serverfault.com

For some reason (probably a python dependance), needrestart marks openhab.service as a candidate to restart. I want that service to be ignored. Following an answer on StackExchange (How to make `needrestart` not defer restarting some services), and some Ubuntu (https://discourse.ubuntu.com/t/needrestart-changes-in-ubuntu-24-04-service-restarts/44671) and Debian (https://sources.debian.org/src/needrestart/2.11-2~bpo8%2B1/ex/needrestart.conf/) sources, I implemented this in /etc/needrestart/needrestart.conf: [...] $nrconf{override_rc} = { [...] # don't res

I'm facing a truly bizarre Docker TLS issue that has exhausted all standard debugging methods. I have two Rocky 9 systems, and a Docker pull operation with a self-signed registry works on one but fails on the other, despite the systems being identical in every conceivable way. The Phenomenon: System A (Old): Placing a self-signed CA certificate at /etc/docker/certs.d/my-registry.com/ca.crt allows docker pull my-registry.com/image:tag to succeed. System B (New): Using the exact same certificate file, permissions, and directory structure results in a failure: x509: certificate signed by unknown authority. My Exhaustive Debugging Process: I have systematically verified that the two systems are identical across all known dimensions. Here is the checklist of what I've confirmed to be exactly the same

I have a question about deployment strategies. Our end-clients (mainly public sector institutions) use Windows Server as their production environment, and I want to implement a clean, maintainable deployment process — ideally without having to run git pull, generate the Angular dist, or install Laravel dependencies (vendor) directly on the production server. Currently we use powershell scripts to do this. In our current workflow, we have a Linux-based staging server where we publish the development build. This staging environment uses Docker, and deployments consist of building a new image and recreating the container. My question is: what do you recommend for Windows environments? For example, one of our clients uses Windows Server 2022 with 8 GB RAM and 4 CPU, while others have much larger machines (up to 256 GB RAM and 32 CPU). Our stack is: Frontend: Angular 20 (Node v24) Backend: Laravel 12 (PHP 8.2) Databases: typically Pos

systemctl status after reboot of the system: Nov 28 19:16:07 my-debian systemd[1]: Starting dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server... Nov 28 19:16:07 my-debian dnsmasq[833]: started, version 2.91 cachesize 1000 Nov 28 19:16:07 my-debian dnsmasq[833]: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset nftset auth DNSSEC loop-detect inotify dumpfile Nov 28 19:16:07 my-debian dnsmasq[833]: cleared cache Nov 28 19:16:07 my-debian systemd[1]: Started dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server. systemctl restart: Nov 28 19:23:51 my-debian systemd[1]: Starting dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server... Nov 28 19:23:51 my-debian dnsmasq[1004]: started, version 2.91 cachesize 1000 Nov 28 19:23:51 my-debian dnsmasq[1004]: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP

I currently have Debian bullseye distribution installed (Pi 4 device, Raspberry Pi OS bullseye, arm64). This device is part of an office server environment for which there is an nginx web server instance running. The latest version of nginx available for bullseye is 1.18, and now I want to upgrade it. I followed the official procedure detailed here (I chose the mainline packages option): https://nginx.org/en/linux_packages.html#Debian I did add the package pinning file as indicated: $ more /etc/apt/preferences.d/99nginx Package: * Pin: origin nginx.org Pin: release o=nginx Pin-Priority: 900 When I issue sudo apt update apt-cache policy nginx nginx-common nginx-extras it shows the following: nginx: Installed: (none) Candidate: 1.29.3-1~bullseye Ver

I'm trying to get HTTP/3 complete working. Here my Nginx setup: server { ..... ## Enable HTTP/2 listen 443 ssl; http2 on; ## Enable HTTP/3 listen 443 quic reuseport; http3 on; add_header Alt-Svc 'h3=":443"; ma=86400'; ..... } In the FireFox Developer tool I can see HTTP/3 accesses, but the first one is always a HTTP/2 access. But I think that's normal. If I check my site with http3check.net I always got a QUIC connection could not be established and also I can't access to the TYPO3 backend anymore. I see only the the menu on the left site and than an 400 Bad Request error. Have I done something wrong or is that still an error in the Nginx HTTP/3 part? And is that already fixed on an later Nginx version? Edit 2025-11-28 Here a screenshoot from FireFox of the TYPO3 problem:

I have an Ubuntu server (5.15.0) which is used for personal web app mostly. The problem I can't really wrap my head around is: I can't connect to any app listening on any port except those I have in my nginx config. All ports I was interested in were allowed in ufw. I tried disabling ufw completely, just in case. For example: I have a docker container running with port 5454 published and I'm proxying to 5454 in nginx like this: ... listen 443 ssl; server_name example.com; location / { proxy_pass http://localhost:5454; ... I can access the web app on https://example.com without any issue I get response if I try curl 0.0.0.0:5454 on server I get curl: (56) Recv failure: Operation timed out if I try curl xxx.xxx.xxx.

Using the default Falco helm chart i installed Falco and sidekick UI firstly without k8saudit plugin. After updating the configmaps accordingly to install, configure and load k8saudit, daemonset redeploy, changed sidekick default password, etc..., it seems the webhook is running but doesn't behave correctly and k8saudit events source are still not visible in sidekick UI. I already raised an issue ( falcosecurity/falcosidekick - Issue 1289 ) in the falco sidekick official github repo, but although it i still can't get off my mind that the issue is probably more an EBKAC error (Error Between Keyboard And Chair) altough i can't find why at the moment. Below all the technical elements: Environment 3 Node cluster (1 master, 2 workers) behind a corporate proxy (configured at apt, containerd, etc...level). Logs and detailed elements provided below

I’m wondering how to protect a directory from being overwritten during package updates on Ubuntu 24.04. If I run a command like this, will it ensure that any files from the update are redirected to the sounds.divert directory, preventing the original directory from being automatically overwritten? sudo dpkg-divert --add --local --divert /usr/share/asterisk/sounds.distrib /usr/share/asterisk/sounds

I have the following SPN's registered for "myserver" on my DC: setspn -L MYSERVER Registered ServicePrincipalNames for CN=MYSERVER,OU=Domain Controllers,DC=my,DC=local: Dfsr-12F9A27C-BF97-4787-9364-D31B6C55EB04/myserver.my.local TERMSRV/MYSERVER TERMSRV/myserver.my.local ldap/myserver.my.local/ForestDnsZones.my.local ldap/myserver.my.local/DomainDnsZones.my.local DNS/myserver.my.local GC/myserver.my.local/my.local RestrictedKrbHost/myserver.my.local RestrictedKrbHost/MYSERVER RPC/f2e9d2ec-472a-4d24-8a4c-05df46a77536._msdcs.my.local HOST/MYSERVER/MY HOST/myserver.my.local/MY HOST/MYSERVER HOST/myserver.my.local HOST/myserver.my.local/my.local E3514235-4B06-11D1-AB04-00C04FC2DCD2/f2e9d2ec-472a-4d24-8a4c-05df46a77536/my.local ldap/MYSERVER/MY ldap/f2e9d2ec-472a-4d24-8a4c-05df46a77536._msdcs.my.local ldap/myserver.my.local/MY ldap/MYSERVER ldap/myserver.my.local ldap/myserve