serverfault.com

I am planning to deploy a high traffic application on AWS EC2. The backend includes both PHP and Node.js. For PHP I need Apache compatibility due to .htaccess and existing behavior, while Node.js handles APIs and background services. I am deciding between using a control panel such as Plesk or cPanel, or configuring everything manually. In both cases the stack would be similar, with Nginx in front and Apache with PHP FPM handling PHP, alongside Node.js running separately. The difference is that a control panel adds extra services like its interface and other background components, while a manual setup would remain minimal. My focus is only on performance and security in a production environment under high traffic. Does a control panel introduce any meaningful overhead compared to a minimal manual setup with the same stack? From a security perspective, how significant is the additional attack surface of a control panel in real-world use? Also

I'm having trouble setting up SPF for my domain. I use email marketing services, but I keep getting SPF errors when sending emails. For example, one of the errors looks like this: 185.225... - SPF fail I'm not sure which service this IP is from. It's a Google IP address, but I don't know how to properly configure SPF for all the services I use (like MailerLite and others). I also have questions about configuring these services with the correct SPF records to prevent errors. My current SPF record looks like this: stratoplan-school.com. 3600 TXT "google-site-verification=Vd2u0DJC65p1w4iGqNS6U9D0u0wa6i8-l5UYtM7qB6I" 8.8.8.8 (103 msec) stratoplan-school.com. 3600 TXT "v=spf1 include:_spf.mlsend.com include:_spf.google.com include:mxsspf.sendpulse.com include:_spf.amocrmmail.com ~all" 8.8.8.8 (103 msec) stratoplan-school.com. 3600 TXT "shop-verification-oa2QwwqvAl" 8.8.8.8 (103 msec) strato

I sort of frequently encounter software that pretends it owns all of a PostgreSQL instance and wants to create a database, even if it's already there and the software uses the account owning the database. I know how to alter user <application_user> createdb;, but would like to have an option to say something like alter user <application_user> createdb matching ('regular expression here');, so that the user can only create databases with names matching the given regular expression. What are my options, please?

Environment Host: CachyOS (Arch-based), KDE Plasma 6.6.2, Wayland (kwin_wayland) Hardware: Lenovo ThinkPad T14s Gen 4, AMD Ryzen 7 PRO 7840U, Radeon 780M Display: 2880x1800 physical, KDE global scale: 2x → logical resolution 1440x900 Kernel: 6.18.17-1-cachyos-lts, amdgpu/Mesa 26.0.2 Guest: Kali Linux, KDE Plasma, X11 session, scale 2x VM: QEMU/KVM via virt-manager Video: VirtIO GPU (virtio-vga), 3D acceleration + OpenGL enabled Display: SPICE server + OpenGL Input: USB EvTouch Tablet (absolute mode) + PS/2 mouse (cannot be removed) spice-vdagent: 0.23.0-1+b1, running (system daemon + user session) Problem The mouse cursor is visually shown at a position exactly half the screen away from where clicks actually register — both horizontally and vertically. This only happens when the guest resolution is set to fill the screen (e.g. 2880x1508, the SPICE preferred mode). The offset is exactly proportional to the 2x host scale fa

I’m running an Ansible playbook that installs coturn using a dynamic AWS inventory (aws_ec2 plugin). Setup Inventory: inventories/coturn/hosts.aws_ec2.yml (aws_ec2 plugin) Group vars file: inventories/coturn/group_vars/aws_ec2.yml Variables defined there: env: "stg" domain_name: "coturn.example.com" bucket_name: "bucket.com" coturn_git_ref: "docker/4.9.0-r0" I have a playbook that calls a role, in that role, have a step to setup a coturn. In the role: - name: clone coturn repo git: repo: https://github.com/coturn/coturn.git dest: /home/bot/coturn version: "{{ coturn_git_ref }}" I get: 'coturn_git_ref' is undefined Confusing part: other variables such as bucket_name (from the same group_vars/aws_ec2.yml) works fine. coturn_git_ref is not found Wh

We have a small application on the App Engine app and use the Identity Aware Proxy (IAP) to control who can access the application. No changes have been made to the App Engine app or IAP. Since yesterday, the IAP is not able to show the resource of the App Engine App and says "Failed to load IAP resources". App Engine app is still running and can be accessed by members who had access to app earlier but no new members can be added. Any suggestions on where to start?

Since this morning, my two VMs, installed in different areas of Santiago, Chile, won't turn on. What can I do? A e2-standard-4 VM instance is currently unavailable in the southamerica-west1-a zone. Alternatively, you can try your request again with a different VM hardware configuration or at a later time. For more information, see the troubleshooting documentation.

I'm running Postfix 3.10 on an Ubuntu 24.04 server, with these settings in /etc/postfix/main.cf: smtpd_client_restrictions = # previous entries omitted for brevity warn_if_reject reject_unknown_client_hostname smtpd_helo_restrictions = # previous entries omitted for brevity warn_if_reject reject_unknown_helo_hostname I noticed that the warn_if_reject warnings are logged surprisingly often, e.g.: postfix/smtp/smtpd[86198]: NOQUEUE: reject_warning: RCPT from unknown[2607:f8b0:4864:20::53d]: 450 4.7.25 Client host rejected: cannot find your hostname, [2607:f8b0:4864:20::53d]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-pg1-x53d.google.com> Many of the failures are correct (spammers using hosts without reverse DNS records), but many are from supposedly legitimate senders (such as the above example from Google). I manually verified

I need to prevent Microsoft 365 Companion Apps such as People, FileSearch, Calendar from automatically starting. I am administrator for several hundred Windows 11 clients, so I need to do this unattended with a policy or script. I tried removing the apps using PowerShell: Get-AppxPackage *people* | Remove-AppxPackage But the applications are not removable. Another suggestion found online is disabling them in the Microsoft 365 Apps admin center. Here you can disable the installation and the autostart of the apps, but only if they are not already installed. What to do with the devices that already have the apps installed? Then I searched multiple places in the Registry in HKCU and HKLM: \Software\Micros

When I flash Windows 10/11 ISO to USB drive on Linux using dd or Gnome's Disks utility the Windows installer can't find any drive for installation. What I'm doing wrong?