serverfault.com

What are sensible use cases for the bluestore_dio = false in Ceph? I already know what it does (activate RAM cache instead of writing new data directly into mass storage), but I'd like to accelerate bulk reads and writes of fairly large (up to 250 MB each) multimedia (OGG, MPEG-4, FITS, RAW,…) files and would like to know if I can expect performance gains when desctivating DIO. My Ceph cluster contains four nodes with an 8 TB M.2 SSD each, connected with a 10 GBit/sec network.

I installed Postfixadmin v.4.0.1, by following these instructions. One of the steps is running the install.sh script, which fails with the output below root@myserver:/var/www# su - www-data -s /bin/bash -c 'bash /var/www/postfixadmin- 4.0.1/install.sh' * Checking for composer.phar * 'composer' not found in your path, will try to download from https://getcomposer.org/download/latest-stable/composer.phar * Using composer ( /var/www/postfixadmin-4.0.1/composer.phar ) * Installing libraries ( composer install --no-dev ... ) No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information. Loading composer repositories with package information Cannot create cache directory /var/www/.cache/composer/repo/https---repo.packagist.org/, or directory is not

I am setting up a Wazuh home lab in VMware Workstation. While downloading the Wazuh installation script on an Ubuntu Server VM, the download fails with: curl -O https://packages.wazuh.com/4.14/wazuh-install.sh Output: curl: (35) Recv failure: Connection reset by peer Environment: Ubuntu Server (version: 26.04 lts) VMware Workstation Pro Network adapter: NAT Host machine has internet access

I have set up nginx to reverse to several OLD APC webadmin http pages with no issues. when i used modern things like homeassistant things start getting stupid. i am currently getting a 400 error for home assistant with the same config i have for the apc's i am not seeing any thing obvious in the logs. though I am new to nginx so im not sure what im looking for. upstream homeassistant_app { server 10.1.2.136:8123; # Your application server } server { listen 80; server_name homeassistant.linux2themax.com; # Redirect HTTP to HTTPS return 301 https://$server_name$request_uri; } server { listen 443 ssl http2; server_name homeassistant.linux2themax.com; # SSL configuration (certificates managed separately) ssl_certificate /etc/nginx/certs/homeassistant.pem; ssl_certificate_key /etc/nginx/certs/homeassistant.key; # Security headers add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "

I am wondering how feasible it is to send email with a DKIM-only setup, with an SPF record of v=spf1 -all. If my DMARC policy requires DKIM alignment then recipients who understand DMARC will still accept my mails. Recipients who don't do DMARC but do process SPF would reject them. Is anything known about how common such recipients are in the real world? I suppose I'd get a lot of 'SPF alignment fail' reports that I'd have to ignore. On the other hand, I'd be protected against the risk of sending email that isn't DKIM-signed for some reason. It's a shame you can't express "don't bother with SPF, only consider the DKIM result" in a DMARC policy.

I have a question regarding overlapping elements in nft firewall sets. Let's have a set: table ip filter { set iponly { type iface_index . ipv4_addr flags interval elements = { eth0 . 10.1.1.100, eth0 . 10.1.1.4/30, eth0 . 10.1.1.0/24, } } } This works. But if I use sub-networks with the same network numbers or broadcast: eth0 . 10.1.1.100, eth0 . 10.1.1.0/30, eth0 . 10.1.1.252/30, eth0 . 10.1.1.0/24, I get an error: x.nft:13:21-38: Error: Could not process rule: File exists eth0 . 10.1.1.0/24, ^^^^^^^^^^^^^^^^^^ Networks 10.1.1.0/30 and 10.1.1.0/24 have the same network number, networks 10.1.1.252/30 and 10.1.1.0/24 have the same broadcast. And I can't inser

So I have this legacy system that is being migrated to a new architecture. The database stores passwords as plain MD5 hashes, as in passwordhash = md5('plaintext') Yes, I know this is insecure, I will have to live with that for now. The system runs Apache 2.2 with the mod_auth_mysql module. The HTTP authentication configuration looks like this: AuthType basic AuthMYSQLEnable On AuthMySQLHost dbserver ... AuthMySQLPwEncryption md5 This setup apparently supports plain md5 password hashes for authentication. It appears that in Apache 2.4 the authentication architecture has changed, and I have found no way to specify legacy MD5 password hashes for HTTP authentication. It is my understanding that the so-called MD5 hash in Apache 2.4 basic authentication is an apache specific algorithm, so it fails against plain MD5 hashes. The same goes for digest authentication. Any idea how to get A

Since February 2026, I am seeing huge spikes in (Spain located) Internet accesible servers (nginx, apache, tomcat) due to AI bots crawling for content. Is there a recommended way to address this? I am using the typical reactive way of automatically throttling IPs with custom scripts, but wanted to know if there is a better way. The least proxies, software, containers I can put the best, servers already struggling due to internal AIs deployments.

I am running a Debian server using NFSv4 (only v4). The only expected clients are on Linux as well. I am primarilly accessing the fileserver by mounting it in fstab and using a file explorer. My exports file contains entries like this: /data/jellyfin client-hostname(rw,all_squash,anonuid=130,anongid=1002,no_subtree_check,sync) Where uid 130 is user nfs and gid 1002 is group hdd-data. The idea, then, is that the user doesn't matter, what matters is that multiple services belonging to the group hdd-data can all access and modify the files. I can upload movies to jellyfin via nfs, jellyfin can put metadata into those folders, and then I can even browse and move those files with a third, browser-based client. All of the services use system users that rely on having read+write permissions from hdd-data. This is the idea for more than just jellyfin. However, when copy over or create a new fi

Let's say I have a reverse proxy server (proxy) and a backend server actually handling the traffic (backend). I use a reverse SSH tunnel to send the traffic to the backend server. So I setup the proxy server like this: ProxyPass "/" "http://localhost:8080/" ProxyPassReverse "/" "http://localhost:8080/" I enabled the correct Apache modules, and all was good. However, I noticed an issue. If I specified a redirect like so: Redirect permanent /index.html /w/index.php Accessing the backend server without the proxy causes the redirect to work correctly (e.g. http://backend redirects to http://backend/w/index.php), but accessing it through the proxy server causes it to redirect to http://localhost/w/index.php instead, which shouldn't be happening. My SSH tunnel runs on the backend server, and