ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login
    1. Topics
    2. killmasta93
    3. Posts
    K
    • Profile
    • Following 0
    • Followers 0
    • Topics 9
    • Posts 26
    • Best 8
    • Controversial 0
    • Groups 0

    Posts made by killmasta93

    • Question about Headers IIS reverse proxy with NGINX

      Hi

      I was wondering if someone could shed some light on the issue im having,

      Currently i have working great NGINX as reverse proxy for my IIS

      Im trying to get working the Strict-Transport-Security, X-Frame-Options, X-Content-Type-Options working my NGINX but it keeps showing that its not getting applied when i check

      https://securityheaders.com
      fd4667f5-f05a-4b83-afe4-a8fb4cd4a6ec-image.png

      #        listen 80;
         listen 443 ssl;
       server_name  sub.domain.com;
      
        ssl_certificate /etc/letsencrypt/live/sub.domain.com/fullchain.pem;
              ssl_certificate_key /etc/letsencrypt/live/sub.domain.com/privkey.pem;
              ssl_dhparam /etc/ssl/certs/dhparam.pem;
              ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
              ssl_session_timeout 1d;
              ssl_session_cache shared:SSL:50m;
              ssl_stapling on;
             ssl_stapling_verify on;
      
      ## security headers
      # Block loading in an iFrame
      add_header X-Frame-Options SAMEORIGIN;
      # Enforce HTTPS
      add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
      # Blocks hidden malicious scripts
      add_header X-Content-Type-Options nosniff;
      # Stops scripts from unknown sources
      add_header X-XSS-Protection "1; mode=block";
      # Content security policy
      add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
      # Referal policy
      add_header Referrer-Policy "origin-when-cross-origin" always;
      # permision policy
      add_header Feature-Policy "camera 'none'; microphone 'none'; geolocation 'none'" always;
      add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
      
              location ~ /.well-known {
              root /var/www/letsencrypt;
              allow all;
          }
              location / {
      
                     proxy_pass http://192.168.3.211:8096/;
      
      #                headers setting
      
                      proxy_set_header Host $host;
      
                      proxy_set_header X-Real-IP $remote_addr;
      
                      proxy_set_header X-Forwarded-For $remote_addr;
      
                      proxy_set_header X-Forwarded-Proto $scheme;
                      proxy_set_header X-Client-IP $remote_addr;
      
                      }
      
              }
      

      im going to assume

      proxy_set_header Host $host; is what shows the header of the IIS?

      Thank you

      posted in IT Discussion
      K
      killmasta93
    • RE: Issue with NGINX passthough TLS

      @pete-s yeah i guess im going to have to do that, it just bugs me that NGINX wont pass though the real IP

      posted in IT Discussion
      K
      killmasta93
    • RE: Issue with NGINX passthough TLS

      @pete-s
      correct, whats odd is that it works perfectly fine on HA proxy on pfSense its just that i want to move better to a virtual machine and not depend on pfSense
      Im not sure howcome it works on HA proxy and not on NGINX

      posted in IT Discussion
      K
      killmasta93
    • RE: Issue with NGINX passthough TLS

      @scottalanmiller
      so in my case how would i solve this issue so the backend can see the real IP?

      posted in IT Discussion
      K
      killmasta93
    • RE: Issue with NGINX passthough TLS

      @scottalanmiller
      Thanks for the reply, correct i was using before HAproxy on pfSense to do the TLS passthough but moving to NGINX as this server is later on going to manage all the SSL but because i need to migrate exactly the same way i have it currently as HAproxy

      but i have configured to pass though but not passing the real IP

      posted in IT Discussion
      K
      killmasta93
    • Issue with NGINX passthough TLS

      Hi

      I was wondering if someone could shed some light on the issue im having,

      Currently im testing out to TLS pass though to my zimbra server as the SSL has to be in the zimbra server and another wordpress site which also has the SSL

      the setup would this this

      INTERNET--------NGINX PROXY-------ZIMBRA and ------WORDPRESS SITE

      I successfully configured the nginx proxy to TLS passthough but i checked the logs and it seems that not passing the real IP to zimbra or to wordpress

      But couldn't figure it out because it wont let me send the proxy headers because im using the TLS passthough

      this is the config

      root@bunker:~# cat /etc/nginx/modules-enabled/passtru.conf
      stream {
      
              map $ssl_preread_server_name $name {
      
             wordpress.domain.co wordpress;
              mail.domain.co zimbra;
              default https_default_backend;
          }
      
          upstream wordpress {
              server 192.168.7.35:443;
          }
      
          upstream zimbra {
              server 192.168.7.245:443;
          }
      log_format basic '$remote_addr [$time_local] '
                   '$protocol $status $bytes_sent $bytes_received '
                   '$session_time "$upstream_addr" '
                   '"$upstream_bytes_sent" "$upstream_bytes_received"
                    "$upstream_connect_time"';
      
      access_log /var/log/nginx/access.log basic;
      error_log  /var/log/nginx/error.log;
      
          server {
              listen 443;
              proxy_pass $name;
              proxy_bind $name transparent;
              ssl_preread on;
          }
      }
      
      
      posted in IT Discussion
      K
      killmasta93
    • RE: Zimbra Filter rules?

      @dbeato the filter moves any subject that has SPAM to the folder junk which adds to all the domains instead of one by one

      posted in IT Discussion
      K
      killmasta93
    • RE: Proxmox: Unable to parse lvm volume name

      @gjacobse

      why dont you just import it directly?

      qm importdisk 100 DietPi_VMware-x86_64-Buster.vmdk zfs-vmdata
      

      this case im running ZFS just change the zfs-vmdata to your lvm location

      posted in IT Discussion
      K
      killmasta93
    • Postfix Script to send email automatic

      Hi
      I was wondering if its possible what im trying to do, I want to send an email automatically every day to all the users and new users when created automatically. Im not sure if its done though zimbra or though postfix?
      any ideas
      Thank you

      This is what i have so far, currently i have to add the email manually in the addresses.txt and could not figure out how to add the subject
      if someone else has a better idea how to modify the script by all means

      #!/bin/sh
      SENDER="sistemas@mydomain"
      ADDRESSFILE="/root/addresses.txt"
      SENDMAIL="/usr/sbin/sendmail"
      
      for RECIPIENT in $(cat ${ADDRESSFILE}); do
      
      cat <<EOF | ${SENDMAIL} -i -f "${SENDER}" "${RECIPIENT}"
      
      Hello User,
      this is a reminder
      EOF
      
      posted in IT Discussion
      K
      killmasta93
    • RE: Zimbra Filter rules?

      @scottalanmiller
      found out how to do it

      first enable headers

      zmprov mc default zimbraSieveEditHeaderEnabled TRUE
      

      then create filter

      cat /tmp/myfilters
      
      require ["fileinto", "reject", "tag", "flag", "editheader"];
      
      #Filter email based on a subject
      if header :contains "Subject" [
        "SPAM"
        ]
      {
          fileinto "Junk";
          stop;
      }
      

      then copy the sieve filters

      cat /tmp/myfilters |xargs -0 zmprov md domain.com zimbraAdminSieveScriptBefore
      

      and it works

      posted in IT Discussion
      K
      killmasta93
    • Zimbra Filter rules?

      Hi i was wondering if someone has accomplished what im trying to do,
      Currently i need to create a filter for all the email users and future users.
      I could not find a way on the web console to add that filter without doing one by one,
      I did see this command

      zmmailbox addFilterRule
      

      but it would be the same way adding one by one so not sure if any more ideas?

      Thank you

      posted in IT Discussion zimbra
      K
      killmasta93
    • RE: Bitlocker GPO automatic?

      @black3dynamite
      Thanks for the reply and sorry the late reply i did not get a notification on the email,
      seemed that the issue was that it has to be done by \nameof server and not IP

      posted in IT Discussion
      K
      killmasta93
    • RE: Bitlocker GPO automatic?

      @notverypunny

      Thanks for the reply, but GPO by powershell i think its only compatible for server 2016-2019 but running currently 2012

      posted in IT Discussion
      K
      killmasta93
    • Bitlocker GPO automatic?

      Hi
      I was wondering if someone else has accomplished on what im trying to do
      i have GPO to automatic stores the keys in the AD when activated the bitlocker, but it seems that i have to do it manually, so i put a logon script bat with this

      script.bat

      Powershell.exe -ExecutionPolicy Bypass \\192.168.3.150\shares\publica\sistemas\enablebitlocker.ps1
      

      But the for some odd reason im getting this popup which i would want it to run it silently or is there way to automatic say yes ?

      Safety warningRun only the trusted scripts. Scripts from the Internet can be useful, but this script coulddamage your equipment. If you trust this script, use the Unblock-File cmdlet to allow it to run without this messagewarning. Do you want to run
      

      this is the powershell script

      $CdriveStatus = Get-BitLockerVolume -MountPoint 'c:'
      if ($CdriveStatus.volumeStatus -eq 'FullyDecrypted') {
          C:\Windows\System32\manage-bde.exe -on c: -recoverypassword -skiphardwaretest
      }
      

      Thank you

      posted in IT Discussion
      K
      killmasta93
    • RE: Zabbix Agent alert on active mode?

      thanks for the reply, so currently running zabbix 5.0, i have a proxy on each remote site which the agents goes though the proxy which sends the data to the zabbix server. Here is the issue, when a agent goes off line it alerted me every 30mins so what i did went to the template and changed the macro from 30min to 5min. But whats odd is that it doesnt appear offline rather then in the section unknown. And whats even more odd if the zabbix proxy of the remote site goes offline it doesnt alert me just shows unknown. The template i have for the agents on windows and linux called OS windows active agent and OS linux active agent. But i implemented proxy i had it directly to the zabbix server only issue there is that my server was getting overloaded

      This server has been out since 9am and has passed more then 12 hours and no alert only shows unknown

      8387ac5e-4035-44a8-93fa-418e2195d3ec-image.png

      which shows like this

      ecbc4c87-ce79-420a-8110-b0461da5fbc9-image.png

      and on the templates you see that it has configured the trigger when no data is received

      31427302-ed45-4d95-8c34-a556cc4b9d5e-image.png

      in this case its at 30min

      ca685cbb-60ac-41aa-b17f-129ea0500c9c-image.png

      posted in IT Discussion
      K
      killmasta93
    • Zabbix Agent alert on active mode?

      Hi
      I was wondering if someone could shed some light on the issue im having. Before i had my zabbix agents connecting directly to my zabbix server on different remote sites which worked fine until my zabbix got overloaded. Then on each remote site i put a zabbix proxy which helped alot on my server. So one day one of servers got shutdown and didn't alert me only 30min later which is odd. So my question is how can configure the alert of zabbix when the data stops coming in after 5min rather then 30min?

      Thank you

      posted in IT Discussion
      K
      killmasta93
    • RE: Script to prune mailbox zimbra?

      Thank you currently i put 30 days as wont let me add less to test it out i guess have to wait around a few weeks to test it out thank you again

      posted in IT Discussion
      K
      killmasta93
    • RE: Script to prune mailbox zimbra?

      Thank you for the reply, but i only need to purge 2 email boxes of the inbox, i went to the user mailbox on the admin and on advance i found this i check on the purge interval and got this

      zimbra@mail:/root$ zmprov gacf | grep zimbraMailPurgeSleepInterval
      zimbraMailPurgeSleepInterval: 1m
      

      So my question is if i activate the email message life time to 90 it means that it will purge emails of that email inbox keeping only 90 days of email?

      Thank you

      6b3d2c32-2563-46a3-9da7-a84838033630-image.png

      posted in IT Discussion
      K
      killmasta93
    • Script to prune mailbox zimbra?

      Hi,
      I was wondering if someone else has had the same dilemma, so currently i have postfix email server which im moving to zimbra.

      On my postfix server i had this script that would clean 90 days of emails

      #!/bin/bash
       /usr/bin/find /home/in/Maildir/cur -type f -mtime +90 -delete -name "*.mail.mydomain.com:2"
       /usr/bin/find /home/in/Maildir/cur -type f -mtime +90 -delete -name "*.mail.mydomain.com:2,S"
      /usr/bin/find /home/in/Maildir/cur -type f -mtime +90 -delete -name "*.mail.mydomain.com"
      

      and this script to clean the other mailboxes

       #!/bin/bash
      MAILDIRS=$(find /home/*/Maildir/ -maxdepth 0 -type d)
      for basedir in $MAILDIRS; do
        for dir in .Trash .Junk .Spam .Low\ Priority; do
          for dir2 in cur new; do
            [ -e "$basedir/$dir/$dir2" ] && (
              echo "Processing $basedir/$dir/$dir2..."
              find "$basedir/$dir/$dir2/" -type f -mtime +90 -delete
            )
          done
        done
      done
      

      I also saw an option on zimbra about retention policy but i think its not automatic as it needs user permission manually?
      or am i wrong?

      I was looking around but i found a few scripts for zimbra but it deletes amounts of email but not by time

      Thank you

      posted in IT Discussion
      K
      killmasta93
    • RE: Syncoid To usb retention policy ZFS?

      Thanks for the reply, the issue is that sanoid.conf does not send the snapshot to the usb but syncoid does, or does having that template automatic prune the snapshots?

      posted in IT Discussion
      K
      killmasta93
    • 1
    • 2
    • 1 / 2