This should be easy to configure, but I do not find the menu entry for this in the Checkmk Web Interface:
I have folders and host groups with many hosts listed there. My goal is to define the monitored services for all hosts in this folder or group. How can I achieve this without editing every single host via Setup → Host → (hostname) → Edit Services?
There is a rule set called "Disabled services". You can use it to disable services based on several conditions.
Related
I'm trying to see whether I can host RTD privately (behind a VPN). I spun up an AWS EC2 instance and set it up using the Docker image and instructions here. Everything worked fine, but when I go to http://<internal_ip> to test it I get a page with the message
404 - Invalid Host
The host "" is unknown to Read the Docs
If you control this domain and believe this is in error, please review our custom domain documentation. In the past, we allowed custom domains to point to us without configuring the domain in the Read the Docs dashboard and we attempted to intelligently guess the correct project based on DNS settings. Now, we believe that explicit is better than implicit. Below are some steps to help you get your domain working again:
Ensure you have a CNAME record pointing to readthedocs.io
Add your desired domain in the Read the Docs dashboard for your project (under Your Project >> Admin >> Domains)
It points me to this page, but it seems to me that those instructions assume I'm hosting my project on the public readthedocs.io site. Any ideas on how I can get this to work on my private server?
I've been trying to use Openshift Online v3 to host a web app. It works fine with the red hat-provided domain, but I can't get the routing working to get it to work on any other domain. all I get is:
Application is not available
The application is currently not serving requests at this endpoint. It may not have been started or is still starting.
Possible reasons you are seeing this page:
The host doesn't exist. Make sure the hostname was typed correctly and that a route matching this hostname exists.
The host exists, but doesn't have a matching path. Check if the URL path was typed correctly and that the route was created using the desired path.
Route and path matches, but all pods are down. Make sure that the resources exposed by this route (pods, services, deployment configs, etc) have at least one pod running.
Does anybody know how to do a custom domain in Openshift v3?
Step 1: Create two routes in openshift v3 console. One provided default by the openshift (*.openshiftapps.com) and create another route with the host name as your domain name.
Step 2: Go to domain registrar and add a CNAME record for your domain which points to *.openshiftapps.com domain
Wait for the CNAME addition to take effect and access your domain name from the browser, now it should get the page loaded properly.
As was the case with OpenShift Online Developer Preview, the GA free OpenShift Online starter tier does not support custom domains. Custom domains will only be available when the full paid tier is available. The only option in the interim is to use a proxy in front. One option is to use Cloudflare as that proxy.
Take a look at these docs.
$ oc create route edge --service=frontend \
--cert=${MASTER_CONFIG_DIR}/ca.crt \
--key=${MASTER_CONFIG_DIR}/ca.key \
--ca-cert=${MASTER_CONFIG_DIR}/ca.crt \
--hostname=www.example.com
For starter (free) plan, you may try hidden redirected URL. Some DNS providers provide such service.
I got a multisite network, and got subsites on it, unfortunately the main domain has expired, and I cannot access my WP admin. I don't worry about the main site but I need to have the subsite.
I am able to access the main site using the IP but not its WP admin. I tried following this but it didn't help. I saw a way via accessing database (this method) but I couldn't access database as its hosted in Digital Ocean, it's pretty hard without a control panel.
want a way to access main sites WP admin
access my subsite via URL (it has a separate domain which is being masked)
If your domain has expired, ordinary DNS will not work. This means that domain-based hosting on the web server will no longer operate as well.
However, you can easily trick your local machine into thinking the domain still exists. This will work on Linux and OS X. You'll need to know the IP address of your web server - if you do not have this, you'll have this in the welcome emails you've received from your web host, or perhaps by logging onto your customer control panel.
Edit your /etc/hosts/ file. In a blank link at the end, add this:
yourdomain.tld 1.2.3.4
where 1.2.3.4 is your IPv4 address. The gap between the two can be any number of spaces or tabs.
Once this file is saved, you should be able to ping it thus, in a console or terminal utility:
ping yourdomain.tld
and it will show you what IP address you have assigned it to.
You can then access it normally. Bear in mind, though, that only you have the DNS information, so it will not work on any other machine. It will however allow you to access your WordPress control panel.
I'm having a little trouble with PHPStorm and Remote Servers. The great thing about this IDE is that I can specify some settings for global enviroment, or per Project. But I guess it does not include settings for Remote Servers.
For example, consider this scenario.
I have a remote server on example.com. On that server I have 2 folders: example.com/project1 and example.com/project2.
In PHPStorm I created 2 projects with the name of Project One and Project Two. But I had to create 2 Remote servers with specific root folders.
For example for Project One's remote server's root folder is specified to example.com/project and for Project Two the folder example.com/project2.
So my questions is, how can I set the one remote server globally, so I could use it for different projects with specific root folders for each one?
The main server settings - id, name, type, host, root path, credentials, i.e. all content of Connection tab of server's settings - are stored globally. To be more precise, in //config/options/webServers.xml. So it's available for all projects. Contents of two other tabs of server settings - Mappings and Excluded Paths - is saved per project in .idea/workspace.xml
So, to share 1 server between several projects, make sure to set the server doc root/root URL in Connection tab and specify projects-specific stuff on Mappings tab
We have an active directory domain (let's call it foodomain) and a domain user account (foodomain\fooAppPoolUser) used for the IIS application pool identity.
We want to run the app pool under this user account and not under Network Service or the new AppPoolIdentity as we have to access SQL server and have multiple applications on IIS (with own app pools) accessing different databases.
The problem is that I can't find a clear HOW-TO explaining, which user rights have to be set for this user account and how IIS has to be setup so that this will work.
First I got errors (unfortunately I can't remember which ones), then I added fooAppPoolUser to the local admin group (Administrators, I know, was only to test), then it worked. Now I removed the user again, restarted IIS and it still works.
So I'm confused a bit and would like to know, how the configuration/setup has to be to have it working.
Somwhere I read, that the account needs to have the "Impersonate a client after authentication" user right. That's the reason I added the account to the Admin group (the user rights assignment is blocked via group policy, but this can for sure be changed if really needed.
I hope I was clear enough what the question is and hope somebody has an answer.
It's frustrating that this information is so hard to find, since some security admins seem to enjoy the cruel and unusual punishment of changing default policy settings to thwart installing apps within IIS.
Here's what I believe you should do to enable an account to work as an ApplicationPool identity:
Run aspnet_regiis -ga DOMAIN\USER to add permissions to access the IIS Metabase. (Exactly what that means, who knows?) aspnet_regiis reference
Add the user to the IIS_IUSRS group. This may be done automatically depending on the IIS configuration setting processmodel.manualGroupMembership but easiest to add it yourself.
If security policy is using windows defaults that's about it. If the security policy is locked down you may need to enable specific user rights for the account. The ones you have by default for ApplicationPoolIdentities (which seems a good place to start but not necessarily all required):
Access this computer from the network
Adjust memory quotas for a process
Allow log on locally
Bypass traverse checking
Generate security audit details
Impersonate a client after authentication - (Often not available by default on locked-down environments)
Log on as a batch job - (Often not available by default on locked-down environments)
Log on as a service - (I'm not sure this is needed)
Replace a process level token
If you're using windows auth and Kerberos (provider=Negotiate) then depending on the URL and if kernel-mode auth is on you might need to set up an SPN. I suggest switching to NTLM if possible. Otherwise, see articles below about SPNs and find a friendly domain admin to add them for you.
Fun reading:
Default permissions and user rights for IIS 7.0, 7.5, 8.0. This is the best reference, see the user rights at the bottom.
User Rights (on Windows Server 2008, but still interesting and helpful as it's a long article you can CTRL+F to find IIS-related comments)
User Rights Assignment on Server 2008 R2+. You have to drill into each right to see what it mentions about IIS.
How To: Create a Service Account for an ASP.NET 2.0 Application - pity there's no more recent version of this article.
SPN Checklist for Kerberos on IIS7/7.5
How to use SPNs - applies to IIS6 or to 7/8 if Kernel-mode authentication is turned off.
The reason why you application worked AFTER removing Administrator rights is that your application was compiled to the Framework temp folder using the administrator rights - Your application worked after removing the administrator rights because the application was compiled. If you update your application and it requires recompilation, the app pool account will need trusts again.
First I got errors (unfortunately I can't remember which ones), then
I added fooAppPoolUser to the local admin group (Administrators, I
know, was only to test), then it worked. Now I removed the user again,
restarted IIS and it still works.
I found the following link answered a similar question I had: http://www.iis.net/learn/manage/configuring-security/application-pool-identities
Basically, ApplicationPoolIdentity is a virtual user account that still behaves like NETWORK SERVICE, but without some of the down-sides; each app pool has it's very own ApplicationPoolIdenity account created with it.
More detailed information can also be found that is also specific to IIS 7.5 Application Pool Identities.