongod.service: Main process exited, code=exited, status=100/n/a Mar 12 09:47:17 myServer systemd[1]: mongod.service: Failed with result 'exit-code'. Also, in the logs file: Cannot start server with an unknown storage engine: mmapv1 I've tried reinstalling MongoDB, giving the mongodb user ownership of /var/lib/mongodb, and removing the mongodb.lock file, to no avail. Any suggestions?

Difference between cryptographic providers for Windows Server 2019 certificate authority private key? Posted: 11 Jun 2022 12:03 PM PDT I'm going through the process of creating a Microsoft certificate server on Windows Server 2019 and was wondering what the difference between these cryptographic providers were in the setup wizard? Is this KSP selection only for what's used for the private key of the CA? And can any certificates issued by the CA after setup use a different KSP? RSA#Microsoft Software Key Storage Provider DSA#Microsoft Software Key Storage Provider ECDSA_P256#Microsoft Software Key Storage Provider ECDSA_P384#Microsoft Software Key Storage Provider ECDSA_P521#Microsoft Software Key Storage Provider

How to debug frequent "connection reset by peer" Posted: 11 Jun 2022 01:04 PM PDT Recently I started to have very frequent "connection reset by peer" on calls to an external provider. My application (client) is a Go application, doing some simple POST to an external provider over HTTPS Some context: Go client application is running on docker. The "connection reset by peer" is frequent, but erratic. Provider says nothing is wrong on their end. Ok, RST can come from anywhere in between us. The host instance ifconfig: docker0 Link encap:Ethernet HWaddr [REDACTED] inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) eth0 Link encap:Ethernet HWaddr [REDACTED] inet addr:10.208.19.134 Bcast:10.208.19.255 Mask:255.255.255.128 inet6 addr: fe80::8d:fdff:fe90:f410/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:9001 Metric:1 RX packets:37685240 errors:0 dropped:0 overruns:0 frame:0 TX packets:37927624 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:13408927179 (12.4 GiB) TX bytes:14057395581 (13.0 GiB) I tried: Ran tcpdump -vv -i eth0 -s 65535 -n dst host [[PROVIDER IP]] -w capture.cap & on host instance (EC2) Opened capture with Wireshark an looked for tcp.flags.reset==1 Couldn't find anything. And am sure there were connection reset by peer during the capture (as we have logging in place). All I wanted to understand is where the RST is coming from (if that is possible). So, what options do I have to look for the root cause of all these sudden errors?

Docker, csf and mariadb connection Posted: 11 Jun 2022 11:09 AM PDT I have a host with csf firewall allowing some external ports like ssh, http, https. I have now installed docker and mariadb through docker. I use docker run command with -p 6000:3306, so that means that docker exposes mariadb port in 6000. I try mysql -h 127.0.0.1 --port 6000 -u root -ppass but seems it cannot connect. If I stop csf it connects. So how can I unblock all local connections from csf to docker containers?

How to setup a different root for an Nginx location? Posted: 11 Jun 2022 03:00 PM PDT I'm setting up my local web dev server using NGINX and PHP-FPM on OS X. I've installed both services and set up a virtual for localhost domain. So far everything works: nginx is running correctly it's able to read files from the custom root configured for localhost server_name php files are processed correctly The next thing that I'm trying to set up is an alias for the /phpmyadmin path on the localhost domain. I would like for the url http://localhost/phpmyadmin to load its contents from /usr/local/share/phpmyadmin rather than from the default configured root. I've added this location block in my localhost server configuration: location /phpmyadmin { alias /usr/local/share/phpmyadmin; include /usr/local/etc/nginx/conf.d/php-fpm; } but the response on http://localhost/phpmyadmin requests is 404. Here are the configs that I used: /usr/local/etc/nginx/nginx.conf worker_processes 2; error_log /usr/local/etc/nginx/logs/error.log debug; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /usr/local/etc/nginx/logs/access.log main; sendfile on; keepalive_timeout 600; gzip on; gzip_disable "msie6"; gzip_vary on; gzip_proxied any; gzip_comp_level 2; gzip_buffers 16 8k; gzip_http_version 1.1; gzip_min_length 256; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon; index index.html index.php; include /usr/local/etc/nginx/sites-enabled/*; } /usr/local/etc/nginx/sites-available/default server { listen 80; server_name localhost; root /Users/sebi/www/localhost; access_log /usr/local/etc/nginx/logs/default.access.log main; error_log /usr/local/etc/nginx/logs/default.error.log debug; location / { include /usr/local/etc/nginx/conf.d/php-fpm; } location /phpmyadmin { alias /usr/local/share/phpmyadmin; include /usr/local/etc/nginx/conf.d/php-fpm; } error_page 404 /404.html; error_page 403 /403.html; } /usr/local/etc/nginx/conf.d/php-fpm location ~ \.php$ { try_files $uri = 404; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } * UPDATE * I figured out that my location block for /phpmyadmin was misconfigured. I need to point it to /usr/local/share like this: location /phpmyadmin { alias /usr/local/share; include /usr/local/etc/nginx/conf.d/php-fpm; } but this still doesn't work and I found out that it's due to how the path is configured. It's a relative symlink. If I create a new symlink to the absolute path, it will work. Examples: /usr/local/share/phpmyadmin -> ../Cellar/phpmyadmin/4.7.4/share/phpmyadmin doesn't work resulting in a directory index of "/usr/local/share/" is forbidden error /usr/local/share/pma -> /usr/local/Cellar/phpmyadmin/4.7.4/share/phpmyadmin works. Any ideas on how to configure nginx to allow reading from relative symlinks?

Apache 2.4.23 reports "server certificate does NOT include an ID", but everything works Posted: 11 Jun 2022 01:04 PM PDT Apache (2.4, both versions .20 and .23) is sending the following waring to my error log: [Tue Oct 04 09:17:02.438371 2016] [ssl:warn] [pid 55157:tid 140100469708544] AH01909: <host>:<port>:0 server certificate does NOT include an ID which matches the server name However, when I go to https://host:port/... with Google Chrome, I get the green lock, and clicking on it and looking at the server information gives all the correct information about my server. Is this an apache bug? A failure of my understanding? ## ## SSL Virtual Host Context ## <VirtualHost _default_:<port>> DocumentRoot "<the path>" ServerName <host>:<port> Should I replace "default" with my host name? openssl x509 -in [cert file] -noout -subject --> subject= .../OU=PlatinumSSL/CN=[host] So I have defined the server name correctly in the conf file, and the certificate has the host name correctly listed.

caching system between nginx and gunicorn for django Posted: 11 Jun 2022 03:00 PM PDT I have a django project that I'd like to setup caching for. I want my caching system to cache everything after nginx. I found varnish but it has a problem - I use unix socket for communications between gunicorn and Nginx, but varnish doesn't support unix sockets. Is there a way or other caching tool to use? I also using django caching but I need a cache before gunicorn and after nginx. What is the best method?

SCP copy windows local file to linux remote folder Posted: 11 Jun 2022 03:36 PM PDT How to get a file from my path d:/test.txt and copy it to /etc/var/test/test.txt? I've tried this: scp d:/test.txt /etc/var/test/test.txt but that didn't work. How do I set the hard disk from where I copy my files?

Ubuntu server not using localhost IP for internal communication Posted: 11 Jun 2022 02:03 PM PDT I am using Ubuntu Server 13.04 on my mail system. I am just setting the Postfix and Amavis. In every config for communication I am using 127.0.0.1 as IP address to pass mails to amavis. When I look to the logs its still trying to connect to Amavis with my eth0 IP address which is connected to the internet. I dont want to allow this IP address in the configs. Is there any way how to tell Ubuntu to use the 127.0.0.1 instead of my internet IP address? I dont know why this is happening. Thank you. Edit: More info This is what I set in postfix main.cf: content_filter = amavis:[127.0.0.1]:10024 and master.cf: 127.0.0.1:10025 inet n - - - - smtpd -o mynetworks=127.0.0.0/8 Also this is what I have in /etc/amavis/conf.d/50-user: @inet_acl = qw( 127.0.0.1 ); But when I try to receive a mail, in the logs there is: amavis[29607]: () (!)DENIED ACCESS from IP 1.2.3.4, policy bank '' where 1.2.3.4 is my IP address of eth0 interface.. Why its not accessing it with 127.0.0.1 but with eth0 IP address? I think I am missing something and this might be just how it works.. I am just asking if there is any explanation or possibility to change this. Because now I always have to add my IP address to inet_acl and the subnet mynetworks.. Thanks.

How to create client SSL certificates for staff using CaCert CA? Posted: 11 Jun 2022 02:03 PM PDT I would like to restrict the access of a homepage using client SSL certificates. The most tutorials on the internet describe it like this: create own key CA.key create server key server.key (self-signed) sign server.key using CA.key create (multiple) client keys client_xx.key sign client_xx.key using CA.key I don't want to self-sign my server key, but use CaCert instead. So I omitted the first step. But when I want to create the client certificates, which key do I need to use? I don't have CaCerts CA.key.

HKEY_USERS entry for service account Posted: 11 Jun 2022 12:03 PM PDT I've created a service account for a scheduled task on our 2008R2 server. The task runs a PowerShell script, which will, among other things, download an archive from a Linux server every time it is run using PuTTY's PSCP. However, it does not work, since the service account has never connected to that server before, and does not know its host key. Reading the manual and searching, it turns out that these keys are stored in the registry, under HKEY_USERS\<SID>\Software\SimonTatham\PuTTY\SshHostKeys. But here is the problem: since it is not allowed local login, the service account does not have a local profile, so it does not have an entry in HKEY_USERS. How can this be fixed? I doubt it'd be a very good idea to just create the SID key under HKEY_USERS, but there must be some workaround? Could I put this in some default user key?

Difference between "NT AUTHORITY\NETWORK SERVICE" and "NT AUTHORITY\SYSTEM" Posted: 11 Jun 2022 03:36 PM PDT I am installing MS SQL Server 2008 R2 and I got to the window where I have to set the service accounts. I want to know the difference between NT AUTHORITY\SYSTEM and NT AUTHORITY\NETWORK SERVICE. I tried to Google it but I found no well-defined answer for this question which I hope to find here.

Is the context of local user of AD-joined machine a domain machine account or of local machine account? Posted: 11 Jun 2022 03:36 PM PDT I am a developer and curious how Windows server machines are used. A) I believe that they show interactive login screen but run without any user had ever logged-in. Correct? In context of definition of (*), under which account the booted Windows AD-joined-machine is identified/secured by AD DC (Domain Controller): B) Local machine account (Table 1 in (*)) C) Domain machine account (Table 2 in (*)) AD-joined machine show login screen permitting 2 basic logins thereafter: Local user account Domain user account In which context - B) or C) - runs the following after A), i.e after login screen, the further logged-in local user 1)? Update 1: I know how identification, impersonation, and delegation of processes work. This question is about when a Windows machine is booted and shows the interactive login screen with choices. Under which machine account is it booted before any (interactive) user login? when it shows login screen? Well, basically I am re-writing the original questions. But, having read (*), I cannot understand why "Machine SID for computer DEMOSYSTEM" (in Table 1) is needed at all. It is not used to access other machine before joining machine to AD, even less it seems to be needed after (joining a machine to AD). Update 2: Also, it is difficult to believe that local user account of machine before joining to domain is the same as after joining. Computer is identified and channel is secured by DC even for local account of AD computer but not for workgroup one. Subquestions forked from this question: workgroup Windows users (or groups) can use domain accounts? but not vice versa? Domain Admins vs. Administrators in Windows AD DC Cited: (*) Aaron Margosis's weblog Machine SIDs and Domain SIDs Related question: Windows workgroup LocalSystem vs. domain (AD) LocalSystem [closed]

You are subscribed to email updates from Recent Questions - Server Fault. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States