Server Bug Fix: How to do not logout / lose screen when I’m closing RDP?

Original Source Link

I have an appliaction that performs click on screen that’s running on Windows 2019 Server instance

but the thing is that when I close RDP, then application stops working (clicking)

I think it may be caused because User is logging out on RDP close

Is there any way to “don’t lose screen” when I close RDP?

Thanks in advance!

Tagged : /

Server Bug Fix: Ho to point two different domains to the same web application (Apache)

Original Source Link

I have an app: l’et’s call it Mickey.

To access the app, I’ve configured the vhost in apache, so that when accessing the third level domain mickey.example.com, the app Mickey is served.

This works.

And this is its configuration:

<VirtualHost *:80>
        ServerName mickey.example.com
        # ServerAlias Not required

        ServerAdmin [email protected]
        DocumentRoot /var/www/mickey.example.com/public_html

        ErrorLog /var/www/mickey.example.com/log/error.log
        CustomLog /var/www/mickey.example.com/log/access.log combined

        <Directory /var/www/mickey.example.com>
                AllowOverride All
        </Directory>

        RewriteEngine on
        RewriteCond %{SERVER_NAME} =mickey.example.com
        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

Now I want to configure another domain: mickey.example2.com

The end result should be that the Mickey app has to be served when accessed from mickey.example.com and when accessed from mickey.example2.com.

So, basically I have:

  1. The same third level domain
  2. The same app
  3. TWO DIFFERENT second level domains.

WHAT I DID

First attempt: configure a DNS CNAME alias

As first attemp, I simply added a new DNS record in domain example2.com that pointed to mickey.example.com:

DNS for domain example2.com:

  • Type: CNAME
  • Host: Mickey
  • Points to: mickey.example.com

This didn’t worked: after DNS propagation, when I accessed the domain mickey.example.com, the server redirected me to the default domain configured in Apache (that is, let’s say, defaultexample.com)

Second attempt

As I didn’t pointed out immediately that it was the server that redirected to defaultexample.com, I changed the DNS record from a CNAME one to an A one:

DNS for domain example2.com:

  • Type: A
  • Host: Mickey
  • Points to: 123.456.789.012

Where 123.456.789.012 is the IP of the server that serves Mickey app.

This didn’t worked: the server continued to redirect me to defaultexample.com.

At this point I guessed that was the server that redirected me, so I started digging into Vhost configuration (leaving the DNS record as an A one, and it is an A one while I’m writing this question).

Third attempt: ServerAlias in Apache

As first attempt, I tried to add a ServerAlias to the vhost that serves mickey.example.com:

<VirtualHost *:80>
        ServerName mickey.example.com
+       ServerAlias mickey.example2.com

        ServerAdmin [email protected]
        DocumentRoot /var/www/mickey.example.com/public_html

        ErrorLog /var/www/mickey.example.com/log/error.log
        CustomLog /var/www/mickey.example.com/log/access.log combined

        <Directory /var/www/mickey.example.com>
                AllowOverride All
        </Directory>

        RewriteEngine on
        RewriteCond %{SERVER_NAME} =mickey.example.com
        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

This didn’t work: Apache continues to redirect me to defaultdomain.com.

Fourth attempt: A dedicated vhost

At this point I created a dedicated vhost calling it mickey.example2.com.conf:

<VirtualHost *:80>
-        ServerName mickey.example.com
+        ServerName mickey.example2.com
        DocumentRoot /var/www/mickey.example.com/public_html

        ErrorLog /var/www/mickey.example.com/log/error.log
        CustomLog /var/www/mickey.example.com/log/access.log combined

        <Directory /var/www/mickey.example.com>
                AllowOverride All
        </Directory>

        RewriteEngine on
-        RewriteCond %{SERVER_NAME} =mickey.example.com
+        RewriteCond %{SERVER_NAME} =mickey.example2.com
        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

Then I enabled the new vhost in Apache and reloaded it:

sudo a2ensite mickey.example2.com.conf
sudo systemctl reload apache2

Nothing: accessing mickey.example2.com continues to redirect me to defaultdomain.com

What to do now?

At this point I don’t know how to proceed: I have tried all what I thought should have worked, but it didn’t.

Any suggestions?

As told, I need to serve the same exact app both from mickey.example.com and from mickey.example2.com.

Any ideas about how to do this?

Finally I solved it!

After many hours of tests and digging in the server, I discovered it was an issue with the Let’s Encrypt digital certificate: after a new challenge and a new verification of the third level domain, now all works as expected! 💪

Tagged :

Linux HowTo: Caps Lock is bugged

Original Source Link

I have HyperX Alloy Core RGB keyboard (HX-KB5ME2-US). Sometimes when I turn off caps lock, LED on keyboard is still on. After another press, LED is on, and caps lock is on.
Why is this happening? Is that bug in keyboards firmware or in windows driver? Thanks

Seems to be an existing problem on this keyboard that exists in its firmware. Users here complain about the same thing, but HyperX support has said they will replace the board if you send it in and they can replicate the problem. This comment offers some solutions if you don’t want to send it back and are willing to get a bit technical.

Tagged :

Math Genius: What is the minimal disjunctive normal form of this propositional logic formula?

Original Source Link

I have the following formula: $(neg Aland Bland C)vee (neg Aland Bland neg C)vee (neg Aland neg B)vee (Aland C)vee (Alandneg C)$

After I did a Karnaugh Map for this formula I found out it is a tautology (in other words – all squares in the map are filled with ones). What is the minimal disjunctive normal form of this formula then?

I’ll show you how to prove the statement is tautology without Karnaugh’s map:

$(1)$ distribution:
$$(neg Aland Bland C)lor (neg Aland Bland neg C)equiv(neg Aland B)land(Clorneg C)equiv(neg Aland B)$$
$(2)$distribution again:
$$(neg Aland B)lor(neg Alandneg B)equivneg Aland(Blorneg B)equivneg A$$
$(3)$distribution once again:
$$(Aland C)lor(Alandneg C)equiv Aland(Clorneg C)equiv A$$
$$$$
$$underbrace{underbrace{(neg Aland Bland C)lor(neg Aland Bland neg C)}_{neg Aland B}lor(neg Aland neg B)}_{neg A}lorunderbrace{(Aland C)lor(Alandneg C)}_{A}equivneg Alor Aequiv 1$$

Tagged :

Server Bug Fix: Access denied trying for PHP fpm status page

Original Source Link

I’m running PHP 7.3 FPM and nginx. In my pool config I have

pm.status_path = /fpmstatus

I have nginx config in place to call out to php for that URL. But when I access that path I get an Access Denied.

The logs say:

Access to the script ‘/var/www/mysite.com/fpmstatus’ has been denied (see security.limit_extensions)

As I understand, what’s happening is that PHP is refusing to “run the script” called fpmstatus because it doesn’t end in .php.

But I’m confused because I believe it was previously working, and because the comments in the config file for setting the status path suggest not including .php in the name. I don’t want to turn off security.limit_extensions. And surely with the /fpmstatus path being internal, it should be excempt from these extensions?

EDIT

I tried setting the status path to /fpmstatus.php but this just gives a “No input file specified.” error. Seems like fpm is not responding to the configured status page?

The nginx config that applies is:

location = /fpmstatus.php {
    access_log off;
    allow 127.0.0.1;
    deny all;
  fastcgi_param  SCRIPT_FILENAME    $document_root/fpmstatus.php;
  fastcgi_param  QUERY_STRING       $query_string;
  fastcgi_param  REQUEST_METHOD     $request_method;
  fastcgi_param  CONTENT_TYPE       $content_type;
  fastcgi_param  CONTENT_LENGTH     $content_length;

  fastcgi_param  SCRIPT_NAME        $document_root/fpmstatus.php;
  fastcgi_param  PATH_INFO          $fastcgi_path_info;
  fastcgi_param  REQUEST_URI        $request_uri;
  fastcgi_param  DOCUMENT_URI       $document_uri;
  fastcgi_param  DOCUMENT_ROOT      $document_root;
  fastcgi_param  SERVER_PROTOCOL    $server_protocol;
  fastcgi_param  REQUEST_SCHEME     $scheme;
  fastcgi_param  HTTPS              $https if_not_empty;

  fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
  fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

  fastcgi_param  REMOTE_ADDR        $remote_addr;
  fastcgi_param  REMOTE_PORT        $remote_port;
  fastcgi_param  SERVER_ADDR        $server_addr;
  fastcgi_param  SERVER_PORT        $server_port;
  fastcgi_param  SERVER_NAME        $server_name;

  # PHP only, required if PHP was built with --enable-force-cgi-redirect
  fastcgi_param  REDIRECT_STATUS    200;

    fastcgi_pass myupstream;
  }

I can get it working if I set cgi.fix_pathinfo=1 in /etc/php/7.3/fpm/php.ini but is there a way to get it working with that set to 0?

Tagged : /

Linux HowTo: Find a file with parts of name in an arbitrary order

Original Source Link

I’ve got a file hidden somewhere, it’s either named file.foo.bar.txt or file.bar.foo.txt, but I’m not sure which it is.

Right now, I’m just running find file*foo*txt because I know the file will be in the list, but I have to sort through the list to find the actual file.

Mostly out of curiosity (the list is short and realistically I can find the file), is there a way to find file.(foo&bar).txt such that the file will be found, regardless of which is the actual file?

The command find file*foo*txt doesn’t really use find.

It’s your shell who expands file*foo*txt before find even runs. Then find gets possibly many arguments as its starting points; and no tests, no actions. The default action of -print is assumed.

This is like printf '%sn' file*foo*txt. Both printf and your find only print what the shell supplies; except if there is no match. Or except if the shell returns a directory name (possibly among other names); in such case printf will just print it, while find will print it plus paths to every file in the directory, recursively.

Your task can be done with find (not the shell) actually performing some matching. Use several -name tests. The default behavior is to join tests with -a (logical AND). This fits cases where you want the filename to match several patterns at once.

find . -type f -name 'file.*' -name '*.txt' -name '*.foo.*' -name '*.bar.*'

Notes:

  • These patterns are not regular expressions. * here is a wildcard but . is literal. I used . because you wrote “file.foo.bar.txt or file.bar.foo.txt“.
  • find is recursive. Use -maxdepth 1 or (if your find doesn’t support it) read this: Limit POSIX find to specific depth.
  • Note the patterns are quoted. This is to protect them from being expanded by the shell (compare this question).

If you want literally file.foo.bar.txt or file.bar.foo.txt then use -o (logical OR):

find . -type f ( -name file.foo.bar.txt -o -name file.bar.foo.txt )

Note you often need parentheses with -o. Without them -type f -name … -o -name … would not do what we want.

And there is -regex. It’s a match on the whole path and there are several flavors.

The default operation in find is and, so for a loose match you can just use

find .  -name 'file*foo*txt' -name 'file*bar*txt'

but for a rigid match you can resort to a regular expression:

find . -regextype posix-extended -regex '.*/file.(foo.bar|bar.foo).txt'

You need to remember the regex has to match the full path, hence the .*/ at the beginning.

Tagged : /

Ubuntu HowTo: Create bootable macOS USB for a non Apple computer [closed]

Original Source Link

I tried several ways to create a bootable macOS USB for a non Apple personal computer. I expected it to work exactly like my bootable Ubuntu USB. macOS bootable USB seems to be working differently. It seems that it only works on Mac. My laptop does not detect my Mac bootable USB as a bootable one on startup.

Is it possible to create a bootable macOS USB for by Ubuntu 20.04 – Windows 10 dual boot HP laptop with persistence (optional) so that I can use it by just plugging it in during boot up for building my flutter projects?

Is it possible to create a bootable macOS USB, by using Ubuntu 20.04 – Windows 10 dual boot HP laptop, with persistence (optional) so that I can use it by just plugging it in during boot up for building my flutter projects?

Credits to David Anderson and Nimesh Nima for the answer.

Microsoft offers Windows to Go which can be run from a flash drive on different machines. Many Linux distributions offer a live version which also can be run from a flash drive on different machines. Some also offer persistence which allow data to be saved between boots. Apple’s MacOS can be installed on USB HDD and USB SSD which can be run on different Macs. AFAIK, MacOS is not designed to run from a flash drive.

MacOS doesn’t generally support installing and running on non supported hardware, i.e. non Apple computers. Apple, unlike Microsoft doesn’t license its operating system for running on commodity PCs.

It seems that it only works on Mac. My laptop does not detect my Mac bootable USB as a bootable one on startup.

This is by design. A MacOS bootable USB can only boot a compatible Apple Mac computer.

Is it possible to create a bootable MacOS USB for by Ubuntu 20.04 – Windows 10 dual boot HP laptop with persistence (optional) so that I can use it by just plugging it in during boot up for building my flutter projects?

Generally speaking, no.

Tagged : / / /

Server Bug Fix: Trying to authenticate with ssh keys through an LDAP server, gett Permission Denied (publickey) error

Original Source Link

I currently have an LDAP server setup that I am using for user authentication. I can successfully use my client to ssh into a user account, authenticating with that user’s password. However, I would like authenticate with key pairs instead. On my LDAP server, I have added a new ‘sshPublicKey’ attribute to users, which contains a user’s public key. I also created a script on my client at /usr/local/bin/fetchSSHKeysFromLDAP that fetches a given user’s public key information from the LDAP database. I have tested this script and was able to successfully match results from this script with private keys held by the client and confirm them as matching key pairs. I have also edited the client’s sshd_config file with the following lines to set the script to get public keys and turn off password authentication.

AuthorizedKeysCommand /usr/local/bin/fetchSSHKeysFromLDAP
AuthorizedKeysCommandUser nobody
PasswordAuthentication no

However, whenever I run:

ssh -i ~/.ssh/id_rsa [email protected] -vvv

I get the error:

Permission denied (publickey)

Specifically, here are the verbose results of this command. I believe the error might be occurring in the last handful of lines.

OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 57: Applying options for *
debug1: Connecting to 192.168.64.24 [192.168.64.24] port 22.
debug1: Connection established.
debug1: identity file /home/jhuss/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/jhuss/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.64.24:22 as 'benji'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: kex: curve25519-sha256 need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:T83mZPyieFJHdxHMMAnka/X8hxw9M1tmOBdhrp/K370
debug1: Host '192.168.64.24' is known and matches the ECDSA host key.
debug1: Found key in /home/jhuss/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/jhuss/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).

I feel like my error is in my sshd_config file, but I have been attempting to track down the problem for quite some time and have not found it. Here is my full sshd_config;

# This sshd was compiled with PATH=/usr/local/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile    .ssh/authorized_keys

#AuthorizedPrincipalsFile none

AuthorizedKeysCommand /usr/local/bin/fetchSSHKeysFromLDAP
AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PermitEmptyPasswords no
PasswordAuthentication no

# Change to no to disable s/key passwords
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes

#GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials no
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
# WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several
# problems.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation sandbox
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS

# override default of no subsystems
Subsystem    sftp    /usr/libexec/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#    X11Forwarding no
#    AllowTcpForwarding no
#    PermitTTY no
#    ForceCommand cvs server

Thanks for all and any help!

Tagged : / /

Making Game: How to connect on windows 10 through smb to external server shared folder

Original Source Link

I am trying to connect to external ip address through smb on windows 10 without any success.

\server-ip:portshareDirectoryName

So far I did try the following ports: 139,445 but without any success.

I know this is not firewall/antivirus issue, even when firewall is disabled problem still persists.

When I try to connect to the same external server on LINUX or MAC this problem does not appear. Everything works like it should.

Command on mac/linux:

smb://server-ip:port/shareDirectoryName

Have you got any error messages?
Please try to ping the external server both with the IP address and the FQDN firstly.

There is no need to assign the port.
Just input ” \server name or IP address” to have a test in Windows Explorer.

My Window 10 Pro would not let me access my old NAS drive, although I could enter the drives administrative setup. Here is the work-around I used. While in the admin setup I created a SMB share, folder named DATA. I went back to Windows Desktop and clicked on This PC icon. In the file explorer window I right clicked on “This PC” and choose “add a network location.” That started “add a network location wizard.” Follow the prompts and enter the address in the input box in this manner: \198.192.1.116DATA (the address is the one assigned to the NAS drive by DHCP) That’s it. You can give it a name so you know it’s your NAS. It shows up under This PC in file explorer. You can even map to it with the same procedure. BTW, it would probably be prudent to assign the NAS a static address in your router so it doesn’t change. That would break the path and the map.

Tagged : / / /

Math Genius: $f:(a,+infty)rightarrowmathbb{R} $ is differentiable function. I need explicit proof of a problem I find obvious

Original Source Link

If $f'(x)>c, forall xin(a,+infty)$ where $c>0$. Prove that $lim_{xto+infty} f(x) = +infty$. I would say that this is trivial, how could we prove this explicitly?

Intuition suggests that a function with a positive derivative is strictly increasing. You can prove this using the mean value theorem. Next, you can use the mean value theorem to prove the function is also unbounded from above.

You now have a strictly increasing function with no upper bound, so you know its limit.

This is a direct application of Newton-Leibniz formula
$$
f(x) = f(a) + int_a^x f'(t) , dt ge f(a) + c(x-a)
$$

Tagged : /