serverfault.com

User Identity: [email protected] (and [email protected]) Source Project: sbr-coach-prod (Project Number: 8943596778866) Destination Org: beaconsfield-enterprises.com (Org ID: 13164570922) The Issue Attempting to migrate the project sbr-coach-prod from a "No Organization" (standalone) state into the Beaconsfield Organization. Despite having all required IAM roles and modifying Organization Policies, the move fails with Permission Denied (error: resourcemanager.projects.update). Steps Already Taken IAM Roles Assigned (Destination Org Level) The following roles were granted to the Beaconsfield identity at the Organization level: Organization Administrator Project Creator Project Mover Folder Admin Project Billing Manager IAM Roles Assigned (Project Level) To satisfy the "handshake," the Beaconsfield identity was invited to the sbr-coach-prod pro

I face the following error while trying to pull an image error pulling image configuration: Get "https://docker-images-prod.6aa30f8b08e16409b46e0173d6de2f56.r2.cloudflarestorage.com/registry-v2/docker/registry/v2/blobs/sha256/e1/e1ace0ff02a53cac14dcec3a648b8b36e7212da8bdfc152442efbde66b70bc36/data?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=f1baa2dd9b876aeb89efebbfc9e5d5f4%2F20260501%2Fauto%2Fs3%2Faws4_request&X-Amz-Date=20260501T152452Z&X-Amz-Expires=1200&X-Amz-SignedHeaders=host&X-Amz-Signature=e95252d07f6684c971f1d9706232fda6279a02fd0efacf7268d6393ff604c66a": net/http: TLS handshake timeout

I spent a lot of time defining these rules but they are not working. Something is wonky. I have 2 a records on my first host (which is not hostinger) that point www.automation.MYDOMAIN.com as well as automation.MYDOMAIN.com to the IP of my VPS on Hostinger. I verified that the DNS for both A records all point properly to hostinger and are resolved properly. Pinging works and all is good. I am not using directories because i am just connecting my n8n interface running on port 5678 to the outside. What i want is very simple and i thought i had achieved it but it's not working properly. I want all my none secure requests whether with or without WWW to be redirected to the secure version of that url so that is why i configured this block: <VirtualHost *:80> ServerName automation.MYDOMAIN.com ServerAlias www.automation.MYDOMAIN.com Redirec

I'm trying to start up a productionised Keycloak on Azure Container Apps. As far as I can tell, its starting up fine but being shut down because of health probes thinking it isn't healthy. Here are the logs for the application which show it starting then being terminated ... Connecting to stream... 2026-04-30T10:26:06.64790 Connecting to the container 's175d01-ca-keycloak'... 2026-04-30T10:26:06.70026 Successfully Connected to container: 's175d01-ca-keycloak' [Revision: 's175d01-ca-keycloak--0000004', Replica: 's175d01-ca-keycloak--0000004-d95459d4b-7wfph'] 2026-04-30T10:25:58.6577656Z stdout F 2026-04-30 10:25:58,636 INFO [org.infinispan.CONTAINER] (main) ISPN000974: Virtual threads support: enabled 2026-04-30T10:25:59.7978463Z stdout F 2026-04-30 10:25:59,797 INFO [org.hibernate.orm.jdbc.batch] (JPA Startup Thread) HHH100501: Automatic JDBC statement batching enabled (maximum batch size 32) 2026-04-30T10:25:59.8935145Z stdout F 2026-04-30 10:25:59,893 WARN [io.

Goal: To bypass China's Great Firewall. Use Hysteria for all UDP traffic to increase speed for streaming videos and games. Then use VLESS for everything else (TCP). I got VLESS + Reality set up and working with help mostly from Gemini AI: 3X-UI on Ubuntu 24 on a Hong Kong server with CN2 GIA (optimized connection) to China No firewalls or security groups on the server v2rayN on Windows 11 But I want to take it the next step and also add Hysteria 2, but it's hard to get the correct info from AI and unfortunately there is very little info on setup guides (there are some Chinese videos, but no auto-translation). So far what I got for Hysteria 2 Inbound on 3X-UI: Port 4443 (3X-UI won't let me use 443 since VLESS is using that) I clicked "Set Cert from Panel" to fill in the public/private keys Everything else blank or default like blank SNI, uTLS=chrome, ALPN=h3, etc.

After updating one or more packages with dnf, I usually use the needs-restarting command to find out if the server needs a reboot, but when the dnf update command finishes, the update has already been done and I have to reboot. What I'd like to do is know before installing a package if that update will require a reboot. The reason is simple: to keep the system updated automatically and postpone updates that require a reboot until a later manual intervention. I'd need something like: [user@host ~]# needs-a-reboot-after <PackageName> [enter] If you install/update "<PackageName>", you'll need to reboot the server. [user@host ~]# Is there already something out there that does this? Thanks everyone...

I've now got my Ceph cluster almost ready to use, but in the web dashboard, I don't see any of the four OSDs I've created. Neither do I find any of my NVMe drives the OSDs reside on: Error message: No devices (HDD, SSD or NVME) were found. Creation of OSDs will remain disabled until devices are added. Here is what I get on the command line: mixtile@blade3n1:~$ sudo ceph osd tree [sudo] password for mixtile: ID CLASS WEIGHT TYPE NAME STATUS REWEIGHT PRI-AFF -1 29.80798 root default -9 7.45200 host blade3n1 3 ssd 7.45200 osd.3 up 1.00000 1.00000 -7 7.45200 host blade3n2 2 ssd 7.45200 osd.2 up 1.

I have a Palo Alto PA-VM in AWS set up for a "bump-in-the-wire" firewall for traffic in the same region but different VPC and different account with a Gateway Load-Balancer (GWLB) in between. The short version of this question: does a proper GWLB setup (same region, different accounts) for a "hairpin", "bump-on-the-wire", "north-south" traffic inspection require extra pieces (such as a TGW or other intermediary step) for packets to actually reach the firewall? Is there another technical limitation I'm overlooking? I tried this same setup in my test environment first (all in the same region using different VPCs, main difference was everything on the same account) and it worked fine. I'm cheap, so I swapped the PA-VM for a Linux EC2 at that time. The current setup will have traffic moving as follows: random internet client --> IGW (data vpc) --> VPCendpoint (data vpc, for GWLB) --> GWLB (fw vpc) -->

I am trying to update resource records on a primary DNS bind9 server from a client using nsupdate. There is no issue when using the default 53 port. An issue appears when using DoT (DNS over TLS) over the port 853. The primary DNS bind9 server configuration includes: # named.conf.options tls tls-configuration { cert-file "/path/to/full_chain_cert_file"; cipher-suites "list_of_cipher_suites"; key-file "/path/to/key_file"; prefer-server-ciphers yes; protocols { TLSv1.3; }; session-tickets no; }; options { ... listen-on port 853 tls tls-configuration { !172.16.0.0/12; any; }; listen-on-v6 port 853 tls tls-configuration { !fe80::/10; any; }; ... }; Verifying the DNS server certificate from the client: $ openssl s_client -conne

I’m troubleshooting a sudden and inconsistent failure of client certificate prompts across multiple Java web applications running in a test/development environment. These applications run on two Tomcat servers, versions 9 and 11 using JDK 17 and 25, respectively. The servers are configured to request a client certificate during the initial TLS handshake (not via post-handshake authentication). For months, browsers consistently prompted users to select their CAC card certificate and enter their PIN immediately upon navigating to the application. Then, without any changes to the servers or user configurations, the certificate-selection prompt stopped appearing — but only for some users and only in certain browsers. Here’s what makes the issue confusing: The failure is inconsistent across team members: One teammate still gets the prompt in all browsers. (This teammate is a contractor and is not in our same network but can access