I have both a sharepoint 2016 on prem server and a docker container running nginx proxy manager. Both are VMs on the same network running on vmware vsphere. I have the proxy host for sharepoint configured to point the subdomain to the SP server host. When I am attempting a log in via the domain URL, I keep getting asked my log in credentials ( I Log in with my username and password and it refreshes the screen and prompts for my user and password again). Is there something I'm missing in either my NPM or SharePoint setting?
Related
During the securing of MariaDB it asks me the following question:
Disallow root login remotely? [Y/n]
Normally, root should only be allowed to connect from 'localhost'.
This ensures that someone cannot guess at the root password from the
network.
Because I'm working on a headless server (Ubuntu Server) without any screen nor keyboard, my only way to reach the o.s. is via SSH.
Disabling the remote root login will prevent me to access from SSH as well? I guess yes, and I kept the remote login enabled.
It's the default admin account of MariaDB, has same name with system root account, but there's no direct relationship between them. System user bob can also use command mysql -uroot -p to connect MariaDB with admin privilege.
login remotely means connecting to MariaDB remotely using port 3306. if remote login is enabled for root and MariaDB bind a public IP, anyone can try to connect to your DB by mysql -uroot -hIP. then a security incident happened if weak password used.
Disallow root login remotely? [Y/n]
That's from MariaDB perspective, NOT the SSH.
When you are login via SSH and then login to MariaDB via mysql cli to localhost server, MariaDB assume that you login "locally".
As like many other RDBMS, MariaDB allow to login remotely, in your case without SSH, to any remote server via TCP/IP. This kind of login to MariaDB is the meaning about above question.
Example:
You are now at Host A (IP: 192.168.0.10). The MariaDB server at Host B (IP: 192.168.0.11).
If you are accessing the MariaDB server via mysql client cli and execute:
mysql -h192.168.0.11 -uroot -p
That's called "root login remotely"
I've created a web server on my Raspberry Pi 4 and using it for a web project that I'm currently working on as well as future website projects. Currently, I'm running on Pop OS Linux distro on my main laptop and SSH to the Raspberry Pi running as a web server. I'd like to install the letsencrypt SSL on the webserver. I've found some tutorials on a Google search and have had no luck with the installation of certbot. I'm currently running the Nginx web server on the Raspberry Pi.
I have changed some of the settings on the /etc/Nginx/sites-available & sites-enabled and still no luck with the SSL running on the webserver. Are there any other suggestions or tips that anyone can throw my way to get this web server installed with a secure socket layer of encryption? I'm currently running the web server on my Raspberry Pi's IP Address. Maybe I need to change it to an actual domain name beforehand and see if that works?
When I run:
sudo systemctl status nginx
It returns as active. Which is good. Any suggestions?
You should go for following the steps, serially:
You need to register a domain name with a official DNS (Domain Name System) Register, e.g. NameCheap, Google Domains, Go Daddy.
Install certbot following instructions on Let's Encrypt tutorials all SSL/TLS certificates will be installed automatically, (assuming that you're not requesting a wildcard certificate, I too recommend not doing so as it's a hassle in getting a wildcard certificate).
Make sure all ports are correctly forwarded to the Raspberry Pi and that there is no firewall interfering with the ports 443 and 80 and make sure that your ISP is not blocking them whatsoever, since Let's Encrypt needs to verify that your domain name and website exists and is accessible.
My setup:
Azure Vm : Windows server 2008
IIS 7.5
I have purchased a domain from godaddy and pointed it to the Azure VPS. Initially the website was running on IIS using http on port 80. I have purchased SSL from godaddy using CSR and installed them as following
Intermediate certificate using MMC
Server certificate using IIS
Then I bind the certificate with my website using https on port 443, but when I visited my website it's not loading up it on https and gives an error "This site can't be reached. I have also checked secure world wide web and https is checked in my firewall settings.
I solved it by
Goto your Azure VM
In Azure VM -> Find Endpoints
Click on Add endpoint
Add endpoint for you port (in my case 443) and give it a name ( e.g https)
Save
Done
I am facing the following issue.
1 - I have deployed WCF service with SSL enabled on remote IIS machine and trying to use it from my web client.The problem is my browser is not allowing this service to be called.Before using my web client i have to hit the service url from my browser directly and then allow the certificate.
2- Got suggestion from somewhere to export the certificate on the machine where WCF is deployed and include that certificate file in Trusted certificates group on my machine.After I did that I got same problem when tried to access web service from web client.So I hit the service url from browser and got the same page which needs me to trust the certificate with a different message that "You attempted to reach 111.121.196.226(ip address of the WCF machine), but instead you actually reached a server identifying itself as "WMSvc-domain" where "WMSvc-domain" is the value of "Issued To" field in the certificate.
I hope I have made myself clear.Waiting for suggestions.Thank you.
WMSvc-machinename is the IIS Windows Management Service which runs by default on 8172/tcp and is used for remotely managing iis. When installed the default is to create a self-signed certificate. That wouldn't trusted. It could be replaced with a "proper" CA signed cert through the Management Service icon in IIS Manager.
My webapplication hosted on windows azure, needs to communicate with TFS Server. When any one login to my web app using live id, I want the logged in user to use my Team foundation server(TFS) credentials -username,password and domain to programatically authenticate and connect to our TFS server and create some work items.
I configured my azure connect for the communication to happen between azure WebRole and TFS server (our TFS is non-azure ).I added both the WebRole and the TFS Server into single Connection Group
In my azureportal ,I can see mywebrole and my TFSServer as connected the machine endpoint is active, and that it refreshes since the last connected updates
.But when I try to run my web application from azure and when it tries to communicate with our TFS server ,its throwing error message saying Error message : Team Foundation services are not available from server eg.,http://xyz-abcxyx-01:8080/tfs/eas/. Technical information (for administrator): The remote name could not be resolved: 'xyz-abcxyx-01'
Any suggestions to resolve this issue ?
You should enable remote desktop on your WebRole and connect to one of your instances. Then, try to ping the IP of your TFS server (not the hostname xyz-abcxyx-01). Maybe this is simply a DNS issue (even though using hostnames works with Windows Azure Connect).
If pinging the IP works, but pinging the hostname doesn't work you have a few options left:
Use the IP instead of the hostname. This won't work if you configured your TFS to use host headers.
Create an elevated startup task to modify the hosts file and map the IP to the hostname. In your code you can keep working with the hostname.
Try to modify the DNS server configured in your WebRole to use the default DNS server + your internal DNS server. But to me this doesn't look like a clean solution.
Anyways, in each solution you'll want to store the IP/hostname in the ServiceConfiguration and make sure your code supports changes to the ServiceConfiguration. This will allow you to change the IP/hostname without having to redeploy.
You should check if TFS server is listening on all network interfaces, include the one created by Azure Connect (start with 2a01). Next try to connect to TFS from a machine on the local LAN, just to make sure it is configured correctly. You don't need to use IP for referring to TFS, DNS name is definitely supported out of box.