Hello guys,
We have a strange problem with Netskope.
Actually, after speaking with netskope, we have arranged a dedicated ip range for outgoing from netskope proxy. This we have configured as "dedicated egress ip", in configuration menu. Here we have add all users of our bussiness.
The problem that we have experimented is that some users have problem reaching some websites. The error that it show in the navigator is "bad gateway".
If we change the configuration and apply old ip ranges (netskope original ranges) it works perfectly. But we need to change to new ones, and netskope support is taking a lot of time to solve this.
Someone has had the same error? Have you know what can be the problem?
Thanks in advance.

Heya! These posts/introduction messages always feel awkward and forced for me 😅 so buckle up 🤪…
Let’s get what I’m looking for out of the way, as no sense in taking up more of your time if it’s obvious that we aren’t a fit.
What I’m seeking:
As of current, my primary interests align most with a FWB situation, but I am open to any form of connection that develops organically between us (including simple friendship). I’m relatively open with regard to availability, though in an ideal world you would be open to seeing each other 1-2+ times a week. I’m attracted to a wide range of personalities and body types, so it can be hard to relay my interests there and is usually best just to connect and see if we click or not. I guess in the end, I’m pretty flexible in my interest and desires.
It’s also important to note that I do not smoke or drink at all. I don’t judge if you do either, but I will say that being around cigarette smoke is likely to be a dealbreaker for me. As for weed, I hate the smell, so I just ask that you please avoid smoking it around me. Vapes are fine, just please don’t blow them in my direction as I personally don’t care to breath that in. Alcohol I have no problem being around in all capacities lol get plastered for all I care.
A bit about myself:
It’s always hard to gauge what to share to the world in “bios” like this..I’ll try to highlight some of my most prominent characteristics and details 🤷‍♂️.
Let’s start physical. I’m 6’7”, definitely a dad bod with a bit of a stomach, 33 years young, long brown curly-ish/wavy hair (admittedly facing some male pattern baldness at my forehead hairline, so doing what I can with what I’ve got while I can 🤷‍♂️), brown eyes, wear glasses (if that matters to you at all), maintain a beard at all times (take the hair where I can, right? 🤪🤷‍♂️), and wear a size 19 shoe (putting that out there as it’s always a shocker 😆). No, I never played basketball for any teams growing up, but did play pickup games often after high school. The weather is just fine “up here” 🤪. As for style, or lack thereof 😆, you’ll likely always see me in some form of graphic or plain T-shirt with likely some form of shorts (I love the cold and hate being hot) year round, though every now and then I’ll change it up with pants and/or pollos 🤷‍♂️. I want to be more stylish tbh, but I don’t have the eye for good style, I’m colorblind, and often don’t feel other styles would suit my looks 🤷‍♂️. Speaking of looks, standard bearded Caucasian nerd looking dude lol, though when people see me, they might be quick to assume I’m the standard white conservative Christian type, when in reality I’m far from such (curse the genetics and looks I was born into 😭).
Kink friendly, so any questions or curiosity around such please feel free to bring up and discuss with me further.
I think that’s a good start on physical attributes, let’s move on to the internal ish…
Gah this section is much tougher to fill out 😅. Look, I just love just about everybody, will generally give everybody the time of day and benefit of doubt, can strike up a convo with just about anyone (though sometimes I need the other person to engage the start of that convo 😅), and would do my best to help and protect anyone around. I just want the best for everyone, ya know? I’d say i lean more extroverted, but do battle a moderate amount of social anxiety that im sure you’ve picked up on by now..you’d likely think im more introverted with how often I stay home and how little I randomly reach out to friends/others. It’s not that I don’t love getting out and about and don’t care to talk to my friends, I just get so caught up in my day to day life that it just doesn’t cross my mind, OR I get social anxiety (especially if I haven’t spoken to someone in a long time, I always worry they think I don’t care about them and our friendship).
Beyond this, it’s hard to list my other qualities, so I’ll just move on to interests and maybe that’ll help highlight more?
My Interests:
Can’t help but feel kind of boring and basic when filling out this section 😅. I feel like it’s a lot of what most people list as their interests and that my list is small/limited/boring. Travel Culture/language Food Music (very large and eclectic taste in music) Gaming of any form (video, board, etc) Puzzles/challenges/sports (I love a good challenge, so huge kudos if you are competitive) Technology (always fascinating what we are making in this world) I’d like to learn to dance but right now I’m very self conscious about my terrible dancing (I feel awkward 😔)
Disinterests: Low hanging ceiling fans and light fixtures 🤪
Details regarding my current Poly configuration:
I’m happily married with one child. If I do take on any new partners I never expect you to take on any form of relationship or responsibility for the rest of my family beyond just maintaining a safe space through proxy. My wife and I practice kitchen table Poly, so we are completely open to everyone happily interacting together, but if you aren’t comfortable interacting with the rest of my family no problem! Ask if you have any further questions on how we Poly ethically, happy to answer any questions!
Anyways, I’ve made this long enough…if you’ve made it this far, thank you so much for taking the time to read my post to entirety! Even if we aren’t meant to connect, you and your time are greatly appreciated! Sending my warmest regards and a friendly virtual hug ❤️.

I currently have a setup where this version of Citrix is using a domain account for its integration with vCenter 7.0u3 (under Citrix Studio->Configuration->Hosting). It's already assigned a Citrix role within vCenter that has only the needed permissions assigned. But I am not familiar with XenDesktop, and it seems this could use a vsphere.local account. If so, we could remove vCenter from AD, which would be a big security upgrade.
Is this possible? Could I create a new Citrix vsphere.local user, assign it the Citrix role, and update this?
Thanks

Hello, i recently just got a powerline adaptor (TL-PA7017P) and the instructions were plug and play. However, I plugged it in and my ethernet doesn't connect as it shows unidentified network no internet. I've used the TL utility app to check that there is in fact a connection.
These are the things that I have tried: 1. Reinstalling network adaptors 2. Changing automatic to manual IP address and DNS address and typing in correlated 8.8.8.8, 8.8.4.4, 192..... 3. Used the Network troubleshooter (error given was "Can't reach the DHCP server") 4. Updated drivers (most updated)
This is my ipconfig/all
Windows IP Configuration
Host Name . . . . . . . . . . . . : DESKTOP-LULRQ2C
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GbE Family Controller
Physical Address. . . . . . . . . : 9C-6B-00-12-7F-F5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::588c:304:3897:6d7d%8(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.148.138(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 463235840
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2A-07-AE-8A-9C-6B-00-12-7F-F5
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Local Area Connection* 1:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 2C-8D-B1-89-E0-55
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Local Area Connection* 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
Physical Address. . . . . . . . . : 2E-8D-B1-89-E0-54
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 3168
Physical Address. . . . . . . . . : 2C-8D-B1-89-E0-54
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::af64:79a3:e362:b07c%16(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.50.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, 14 May 2024 8:56:37 pm
Lease Expires . . . . . . . . . . : Wednesday, 15 May 2024 9:09:25 pm
Default Gateway . . . . . . . . . : 192.168.50.1
DHCP Server . . . . . . . . . . . : 192.168.50.1
DHCPv6 IAID . . . . . . . . . . . : 153914801
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2A-07-AE-8A-9C-6B-00-12-7F-F5
DNS Servers . . . . . . . . . . . : 192.168.50.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 2C-8D-B1-89-E0-58
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Thank you for reading and hope I can get some help on this :>

services: homeassistant: container_name: homeassistant image: "ghcr.io/home-assistant/home-assistant:stable" volumes: - /opt/homeassistant/config:/config - /etc/localtime:/etc/localtime:ro restart: unless-stopped privileged: true ports: - 8123:8123 mosquitto: image: eclipse-mosquitto container_name: mosquitto volumes: - /opt/mosquitto:/mosquitto - /opt/mosquitto/data:/mosquitto/data - /opt/mosquitto/log:/mosquitto/log restart: unless-stopped ports: - 1883:1883 - 9001:9001 zigbee2mqtt: container_name: zigbee2mqtt image: koenkk/zigbee2mqtt restart: unless-stopped volumes: - /opt/zigbee2mqtt/data:/app/data - /run/udev:/run/udev:ro ports: # Frontend port - 8080:8080 environment: - TZ=Europe/[hidden] devices: # Make sure this matched your adapter location - /dev/ttyUSB0:/dev/ttyACM0 networks: default: external: true name: homeass_network 

Currently I am trying to set up wg on my remote Linux server so I can tunnel into my home network and access my services which I have deployed on docker. A couple of these docker services I share amongst friends and family using nginx reverse proxy.
The problem is that when I enable the wg interface, my SSH session (I currently use ssh to configure wg) gets disconnected and also the services which I expose over nginx become unreachable. To resolve this, I connect to another PC on my home network and SSH into the server and disable the interface.
Is this the expected behavior? I had hoped that wg would simply allow me to tunnel into my home network while leaving everything else as is.

I am not sure if I want to solve this issue actually, I just want to vent.
iX, what do you think yourself when you print out this error message to a "customer"?
I mean your installation of Kubernetes on a single host is crap and using helm charts that utterly break in an atomic chain reaction that way doesnt make it trustworthy. I am on the way to migrate nextcloud away again from TrueNAS to a docker host and just use TrueNAS as storage.
I dont care about sensible data down there, at the time of posting, this system isnt running anymore. Sorry if I annoy somebody.
[EFAULT] Failed to upgrade App: WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /etc/ranchek3s/k3s.yaml Error: UPGRADE FAILED: execution error at (nextcloud/templates/common.yaml:38:4): Chart - Values contain an error that may be a result of merging. Values containing the error: Error: 'error converting YAML to JSON: yaml: invalid leading UTF-8 octet' TZ: UTC bashImage: pullPolicy: IfNotPresent repository: bash tag: 4.4.23 configmap: nextcloud-config: data: limitrequestbody.conf: LimitRequestBody 3221225472 occ: - #!/bin/bash uid="$(id -u)" gid="$(id -g)" if [ "$uid" = '0' ]; then user='www-data' group='www-data' else user="$uid" group="$gid" fi run_as() { if [ "$(id -u)" = 0 ]; then su -p "$user" -s /bin/bash -c 'php /vawww/html/occ "$@"' - "$@" else /bin/bash -c 'php /vawww/html/occ "$@"' - "$@" fi } run_as "$@" opcache.ini: opcache.memory_consumption=128 php.ini: max_execution_time=30 enabled: true nginx: data: nginx.conf: - events {} http { server { listen 9002 ssl http2; listen [::]:9002 ssl http2; # Redirect HTTP to HTTPS error_page 497 301 =307 https://$host$request_uri; ssl_certificate '/etc/nginx-certs/public.crt'; ssl_certificate_key '/etc/nginx-certs/private.key'; client_max_body_size 3G; add_header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload" always; location = /robots.txt { allow all; log_not_found off; access_log off; } location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; } location / { proxy_pass http://nextcloud:80; proxy_http_version 1.1; proxy_cache_bypass $http_upgrade; proxy_request_buffering off; # Proxy headers proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port 443; # Proxy timeouts proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; } } } enabled: true fallbackDefaults: accessModes: - ReadWriteOnce persistenceType: emptyDir probeTimeouts: liveness: failureThreshold: 5 initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 readiness: failureThreshold: 5 initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 2 timeoutSeconds: 5 startup: failureThreshold: 60 initialDelaySeconds: 10 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 2 probeType: http pvcRetain: false pvcSize: 1Gi serviceProtocol: tcp serviceType: ClusterIP storageClass: "" global: annotations: {} ixChartContext: addNvidiaRuntimeClass: false hasNFSCSI: true hasSMBCSI: true isInstall: false isStopped: false isUpdate: false isUpgrade: true kubernetes_config: cluster_cidr: 172.16.0.0/16 cluster_dns_ip: 172.17.0.10 service_cidr: 172.17.0.0/16 nfsProvisioner: nfs.csi.k8s.io nvidiaRuntimeClassName: nvidia operation: UPGRADE smbProvisioner: smb.csi.k8s.io storageClassName: ix-storage-class-nextcloud upgradeMetadata: newChartVersion: 2.0.5 oldChartVersion: 1.6.61 preUpgradeRevision: 89 labels: {} minNodePort: 9000 image: pullPolicy: IfNotPresent repository: nextcloud tag: 29.0.0 imagePullSecret: [] ixCertificateAuthorities: {} ixCertificates: "1": CA_type_existing: false CA_type_intermediate: false CA_type_internal: false CSR: null DN: /C=US/O=iXsystems/CN=localhost/emailAddress=info@ixsystems.com/ST=Tennessee/L=Maryville/subjectAltName=DNS:localhost can_be_revoked: false cert_type: CERTIFICATE cert_type_CSR: false cert_type_existing: true cert_type_internal: false certificate: -----BEGIN CERTIFICATE----- MIIDrTCCApWgAwIBAgIEHHHd+zANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMC VVMxEjAQBgNVBAoMCWlYc3lzdGVtczESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJ KoZIhvcNAQkBFhJpbmZvQGl4c3lzdGVtcy5jb20xEjAQBgNVBAgMCVRlbm5lc3Nl ZTESMBAGA1UEBwwJTWFyeXZpbGxlMB4XDTIzMTIxNjA3MDUwOVoXDTI1MDExNjA3 MDUwOVowgYAxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlpWHN5c3RlbXMxEjAQBgNV BAMMCWxvY2FsaG9zdDEhMB8GCSqGSIb3DQEJARYSaW5mb0BpeHN5c3RlbXMuY29t MRIwEAYDVQQIDAlUZW5uZXNzZWUxEjAQBgNVBAcMCU1hcnl2aWxsZTCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKPRN3n5ngKFrHQ12gKCmLEN85If6B3E KEo4nvTkTIWLzXZcTGxlJ9kGr9bt0V8cvEInZnOCnyY74lzKlMhZv1R58nfBmz5a gpV6scHXZVghGhGsjtP7/H4PRMUbzM9MawET8+Au8grjAodUkz6Jskcwhgg9EVS5 UQPTDkxXJYFRUN1XhJOR4tqsrHFrI25oUF6Gms9Wp1aq0mJXh+FIGAyELqpdk/Q8 N1Rjn3t4m2Ub+OPmBLwHOncIqz2PHVgL574bT/q+Lc3Mi/gQsfNi6VN7UkNTQ5Q2 uOhrcw4gtjn41v0j7k9CsUvPK8zfCizQHgBx6Ih33Z850pHUQyNuwjECAwEAAaMt MCswFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0G CSqGSIb3DQEBCwUAA4IBAQAQG2KsF6ki8dooaaM+32APHJp38LEmLNIMdnIlCHPw RnQ+4I8ssEPKk3czIzOlOe6R3V71GWg1JlGEuUD6M3rPbzSfWzv0kdji/qgzUId1 oh9vEao+ndPijYpDi6CUcBADuzilcygSBl05j6RlS2Uv8+tNIjxTKrDegyaEtC3W RoVqON0vhDSKJ3OsOKR2g5uFfs/uHxBvskkChdGn/1aRz+DdHCYVOEavnQylXPBk xzWQDVt6+6mAhejGGkkGsIG1QY7pFpQPA9UWeY/C/3/QdSl01GgfpyWNsfE+Wu1b IS3wxfWfuiMiDbUElqjDqiy623peeVFXrWlTV4G4yBG/ -----END CERTIFICATE----- certificate_path: /etc/certificates/truenas_default.crt chain: false chain_list: - -----BEGIN CERTIFICATE----- MIIDrTCCApWgAwIBAgIEHHHd+zANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMC VVMxEjAQBgNVBAoMCWlYc3lzdGVtczESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJ KoZIhvcNAQkBFhJpbmZvQGl4c3lzdGVtcy5jb20xEjAQBgNVBAgMCVRlbm5lc3Nl ZTESMBAGA1UEBwwJTWFyeXZpbGxlMB4XDTIzMTIxNjA3MDUwOVoXDTI1MDExNjA3 MDUwOVowgYAxCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlpWHN5c3RlbXMxEjAQBgNV BAMMCWxvY2FsaG9zdDEhMB8GCSqGSIb3DQEJARYSaW5mb0BpeHN5c3RlbXMuY29t MRIwEAYDVQQIDAlUZW5uZXNzZWUxEjAQBgNVBAcMCU1hcnl2aWxsZTCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKPRN3n5ngKFrHQ12gKCmLEN85If6B3E KEo4nvTkTIWLzXZcTGxlJ9kGr9bt0V8cvEInZnOCnyY74lzKlMhZv1R58nfBmz5a gpV6scHXZVghGhGsjtP7/H4PRMUbzM9MawET8+Au8grjAodUkz6Jskcwhgg9EVS5 UQPTDkxXJYFRUN1XhJOR4tqsrHFrI25oUF6Gms9Wp1aq0mJXh+FIGAyELqpdk/Q8 N1Rjn3t4m2Ub+OPmBLwHOncIqz2PHVgL574bT/q+Lc3Mi/gQsfNi6VN7UkNTQ5Q2 uOhrcw4gtjn41v0j7k9CsUvPK8zfCizQHgBx6Ih33Z850pHUQyNuwjECAwEAAaMt MCswFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0G CSqGSIb3DQEBCwUAA4IBAQAQG2KsF6ki8dooaaM+32APHJp38LEmLNIMdnIlCHPw RnQ+4I8ssEPKk3czIzOlOe6R3V71GWg1JlGEuUD6M3rPbzSfWzv0kdji/qgzUId1 oh9vEao+ndPijYpDi6CUcBADuzilcygSBl05j6RlS2Uv8+tNIjxTKrDegyaEtC3W RoVqON0vhDSKJ3OsOKR2g5uFfs/uHxBvskkChdGn/1aRz+DdHCYVOEavnQylXPBk xzWQDVt6+6mAhejGGkkGsIG1QY7pFpQPA9UWeY/C/3/QdSl01GgfpyWNsfE+Wu1b IS3wxfWfuiMiDbUElqjDqiy623peeVFXrWlTV4G4yBG/ -----END CERTIFICATE----- city: Maryville common: localhost country: US csr_path: /etc/certificates/truenas_default.csr digest_algorithm: SHA256 email: info@ixsystems.com expired: false extensions: ExtendedKeyUsage: TLS Web Server Authentication SubjectAltName: DNS:localhost fingerprint: 8E:68:9D:0A:7D:A6:41:11:59:B0:0C:01:8C:AC:C4:F4:DB:F9:6B:2C from: Sat Dec 16 08:05:09 2023 id: 1 internal: "NO" issuer: external key_length: 2048 key_type: RSA lifetime: 397 name: truenas_default organization: iXsystems organizational_unit: null parsed: true privatekey: -----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCj0Td5+Z4Chax0 NdoCgpixDfOSH+gdxChKOJ705EyFi812XExsZSfZBq/W7dFfHLxCJ2Zzgp8mO+Jc ypTIWb9UefJ3wZs+WoKVerHB12VYIRoRrI7T+/x+D0TFG8zPTGsBE/PgLvIK4wKH VJM+ibJHMIYIPRFUuVED0w5MVyWBUVDdV4STkeLarKxxayNuaFBehprPVqdWqtJi V4fhSBgMhC6qXZP0PDdUY597eJtlG/jj5gS8Bzp3CKs9jx1YC+e+G0/6vi3NzIv4 ELHzYulTe1JDU0OUNrjoa3MOILY5+Nb9I+5PQrFLzyvM3wos0B4AceiId92fOdKR 1EMjbsIxAgMBAAECggEAS/Su51RxCjRWwM9TVUSebcHNRNyccGjKUZetRFkyjd1D l/S1zrCcaElscJh2MsaNF5NTMo3HIyAzFdksYTUTvKSKYzKWu7OVxp9MGle3+sPm ZXmABBRbf0uvFEGOljOVjbtloXXC7n9RZdQ2LZIE4nNCQkGmboU6Zi6O+6CQmEOQ 9iyYJ8NyXtjDT2sVOpysAj3ga6tdtSosG7SQuo41t20mw6hbl08LhQP9LfZJyKCR 0x1cYny+XHifB6JQAt8crzHYpKaJc2tZd4dXJ1xDnm2Aa/Au5uEA01P/L3hf41sI cUmBhVf1z5m9yBsyaZnW6LzaR5tQwpnPWPEcNfuwLQKBgQDM1o8vwKCo435shpGE zCdqbvK4+J0XYmbgEwHId8xr9rzZ852lAhs6VO2WQQVMGUoWRaH44B3z1Jv9N5Qa 4RUwnTb1MERfzEjRwUuIWjtz34yAXko0iU3M0FYpIxDuKVJNOEO1Doey0lTUcIYQ sfRUVxxJZ3hpDo7RhPSZpwyBtwKBgQDMu8PFVQ5XRb90qaGqg+ACaXMfHXfuWzuJ UqgyNrvF6wqd9Z0Nn299m7EonE6qJftUqlqHC62OCBfqRBNkwOw40s7ORZvqUCkP 7WsWuJu4HqhS2we8yKRuqj520VP537ZeqnK64mDxDKBvL9ttCujbxy01WFWcdwkO sSAViAK7VwKBgQCAeNG1kYsyYfyY9I2wTJssFgoGGWftkroTL9iecwSzcj1gNXta Usfg/gNFieJYqEPfVC0Sev5OP7rWRlWNxj4UD4a4oV1A+E9zv1gwXOeM9ViZ6omA Cd3R55kik+u6dBA6fl9433Qco+6wjyKGthYYD8qd/1d2DLtmjY0cEbm2YQKBgH4/ Zuifm5lLhFVPaUa5zYAPQJM2W8da8OqsUtWsFLxmRQTE+ZT19Q1S3br6MDQR+drq tapDFEHaUcz/L6pYoRIlRKvEFvI1fiy5Lekz66ptFUUKlcnfPC6VwrEIQi16u33C w77ka/0Y2THXJAsoyBEG0KTtlNVIPgiWRv+gAHc/AoGATOlO6ZVhf0vWPIKBhajM ijWTNIX/iCNOheJEjLEPksG4LVpU16OphZL2m0nIyOryQ0Fmt7GHUfl3CXFhTH/P G47PzH+mLCQLp5TUIeNRQWScWNGGsf9J+MtwpxHMzUymDJySR4aot0bH3fge0MO1 QccFxNbLODRmJuYbSQB1HZQ= -----END PRIVATE KEY----- privatekey_path: /etc/certificates/truenas_default.key revoked: false revoked_date: null root_path: /etc/certificates san: - DNS:localhost serial: 477224443 signedby: null state: Tennessee subject_name_hash: 3193428416 type: 8 until: Thu Jan 16 08:05:09 2025 ixChartContext: addNvidiaRuntimeClass: false hasNFSCSI: true hasSMBCSI: true isInstall: false isStopped: false isUpdate: false isUpgrade: true kubernetes_config: cluster_cidr: 172.16.0.0/16 cluster_dns_ip: 172.17.0.10 service_cidr: 172.17.0.0/16 nfsProvisioner: nfs.csi.k8s.io nvidiaRuntimeClassName: nvidia operation: UPGRADE smbProvisioner: smb.csi.k8s.io storageClassName: ix-storage-class-nextcloud upgradeMetadata: newChartVersion: 2.0.5 oldChartVersion: 1.6.61 preUpgradeRevision: 89 ixExternalInterfacesConfiguration: [] ixExternalInterfacesConfigurationNames: [] ixVolumes: - hostPath: /mnt/Camelot/ix-applications/releases/nextcloud/volumes/ix_volumes/ix-postgres_backups mariadbImage: pullPolicy: IfNotPresent repository: mariadb tag: 10.6.14 ncConfig: additionalEnvs: [] adminPassword: d3k@M%YRBRcj adminUser: admin commands: [] cron: enabled: false schedule: '*/15 * * * *' dataDir: /vawww/html/data host: charon.weninger.local maxExecutionTime: 30 maxUploadLimit: 3 opCacheMemoryConsumption: 128 phpMemoryLimit: 512 ncDbHost: nextcloud-postgres ncDbName: nextcloud ncDbPass: XvgIoT84hMmNDlH ncDbUser: ��-��� ncNetwork: certificateID: 1 nginx: externalAccessPort: 443 proxyTimeouts: 60 useDifferentAccessPort: false webPort: 9002 ncPostgresImage: pullPolicy: IfNotPresent repository: postgres tag: "13.1" ncStorage: additionalStorages: [] data: hostPathConfig: aclEnable: false hostPath: /mnt/Camelot/Applications/Nextcloud/ncdata ixVolumeConfig: datasetName: data type: hostPath html: hostPathConfig: aclEnable: false hostPath: /mnt/Camelot/Applications/Nextcloud/ncdata ixVolumeConfig: datasetName: html type: hostPath isDataInTheSameVolume: true migrationFixed: true pgBackup: ixVolumeConfig: aclEnable: false datasetName: ix-postgres_backups type: ixVolume pgData: hostPathConfig: aclEnable: false hostPath: /mnt/Camelot/Applications/Nextcloud/pgdata ixVolumeConfig: datasetName: pgData type: hostPath nginxImage: pullPolicy: IfNotPresent repository: nginx tag: 1.25.4 notes: custom: ## Database You can connect to the database using the pgAdmin App from the catalog
Database Details
- Database: \{{ .Values.ncDbName }}` - Username: `{{ .Values.ncDbUser }}` - Password: `{{ .Values.ncDbPass }}` - Host: `{{ .Values.ncDbHost }}.{{ .Release.Namespace }}.svc.cluster.local` - Port: `5432``
{{- $_ := unset .Values "ncDbUser" }} {{- $_ := unset .Values "ncDbName" }} {{- $_ := unset .Values "ncDbPass" }} {{- $_ := unset .Values "ncDbHost" }} Note: Nextcloud will create an additional new user and password for the admin user on first startup. You can find those credentials in the \/vawww/html/config/config.php` file inside the container. footer: # Documentation Documentation for this app can be found at https://www.truenas.com/docs. # Bug reports If you find a bug in this app, please file an issue at https://ixsystems.atlassian.net header: # Welcome to TrueNAS SCALE Thank you for installing {{ .Chart.Annotations.title }} App. persistence: config: datasetName: null domain: null enabled: true hostPath: /mnt/Camelot/Applications/Nextcloud/ncdata medium: null password: null readOnly: false server: null share: null size: null targetSelector: nextcloud: nextcloud: mountPath: /vawww/html/config subPath: config nextcloud-cron: nextcloud-cron: mountPath: /vawww/html/config subPath: config type: hostPath username: null customapps: datasetName: null domain: null enabled: true hostPath: /mnt/Camelot/Applications/Nextcloud/ncdata medium: null password: null readOnly: false server: null share: null size: null targetSelector: nextcloud: nextcloud: mountPath: /vawww/html/customapps subPath: custom_apps nextcloud-cron: nextcloud-cron: mountPath: /vawww/html/custom_apps subPath: custom_apps type: hostPath username: null data: datasetName: null domain: null enabled: true hostPath: /mnt/Camelot/Applications/Nextcloud/ncdata medium: null password: null readOnly: false server: null share: null size: null targetSelector: nextcloud: nextcloud: mountPath: /vawww/html/data subPath: data nextcloud-cron: nextcloud-cron: mountPath: /vawww/html/data subPath: data type: hostPath username: null html: datasetName: null domain: null enabled: true hostPath: /mnt/Camelot/Applications/Nextcloud/ncdata medium: null password: null readOnly: false server: null share: null size: null targetSelector: nextcloud: nextcloud: mountPath: /vawww/html subPath: html nextcloud-cron: nextcloud-cron: mountPath: /vawww/html subPath: html postgresbackup: postgresbackup: mountPath: /nc-config type: hostPath username: null nc-config-limreqbody: defaultMode: "0755" enabled: true objectName: nextcloud-config targetSelector: nextcloud: nextcloud: mountPath: /etc/apache2/conf-enabled/limitrequestbody.conf subPath: limitrequestbody.conf type: configmap nc-config-opcache: defaultMode: "0755" enabled: true objectName: nextcloud-config targetSelector: nextcloud: nextcloud: mountPath: /uslocal/etc/php/conf.d/opcache-z-99.ini subPath: opcache.ini type: configmap nc-config-php: defaultMode: "0755" enabled: true objectName: nextcloud-config targetSelector: nextcloud: nextcloud: mountPath: /uslocal/etc/php/conf.d/nextcloud-z-99.ini subPath: php.ini type: configmap nc-occ: defaultMode: "0755" enabled: true objectName: nextcloud-config targetSelector: nextcloud: nextcloud: mountPath: /usbin/occ subPath: occ type: configmap nginx-cert: defaultMode: "0600" enabled: true items: - key: tls.key path: private.key - key: tls.crt path: public.crt objectName: nextcloud-cert targetSelector: nginx: nginx: mountPath: /etc/nginx-certs readOnly: true type: secret nginx-conf: defaultMode: "0600" enabled: true items: - key: nginx.conf path: nginx.conf objectName: nginx targetSelector: nginx: nginx: mountPath: /etc/nginx readOnly: true type: configmap postgresbackup: datasetName: ix-postgres_backups domain: null enabled: true hostPath: null medium: null password: null readOnly: false server: null share: null size: null targetSelector: postgresbackup: permissions: mountPath: /mnt/directories/postgres_backup postgresbackup: mountPath: /postgres_backup type: ixVolume username: null postgresdata: datasetName: null domain: null enabled: true hostPath: /mnt/Camelot/Applications/Nextcloud/pgdata medium: null password: null readOnly: false server: null share: null size: null targetSelector: postgres: permissions: mountPath: /mnt/directories/postgres_data postgres: mountPath: /valib/postgresql/data type: hostPath username: null themes: datasetName: null domain: null enabled: true hostPath: /mnt/Camelot/Applications/Nextcloud/ncdata medium: null password: null readOnly: false server: null share: null size: null targetSelector: nextcloud: nextcloud: mountPath: /vawww/html/themes subPath: themes nextcloud-cron: nextcloud-cron: mountPath: /vawww/html/themes subPath: themes type: hostPath username: null tmp: enabled: true targetSelector: nextcloud: nextcloud: mountPath: /tmp type: emptyDir podOptions: automountServiceAccountToken: false dnsConfig: options: [] dnsPolicy: ClusterFirst enableServiceLinks: false hostAliases: [] hostNetwork: false restartPolicy: Always runtimeClassName: "" terminationGracePeriodSeconds: 30 tolerations: [] portal: {} postgresImage: pullPolicy: IfNotPresent repository: postgres tag: "15.2" rbac: {} redisImage: pullPolicy: IfNotPresent repository: bitnami/redis tag: 7.0.11 release_name: nextcloud resources: NVIDIA_CAPS: - all limits: cpu: 4000m memory: 8Gi requests: cpu: 10m memory: 50Mi scaleCertificate: nextcloud-cert: enabled: true id: 1 scaleExternalInterface: [] scaleGPU: [] secret: {} securityContext: container: PUID: 568 UMASK: "002" allowPrivilegeEscalation: false capabilities: add: [] drop: - ALL privileged: false readOnlyRootFilesystem: true runAsGroup: 568 runAsNonRoot: true runAsUser: 568 seccompProfile: type: RuntimeDefault pod: fsGroup: 568 fsGroupChangePolicy: OnRootMismatch supplementalGroups: [] sysctls: [] service: nextcloud: enabled: true ports: webui: enabled: true port: 80 primary: true targetPort: 80 targetSelector: nextcloud primary: true targetSelector: nextcloud type: ClusterIP nextcloud-nginx: enabled: true ports: webui-tls: enabled: true nodePort: 9002 port: 9002 targetPort: 9002 targetSelector: nginx targetSelector: nginx type: NodePort postgres: enabled: true ports: postgres: enabled: true port: 5432 primary: true targetPort: 5432 targetSelector: postgres targetSelector: postgres type: ClusterIP redis: enabled: true ports: redis: enabled: true port: 6379 primary: true targetPort: 6379 targetSelector: redis targetSelector: redis type: ClusterIP serviceAccount: {} workload: nextcloud: enabled: true podSpec: containers: nextcloud: enabled: true envFrom: - secretRef: name: nextcloud-creds imageSelector: image lifecycle: postStart: command: - /bin/sh - -c - echo "Installing ..." apt update && apt install -y --no-install-recommends \ echo "Failed to install binary/binaries..." echo "Finished." type: exec primary: true probes: liveness: enabled: true httpHeaders: Host: localhost path: /status.php port: 80 type: http readiness: enabled: true httpHeaders: Host: localhost path: /status.php port: 80 type: http startup: enabled: true httpHeaders: Host: localhost path: /status.php port: 80 type: http securityContext: capabilities: add: - CHOWN - DAC_OVERRIDE - FOWNER - NET_BIND_SERVICE - NET_RAW - SETGID - SETUID readOnlyRootFilesystem: false runAsGroup: 0 runAsNonRoot: false runAsUser: 0 hostNetwork: false initContainers: postgres-wait: args: - -c - echo "Waiting for postgres to be ready" until pg_isready -h ${POSTGRES_HOST} -U ${POSTGRES_USER} -d ${POSTGRES_DB}; do sleep 2 done command: bash enabled: true envFrom: - secretRef: name: postgres-creds imageSelector: postgresImage resources: limits: cpu: 500m memory: 256Mi type: init redis-wait: args: - -c - - echo "Waiting for redis to be ready" until redis-cli -h "$REDIS_HOST" -a "$REDIS_PASSWORD" -p ${REDIS_PORT_NUMBER:-6379} ping grep -q PONG; do echo "Waiting for redis to be ready. Sleeping 2 seconds..." sleep 2 done echo "Redis is ready!" command: bash enabled: true envFrom: - secretRef: name: redis-creds imageSelector: redisImage resources: limits: cpu: 500m memory: 256Mi type: init securityContext: fsGroup: 33 primary: true type: Deployment nginx: enabled: true podSpec: containers: nginx: enabled: true imageSelector: nginxImage primary: true probes: liveness: enabled: true httpHeaders: Host: localhost path: /status.php port: 9002 type: https readiness: enabled: true httpHeaders: Host: localhost path: /status.php port: 9002 type: https startup: enabled: true httpHeaders: Host: localhost path: /status.php port: 9002 type: https securityContext: capabilities: add: - CHOWN - DAC_OVERRIDE - FOWNER - NET_BIND_SERVICE - NET_RAW - SETGID - SETUID readOnlyRootFilesystem: false runAsGroup: 0 runAsNonRoot: false runAsUser: 0 hostNetwork: false initContainers: 01-wait-server: args: - -c - - echo "Waiting for [http://nextcloud:80]"; until wget --spider --quiet --timeout=3 --tries=1 http://nextcloud:80/status.php; do echo "Waiting for [http://nextcloud:80]"; sleep 2; done echo "Nextcloud is up: http://nextcloud:80"; command: - bash enabled: true imageSelector: bashImage type: init type: Deployment postgres: enabled: true podSpec: containers: postgres: enabled: true envFrom: - secretRef: name: postgres-creds imageSelector: ncPostgresImage primary: true probes: liveness: command: - sh - -c - until pg_isready -U ${POSTGRES_USER} -h localhost; do sleep 2; done enabled: true type: exec readiness: command: - sh - -c - until pg_isready -U ${POSTGRES_USER} -h localhost; do sleep 2; done enabled: true type: exec startup: command: - sh - -c - until pg_isready -U ${POSTGRES_USER} -h localhost; do sleep 2; done enabled: true type: exec resources: limits: cpu: 4000m memory: 8Gi securityContext: readOnlyRootFilesystem: false runAsGroup: 999 runAsUser: 999 initContainers: permissions: args: - -c - "for dir in /mnt/directories/; do\n if [ ! -d \"$dir\" ]; then\n echo \"[$dir] is not a directory, skipping\"\n continue\n fi\n\n echo \"Current Ownership and Permissions on [\"$dir\"]:\"\n echo \"chown: $(stat -c \"%u %g\" \"$dir\")\"\n echo \"chmod: $(stat -c \"%a\" \"$dir\")\" \n fix_owner=\"true\"\n fix_perms=\"true\"\n\n\n if [ \"$fix_owner\" = \"true\" ]; then\n echo \"Changing ownership to 999:999 on: [\"$dir\"]\"\n \ chown -R 999:999 \"$dir\"\n echo \"Finished changing ownership\"\n \ echo \"Ownership after changes:\"\n stat -c \"%u %g\" \"$dir\"\n \ fi\ndone\n" command: bash enabled: true imageSelector: bashImage resources: limits: cpu: 1000m memory: 512Mi securityContext: capabilities: add: - CHOWN readOnlyRootFilesystem: false runAsGroup: 0 runAsNonRoot: false runAsUser: 0 type: install type: Deployment postgresbackup: annotations: helm.sh/hook: pre-upgrade helm.sh/hook-delete-policy: hook-succeeded helm.sh/hook-weight: "1" enabled: true podSpec: containers: postgresbackup: command: - sh - -c - echo 'Fetching password from config.php' # sed removes ' , => spaces and db from the string POSTGRES_USER=$(cat /nc-config/config/config.php grep 'dbuser' sed "s/dbuser ',=>//g") POSTGRES_PASSWORD=$(cat /nc-config/config/config.php grep 'dbpassword' sed "s/dbpassword ',=>//g") POSTGRES_DB=$(cat /nc-config/config/config.php grep 'dbname' sed "s/dbname ',=>//g") [ -n "$POSTGRES_USER" ] && [ -n "$POSTGRES_PASSWORD" ] && [ -n "$POSTGRES_DB" ] && echo 'User, Database and password fetched from config.php' until pg_isready -U ${POSTGRES_USER} -h ${POSTGRES_HOST}; do sleep 2; done echo "Creating backup of ${POSTGRES_DB} database" pg_dump --dbname=${POSTGRES_URL} --file /postgres_backup/${POSTGRES_DB}$(date +%Y-%m-%d_%H-%M-%S).sql echo "Failed to create backup" echo "Backup finished" enabled: true envFrom: - secretRef: name: postgres-backup-creds imageSelector: ncPostgresImage primary: true probes: liveness: enabled: false readiness: enabled: false startup: enabled: false resources: limits: cpu: 2000m memory: 2Gi securityContext: readOnlyRootFilesystem: false runAsGroup: 999 runAsUser: 999 initContainers: permissions: args: - -c - "for dir in /mnt/directories/*; do\n if [ ! -d \"$dir\" ]; then\n echo \"[$dir] is not a directory, skipping\"\n continue\n fi\n\n echo \"Current Ownership and Permissions on [\"$dir\"]:\"\n echo \"chown: $(stat -c \"%u %g\" \"$dir\")\"\n echo \"chmod: $(stat -c \"%a\" \"$dir\")\" \n if [ $(stat -c %u \"$dir\") -eq 999 ] && [ $(stat -c %g \"$dir\") -eq 999 ]; then\n echo \"Ownership is correct. Skipping...\"\n fix_owner=\"false\"\n \ else\n echo \"Ownership is incorrect. Fixing...\"\n fix_owner=\"true\"\n \ fi\n\n\n if [ \"$fix_owner\" = \"true\" ]; then\n echo \"Changing ownership to 999:999 on: [\"$dir\"]\"\n chown -R 999:999 \"$dir\"\n \ echo \"Finished changing ownership\"\n echo \"Ownership after changes:\"\n \ stat -c \"%u %g\" \"$dir\"\n fi\ndone" command: bash enabled: true imageSelector: bashImage resources: limits: cpu: 1000m memory: 512Mi securityContext: capabilities: add: - CHOWN readOnlyRootFilesystem: false runAsGroup: 0 runAsNonRoot: false runAsUser: 0 type: init restartPolicy: Never securityContext: fsGroup: "33" type: Job redis: enabled: true podSpec: containers: redis: enabled: true envFrom: - secretRef: name: redis-creds imageSelector: redisImage primary: true probes: liveness: command: - /bin/sh - -c - redis-cli -a "$REDIS_PASSWORD" -p ${REDIS_PORT_NUMBER:-6379} ping grep -q PONG enabled: true type: exec readiness: command: - /bin/sh - -c - redis-cli -a "$REDIS_PASSWORD" -p ${REDIS_PORT_NUMBER:-6379} ping grep -q PONG enabled: true type: exec startup: command: - /bin/sh - -c - redis-cli -a "$REDIS_PASSWORD" -p ${REDIS_PORT_NUMBER:-6379} ping grep -q PONG enabled: true type: exec resources: limits: cpu: 4000m memory: 8Gi securityContext: readOnlyRootFilesystem: false runAsGroup: 0 runAsNonRoot: false runAsUser: 1001 securityContext: fsGroup: 1001 type: Deployment See error above values.`

Hello everyone in installed and configured squid proxy on pfsense server and i want the PC client conected to the Pfsense firewall to auto discover proxy cause i put it the adress IP :3128 manually thanks

I installed Scrypted on my Home Assistant OS server as an add-on. I setup the Unifi Protect, Scrypted Cloud, and Google Home plugins. The Scrypted Cloud plugin is configured to use a custom domain on Cloudflare that directs traffic through a reverse proxy (Traefik). Everything works fine when connected to my local network. The Google Home app camera thumbnails load and when I select a camera it streams without any issues. When I am not connected to my local network the only thing that doesn't work is the camera thumbnail. Selecting a camera loads a stream without issues. Does anyone have any ideas why the thumbnail won't load?

3rd time is a charm. I've tried to post this a couple of times before but for some reason it auto mod deletes it.
Hey all! Been following this sub from afar for a very long time. I have kind of compiled a bunch of stuff in here that may be of interest to some of you. It's still very much a work in progress, but completely relevant to this community. With that said, I have hacked this together over the last few months standing up my homelab and tried to document as much as I can related to the setup.
This is just my setup, but i have kept everything separated so you can kind of pick and choose what you want from this setup.
Most of this project is driven my the env file and docker compose profiles to help separate services or only spin up certain ones. Out of the box, Traefik and Authentik are not enabled purely because I have ran this for a long time without those services, and only recently enabled them.
Here's a list of all the things in this repo. Feel free to comment and star it! I know every setup is different but I have spent many hours on this project for my own homelab and it should help someone else out or at least help you get started with self hosting and docker.

1. Authenitk - SSO - (Optional) (TODO - need to document this)
2. Bookstack - Notes! Wiki! If you haven't used this, it's like an open source alternative to Confluence
3. Dashy - Dashboarding
4. Duplicati - For backups
5. Emby - Media Server
6. Heimdall - Another dashboard
7. Homeassistant - FOSS home automation
8. Jackett - Web crawler, but this is kinda deprecated. Just from my old setup and i kept it. Prefer Prowlarr
9. Jellyfin - Media Server
10. Jellyseer - Content Request Management
11. Komga - Comics/Manga server
12. PiHole - DNS and ad blocker
13. Plex - Media server
14. Portainer - Container management
15. Prowlarr - preferred web crawler
16. Radarr - Movie scraper
17. Sonarr - TV Scraper
18. Traefik reverse proxy (Optional) (TODO - need to document this)
    • This is something I have just implemented so I don't have to remember all the ports.
    • I have this configured for both netlify hosting and cloudflare, just change the cert resolver in the .env file
19. Transmission - Download client
20. VPN - I have a few options here pre-configured for NordVPN, and i have documented IPVanish in my docs but haven't tested it. I know this solution will be different for everyone.
21. Zigbee2Mqtt - To be paired with Home Assistant
22. ZwaveJS - To Be paired with Home Assistant

This comes with some networking internally built with it. Most things are assumed to be communicated on the same docker network, so if you have things on separate bare metal machines then note that it may need to be tweaked.
Most data is stored in `./.containers/APPNAME` so you can easily manage your data.
I have written a few scripts as well to help out with the standing up process.
This project has github actions running on every push to test the builds, and can be stood up simply by copying and pasting the .env-example into a .env and running your command to compose up the project. But I know the .env will be a place of constant tweaking. If you primarily live there and don't change much on the compose files then you can easily pull in my changes if I add anything new.
This is all documented in my handwritten docs. I have tried to be as verbose as possible, and also tried to keep my own docs because if i ever have to redo my setup, i will have a place to go!
Anyway. Here's the repo. Enjoy and please do comment/star it! :) Happy to finally contribute this back to the community.
Home Media Docker (Github)

I have deployed four services on the same machine, each on different ports. I'm trying to configure Nginx (using OpenResty) to dynamically request API ports and paths, but I've been struggling with this for five hours. I'm not very familiar with Nginx/OpenResty, and it keeps throwing errors. Below is my complete configuration and errotr: unknown "api_port" variable nginx: [emerg] unknown "api_port" variable

worker_processes auto; error_log /valog/nginx/error.log warn; pid /varun/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /valog/nginx/access.log main; sendfile on; keepalive_timeout 65; # Define server for a specific port server { listen 43321; location /error { root /vawww/html; internal; } } # Server for API redirection with error handling server { listen 44321; set $api_port "44321"; set $api_path "/error"; # Location for retrieving API path dynamically location /get-api-path { internal; proxy_pass http://127.0.0.1:43951/get-path; proxy_set_header Content-Length ""; proxy_set_header X-Server-IP $remote_addr; proxy_set_header X-Original-URI $request_uri; proxy_pass_request_body off; proxy_set_body ""; proxy_buffering on; proxy_buffers 16 4k; proxy_buffer_size 2k; proxy_intercept_errors on; error_page 401 403 404 /error; } # Handling specific API path location /rest/starcat/steam { content_by_lua_block { local res = ngx.location.capture("/get-api-path"); if res.status == 200 then ngx.log(ngx.ERR, "Success: ", res.body); local port, path = string.match(res.body, "^(%d+),(.*)$") if port and path then local target_url = "http://127.0.0.1:" .. port .. path local proxy_res = ngx.location.capture(target_url) if proxy_res.status == 200 then ngx.print(proxy_res.body) else ngx.log(ngx.ERR, "Proxy failed. Status: ", proxy_res.status) ngx.exit(proxy_res.status) end else ngx.log(ngx.ERR, "Parsing error. Body: ", res.body); ngx.exit(444); end else ngx.log(ngx.ERR, "Capture failed. Status: ", res.status); ngx.exit(444); end } } # Proxy for error handling location @proxy { proxy_pass http://127.0.0.1:$api_port$api_path; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } # Include additional configurations # include /etc/nginx/conf.d/*.conf; # include /etc/nginx/upstreams/*.conf; # include /etc/nginx/snippets/*.conf; } worker_processes auto; error_log /valog/nginx/error.log warn; pid /varun/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /valog/nginx/access.log main; sendfile on; keepalive_timeout 65; # Define server for a specific port server { listen 43321; location /error { root /vawww/html; internal; } } # Server for API redirection with error handling server { listen 44321; set $api_port "44321"; set $api_path "/error"; # Location for retrieving API path dynamically location /get-api-path { internal; proxy_pass ; proxy_set_header Content-Length ""; proxy_set_header X-Server-IP $remote_addr; proxy_set_header X-Original-URI $request_uri; proxy_pass_request_body off; proxy_set_body ""; proxy_buffering on; proxy_buffers 16 4k; proxy_buffer_size 2k; proxy_intercept_errors on; error_page 401 403 404 /error; } # Handling specific API path location /rest/starcat/steam { content_by_lua_block { local res = ngx.location.capture("/get-api-path"); if res.status == 200 then ngx.log(ngx.ERR, "Success: ", res.body); local port, path = string.match(res.body, "^(%d+),(.*)$") if port and path then local target_url = "http://127.0.0.1:" .. port .. path local proxy_res = ngx.location.capture(target_url) if proxy_res.status == 200 then ngx.print(proxy_res.body) else ngx.log(ngx.ERR, "Proxy failed. Status: ", proxy_res.status) ngx.exit(proxy_res.status) end else ngx.log(ngx.ERR, "Parsing error. Body: ", res.body); ngx.exit(444); end else ngx.log(ngx.ERR, "Capture failed. Status: ", res.status); ngx.exit(444); end } } # Proxy for error handling location u/proxy { proxy_pass http://127.0.0.1:$api_port$api_path; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } # Include additional configurations # include /etc/nginx/conf.d/*.conf; # include /etc/nginx/upstreams/*.conf; # include /etc/nginx/snippets/*.conf; } http://127.0.0.1:43951/get-path I have predefined the default port and path, but the configuration still throws errors. If you have a better solution or can spot what's wrong, please let me know. Any help would be greatly appreciated! 

• Lesson video

INTRO

Today you'll install a common server application - the Apache2 web server - also known as httpd - the "Hyper Text Transport Protocol Daemon"!
If you’re a website professional then you might do things slightly differently, but our focus with this is not on Apache itself, or the website content, but to get a better understanding of:

• application installation
• configuration files
• services
• logs

YOUR TASKS TODAY

• Install and run apache, transforming your server into a web server

INSTRUCTIONS

• Refresh your list of available packages (apps) by: sudo apt update - this takes a moment or two, but ensures that you'll be getting the latest versions.
• Install Apache from the repository with a simple: sudo apt install apache2
• Confirm that it’s running by browsing to http://[external IP of your server] - where you should see a confirmation page.
• Apache is installed as a "service" - a program that starts automatically when the server starts and keeps running whether anyone is logged in or not. Try stopping it with the command: sudo systemctl stop apache2 - check that the webpage goes dead - then re-start it with sudo systemctl start apache2 - and check its status with: systemctl status apache2.
• As with the vast majority of Linux software, configuration is controlled by files under the /etc directory - check the configuration files under /etc/apache2 especially /etc/apache2/apache2.conf - you can use less to simply view them, or the vim editor to view and edit as you wish.
• In /etc/apache2/apache2.conf there's the line with the text: "IncludeOptional conf-enabled/*.conf". This tells Apache that the *.conf files in the subdirectory conf-enabled should be merged in with those from /etc/apache2/apache2.conf at load. This approach of lots of small specific config files is common.
• If you're familiar with configuring web servers, then go crazy, setup some virtual hosts, or add in some mods etc.
• The location of the default webpage is defined by the DocumentRoot parameter in the file /etc/apache2/sites-enabled/000-default.conf.
• Use less or vim to view the code of the default page - normally at /vawww/html/index.html. This uses fairly complex modern web design - so you might like to browse to http://165.227.92.20/sample where you'll see a much simpler page. Use View Source in your browser to see the code of this, copy it, and then, in your ssh session sudo vim /vawww/html/index.html to first delete the existing content, then paste in this simple example - and then edit to your own taste. View the result with your workstation browser by again going to http://[external IP of your server]
• As with most Linux services, Apache keeps its logs under the /valog directory - look at the logs in /valog/apache2 - in the access.log file you should be able to see your session from when you browsed to the test page. Notice that there's an overwhelming amount of detail - this is typical, but in a later lesson you'll learn how to filter out just what you want. Notice the error.log file too - hopefully this one will be empty!

Note for AWS/Azure/GCP users

Don't forget to add port 80 to your instance security group to allow inbound traffic to your server.

• AWS
• Azure
• GCP

POSTING YOUR PROGRESS

Practice your text-editing skills, and allow your "classmates" to judge your progress by editing /vawww/html/index.html with vim and posting the URL to access it to the forum. (It doesn’t have to be pretty!)

SECURITY

• As the sysadmin of this server, responsible for its security, you need to be very aware that you've now increased the "attack surface" of your server. In addition to ssh on port 22, you are now also exposing the apache2 code on port 80. Over time the logs may reveal access from a wide range of visiting search engines, and attackers - and that’s perfectly normal.
• If you run the commands: sudo apt update, then sudo apt upgrade, and accept the suggested upgrades, then you'll have all the latest security updates, and be secure enough for a test environment - but you should re-run this regularly.

EXTENSION

Read up on:

• Using systemctl to manage services

RESOURCES

• HTTPD - Apache2 Web Server
• The Apache HTTP Server

TROUBLESHOOT AND MAKE A SAD SERVER HAPPY!

Practice what you've learned with some challenges at SadServers.com:

• "Cape Town": Borked Nginx

PREVIOUS DAY'S LESSON

• Day 6 - Editing with "vim"

Some rights reserved. Check the license terms here

When I try deploy my AR app from a Macbook Air using Sonoma 14.4.1 to an iPhone 14 Pro, it fails at the VPN & Device Management stage. When I click 'Trust' it works but when I click 'Verify App' on my phone it fails. I've tried this while connected to wifi and while on mobile data, both when plugged into my Mac and when not but I get the same result each time.
The project itself is from Unity's AR for Mobile Pathway and is the initial trial project you download with just a spinning cube. I followed the configure instructions exactly.
I've attached the following

• a video of what happens on my phone

https://reddit.com/link/1cr9gmg/video/wj8dzvlg690d1/player

• a screenshot of the failure message on my laptop

https://preview.redd.it/vdk0rwbj690d1.png?width=1360&format=png&auto=webp&s=18ae6ef60a3a735e2acf1cb1d810d69a93908043

• copied text from the 'details' section of the failure message:

The request to open "com.StorySprings.ARProject" failed.
Domain: IDELaunchCoreDevice
Code: 0
Recovery Suggestion: Verify that the Developer App certificate for your account is trusted on your device. Open Settings on the device and navigate to General -> VPN & Device Management, then select your Developer App certificate to trust it.
User Info: {
DVTErrorCreationDateKey = "2024-05-13 20:04:50 +0000";
IDERunOperationFailingWorker = IDELaunchCoreDeviceWorker;
}

The request to open "com.StorySprings.ARProject" failed.
Domain: IDELaunchCoreDevice
Code: 0
Recovery Suggestion: Verify that the Developer App certificate for your account is trusted on your device. Open Settings on the device and navigate to General -> VPN & Device Management, then select your Developer App certificate to trust it.
User Info: {
IDERunOperationFailingWorker = IDELaunchCoreDeviceWorker;
}

The application failed to launch.
Domain: com.apple.dt.CoreDeviceError
Code: 10002
User Info: {
BundleIdentifier = "com.StorySprings.ARProject";
}

The request to open "com.StorySprings.ARProject" failed.
Domain: FBSOpenApplicationServiceErrorDomain
Code: 1
Failure Reason: The request was denied by service delegate (SBMainWorkspace) for reason: Security ("Unable to launch com.StorySprings.ARProject because it has an invalid code signature, inadequate entitlements or its profile has not been explicitly trusted by the user").
User Info: {
BSErrorCodeDescription = RequestDenied;
FBSOpenApplicationRequestID = 0x9a0a;
}

The operation couldn’t be completed. Unable to launch com.StorySprings.ARProject because it has an invalid code signature, inadequate entitlements or its profile has not been explicitly trusted by the user.
Domain: FBSOpenApplicationErrorDomain
Code: 3
Failure Reason: Unable to launch com.StorySprings.ARProject because it has an invalid code signature, inadequate entitlements or its profile has not been explicitly trusted by the user.
User Info: {
BSErrorCodeDescription = Security;
}

Event Metadata: com.apple.dt.IDERunOperationWorkerFinished : {
"device_isCoreDevice" = 1;
"device_model" = "iPhone15,2";
"device_osBuild" = "17.4.1 (21E236)";
"device_platform" = "com.apple.platform.iphoneos";
"dvt_coredevice_version" = "355.24";
"dvt_mobiledevice_version" = "1643.100.58";
"launchSession_schemeCommand" = Run;
"launchSession_state" = 1;
"launchSession_targetArch" = arm64;
"operation_duration_ms" = 1340;
"operation_errorCode" = 0;
"operation_errorDomain" = IDELaunchCoreDevice;
"operation_errorWorker" = IDELaunchCoreDeviceWorker;
"operation_name" = IDERunOperationWorkerGroup;
"param_debugger_attachToExtensions" = 0;
"param_debugger_attachToXPC" = 0;
"param_debugger_type" = 3;
"param_destination_isProxy" = 0;
"param_destination_platform" = "com.apple.platform.iphoneos";
"param_diag_MainThreadChecker_stopOnIssue" = 0;
"param_diag_MallocStackLogging_enableDuringAttach" = 0;
"param_diag_MallocStackLogging_enableForXPC" = 1;
"param_diag_allowLocationSimulation" = 1;
"param_diag_checker_tpc_enable" = 1;
"param_diag_gpu_frameCapture_enable" = 3;
"param_diag_gpu_shaderValidation_enable" = 0;
"param_diag_gpu_validation_enable" = 1;
"param_diag_memoryGraphOnResourceException" = 0;
"param_diag_queueDebugging_enable" = 0;
"param_diag_runtimeProfile_generate" = 0;
"param_diag_sanitizer_asan_enable" = 0;
"param_diag_sanitizer_tsan_enable" = 0;
"param_diag_sanitizer_tsan_stopOnIssue" = 0;
"param_diag_sanitizer_ubsan_stopOnIssue" = 0;
"param_diag_showNonLocalizedStrings" = 0;
"param_diag_viewDebugging_enabled" = 1;
"param_diag_viewDebugging_insertDylibOnLaunch" = 1;
"param_install_style" = 0;
"param_launcher_UID" = 2;
"param_launcher_allowDeviceSensorReplayData" = 0;
"param_launcher_kind" = 0;
"param_launcher_style" = 99;
"param_launcher_substyle" = 8192;
"param_runnable_appExtensionHostRunMode" = 0;
"param_runnable_productType" = "com.apple.product-type.application";
"param_structuredConsoleMode" = 1;
"param_testing_launchedForTesting" = 0;
"param_testing_suppressSimulatorApp" = 0;
"param_testing_usingCLI" = 0;
"sdk_canonicalName" = "iphoneos17.4";
"sdk_osVersion" = "17.4";
"sdk_variant" = iphoneos;
}

System Information
macOS Version 14.4.1 (Build 23E224)
Xcode 15.3 (22618) (Build 15E204a)
Timestamp: 2024-05-13T21:04:50+01:00

Okay, I know this is hairy and I'm sure it's a configuration blocking my success.
Ultimately I want to access containerised applications on Coolify on a host behind my home router Coolify is configured to use Caddy as a proxy. I want to use subdomains such as wordpress.example.com and route those requests through my maze to the service configured on Coolify. I have a domain pointed at a DO Droplet running NPM and there's a host configured to forward traffic from NPM to the host with Coolify (caddy).
Fundamentally here's the flow;
Digitalocean Droplet (tailscale) - nginx-proxy-manager - Home Server (tailscale) - Caddy Reverse Proxy - Containerised Application on Coolify
I appreciate that I could put Coolify (or any other container orchestration tech) on a droplet and point my domain at my droplet and things would be simpler but, where's the fun in that?
Please let me know if there are decent resources that tackle this double dip reverse proxy. I think this should be completely doable but I'm lacking something necessary. Perhaps there's some header forwarding needed in both proxies but I'm not getting the combo correct at this time.
Any guidance would be hugely appreciated. Thanks in advance.

Hey All, looking for some quick guidance. In the process of spinning up a test environment to vet out App Proxy for RDWeb.
Initially tried building out in a CDX environment, but ran into enforced MFA conditional access policy not allowing exclusions for ADConnect, impeding ADSync from working. In that environment I had no issue with the creation of the Enterprise Applications tied to App Proxy.
I spun up a proper Azure environment with a 30 day trail Azure Premium P1 license. I attached domains, configured ADSync, configured App Proxy connectors, but I am unable to make an Enterprise Application tied to my app proxy.
I'm Using the global admin account, have full privileges on the subscription and as an Application Administrator, kind of stumped with the issue. As a test I added a random Enterprise Application to verify its not a general inability to add apps, its only App Proxy tied applications that are failing.

Edit: Solved: DDNS/Public IP wasn't working from my local internet, but if I used my phone or another network the page finally loaded and prompted me for a login. Thank you u/jippen for the answer and u/grat_is_not_nice for being nice :)
Before you say "dont port forward it's dangerous", at this point I'm just annoyed I can't get it to work and want to know why. Maybe once I get it working I'll look into a safer method with a proxy or VPN.
So, I created a port forwarding rule for 7878, 8989, and 8080. I also have a Minecraft Server running on the same computer on 25565.
I can access SonarRadarSABnzbd on the local network with the computer's name/ip and the port its running on. I cannot access SonarRadarSABnzbd with my public ip/ddns and the port its running on.
The Minecraft server works fine with the public IP/ddns. I have tried changing SonarRadarr to run on 25565 and the page still won't load. I have tried changing the Minecraft server to run on port 8989 and the server was accessible publicly. I have Windows Defender turned off to troubleshoot but the fact that the server works on 8989 makes it seem pretty clear the port is open, right?
What am I doing wrong? Why can't I access Sonarr with my public ip when I know the port is open and the firewall is off?
The only thing I can think of if its not a SonarRadarr configuration issue is that the Minecraft server.jar is doing an extra step to ensure the port is open, but again my firewall is turned off so I don't know what else it could be doing.

Hello!
I'm offering my programming services to develop affordable solutions to common tasks such as:

• Google Drive and Google Sheets automation.
• Telegram, Discord, Reddit and Twitter bots
• ChatGPT enhanced software.
• FFMPEG ImageMahick and PIL automation.
• SMS and Email notifications using the Twilio and Sendgrid APIs.
• Web scraping using Websockets, BeautifulSoup, Requests and Selenium.
• Performing repetitive tasks/routines on a web browser using Selenium.
• Batch file processing, uploading and downloading.
• NoSQL, SQL, JSON, CSV, XLSX, HTML conversion.
• Advanced subreddit moderation tools such as dynamic post schedulers, auto-updating widgets, keyword monitoring and AutoMod configuration.

All the solutions are coded in Python 3 in compliance with best practices and PEP 8.
The scripts are cross platform compatible, you can also schedule them to run automatically using crontab on a Linux VPS, Raspberry PI or GitHub Actions and on Windows using Task Scheduler.
Prices are affordable and payments can be made via PayPal.
Delivery time is often 1-2 business days depending on project difficulty.

Examples

• Collection of Reddit Bots using PRAW.
  
• Universal Web Scraper that summarizes news articles.
  
• Discord Webhook bot hosted on GitHub Actions.
  
• Desktop GUI app that helps freelancers and employers using wxPython, SQLite and Requests.
  
• Reddit bot that transcribes tweets.
  
• HTML to CSV using Selenium and BeautifulSoup.
  
• HTML to SQL using BeautifulSoup, Requests and SQLite.
  
• GitHub API to Firebase Realtime Database using Requests.
  
• Tkinter App that finds and saves free proxies using Tkinter, Requests and BeautifulSoup.
  

Approximate Costs of Most Requested Tasks

Task	Description	Approximate Cost (USD)	Approximate Delivery Time
Simple Web Scraper	A web scraper for websites that are well structured or for web APIs.	$30.00 - $50.00	< 24 hours
Complex Web Scraper	A web scraper for websites that are not well structured and require a complex spider or managing user sessions. Also for web scrapers that require to rotate proxies and user agents.	Starts at $50.00	< 24 hours
Selenium Web ScrapeAutomation	A web scraper developed using Selenium WebDriver. Required for the most complex websites, it can include support for proxy rotation.	Starts at $100.00	24 - 48 hours
Simple Reddit/TwitteTelegram/Discord (webhook) bot	A bot that monitors subreddits/users/hashtags/websites and performs a predefined action.	$30.00 - $50.00	< 24 hours
Complex Reddit/Discord bot	A bot that takes commands and performs actions with the given parameters. The number of commands and their complexity increases the cost.	Starts at $100.00	24 - 72 hours
Data Transformation Tool	A script that performs transformation tasks on your datasets and raw text files such as extracting, cleaning, renaming, concatenating, removing duplicates, etc.	$30.00 - $50.00	< 24 hours

Costs are influenced by the complexity of the given task and the quality of the target website. Feel free to ask any questions here or via PM.
^{Website GitHub}

Hello!
I'm offering my programming services to develop affordable solutions to common tasks such as:

• Google Drive and Google Sheets automation.
• Telegram, Discord, Reddit and Twitter bots
• ChatGPT enhanced software.
• FFMPEG ImageMahick and PIL automation.
• SMS and Email notifications using the Twilio and Sendgrid APIs.
• Web scraping using Websockets, BeautifulSoup, Requests and Selenium.
• Performing repetitive tasks/routines on a web browser using Selenium.
• Batch file processing, uploading and downloading.
• NoSQL, SQL, JSON, CSV, XLSX, HTML conversion.
• Advanced subreddit moderation tools such as dynamic post schedulers, auto-updating widgets, keyword monitoring and AutoMod configuration.

All the solutions are coded in Python 3 in compliance with best practices and PEP 8.
The scripts are cross platform compatible, you can also schedule them to run automatically using crontab on a Linux VPS, Raspberry PI or GitHub Actions and on Windows using Task Scheduler.
Prices are affordable and payments can be made via PayPal.
Delivery time is often 1-2 business days depending on project difficulty.

Examples

• Collection of Reddit Bots using PRAW.
  
• Universal Web Scraper that summarizes news articles.
  
• Discord Webhook bot hosted on GitHub Actions.
  
• Desktop GUI app that helps freelancers and employers using wxPython, SQLite and Requests.
  
• Reddit bot that transcribes tweets.
  
• HTML to CSV using Selenium and BeautifulSoup.
  
• HTML to SQL using BeautifulSoup, Requests and SQLite.
  
• GitHub API to Firebase Realtime Database using Requests.
  
• Tkinter App that finds and saves free proxies using Tkinter, Requests and BeautifulSoup.
  

Approximate Costs of Most Requested Tasks

Task	Description	Approximate Cost (USD)	Approximate Delivery Time
Simple Web Scraper	A web scraper for websites that are well structured or for web APIs.	$30.00 - $50.00	< 24 hours
Complex Web Scraper	A web scraper for websites that are not well structured and require a complex spider or managing user sessions. Also for web scrapers that require to rotate proxies and user agents.	Starts at $50.00	< 24 hours
Selenium Web ScrapeAutomation	A web scraper developed using Selenium WebDriver. Required for the most complex websites, it can include support for proxy rotation.	Starts at $100.00	24 - 48 hours
Simple Reddit/TwitteTelegram/Discord (webhook) bot	A bot that monitors subreddits/users/hashtags/websites and performs a predefined action.	$30.00 - $50.00	< 24 hours
Complex Reddit/Discord bot	A bot that takes commands and performs actions with the given parameters. The number of commands and their complexity increases the cost.	Starts at $100.00	24 - 72 hours
Data Transformation Tool	A script that performs transformation tasks on your datasets and raw text files such as extracting, cleaning, renaming, concatenating, removing duplicates, etc.	$30.00 - $50.00	< 24 hours

Costs are influenced by the complexity of the given task and the quality of the target website. Feel free to ask any questions here or via PM.
^{Website GitHub}

Hi there, I've installef Flexisip 2.3 on an aws ec2. I think I've configured Flexisip and the machine well in fact I'm able to make a call between 2 linphone clients. Unfortunately I can't manage to create an audio conference. The client hangs waiting a response from the server and on the server I get the following error
Please help

"2024-05-13 09:00:34:333 liblinphone-message-[Initiate Incoming Stream] Found matching configurations: local configuration index 0 remote offered configuration index 0 2024-05-13 09:00:34:333 liblinphone-error-Unable to retrieve contact address from proxy confguration for call session 0x5bbc3fd03860 (local address  remote address sip:user4@sip.adomain.com). 2024-05-13 09:00:34:334 liblinphone-message-CallSession [0x5bbc3fd03860] moving from state LinphoneCallIdle to LinphoneCallIncomingReceived 2024-05-13 09:00:34:334 liblinphone-error-Unable to retrieve contact address from proxy confguration for call session 0x5bbc3fd03860 (local address  remote address sip:user4@sip.adomain.com). 2024-05-13 09:00:34:334 liblinphone-message-Contact has not been fixed, stack will do 2024-05-13 09:00:34:334 belle-sip-warning-no host found in this uri 2024-05-13 09:00:34:334 belle-sip-message-[org.antlr.runtime.MismatchedTokenException] reason [] 2024-05-13 09:00:34:334 belle-sip-error-fast_header_address parser error for [sip:linphone@:-1] 2024-05-13 09:00:34:334 liblinphone-warning-Cannot create Address, bad uri [sip:linphone@:-1] 2024-05-13 09:00:34:334 liblinphone-warning-Unable to set contact address for session 0x5bbc3fd5a700 to as it is not valid 2024-05-13 09:00:34:335 liblinphone-message-Inserting conference information to database in order to be able to recreate the conference IdentityAddress(sip:) in case of restart 2024-05-13 09:00:34:336 liblinphone-error-Trying to insert a Conference Info without organizer or URI! 2024-05-13 09:00:34:336 belle-sip-message-Garbage collecting unowned object of type belle_sip_header_content_type_t 2024-05-13 09:00:55:049 flexisip-message-Launching periodic INFO query on REDIS 2024-05-13 09:00:55:049 flexisip-debug-Collecting replication information 2024-05-13 09:00:55:049 flexisip-debug-'subscribe' request on 'FLEXISIP' channel succeeded. 2 actual subscriptions 2024-05-13 09:00:55:049 flexisip-debug-Redis replication information received 2024-05-13 09:00:55:049 flexisip-debug-Redis server is a master 2024-05-13 09:00:55:049 flexisip-debug-Switch Redis RegistrarDB backend 'writable' flag [ 1 -> 1 ] 2024-05-13 09:00:55:098 belle-sip-message-channel [0x5bbc3fbcc7d0]: keep alive sent to [TCP://127.0.0.1:45659] 2024-05-13 09:01:25:106 belle-sip-message-channel [0x5bbc3fbcc7d0]: keep alive sent to [TCP://127.0.0.1:45659] 2024-05-13 09:01:55:049 flexisip-message-Launching periodic INFO query on REDIS 2024-05-13 09:01:55:049 flexisip-debug-Collecting replication information 2024-05-13 09:01:55:049 flexisip-debug-Redis replication information received 

Dear FSLogix Community,
We are currently administering a Citrix farm of around 250 users across 12 Windows Server 2019 VDAs. Profiles are managed with FSLogix and stored on a Windows file server.
Profile Type for the profile containers is set to 3 (Try for read-write profile and fallback to read-only)
VHD Access Mode for the ODFC containers is set to 3 (Unique disk per sessions)
Our goal is to set up a DR infrastructure. To do this, we want to set up a new Citrix farm in a remote datacenter and copy the current user profiles by adding a second SMB access path in the CCD Location setting.
The VDAs (session hosts) in DC1 will have the path to the DC1 file server first and the DC2 file server second.
VDAs (session hosts) in DC2 will have the path to the DC2 file server first and the DC1 file server second.
Once the new FSLogix GPO will be applied to all the servers, user profiles will be copied to the new file server when users log on for the first time.
During our tests, we observed the following behaviour:

• When Profile Type and VHD Access Mode are set to 3, VHDXs are copied on login. Users cannot log in until their profile has been completely copied to the second site. The login time will therefore take several minutes instead of 20 seconds.
  
• When the Profile Type and VHD Access Mode is set to 0, the user logs in and the VHDXs are copied while the user is connected to the session. The initial connection time is only around ten seconds, and the copy is done in the background. However, if a user disconnects and reconnects when the profile copy is not complete, they will receive an error when they connect back.
  

Regarding the size and number of user profiles, do you think we should segment the profiles copy by creating a different Citrix Delivery Group and connecting users to the servers with the new CCD in a segmented way? Like 20 by 20?
Is there a recommended profile type to use in this case?
Has anyone already set up a similar infrastructure? What was your configuration?
Is there a better solution for this situation, where the profiles are already existing, numerous and large?
Thank you in advance for your advice!

Hello, we have configured a SureBackup job with a Application Gruups of 4 machines, this Virtual Lab is configured at site level, VBR is on datacenter.
The SureBackup job seems ok, the ping test is not passing because we have VBR on a datacenter and due to routing problems this test is failing everytime.
What we need is to reach the machines inside the isolated Virtual Lab from the site but not clear how to do it.
The small Linux appliance machine is acting as a proxy in this case, right ?
So how to configure a Windows machine to reach the isolated stuff ?