HAProxy for Patroni HAProxy checks the nodes’ status using the httpchk option, but the replicas of your Patroni cluster do not respond to the HTTP check on port 8008 in the same way as the primary node. In a Patroni cluster, only the leader should respond as active on this HTTP port, while the replicas might not, causing HAProxy to mark them as “down.” Adjust the HAProxy configuration to properly check the nodes’ status based on their roles within the cluster (leader or replica)....
Overview Keepalived, which is mainly used to provide high availability by implementing the VRRP (Virtual Router Redundancy Protocol). Your configuration is commonly used to monitor services like HAProxy and automatically switch between servers in case of failures. 1 2 3 4 5 6 7 apt update && sudo apt upgrade -y apt install keepalived -y vi /etc/keepalived/keepalived.conf systemctl restart keepalived systemctl enable keepalived INTERFACES : Ensure that ethX is the correct interface on your server....
Overview Reference While PostgreSQL’s pg_hba.conf is the file responsible for restricting connections, when listen_addresses is set to * (wildcard), it is possible to discover the open port on 5432 using nmap and learn the database exists, thereby possibly opening the server up for an exploit. Setting it to the an IP address prevents PostgreSQL from listening on an unintended interface, preventing this potential exploit. Monitoring and Continuous Optimization Use tools like pg_stat_activity and pg_stat_database to monitor connection usage and adjust the values as needed:...
Help 1 :h jumplist Astronvim Shortcuts Symbols: ls : Launch FZF to search for symbols. lS : Toggle right sidebar with all symbols. Navigation & Repetition f{s} – Jumps to the next occurrence of the character {s} in the current line. 4ft – Moves the cursor to the 4th occurrence of the character t on the current line. ; – Repeats the last character-finding command (like f, t, etc.). , – Repeats the last character-finding command in the opposite direction....
Concepts An Intrusion Prevention System (IPS) is a type of engine that identifies malicious traffic by checking the signatures. The signatures contain known traffic patterns or instruction sequences used by malware. This type of signature-based engine can only detect anomalies based on known malicious traffic patterns. An Intrusion Detection System (IDS) is a network security technology originally built for detecting vulnerability exploits against a target application or computer. IDS only listens for issues and alerts you and does not take preventative action....
VPN site-to-site - IPSec A VPN connection that allows you to connect two local area networks (LANs) is called a site-to-site VPN. Internet Key Exchange version 2 (IKEv2) The Internet Protocol Security (IPSec) set of protocols is used to set up a secure tunnel for the VPN traffic, and the information in the TCP/IP packet is secured (and encrypted if the tunnel type is ESP). The IP packet (header and payload) is embedded in another IP payload, and a new header is applied and then sent through the IPSec tunnel....
Git Undo Changes
PEM Generating a TLS/SSL Certificate 1 openssl genrsa -out my_private_key.key 2048 Now that you have a private key, create a public key with it: 1 openssl rsa -in my_private_key.key -pubout > my_public_key.pub Using OpenSSL to View the Status of a Website’s Certificate 1 openssl s_client -connect linuxhandbook.com:443 2>/dev/null | openssl x509 -noout -dates Verifying Information within a Certificate 1 openssl x509 -in certificate.crt -text -noout Checking a .csr (Certificate Signing Request) type file 1 openssl req -text -noout -verify -in server....
Docker Configuration Overview
Docker Images