@dbeato said in Vultr, Windows & Data center licensing:

@scottalanmiller said in Vultr, Windows & Data center licensing:

@fuznutz04 said in Vultr, Windows & Data center licensing:

@scottalanmiller Right. So being legit in this scenario, would be so cost prohibitive, it's not possible realistically.

Exactly. It's not technically impossible, as long as Vultr would tell you the number of physical servers within the datacenter you are in and/or the number that are in a pool that your workload could be moved to, which might be any within the datacenter, or might be a subset.

Same applies to AWS and Azure I assume correct @scottalanmiller ?

Correct, any cloud.

@wirestyle22 said in NextCloud Check In and Check Out:

I thought there was a collaboration app that handled this but I can't find it

A collaboration app can't do this. At best it can do it for a specific case, but not the general one. There is no collaboration product for any platform that can do that.

Just tested again with a F28 minimal netinstall.

Sadly, it doesn't seem to be working.

Getting an error starting services.

@wirestyle22 said in What are you using to track daily tasks?:

@dafyre I don't personally find e-mail to be great for tasks.

Post edited. Better? 🙂

I generally don't email to be great for tasks, but Outlook does a decent job of integrating the two.

@stacksofplates That's great point. Maybe I'll do the same.

I subscribe to their daily email blast. I get all sorts of emails about vulns in Industrial software, foreign malware campaigns, etc.

@jaredbusch said in Use clipboard contents with Bash:

@obsolesce said in Use clipboard contents with Bash:

Am I misunderstanding something?

Yes. This is the script reading the clipboard into a variable.

Oh I see now, that's pretty neat.

@obsolesce said in Fedora 28 KVM Cockpit Doesn't Show All VMs:

Everyone is always waiting for someone else to report bugs and issues, that's why they take so long to get fixed. Not as bad with FOSS, but a big reason with MS for example.

But I don't know that it is a bug. It's reasonable that it might be, but it's just one possibility.

@eddiejennings said in Strange PBX CDR Entries:

I've disallowed SIP guests. We'll see if I get future CDR entries like these.

You won't.

@romo said in EdgeRouter L2TP VPN can't pass IKE phase 1:

A DNAT rule was the culprit of everything, it was redirecting the traffic and not letting it reach WAN_LOCAL.

FINALLY SOLVED!!!!!!!!!!!!!!!!!!!!!!!!!

As reminder for anyone that could encounter a similar issue:
DNAT rules are evaluated before firewall rules.

Yes, this is a known function of VyOS/EdgeOS. But nothing was ever posted baout DNAT rules in use, so I assumed there were none. There are not by default.

Does your buddy have support from the Resolume people? That would be where I'd start as there are a lot of pieces to this that could be wrong.

@dave247 said in Questions on redundant switch setup:

@pete-s said in Questions on redundant switch setup:

@dave247 said in Questions on redundant switch setup:

@pete-s said in Questions on redundant switch setup:

@jaredbusch said in Questions on redundant switch setup:

@dave247 said in Questions on redundant switch setup:

@pete-s

What kind of firewall and switches are you running?

One option: if you're switches have stacking, then you can put them in a single stack and then create a port group that spans the two switches and then connect that to your NIC teams on the other end. This guards against switch failure, switchport failure, server NIC port failure, Ethernet cable failure, etc..

0_1538492722247_2c736016-a7ca-4c86-96bc-9550d33aa58b-image.png

This adds a level of complexity that you don't have to deal with when using a simple team. But the plus side is higher bandwidth per connected server.

The "switch independant team" what bonding mode is that in linux? Is it mode 1, active/backup policy?

You will have to look at your individual network card's drivers and management software with regards to Linux. AKA, read the manual. My guess is that you're running Broadcom NICs and the management software that I've seen/used is called "Broadcom Advanced Control Suite 4" and the "switch independent mode" or team type is called, "Smart Load Balancing and Failover (SLB)".

I'm all Intel on the NIC side in this case as Supermicro is predominately intel NICs and they are very well supported both in freebsd and linux.

Contrary to Windows, linux actually have bonding of different types in the kernel (a module called bonding). So the drivers don't have to do bonding.

oh nice. I have no idea. I haven't done much with Linux lately. Still, I would read the NIC documentation as it pertains to Linux.

Looking at Dell switches it seems like Dell N1124 will do the job. It's 24x1G switch with 4x10G for uplinks and stacking and has most of the features of it's bigger brothers in the N2000, N3000 series.
Pricing looks very attractive where I'm at (<$400 USD per switch), otherwise it's $1259 in the dell.com store.
I've never used Dell switches though.

@coliver said in CentOS7 Server Apache Disable old TLS for higher versions:

@jaredbusch said in CentOS7 Server Apache Disable old TLS for higher versions:

@coliver said in CentOS7 Server Apache Disable old TLS for higher versions:

@DustinB3403 I really like this site for information on securing various web servers.

https://cipherli.st/

I just implemented their Nginx setting but getting back that TLSv1 was accepted?

https://www.ssllabs.com/ssltest/analyze.html?d=naggaroth.daerma.com

First line should read TLS1.2 if you don't have a version of Nginx that supports 1.3.

Correct. That is the only change I made to their config. I even reran dhparam

Via the ActiveDir list:

https://github.com/CarlWebster

There are some amazing scripts in there for ADDS but also for XenApp, NetScaler, Citrix, and others.

Site: https://carlwebster.com/downloads/download-info/active-directory-2/

@jaredbusch said in mailto alternative for systemd timers:

I would recommend writing the script to take parameters. Because then it is generic and you can plug it in on every system as part of the system setup process.
https://tecadmin.net/pass-command-line-arguments-in-shell-script/

Here's a template that I loosely follow for this:

#!/bin/bash #Script functions function script_help () { echo " Usage: $(basename $0) [options] -a word -a Echos the word you type -h this help text Example: $(basename $0) "-a word exit ${1:-0} } function thing () { echo $variable } #Show help if no arguments or options are passed [[ ! "$*" ]] && script_help 1 OPTIND=1 #Read command line options # A colon after a flag means it takes an argument while getopts "a:ih" opt; do case "$opt" in a) variable=$OPTARG ;; h) script_help ;; \?) script_help 1 ;; esac done shift $(($OPTIND-1)); #Run argument function thing

In this case, it calls the thing function on the argument from the -a flag and also has a help function.

I use wordpress with Wocommerce, integrates with paypal and stripe.

@mroth911 said in How to make 3 node cluster like Scale:

I Understand now. so i wanted to build something that is like "SCALE" meaning the vm's with failover and I can spin up a vm fast. just to understand the technology.

I heard of KVM. Never played with it yet.

KVM is the hypervisor behind Scale (and loads of others.)

So the things you want from your setup are a tiny function of what Scale does. All you are looking for is "high availability virtualization" which is a massively broad category. Scale does it in a very specific way, that is very good. But it's a cat and there are many ways to skin it. Some good, some bad, some just different.

@fateknollogee said in Unifi on Vultr: you 'has mad skillz?:

I don't quite get your answer..does that mean it's too easy or it's not worth the effort?

Basically yes, it is not worth the effort. You can setup apt to update automatically yourself quite trivially.

The same for Let's Encrypt.

Reskimming, I am not sure WTF he is doing with lighttpd I would need to look closer.

But the scripting of the backup to a third party site is going to be totally custom to every install. This is way too complex to setup in a simple script.

It works for him because everything is tied to the Google account.

@stacksofplates said in Remote management of VMs hosted in colocation:

@dashrender said in Remote management of VMs hosted in colocation:

@stacksofplates said in Remote management of VMs hosted in colocation:

@scottalanmiller said in Remote management of VMs hosted in colocation:

@stacksofplates said in Remote management of VMs hosted in colocation:

@scottalanmiller said in Remote management of VMs hosted in colocation:

@eddiejennings said in Remote management of VMs hosted in colocation:

Allowing an SSH connection to the managementVM from the Internet

I have not tried this approach yet, and it appears more risky than the Screen Connect approach, since SSH to that VM would be open to the Internet. Unless I'm missing some benefit to this approach, I'll not be using it.

Use a strong key, lock to your IP. Very safe. Add Fail2Ban, of course.

Or add Salt and open/close based on need so it doesn't stay open.

Fail2ban doesn't work with keys.

But it would work normally with people attacking using non-keys, would it not? Or am I missing something about what it would do?

Why would you not require keys? Not making them mandatory defeats the purpose of using them.

I think he means - if a hacker is trying to use a password on a system setup to only allow keys - the fail2ban will block those users, or won't it?

No. It's dropped before fail2ban even sees it.

Oh, makes sense. There is no "attempt" like with a password, it is "already blocked."

@scottalanmiller said in What are you using for Documentation?:

@dashrender said in What are you using for Documentation?:

@scottalanmiller said in What are you using for Documentation?:

@wirestyle22 said in What are you using for Documentation?:

@scottalanmiller said in What are you using for Documentation?:

@wirestyle22 said in What are you using for Documentation?:

@scottalanmiller said in What are you using for Documentation?:

@wirestyle22 said in What are you using for Documentation?:

@wrcombs said in What are you using for Documentation?:

I use Google Docs, and the ticketing system ; Im the only one who does write ups on things I think we need to know more about, or are things that will be needed in the future.

I/We don't use any fancy third party software for documentation.

We have infrastructure (Me), DevOps, Desktop Support. I think one person from each team should be responsible for technical documentation. I'd prefer for it to be me but I also have a lot on my plate.

How do you separate infrastructure and DevOps? DevOps is for managing infrastructure.

Infrastructure team is really networking team

Infrastructure teams normally refers to the non-networking ones. Although networking is obviously infrastructure. But SA is normally core infrastructure teams. Enterprise jobs labeled infrastructure are not networking.

Yeah that's just what they are calling us. Not very helpful for me to use the name here though as it's confusing for you guys

You are doing networking now? So mostly switches, routers, routing tables, firewall rules?

What jobs are in that other infrastructure department you're talking about?

System Admin, System Engineering, DevOps, App Support, DBA

Basically this