Topic
You should consider using this procedure under the following conditions:
You want to use Layer 3 (L3) nPath load balancing (also known as Direct Server Return or Asymmetric Routing).
You want to monitor the origin web servers from the BIG-IP system.
You have L3 client requests that need to be load balanced on the BIG-IP system, with server responses returning directly to the client.
Note: The recommendations included in this article are only valid for BIG-IP 11.1.0. Beginning in BIG-IP 11.2.0, the way you create network tunnels changed. To locate the options for creating network tunnels in BIG-IP 11.2.0 and later, access the Configuration utility and then navigate to Network > Tunnels.
Description
L3 nPath routing enables traffic to be load balanced over a routed topology. In this deployment, the server sends its responses directly back to the client instead of the BIG-IP system, even when the servers and any intermediate routers are on different networks. This load balancing method uses IP encapsulation to create a uni-directional outbound tunnel from the server pool to the server. The origin web server unencapsulates the original client IP information, which is then used to route the return traffic directly to the client.
The available encapsulation protocols are GRE and IPIP. The protocol you choose for building the encapsulation tunnel may depend on the requirements of your environment.
GRE supports unicast and multicast traffic, IPv4, and IPv6.
IPIP supports unicast traffic and IPv4.
Prerequisites
You must meet the following prerequisites to use this procedure:
You have a properly configured network path from the origin web servers to clients that does not traverse the BIG-IP system.
You have a system user account with Traffic Management Shell (tmsh) utility access; you cannot perform certain steps in the process from the Configuration utility.
You are conversant in the following configurations for the operating system of your origin web servers:
IPIP and GRE tunnel configuration
Loopback interface configuration
Web services configuration
Procedures
To use this topology, perform the following procedures and create the following objects:
Configuring BIG-IP
Enabling the monitor encapsulation variable
Creating a load balancing pool with an encapsulation profile
Creating a transparent monitor
Creating a FastL4 profile
Creating a virtual server
Configuring an origin web server configuration
Configuring a loop back IP address
Configuring an encapsulation tunnel
Configuring the web service
Enable the monitor encapsulation variable
To monitor the pool member over an encapsulated tunnel, enable the tm.monitorencap variable by performing the following procedure:
Impact of procedure: Performing the following procedure should not have a negative impact on your system.
Log in to the tmsh utility by entering the following command:
tmsh
Note: For the remainder of this article, you must be logged in to the tmsh utility. Subsequent procedures in this article assume you are logged in to the tmsh utility from this step onward.
Enable the tm.monitorencap variable by entering the following command:
modify sys db tm.monitorencap value enable
Create a load balancing pool
Create a load balancing pool that references the desired encapsulation profile and the origin web servers as pool members.
Impact of procedure: Performing the following procedure should not have a negative impact on your system.
To perform this procedure, enter the following command syntax:
create ltm pool profiles add { } members add { :any }
Use the following examples to help you perform this procedure:
To create a pool named ipip_pool, referencing an IPIP profile, and using the server 10.104.5.1 as the pool member, you enter a command similar to following example:
create ltm pool ipip_pool profiles add { ipip } members add { 10.104.5.1:any }
Note: The pool member is the physical IP address of the server that is hosting the virtual IP that must be load balanced.
To create a pool that includes multiple pool members, you enter a command similar to following example:
create ltm pool ipip.pool profiles add { ipip } members add { 10.104.5.1:any 10.104.5.2:any 10.104.5.3:any }
Create a transparent monitor
You use a transparent monitor to monitor the virtual IP and service hosted on the loopback interface of the physical origin web server. You create the loopback server later in this article.
Impact of procedure: Performing the following procedure should not have a negative impact on your system.
Use the following command syntax to perform this operation:
create ltm monitor defaults-from destination : send recv transparent enabled interval timeout
For example, to create a monitor named ipip.mon to monitor the service at 10.200.1.100:80, you enter the following command:
create ltm monitor tcp ipip.mon defaults-from tcp destination 10.200.1.100:80 send 'GET / HTTP1.1\r\nHost: \r \nConnection: Close\r\n' recv 'It works!' transparent enabled interval 5 timeout 16
Notes:
This example monitor expects a receive string that contains the following example value in the HTTP response from the virtual service: "It Works!" You must change this value to match a valid string appropriate to your environment. For more information about send and receive strings, and monitor time out values, refer to the Supplemental Information section of this article.
The following destination is the IP address and port for the virtual server that resides on the loopback of the origin web server: :.
Create a FastL4 profile
Create a FastL4 profile to disable hardware acceleration for the virtual server.
Impact of procedure: Performing the following procedure should not have a negative impact on your system.
Create the FastL4 profile by using the following command syntax:
create ltm profile fastl4 pva-acceleration none
For example, to create a profile named ipip.fastl4, you enter the following command:
create ltm profile fastl4 ipip.fastl4 pva-acceleration none
Create a virtual server
Create a virtual server to answer client requests and forward the requests to the pool members.
Impact of procedure: Performing the following procedure should not have a negative impact on your system.
Create the virtual server using the following command syntax:
create ltm virtual destination :any pool profiles add { } translate-address disabled ip-protocol
For example, to create a virtual server with the name ipip.vip and the address 10.200.1.100:any, which references the load balancing pool and FastL4 profile created in the previous steps, you enter the following command:
create ltm virtual ipip.vip destination 10.200.1.100:any pool ipip.pool profiles add { ipip.fastl4 } translate- address disabled ip-protocol tcp
Note: The destination IP address of the virtual server must be the same as that of the virtual service hosted on the loopback interface of the origin web server.
After you complete all the steps on the BIG-IP system, save the configuration by entering the following command:
tmsh save sys config
Configure a loopback IP
Configure the origin web server with an IP address on the loopback interface that matches the destination IP address on the BIG-IP virtual server and the one in the BIG-IP transparent monitor.
Impact of procedure: Performing the following procedure should not have a negative impact on your system.
Note: The following command examples are for a web server running a generic GNU/Linux operating system. They are provided for guidance only. For more information about configuring your specific operating system, refer to your documentation.
To assign the IP address 10.200.1.100 to the loopback interface, use a command similar to the following example:
ip addr add 10.200.1.100 label lo:0 dev lo scope global
Note: Scope must be set to global to ensure this IP address is routable.
Configure an encapsulation tunnel
Configure the origin web server to listen for encapsulated packets destined for the loopback IP address.
Impact of procedure: Performing the following procedure should not have a negative impact on your system.
Note: The following command examples are for a web server running a generic GNU/Linux operating system. They are provided for guidance only. For more information about configuring your specific operating system, refer to your documentation.
To configure the origin web server for an IPIP tunnel, use a series of commands similar to the following example:
sysctl -w net.ipv4.conf.all.arp_ignore=3
sysctl -w net.ipv4.conf.all.arp_announce=2
modprobe ipip
ip link set tunl0 up
ip addr add 10.200.1.100 scope host dev tunl0
sysctl -w net.ipv4.conf.all.rp_filter=0
sysctl -w net.ipv4.conf.tunl0.rp_filter=0
To configure the origin web server for a GRE tunnel, use a series of commands similar to the following example:
sysctl -w net.ipv4.conf.all.arp_ignore=3
sysctl -w net.ipv4.conf.all.arp_announce=2
modprobe ipgre
ip link set gre0 up
ip addr add 10.200.1.100 scope host dev gre0
sysctl -w net.ipv4.conf.all.rp_filter=0
sysctl -w net.ipv4.conf.gre0.rp_filter=0
Configure the web service
Configure the web service running on the origin web server to listen on the IP address that you just configured on the loopback interface, in the previous steps of this article.
Impact of procedure: Performing the following procedure should not have a negative impact on your system.
To maintain consistency with the example configuration in this article, you create the web service at: 10.200.1.100:80.
For information about configuring the web service on the loopback interface of the origin web server, refer to your web server documentation.
Read More
Thứ Năm, 19 tháng 12, 2024
Thứ Năm, 3 tháng 10, 2024
Chrome browser version (129) in headless mode produces a blank white window
Looks like this is a bug in Chrome Browser 129, which was released on September 17th, 2024.
https://developer.chrome.com/docs/chromedriver/
Found related issues on github.
https://github.com/SeleniumHQ/selenium/issues/14514
Solution 1. work with Chrome 128.
Solution 2. hide the window by:
var co = new ChromeOptions();
co.AddArgument("--window-position=-10000,-10000")
Solution 3.
options.AddArgument("--headless=old")
https://developer.chrome.com/docs/chromium/headless
Read More
Thứ Tư, 25 tháng 9, 2024
Activate Office 2021 for FREE using KMS client key
Step 1.1: Open cmd program with administrator rights.
First, you need to open cmd in the admin mode, then run all commands below one by one.
Step 1.2: Get into the Office directory in cmd.
cd /d %ProgramFiles(x86)%\Microsoft Office\Office16
cd /d %ProgramFiles%\Microsoft Office\Office16
If you install your Office in the ProgramFiles folder, the Office directory depends on the architecture of your OS. If you are not sure of this issue, just run both of the commands above. One of them will be not executed and an error message will be printed on the screen.
Step 1.3: Install Office 2021 volume license.
for /f %x in ('dir /b ..\root\Licenses16\ProPlus2021VL_KMS*.xrm-ms') do cscript ospp.vbs /inslic:"..\root\Licenses16\%x"
This step is required. You can not install the KMS client product key of Office without a volume license.
Step 1.4: Activate your Office using the KMS key.
Make sure your device is connected to the internet, then run the following commands.
cscript ospp.vbs /setprt:1688
cscript ospp.vbs /unpkey:6F7TH >nul
cscript ospp.vbs /inpkey:FXYTK-NJJ8C-GB6DW-3DYQT-6F7TH
cscript ospp.vbs /sethst:kms8.msguides.com
cscript ospp.vbs /act
Read More
Thứ Ba, 10 tháng 9, 2024
[ MongoDB ] What to do if you accidentally drop a MongoDB table?
In fact, many people when encountering this situation think that it is impossible to save MongoDB data. And very few people share about this case. This is a very real situation and has many difficulties when faced.
If the database is Oracle, we can easily do it. However, what about MongoDB?
The answer is yes. However, the way to save data will be more complicated.
In this article, I will share with you a method that can save data when deleting or dropping the wrong table. A useful method for those who accidentally impact the database
Step 1: Immediately backup oplog after detecting the wrong data deletion behavior
The command is as follows:
mongodump -u username --authenticationDatabase admin -p password -d local -c oplog.rs --out /backup/mongo
Step 2: Determine the timestamp on the oplog.rs table to restore the point in time before the drop time
db.getCollection("oplog.rs").find({"o.drop" : "collection_name"})
Step 3: Recover the point in time of the dropped data to save the data
mongorestore --port 27017 -u username -p password --authenticationDatabase admin --oplogReplay --oplogLimit=1725939063:1 /backup/mongo/local/oplog.rs.bson
Read More
Thứ Hai, 26 tháng 8, 2024
How to add a custom PHP version in Plesk for Linux?
Question
How to add a custom PHP version in Plesk for Linux?
Answer
Warning: All the instructions below are to be performed at own will and risk. These steps are provided for demonstration purposes only and not supported by Plesk. Depending on the operating system and the desired configuration, installation steps might differ significantly. When installing an additional PHP version on the server, read the official PHP documentation on installation. It's recommended to perform the installation on a test environment before modifying the production environment.
On Linux systems, you can install any PHP version you need and then make it available in Plesk by registering it with the plesk bin php_handler command-line utility.
1- Install the custom PHP version
Install the desired PHP version on the server. For installation guidelines, refer to the official PHP documentation available at http://php.net/manual/en/install.php. In brief, the installation includes the following main steps.
Connect to the server via SSH
Install C compiler and XML library with the following commands:
RHEL based OSes:
# yum install gcc -y && yum install libxml2-devel -y
Debian based OSes:
# apt-get install build-essential && apt-get install libxml2-dev
Download the PHP source you need from the official website (http://php.net/downloads.php or http://php.net/releases/) to the server and unpack it:
# gunzip php-NN.tar.gz
# tar -xf php-NN.tar
Configure and build PHP:
Note: In this step, it's possible to customize PHP with various options, such as specifying which extensions will be enabled in the compiled PHP version. Run
./configure --helpto see a list of the available options.# cd ../php-NN
# ./configure --prefix=/usr/local/phpNN --enable-fpm --with-fpm-group=www-data
# make
# make install
Set up the
php.ini:Note: Edit the
.inifile to set the desired PHP options. If it's required to configure thephp.inifile in another location, run theconfigureutility with the option--with-config-file-path=/some/pathin the previous step.# cp php.ini-development /usr/local/lib/php.ini
2- Register the custom PHP version in PleskConnect to the server via SSH
Register the new PHP version in Plesk:
Note: More information can be found with the following command:
plesk bin php_handler --help2.1- CGI/FastCGI example:
# plesk bin php_handler --add -displayname <NN> -path <path to php-cgi binary> -phpini <path to php.ini> -type <php handler> -id <NN-custom> -clipath <path to php cli>
Where:
-displayname<NN>: It's the PHP version name that will be shown in the Plesk UI. It's recommended to include the version number in thedisplayname, for example:7.4.5-custom-path<path to php-cgi binary>: It's the location of the PHP CGI binary file. The location is shown in the output shown by the commandmake installin the line Installing PHP CGI binary. For example, if the output contains the line Installing PHP CGI binary: /usr/local/bin/, the location to specify is /usr/local/bin/php-cgi. Learn more at: http://php.net/manual/en/install.unix.commandline.php-clipath<path to php cli>: It's the location of the PHP CLI binary file. The location is shown in the output of the commandmake installin the line Installing PHP CLI binary. For example, if the output contains the line Installing PHP CLI binary: /usr/local/bin/, the location to specify is /usr/local/bin/php. Learn more at: http://php.net/manual/en/install.unix.commandline.php-phpini<path to php.ini>: It's the location of thephp.inifile, for example:/usr/local/lib/php.ini-type<php handler>: It's the type of the PHP handler associated with the installed PHP version. This example is for cgi , fpm or fastcgi PHP handlers and the mod_php is not supported- (Optional)
-id<NN-custom>: It's the identifier that will be used for referring to this PHP version when adjusting or removing it viaplesk bin php_handlersutility
2.2- FPM example (Notes: systemctl unit should also be created manually, if it specific for OS distribution; To add the PHP handler as a dedicated application, append '-fpm-dedicated' to the hander ID when registering; To add PHP as a 'usual' FPM application, add the handler second time, without the '-fpm-dedicated' ):
# plesk bin php_handler --add -displayname <NN> -path <path to php-fpm binary> -phpini <path to php.ini> -type fpm -id <NN-custom> -clipath <path to php cli> -service <PHP_FPM_service_name> -poold <path to php-fpm.d pool folder>
Where:
-path<path to php-fpm binary>: It's the location of the PHP FPM binary file. The location is shown in the output shown by the commandmake installin the line Installing PHP-FPM binary-service<PHP FPM service name>: It's the PHP FPM service name-poold<path to php-fpm.d pool folder>: It's the location containing the pool configuration files- 3- Assign the custom PHP version (Plesk GUI)
Once the custom PHP versions are registered after applying the steps above, the custom PHP versions will be available:
Assign the custom PHP version:
Service Plan level: Go to Service Plans > Service Plan Name > PHP Settings
Domain level: Go to Domains > example.com > PHP Settings
Thứ Tư, 14 tháng 8, 2024
Cwrsync Invalid UID Nobody solution
The following error occurred while using the Rsync/cwrsync tool for file synchronization:
C:Program Filescwrsyncbin>rsync.exe-av Rsync://192.168.0.211:52326/test/cygdrive/e/www.01314.cn/rsync @ Error:invalid UID Nobody
Workaround: Add the following two lines to the rsyncd.conf file to resolve the problem
UID = 0
GID = 0
Full rsyncd.conf file
UID = 0 gid = 0 Use chroot = False Strict modes = False hosts allow = * log file = Rsyncd.log pid FILE = rsyncd.pid port = 52326 Max connections = 4 # Module Definitions # Remember Cygwin naming Conve Ntions:c:work becomes/cygwin/c/work # [Test] path =/cygdrive/e/rsync/res Read Only = yes Transfer logging = yes lock file = Rsyncd.lock
Cwrsync the permissions configuration and invalid UID Nobody of client password files
Cwrsync the client password file's permissions configuration disposition method.
Windows uses chmod under Cygwin
After creating the document, change the authority to 600.
chmod 600/rsyncd.passwd
Invalid UID Nobody disposal method.
Fix config file: rsyncd.conf
Add at the beginning of the file
UID = 0
GID = 0
Technical Note: Policy IDs column in FortiMail History Log
Description
This article describes that an additional column called 'Policy IDs' was added to the History Log in FortiMail firmware v5.0. This is very useful in troubleshooting which policies or access controls are generating the log entries.
Scope
FortiMail v5.0 onwards.
Solution
The Policy ID value is separated into 3 different columns:
<Access Control> : <IP Policies> : <Recipient Policies>
For example: Policy IDs 9:1:3
This means it is hitting Access Control ID 9, IP Policy 1 and Recipient Policy 3. If no access control policies were created, Fortimail will use the default access control policy which has the number '0' to relay inbound emails.
<Access Control> : <IP Policies> : <Recipient Policies>
For example: Policy IDs 9:1:3
This means it is hitting Access Control ID 9, IP Policy 1 and Recipient Policy 3. If no access control policies were created, Fortimail will use the default access control policy which has the number '0' to relay inbound emails.
Đăng ký:
Bài đăng (Atom)