Thứ Năm, 19 tháng 12, 2024

Configuring L3 nPath load balancing and monitoring

Topic You should consider using this procedure under the following conditions: You want to use Layer 3 (L3) nPath load balancing (also known as Direct Server Return or Asymmetric Routing). You want to monitor the origin web servers from the BIG-IP system. You have L3 client requests that need to be load balanced on the BIG-IP system, with server responses returning directly to the client. Note: The recommendations included in this article are only valid for BIG-IP 11.1.0. Beginning in BIG-IP 11.2.0, the way you create network tunnels changed. To locate the options for creating network tunnels in BIG-IP 11.2.0 and later, access the Configuration utility and then navigate to Network > Tunnels. Description L3 nPath routing enables traffic to be load balanced over a routed topology. In this deployment, the server sends its responses directly back to the client instead of the BIG-IP system, even when the servers and any intermediate routers are on different networks. This load balancing method uses IP encapsulation to create a uni-directional outbound tunnel from the server pool to the server. The origin web server unencapsulates the original client IP information, which is then used to route the return traffic directly to the client. The available encapsulation protocols are GRE and IPIP. The protocol you choose for building the encapsulation tunnel may depend on the requirements of your environment. GRE supports unicast and multicast traffic, IPv4, and IPv6. IPIP supports unicast traffic and IPv4. Prerequisites You must meet the following prerequisites to use this procedure: You have a properly configured network path from the origin web servers to clients that does not traverse the BIG-IP system. You have a system user account with Traffic Management Shell (tmsh) utility access; you cannot perform certain steps in the process from the Configuration utility. You are conversant in the following configurations for the operating system of your origin web servers: IPIP and GRE tunnel configuration Loopback interface configuration Web services configuration Procedures To use this topology, perform the following procedures and create the following objects: Configuring BIG-IP Enabling the monitor encapsulation variable Creating a load balancing pool with an encapsulation profile Creating a transparent monitor Creating a FastL4 profile Creating a virtual server Configuring an origin web server configuration Configuring a loop back IP address Configuring an encapsulation tunnel Configuring the web service Enable the monitor encapsulation variable To monitor the pool member over an encapsulated tunnel, enable the tm.monitorencap variable by performing the following procedure: Impact of procedure: Performing the following procedure should not have a negative impact on your system. Log in to the tmsh utility by entering the following command: tmsh Note: For the remainder of this article, you must be logged in to the tmsh utility. Subsequent procedures in this article assume you are logged in to the tmsh utility from this step onward. Enable the tm.monitorencap variable by entering the following command: modify sys db tm.monitorencap value enable Create a load balancing pool Create a load balancing pool that references the desired encapsulation profile and the origin web servers as pool members. Impact of procedure: Performing the following procedure should not have a negative impact on your system. To perform this procedure, enter the following command syntax: create ltm pool profiles add { } members add { :any } Use the following examples to help you perform this procedure: To create a pool named ipip_pool, referencing an IPIP profile, and using the server 10.104.5.1 as the pool member, you enter a command similar to following example: create ltm pool ipip_pool profiles add { ipip } members add { 10.104.5.1:any } Note: The pool member is the physical IP address of the server that is hosting the virtual IP that must be load balanced. To create a pool that includes multiple pool members, you enter a command similar to following example: create ltm pool ipip.pool profiles add { ipip } members add { 10.104.5.1:any 10.104.5.2:any 10.104.5.3:any } Create a transparent monitor You use a transparent monitor to monitor the virtual IP and service hosted on the loopback interface of the physical origin web server. You create the loopback server later in this article. Impact of procedure: Performing the following procedure should not have a negative impact on your system. Use the following command syntax to perform this operation: create ltm monitor defaults-from destination : send recv transparent enabled interval timeout For example, to create a monitor named ipip.mon to monitor the service at 10.200.1.100:80, you enter the following command: create ltm monitor tcp ipip.mon defaults-from tcp destination 10.200.1.100:80 send 'GET / HTTP1.1\r\nHost: \r \nConnection: Close\r\n' recv 'It works!' transparent enabled interval 5 timeout 16 Notes: This example monitor expects a receive string that contains the following example value in the HTTP response from the virtual service: "It Works!" You must change this value to match a valid string appropriate to your environment. For more information about send and receive strings, and monitor time out values, refer to the Supplemental Information section of this article. The following destination is the IP address and port for the virtual server that resides on the loopback of the origin web server: :. Create a FastL4 profile Create a FastL4 profile to disable hardware acceleration for the virtual server. Impact of procedure: Performing the following procedure should not have a negative impact on your system. Create the FastL4 profile by using the following command syntax: create ltm profile fastl4 pva-acceleration none For example, to create a profile named ipip.fastl4, you enter the following command: create ltm profile fastl4 ipip.fastl4 pva-acceleration none Create a virtual server Create a virtual server to answer client requests and forward the requests to the pool members. Impact of procedure: Performing the following procedure should not have a negative impact on your system. Create the virtual server using the following command syntax: create ltm virtual destination :any pool profiles add { } translate-address disabled ip-protocol For example, to create a virtual server with the name ipip.vip and the address 10.200.1.100:any, which references the load balancing pool and FastL4 profile created in the previous steps, you enter the following command: create ltm virtual ipip.vip destination 10.200.1.100:any pool ipip.pool profiles add { ipip.fastl4 } translate- address disabled ip-protocol tcp Note: The destination IP address of the virtual server must be the same as that of the virtual service hosted on the loopback interface of the origin web server. After you complete all the steps on the BIG-IP system, save the configuration by entering the following command: tmsh save sys config Configure a loopback IP Configure the origin web server with an IP address on the loopback interface that matches the destination IP address on the BIG-IP virtual server and the one in the BIG-IP transparent monitor. Impact of procedure: Performing the following procedure should not have a negative impact on your system. Note: The following command examples are for a web server running a generic GNU/Linux operating system. They are provided for guidance only. For more information about configuring your specific operating system, refer to your documentation. To assign the IP address 10.200.1.100 to the loopback interface, use a command similar to the following example: ip addr add 10.200.1.100 label lo:0 dev lo scope global Note: Scope must be set to global to ensure this IP address is routable. Configure an encapsulation tunnel Configure the origin web server to listen for encapsulated packets destined for the loopback IP address. Impact of procedure: Performing the following procedure should not have a negative impact on your system. Note: The following command examples are for a web server running a generic GNU/Linux operating system. They are provided for guidance only. For more information about configuring your specific operating system, refer to your documentation. To configure the origin web server for an IPIP tunnel, use a series of commands similar to the following example: sysctl -w net.ipv4.conf.all.arp_ignore=3 sysctl -w net.ipv4.conf.all.arp_announce=2 modprobe ipip ip link set tunl0 up ip addr add 10.200.1.100 scope host dev tunl0 sysctl -w net.ipv4.conf.all.rp_filter=0 sysctl -w net.ipv4.conf.tunl0.rp_filter=0 To configure the origin web server for a GRE tunnel, use a series of commands similar to the following example: sysctl -w net.ipv4.conf.all.arp_ignore=3 sysctl -w net.ipv4.conf.all.arp_announce=2 modprobe ipgre ip link set gre0 up ip addr add 10.200.1.100 scope host dev gre0 sysctl -w net.ipv4.conf.all.rp_filter=0 sysctl -w net.ipv4.conf.gre0.rp_filter=0 Configure the web service Configure the web service running on the origin web server to listen on the IP address that you just configured on the loopback interface, in the previous steps of this article. Impact of procedure: Performing the following procedure should not have a negative impact on your system. To maintain consistency with the example configuration in this article, you create the web service at: 10.200.1.100:80. For information about configuring the web service on the loopback interface of the origin web server, refer to your web server documentation.
Read More

Thứ Năm, 3 tháng 10, 2024

Chrome browser version (129) in headless mode produces a blank white window

Looks like this is a bug in Chrome Browser 129, which was released on September 17th, 2024. https://developer.chrome.com/docs/chromedriver/ Found related issues on github. https://github.com/SeleniumHQ/selenium/issues/14514 Solution 1. work with Chrome 128. Solution 2. hide the window by: var co = new ChromeOptions(); co.AddArgument("--window-position=-10000,-10000") Solution 3. options.AddArgument("--headless=old") https://developer.chrome.com/docs/chromium/headless
Read More

Thứ Tư, 25 tháng 9, 2024

Activate Office 2021 for FREE using KMS client key

Step 1.1: Open cmd program with administrator rights. First, you need to open cmd in the admin mode, then run all commands below one by one. Step 1.2: Get into the Office directory in cmd. cd /d %ProgramFiles(x86)%\Microsoft Office\Office16 cd /d %ProgramFiles%\Microsoft Office\Office16 If you install your Office in the ProgramFiles folder, the Office directory depends on the architecture of your OS. If you are not sure of this issue, just run both of the commands above. One of them will be not executed and an error message will be printed on the screen. Step 1.3: Install Office 2021 volume license. for /f %x in ('dir /b ..\root\Licenses16\ProPlus2021VL_KMS*.xrm-ms') do cscript ospp.vbs /inslic:"..\root\Licenses16\%x" This step is required. You can not install the KMS client product key of Office without a volume license. Step 1.4: Activate your Office using the KMS key. Make sure your device is connected to the internet, then run the following commands. cscript ospp.vbs /setprt:1688 cscript ospp.vbs /unpkey:6F7TH >nul cscript ospp.vbs /inpkey:FXYTK-NJJ8C-GB6DW-3DYQT-6F7TH cscript ospp.vbs /sethst:kms8.msguides.com cscript ospp.vbs /act
Read More

Thứ Ba, 10 tháng 9, 2024

[ MongoDB ] What to do if you accidentally drop a MongoDB table?

In fact, many people when encountering this situation think that it is impossible to save MongoDB data. And very few people share about this case. This is a very real situation and has many difficulties when faced. If the database is Oracle, we can easily do it. However, what about MongoDB? The answer is yes. However, the way to save data will be more complicated. In this article, I will share with you a method that can save data when deleting or dropping the wrong table. A useful method for those who accidentally impact the database Step 1: Immediately backup oplog after detecting the wrong data deletion behavior The command is as follows: mongodump -u username --authenticationDatabase admin -p password -d local -c oplog.rs --out /backup/mongo Step 2: Determine the timestamp on the oplog.rs table to restore the point in time before the drop time db.getCollection("oplog.rs").find({"o.drop" : "collection_name"}) Step 3: Recover the point in time of the dropped data to save the data mongorestore --port 27017 -u username -p password --authenticationDatabase admin --oplogReplay --oplogLimit=1725939063:1 /backup/mongo/local/oplog.rs.bson
Read More

Thứ Hai, 26 tháng 8, 2024

How to add a custom PHP version in Plesk for Linux?

 

Question

How to add a custom PHP version in Plesk for Linux?

Answer

Warning: All the instructions below are to be performed at own will and risk. These steps are provided for demonstration purposes only and not supported by Plesk. Depending on the operating system and the desired configuration, installation steps might differ significantly. When installing an additional PHP version on the server, read the official PHP documentation on installation. It's recommended to perform the installation on a test environment before modifying the production environment.

On Linux systems, you can install any PHP version you need and then make it available in Plesk by registering it with the plesk bin php_handler command-line utility.


1- Install the custom PHP version

Install the desired PHP version on the server. For installation guidelines, refer to the official PHP documentation available at http://php.net/manual/en/install.php. In brief, the installation includes the following main steps.

  1. Connect to the server via SSH

  2. Install C compiler and XML library with the following commands:

    • RHEL based OSes:

      yum install gcc -y && yum install libxml2-devel -y

    • Debian based OSes:

      apt-get install build-essential && apt-get install libxml2-dev

  3. Download the PHP source you need from the official website (http://php.net/downloads.php or http://php.net/releases/) to the server and unpack it:

    gunzip php-NN.tar.gz

    tar -xf php-NN.tar

  4. Configure and build PHP:

    Note: In this step, it's possible to customize PHP with various options, such as specifying which extensions will be enabled in the compiled PHP version. Run ./configure --help to see a list of the available options.

    cd ../php-NN

    ./configure --prefix=/usr/local/phpNN --enable-fpm --with-fpm-group=www-data

    make

    make install

  5. Set up the php.ini:

    Note: Edit the .ini file to set the desired PHP options. If it's required to configure the  php.ini file in another location, run the configure utility with the option --with-config-file-path=/some/path in the previous step.

    cp php.ini-development /usr/local/lib/php.ini

    2- Register the custom PHP version in Plesk
    1. Connect to the server via SSH

    2. Register the new PHP version in Plesk:

      Note: More information can be found with the following command: plesk bin php_handler --help

      2.1- CGI/FastCGI example:

      plesk bin php_handler --add -displayname <NN> -path <path to php-cgi binary> -phpini <path to php.ini> -type <php handler> -id <NN-custom> -clipath <path to php cli>

      Where:

        • -displayname <NN>: It's the PHP version name that will be shown in the Plesk UI. It's recommended to include the version number in the displayname, for example: 7.4.5-custom
        • -path <path to php-cgi binary>: It's the location of the PHP CGI binary file. The location is shown in the output shown by the command make install in the line Installing PHP CGI binary. For example, if the output contains the line Installing PHP CGI binary: /usr/local/bin/, the location to specify is /usr/local/bin/php-cgi. Learn more at: http://php.net/manual/en/install.unix.commandline.php
        • -clipath <path to php cli>: It's the location of the PHP CLI binary file. The location is shown in the output of the command make install in the line Installing PHP CLI binary. For example, if the output contains the line Installing PHP CLI binary: /usr/local/bin/, the location to specify is /usr/local/bin/php. Learn more at: http://php.net/manual/en/install.unix.commandline.php
        • -phpini <path to php.ini>: It's the location of the php.ini file, for example: /usr/local/lib/php.ini 
        • -type <php handler>: It's the type of the PHP handler associated with the installed PHP version. This example is for cgi , fpm or fastcgi PHP handlers and the mod_php is not supported
        • (Optional) -id <NN-custom>: It's the identifier that will be used for referring to this PHP version when adjusting or removing it via plesk bin php_handlers utility

      2.2- FPM example (Notes: systemctl unit should also be created manually, if it specific for OS distribution; To add the PHP handler as a dedicated application, append '-fpm-dedicated' to the hander ID when registering; To add PHP as a 'usual' FPM application, add the handler second time, without the '-fpm-dedicated' ):

      plesk bin php_handler --add -displayname <NN> -path <path to php-fpm binary> -phpini <path to php.ini> -type fpm -id <NN-custom> -clipath <path to php cli> -service <PHP_FPM_service_name> -poold <path to php-fpm.d pool folder>

      Where:

        • -path <path to php-fpm binary>: It's the location of the PHP FPM binary file. The location is shown in the output shown by the command make install in the line Installing PHP-FPM binary
        • -service <PHP FPM service name>: It's the PHP FPM service name
        • -poold <path to php-fpm.d pool folder>: It's the location containing the pool configuration files
        • 3- Assign the custom PHP version (Plesk GUI)

          Once the custom PHP versions are registered after applying the steps above, the custom PHP versions will be available:

          1. Log in to Plesk GUI

          2. Assign the custom PHP version:

            • Service Plan level: Go to Service Plans > Service Plan Name > PHP Settings

            • Domain level: Go to Domains > example.com > PHP Settings

Read More

Thứ Tư, 14 tháng 8, 2024

Cwrsync Invalid UID Nobody solution

 The following error occurred while using the Rsync/cwrsync tool for file synchronization:

C:Program Filescwrsyncbin>rsync.exe-av Rsync://192.168.0.211:52326/test/cygdrive/e/www.01314.cn/rsync  
@ Error:invalid UID Nobody  

Workaround: Add the following two lines to the rsyncd.conf file to resolve the problem
UID = 0
GID = 0
Full rsyncd.conf file

UID = 0 
gid = 0 Use 
chroot = False 
Strict modes = False 
hosts allow = *  
log file = Rsyncd.log  
pid FILE = rsyncd.pid  
port = 52326  
Max connections = 4 
 
# Module Definitions  
# Remember Cygwin naming Conve Ntions:c:work becomes/cygwin/c/work  
#  
[Test]  
path =/cygdrive/e/rsync/res  
Read Only = yes 
Transfer logging = yes 
lock file = Rsyncd.lock  

Cwrsync the permissions configuration and invalid UID Nobody of client password files

Cwrsync the client password file's permissions configuration disposition method.

Windows uses chmod under Cygwin
After creating the document, change the authority to 600.
chmod 600/rsyncd.passwd
Invalid UID Nobody disposal method.
Fix config file: rsyncd.conf
Add at the beginning of the file
UID = 0
GID = 0

Read More

Technical Note: Policy IDs column in FortiMail History Log

 Description

 

This article describes that an additional column called 'Policy IDs' was added to the History Log in FortiMail firmware v5.0. This is very useful in troubleshooting which policies or access controls are generating the log entries.


Scope

 
FortiMail v5.0 onwards.


Solution

 

The Policy ID value is separated into 3 different columns:

<Access Control> : <IP Policies> : <Recipient Policies>

For example: Policy IDs 9:1:3

This means it is hitting Access Control ID 9, IP Policy 1 and Recipient Policy 3. 
If no access control policies were created, Fortimail will use the default access control policy which has the number '0' to relay inbound emails.
Read More