serverfault.com

Environment VPS: 2 CPU / 4 GB RAM / 1 IP OS: CentOS 7.4 Web server: Apache (Sentora) + PHP 5.4 prefork DNS/CDN: Cloudflare Free + Flexible SSL ~10 main domains, ~24k mini-sites (subdomains) Architecture overview I use one central domain (maindomain.com) to handle routing for all subdomains of all other domains. On Cloudflare, every secondary domain has: CNAME * maindomain.com All requests from subdomains are rewritten at the Apache global VirtualHost level (not .htaccess), and AllowOverride is disabled and mapped dynamically to folders under: /app/sites/{unique-sub-domain-slug}/ Each main domain itself has its own independent VirtualHost and works normally. Symptoms Everything works correctly under low traffic. However, when

I'm running synapse inside a podman compose setup, but inside the container, the service runs into errors due to not being able to access a file inside the mounted volume: ... File "/usr/local/lib/python3.13/site-packages/synapse/media/media_storage.py", line 233, in store_into_file os.makedirs(os.path.dirname(media_filepath), exist_ok=True) ~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "<frozen os>", line 218, in makedirs File "<frozen os>", line 218, in makedirs File "<frozen os>", line 218, in makedirs File "<frozen os>", line 228, in makedirs PermissionError: [Errno 13] Permission denied: '/data/media_store/remote_content' Inside the container (with podman exec -it <container> bash) I can see that the directory is owned by root:

Using OpenSSH certificates for host keys and user keys, I wonder whether their expiration could be monitored automatically in advance (before they actually do expire): Of course the issuing CA could monitor the expiration, but it's not clear whether all certificates are used actually When the user logs in using a certificate, the ID, serial number and fingerprint are logged, so that could be cross-checked with the CA When logging in to a host that presents a host certificate, nothing about the certificate is being displayed (only when using ssh -v you'll see certificate, ID, serial number, issuing CA and validity) Say you have a central monitoring system, how could host and user certificates be monitored? Specifically user certificates used for automatic processing (like clusters, configuration, backup, monitoring) would be interesting.

Let suppose we have static website with Apache 2.4 behind nginx reverse proxy. Nginx provides HTTPS and connects to Apache on HTTP port. Then you request https://example.com/dir . Because it is a directory, Apache process the trailing slash with: location: http://example.com/dir/ This is obviously "incorrect", because the connection suppose to be https:// . I tried to fix this problem using following: SetEnvIf X-Forwarded-Proto https HTTPS=on However this fix nothing. Another fix that was suggested to me was something complicated with mod_rewrite. I don't think mod_rewrite is the way to go, but it still did not worked when I tried. The only way I was able to fix it was with nginx: proxy_redirect http://$host $scheme://$host; However this breaks redirects like https:// -> http:// , I know

I have encountered a particularly strange issue using vsftpd 3.0.3 on Debian 12. I have created an vsftpd user testftp which works when connecting without additional configuration. My vsftpd config includes the user_config_dir=/etc/vsftpd_user_conf option as I intend to change the local_root option for this user. The moment I create the /etc/vsftpd_user_conf/testftp file, my connection will no longer work. FileZilla gives the following error: tatus: Connection established, waiting for welcome message... Status: Initializing TLS... Status: TLS connection established. Command: USER testftp Response: 331 Please specify the password. Command: PASS *********** Error: GnuTLS error -15 in gnutls_record_recv: An unexpected TLS packet was received. Error: Could not read from socket: ECONNABORTED - Connection aborted Error: Could not connect to server On the vsftpd log side, I

I've tried all of: aws s3api restore-object --bucket $MYBUCKET --key $KEYFORFILE --restore-request '{"Days": 15, "GlacierJobParameters":{"Tier": "Standard"}}' --output json which had no error or output but nothing restored. also: s3cmd restore s3://$BUCKET/$SUBDIR/ --dry-run --debug --recursive --verbose --stats --progress --restore-priority=standard --restore-days=15 --region=us-east-1 --include="${KEY_PREFIX}*" that choked even without doing anything for real. I've tried the example at https://aws.amazon.com/blogs/storage/restoring-archived-objects-at-scale-from-the-amazon-s3-glacier-storage-classes/ with modifications for our bucket set up. I get job output, but no restores, no error messages. I'll just

I find that using the web UI https://portal.azure.com is rather slow to deploy a new Azure OpenAI GPT endpoint. How can I use Azure Cloud Shell to deploy a new Azure OpenAI GPT endpoint using CLI?

I'm working with Exim version 4.97 in ubuntu server. I have the splitted file configuration and I want to be sure that SMTP Authentication is available only for SMTPS connections. How can I do it? Consider I still want to accept plain connection from 25 port, but not to be used as outbound SMTP server, but just to handle local mailbox deliveries received by other smtp servers. This is the reason why I want to enforce SMTPS for authentications.

as the topic says: I am trying to connect to a Fortinet VPN server using Strongswan. IKEv1 phase 1 and phase2 work, PSK works, user auth works and then I receive a token via mail. Unfortunately, there is no place to enter it (Strongswan seems to be non-interactive after user auth succeeded). Is there a way to make this work? TIA, tm

I want to implement a custom iSCSI target on Windows Server 2019 that exports a physical disk (\.\PhysicalDriveX) in strict read-only mode to a Windows client. Requirements: Disk should appear as a locally attached SCSI disk on the client. Full disk layout visible (GPT/MBR, partitions). All WRITE commands rejected. No VHD/VHDX wrapper. Questions: Is user-mode implementation (Winsock + raw disk reads) sufficient, or is a kernel-mode StorPort/virtual SCSI driver required? Which Windows components or tools are needed (Windows SDK, WDK)? If implemented as read-only at SCSI level, is it architecturally safe from disk corruption? Looking for architectural guidance on the correct implementation path.