Tag: WebDev

Keeping your account secure is a top priority – and enabling two-factor authentication (2FA) is one of the easiest and most effective ways to protect it. Enabling 2FA adds an extra step to your login process so your account will remain secure even if your password is compromised. Here’s how to switch it on in [read more...]

Get Your Name Right – The Internet Never Forgets Choosing a domain name might sound simple – until you realise it’s the online equivalent of naming your child. No pressure. Your domain is your digital first impression. It’s what people type, share, and (hopefully) remember. So picking the right one is crucial for your brand, [read more...]

Discover what a VPS server is, how VPS hosting works, and why it’s ideal for small businesses. Learn the benefits and explore VPS plans with Heart Internet.

💚 Hosting that works hard, treads lightly.   Big news: Heart Internet is now officially listed with the Green Web Foundation. That means our hosting services are recognised as being powered by 100% renewable energy – wind, solar, and hydro, all thanks to our partnership with EDF. So while your website might be generating traffic, [read more...]

Without web hosting, your website would not be visible or accessible to users! It is crucial to host your website with a website hosting service to ensure that your business has an online presence. Web hosts will securely store your website’s files, images, and digital content on a server, making it accessible to the public [read more...]

If you get one of the following messages from the Plesk migrator you should check that you are using root as the username along with the Plesk admin password. “The source server does not appear to be a Plesk server” “Plesk Migrator tool requires original ‘root’ user access or root user with GUI/UID = 0.” [read more...]

If you get one of the following messages from the Plesk migrator you should check that you are using root as the username along with the Plesk admin password. “The source server does not appear to be a Plesk server” “Plesk Migrator tool requires original ‘root’ user access or root user with GUI/UID = 0.” [read more...]

Did you know that the fonts you use on your website can impact the way your customers perceive and interact with your brand?

Black Friday is here, and we’re bringing you incredible savings to help your business thrive online. From 29th November 2024 to 9th December 2024, you can enjoy 15% off some of our most popular products to get the tools you need at a fraction of the cost. What’s on Offer? Here’s what you can save [read more...]

A slow website is like a slow waiter: it doesn’t matter how good the food is if the service is frustratingly sluggish. If your site takes too long to load, visitors are likely to abandon it faster than you can say “bounce rate.” But fear not! Here are some tips to help you optimise your [read more...]

I'm using auth_request to use an external process to authenticate the client certificate in a mTLS with. The code is something similar to this: http { # ... http configuration ... server { listen 443 ssl; ssl_certificate /etc/nginx/server.crt; ssl_certificate_key /etc/nginx/server.key; ssl_verify_client optional_no_ca; location /protected/ { auth_request /auth; proxy_pass http://backend_service; } location = /auth { internal; proxy_pass http://auth_service/verify; proxy_set_header X-Client-Cert $ssl_client_escaped_cert; proxy_pass_request_body off; proxy_set_header Content-Length ""; proxy_hide_header Set-Cookie; proxy_ignore_headers Set-Cookie; proxy_set_header Cookie ""; } } } To improve performance on the authentica

This is for Apache 2.4.58. Why is it that the following order of Location/LocationMatch will only evaluate the latter, but if it is reversed that it will evaluate both as intended? <Location /basic/website/> Require external-group third-party-require-clause-allowing-for-anonymous-access </Location> <LocationMatch "^/basic/website/(?<user>[-_\.\w\d]+)/?" > Require user %{env:MATCH_USER} </LocationMatch> For reference, I am using mod_auth_external 3.3.3 for the third-party require clause. The intention of the above configuration is to grant anonymous access (when appropriate) otherwise grant access according to criteria finally to ensure that a specifi

We're going through and hardening our AD security, and one of the recommendations is the usage of the Protected Users Group for privileged accounts. Which accounts should we place in this group (domain admins, local privileged accounts, etc) and what are the gotchas for those who have done this already? Thank you!

We are an MSP and provide an IAAS platform for our customers and also provide the licenses for everything Microsoft related via Service Provider License Agreement (SPLA). Our FinOps tool discovered Visual Studio Community Edition on several servers, and is proposing Visual Studio Professional licenses for it. My first guess would be that the tool is incorrect so I wanted to exclude these community editions as it is used for DEV/TEST purposes. But according to SAMExpert everything hosted in SPLA should be licensed as a production workload even if it is for DEV or Test. (https://samexpert.com/visual-studio-msdn-non-production-hosting-in-spla-audit/) Is this correct? (our customers will be happy that th

I am running pi-hole instance in a docker compose setup and want it to also act as my dhcp server. In addition to pi-hole, I added to the compose file a container for pi-hole prometheus metrics exporter and a dnscrypt-proxy. I have following docker bridge networks running: proxy for traefik access, observability for the grafana stack. To get dhcp working, I see currently two options use a dhcp proxy - which currently I do but want to get rid of set the network_mode of pi-hole to host - loosing the benefits of traefik auto detection - which I do not like either. Isn't there a better way to to get access to broadcast packets in docker containers? That would also help to isolate my home automation container stack. Similar issue there ...

I'm facing a strange behavior on a Windows 11 VM originally created on Proxmox 8, and then migrated to VMWare ESXi 6.0 (the product detects for example VMWare 6.5, and doesn't work if the version of that hipervisor is newer than 6.0.0). It needed to be migrated because there is a strange software that runs on top of that VM that uses a licensing model that goes deep into the hardware layer, and no CPU emulation of Proxmox works, not even "host"...it only works with VMWare but only old versions, not new ones. Even that, we originally installed the OS on Proxmox, and let the 3rd party provider install the product (it's a hard process, with a lot of steps to have it working) there, just to check if there was a way to make it work on Proxmox. But no, then the VMs were migrated to a fresh installed VMWare ESXi 6.0. The migration process involved running qemu-img convert to move from qcow2 to vmdk. The VM is a UEFI based one. The strange behavior is that eve

Current Setup: A host-run HTTP application is fronted by an NGINX reverse proxy running in a Docker container. Network Configuration: The NGINX container uses a bridge network. It was started with --add-host=docker.host.internal:host-gateway and ports 80 and 443 published to all interfaces (0.0.0.0). Request Flow: A request arrives on the host on port 80 or 443. It is routed to the NGINX container. NGINX proxy_pass forwards the request to docker.host.internal:<port>. This resolves to the host's gateway (typically 172.17.0.1), where the host application is listening. When load reaches ~800 RPS, connections from the NGINX container to the upstream host (172.17.0.1) become unstable. 50% of requests fail with a error: 2025/11/28

I'm trying to rotate Vultr Reserved IPs on a single VPN server without rebooting the instance. A normal "Attach Reserved IP" operation on Vultr requires a full server restart, which disconnects all VPN clients. Vultr’s documentation suggests using BGP + a dummy interface to announce the /32 without restarting: https://docs.vultr.com/how-to-set-up-high-availability-using-vultr-reserved-ip-and-bgp The dummy interface configuration works: ip link add dev ha-ip type dummy ip link set ha-ip up ip addr add dev ha-ip <RESERVED-IP>/32 The problem is that BGP cannot be used because bird2 is not available for Ubuntu 23.04 (Lunar) or 25.x. These releases no longer provide a Release file: E: The repository 'http://archive.ubuntu.com/ubuntu lunar Release' no longer has a Rel

I have several DCs in my domain, and I have several branches in our organization. I want to specify each DC server to serve a specific branch so I can distribute the traffic on all DC servers. I tried to do that using DNS policy but I could not apply it on a DC level. I can only apply it on A or CNAME host DNS. Is any one try to do that give me a hint

I have a VPS hosting Wireguard that only has IPv6 addresses. When I connect from my local machine, I can access google.com in Chrome, which prefers IPv6, but not in Firefox, which prefers IPv4. Sites that only use IPv4 like Reddit and GitHub are impossible to connect to. I added: nameserver 2a00:1098:2c::1 to /etc/resolvconf/resolv.conf.d/head. The "server" can make https connections to GitHub with git clone, but ping github.com fails and the client could not connections to github and Reddit fail.