serverfault.com

As part of a learning journey in Azure, I have an Ubuntu VM on Azure running virtualmin for a web host; following a reboot, the device cannot reach the internet, either by IP or DNS. Several package updates happen automatically, however no additional packages were installed. I can't ping the gateway (expected, I believe ICMP is disabled to the gateway) but I also can't ping 8.8.8.8. IPv6 is disabled on this device, and it has an attached public IP. I've searched a lot, and there's a lot I've found about SSH breaking, but this is more than SSH; I cannot install packages or reach any of the running services inbound. Traceroute is not installed, and I can't reach apt to install it. Nothing changed with the NSG rules, but here are the rules: Network configuration in Azure: The VM itself is set to DHCP,

I want to use double nginx reverse proxy: client <--> first nginx reverse proxy <--> second nginx reverse proxy <--> web server 1st nginx server IP: 111.222.333.444. Second nginx server IP: 555.666.777.888. The web server where site is hosted IP: 999.000.111.222. The domain is test.domain.com. 1st nginx config file (111.222.333.444.conf): server { listen 80; server_name test.domain.com; location / { proxy_pass http://555.666.777.888; proxy_cache off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_redirect off; charset off; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } server { listen 443 ssl; server_name test.domain.com; ssl_certificate /etc/nginx/conf.d/ssl.test.domain.com.pem; ssl_certificate_key /etc/nginx/conf.d/ssl.test.domain.com.key; location / { proxy_pass https://555.666.777.888; proxy_cache off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $h

I am troubleshooting a production issue where my Nginx 1.18 reverse proxy appears to be desynchronizing from an Apache 2.4.41 backend. The Problem: During high-concurrency testing or when using specifically crafted Transfer-Encoding: chunked requests, the Nginx frontend seems to lose track of request/response boundaries. I am seeing cases where the response for Request B contains the headers or body fragments intended for Request A (which was an internal-only GET request). Specifically, I’ve seen Base64-encoded CSS strings from the backend appear in the body of an unrelated 404 response. My Setup: Frontend: Nginx 1.18.0 (Ubuntu) Backend: Apache 2.4.41 via proxy_pass Protocol: HTTP/1.1 with Keep-Alive enabled. The Goal: I need the backend to strictly isolate responses so that smuggled or malformed requests in the pipeline don't "bleed" into the next legitim

What's the best way to handle SQL Server performance drops? We have SQL Server 2008 R2, migrated from SQL Server 2000. The database is in SQL Server 2000 compatibility mode. The server has 32 GB RAM, and is 10 years old. The performance decreases day by day. RAM is 90% used, CPU usage is 10% to 30%, the database is 50 GB. I asked AI Anthropic, it gave me this SQL scripts: SELECT TOP 20 wait\\\_type, wait\\\_time\\\_ms / 1000 AS wait\\\_time\\\_seconds, waiting\\\_tasks\\\_count, signal\\\_wait\\\_time\\\_ms / 1000 AS signal\\\_wait\\\_seconds FROM sys.dm\\\_os\\\_wait\\\_stats WHERE wait\\\_type NOT IN ( 'SLEEP\\\_TASK', 'BROKER\\\_TASK\\\_STOP', \\\_BUFFER\\\_FLUSH', 'CLR\\\_AUTO\\\_EVENT', 'CLR\\\_MANUAL\\\_EVENT', 'LAZYWRITER\\\_SLEEP', 'RESOURCE\\\_QUEUE', 'SLEEP\\\_SYSTEMTASK', 'WAITFOR', 'LOGMGR\\\_QUEUE', 'CHECKPOINT\\\_QUEUE', 'REQUEST\\\_FOR\\\_DEADLOCK\

This is my current code: if (!$row['is_verified']) { $message = 'Verifiera din e-post först.'; } elseif (password_verify($postPass, base64_decode($row['PassPhrase1'])) { This decodes the salt of the password using base64_decode (the salt is the 22-char long REMEMBER VARCHAR(22) of the password) But it does not decrypt the actual hash that it is stored with, that was created using password_hash("Code_of_Conduct", PASSWORD_ARGON2ID); Thanks in advance!

By default, dnssec automatic signing produces 'raw' files as output. These are unreadable binary files. If I do not care about the couple of extra megabytes the normal text format output takes, and find the ease of use of being able to tell what's being broadcast by my DNS server by cat ing a file to the terminal rather than using complicated tools and online checkers makes the crazy complexity of dnssec a little less brain-mushifying. How do I get it to output a file that can be read by humans in the signed format? I.e.: By default it does the automated 'semi-equivalent' (this command doesn't work, I don't know one that does*, the records are missing their values, but I hope I get the point across; I'm not interested in manually signing but I am interested in readable output) of cd /var/named/run-root/var/ dnssec-signzone -O raw -S -K keys/site.com site.com Ksite.com.+014+37707.key but I want the equivalent of:

What is the best way to get certificates for https on Linux, nowadays? I need free certificate for public web site (with API on sub domain). It will be good to do not let root access for this tool. Edited Dear moderators, please, answer on my question before closing it. That is rude. Any IT question can be classified as product recommendation off-topic. For example, if you ask about nginx, that is recommendation of nginx. If you ask about apache, that is recommendation of apache. ===== I'm asking about client and its setup on server to get free https certificate. I want to know possible variants of this. Not self-signed, free, with sub domain, with limited access on server.

We switched some of our company mailboxes (one domain) to Outlook servers. After that our emails are requiring up to 30 minutes to be delivered from our server to Outlook. Checked logs and there is something strange - before delivering almost all of e-mail to outlook there are few tries which ending with "Connection timed out". When I was checking this IP with telnet on server or locally - this IP's are not active and I'm getting timeouts. Tried to force flush DNS cache every minute on server - it won't help. When I checked A records for MX it looks like outlook is giving 4 IP's which are changing very often. So it looks like postfix is trying to send e-mails to servers which are somehow cached from previous attempts. Is there any solution to force postfix to resolve MX/A before sending each mail? I did some more test - watching mail.log and the same time resolving mx entry to IP using google DNS and local resolver. Results are strange. W

We are migrating a container workload to AKS which previously ran onprem under Docker Swarm. The containers are spun up, process jobs from a queue, post their results to a service elsewhere on the network, then exit so the orchestrator can restart them as a clean slate for the next task. As part of the workload, each container generates a substantial amount of temporary data files that are intended to be discarded when the current operation completes, so are not mapped to any volume. Of note here is that these are Windows containers rather than Linux; this particular workload is locked to running on the Windows platform, so changing OS is not viable. What we are seeing inside the container is C#'s DriveInfo type reporting a freshly started container as having a C: sized at slightly less than 20GB, almost all of it "free" (clearly not counting the size of the running image). This is despite the host node having

I'm trying to get our domain connected windows laptops to only connect to our wifi network when it is in range but I still want the users to be able to connect to other networks when away from site. Google has the option "restrict only if a managed Wi-Fi network is in range" that can accomplish this for chromebooks. Is there an option to accomplish this via Group policy?