↧
Comment by tuomassalo on Best practices for thin-provisioning Linux servers...
Thanks for the idea of adding new vmdk files (instead of just growing the existing ones).
View ArticleComment by tuomassalo on Non-dot-wildcard (*-foo.example.com) for bind?
@DavidHoude: I'm afraid that adding on the fly is not an option, since any query that predates the addition will "pollute" name servers with an invalid answer. That creates problems that are quite rare...
View ArticleComment by tuomassalo on How to check MX record when delivering to virtual...
I might have written unclearly, but I'm not understanding why you claim that my expectation is wrong. If someone connects to this Exim server and tries to send email to foo@example.com, the mail is...
View ArticleComment by tuomassalo on Dozens of identical HTTP requests from Chrome on...
@RyanBabchishin - good question. Mostly I'm just curious. But sometimes this kind of traffic causes performance issues (that are hard to overcome on a legacy server). Temporarily blocking the IP...
View ArticleComment by tuomassalo on How to make iptables rules expire?
My 2 cents in perl: iptables -L FORWARD --line-numbers | tac | perl -walne 'system "iptables -D FORWARD $F[0]" if $F[-2] =~ /^expire=(\d+)$/ and $1<time()'
View ArticleComment by tuomassalo on Corporate SSL proxies cause...
"SNI isn't yet supported by all proxies. And particularly older ones. Proxies tend to linger far after they've stopped being supported, because they're critical infrastructure and they're working,...
View ArticleComment by tuomassalo on Easiest way to send a test email from a server, to...
Nine years later, I can also recommend swaks. On Mac OS, install with brew install swaks.
View ArticleSSO solution and centralized user mgmt for about 10-30 Ubuntu machines?
I'm looking for a clean way to centralize user management. The setup:About 10-30 linux machines (Ubuntu 10.04 LTS server)Maybe 10-30 users for now.The requirements (hopes and expectations):A single...
View ArticleWhat to have in sources.list on an Ubuntu LTS server (production)?
I have several Ubuntu 10.04 LTS servers in production and I'm using apticron to check that my software is up to date, security-wise. However, by default, Ubuntu has the lucid-updates repository...
View ArticleAnswer by tuomassalo for OS X equivalent to ipconfig /registerdns?
If you use Centrify's AD integration software, you can also use addns --update. See man addns for details.addns uses kerberos authentication, so probably you don't have to accept non-secured updates....
View ArticleBest practices for thin-provisioning Linux servers (on VMware)
I have a setup of about 20 Linux machines, each with about 30-150 gigabytes of customer data. Probably the size of data will grow significantly faster on some machines than others. These are virtual...
View ArticleAnswer by tuomassalo for How to fix "BUG: soft lockup - CPU#0 stuck for...
Thanks to all commenters. I think I found the answer. There seems to be a timekeeping bug in at least Ubuntu's kernel version 2.6.32-30-server. The bug sometimes (?) kills machines when they reach an...
View ArticleAnswer by tuomassalo for curl succeeds on an https request, wget does not
This seems like an issue with choosing the SSL protocol. For some reason the server is picky about the protocol. Some clients happen to make the correct guess, others don't.With wget, try eg....
View ArticleHow to check MX record when delivering to virtual domains?
I run an Exim mail server with multiple virtual domains (a setup similar to this). The server is the smarthost for some other servers.Suppose I have a virtual domain example.com which has a redirect:...
View ArticleAnswer by tuomassalo for Is there anywhere that I can get a valid , signed,...
The localtest.me cert seems to be no longer available, but see https://github.com/Daplie/localhost.daplie.com-certificates. It's not a wildcard cert though.
View ArticleHow well does Apache 2.4 scale with lots of certificates?
With the advent of easy, free Let's Encrypt certs and IE8 not being a problem anymore, I'm planning on enabling SSL on an Apache server with thousands of host names. Does Apache scale? Switching Apache...
View Article
Image may be NSFW.
Clik here to view.
Clik here to view.
Corporate SSL proxies cause ERR_TUNNEL_CONNECTION_FAILED after cert changes?
We changed some SSL settings on our Apache HTTP servers, namely adding SNI support. After this change it seems that some users behind corporate SSL proxies (MITM boxes) get vague errors such as...
View ArticleAnswer by tuomassalo for How do I stop deprecation warnings for certbot?
As a dirty, temporary workaround, you can try something like this in your cron entry:certbot renew ... 2>&1 | grep -v DeprecationWarning
View ArticleHow to fix "BUG: soft lockup - CPU#0 stuck for 17163091968s"?
UPDATE: I updated the title of the message, because I've recently seen more of these problems with this exact time amount of 17163091968s. This should help people investigating the symptoms to find...
View Article
More Pages to Explore .....