Tag: SysAdmin

I have 2 physical computers. no virtual machines involved as I don't have enough ram to run them. I'm using caddy server to host a website but I want to balance the load between the two computers to better handle traffic. both are running linux one debian one opensuse. what's the best way to do this?

I want to secure a relay with sasl. saslauthd works testsaslauthd -u weberjn -p *** 0: OK "Success." Tried smtpd_relay_restrictions from the SMTPD_ACCESS_README: # Relay control (Postfix 2.10 and later): local clients and # authenticated clients may specify any destination domain. smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination This works, but unfortunately a mail is accepted even if the client password is deliberately wrong. How can I fix this? And I guess, status=0 is failed? because the client is not in mynetworks postfix/smtpd[54754]: generic_checks: name=permit_mynetworks status=0 postfix/smtpd[54754]: generic_checks: name=permit_sasl_authenticated postfix/smtpd[54754]: generic_checks: name=permit_sasl_authenticated s

We use nginx as a reverse proxy. We have a few old hostnames that we are phasing out, and we want to generate a log of requests to those old hosts so we can easily identify places where the host is still being used (and a year from now, be confident that we can retire the DNS entries, etc... without wiping out a critical production dependency). The nginx entries for the retired hosts return 301s. I've added an access_log entry to the handler in question: server { listen 80; server_name oldhost.example.com; access_log /var/log/nginx/access-oldhost.log main; return 301 $scheme://newhost.example.com$request_uri; } This results in the /var/log/nginx/access-oldhost.log file being created - but it is empty, even after we hit the old URL and get the 301. I have tried putting the access_log line before and after the return. I have added log_subrequest on; to the http section of nginx.conf: htt

I have a dedicated Ubuntu 22.04 server at Hetzner running KVM. I have assigned IP addresses from an additional subnet to guest VMs. I can reach the guest VMs via their public IP addresses as intended. I received an email from Hetzner saying I am using "unallowed" mac addresses and threatening to block the server. The "unallowed" mac addresses belong to the guest VMs. Hetzner support says "You have to make sure that no MAC address of your VMs are going to be visible with the public uplink on your network device." Anyone know how to comply with Hetzner's network rules? Here's my configuration: PHYSICAL SERVER $ sudo cat /etc/netplan/01-netcfg.yaml ### Hetzner Online GmbH installimage network: version: 2 renderer: networkd ethernets: enp98s0f0: match: macaddress: xx:xx:xx:xx:xx:fa dhcp4: no dhcp6: no bridges: br0: ma

We're running coturn in the following environment: EC2 on a public subnet with a public and private interface coturn running in Docker, via AWS ECS Notably, we do not have an load balancer or NAT gateway in front of this instance. We have opened the security groups to allow all ports from all IPs. When I test our instance via Trickle ICE, I get the following: 0.072 srflx 3 udp x.x.x.x 52931 100 | 32287 | 255 0.077 relay 5 udp 10.53.34.156 65525 5 | 32285 | 255 0.089 srflx 3 udp x.x.x.x 65047 100 | 32287 | 254 0.097 relay 5 udp 10.53.34.156 65501 5 | 32285 | 254 Where x.x.x.x is correctly my public IP. However, the relay endpoint is the private IP from within our Docker container. My understanding of ICE is that this should be a public interface so that clients can use it for TURN sessions. Here a

I have software that is packaged using rpm. Say the previous release was in an rpm named MyPkg-2.0.3-21.centos7.x86_64.rpm Now the new release is split into three separate rpms: MyPkg-2.1.1-5.centos7.x86_64.rpm, MyPkg-DB-2.1.1-5.centos7.x86_64.rpm and MyPkg-UI-2.1.1-5.centos7.x86_64.rpm The "MyPkg-DB" package can be installed alone. "MyPkg" can be installed alone. "MyPkg-UI needs "MyPkg". Now when I try installing "MyPkg-DB", I get a bunch of messages like file /usr/local/mypkg/bin/dbinfo from install of MyPkg-DB-2.1.1-5.centos7.x86_64 conflicts with file from package zyWAF-2.0.3-21.centos7.x86_64. In the spec file for "MyPkg-DB" I've tried adding Obsoletes: MyPkg <= 2.0.3 but still get the errors. It works fine if I install using --replacefiles but that's not workable for a number of reasons. How do I

As I'm new into servers but really interested, I have decided to set up VPS on external hosting(in my case Contabo) and host my own email/website there. I have watched a youtube tutorial(This one on how to do it. I have set up everything through tinyCP as it is in the tutorial and everything is working except when I send a test email to https://dkimvalidator.com/ it states that the email is not dkim signed. I went through many topics with the same problem and tried many solutions but nothing worked. I have added all the DNS records in CloudFlare as they should be(also as in the video) and confirmed them within tinyCP(they are recognized). DNS records Unfortunately, I'm

How do I issued IP addresses to two firewall and a proxy in the middle. This question popped up in my Compton server+ exams

We have for a period of time just pointed our dns to one of the nodes in our cluster. That node has then load balanced internally to the correct node and application. Something like this: The problem has been that sometimes the node has crashed, so much that we can't even ssh into it. And since the dns points to that node all applications stop being accessible. So my though was to setup an external load balancer and point the dns to this. Something like this: I have tried using HAProxy with good results. It seems to work fine. But I am only using http between the load balancer and the k8s cluster. I would like that

I have read various blogs that a CNAME cannot coexist with other records that have the same FQDN as the CNAME record. I have not found a good example explaining the problem. Here is an example from the blog: CNAME records cannot coexist with other records that have the same FQDN as the CNAME record because they effectively overwrite all other records with the same FQDN. For example, a CNAME record FQDN is example.com, and you want to create an A record FQDN example.com. This is not allowed because the A record FQDN is identical to the CNAME record FQDN, rendering the A record purposeless. I do not find the example clear enough for me to understand the problem. I am trying to understand what the explanation means. Imagine I have configured: Domain name TTL Class Record type