search for: cloudflare

...gt; expiring in 60m? true Nifty, > > I'd be grateful to Andy if he explained what sort of command he runs to > refresh certificates. I understood most refresh arrangements to involve > OAuth2. The actual setup I'm using is: Host myhost Match host myhost exec "cloudflared access ssh-gen --hostname myhost.domain" ProxyCommand cloudflared access ssh --hostname myhost.domain IdentityFile ~/.cloudflared/blahblah CertificateFile ~/.cloudflared/blahblah.pub cloudflared is this thing (open source!): https://github.com/cloudflare/cloudflared There are two pieces...

On 07/03/23, Darren Tucker (dtucker at dtucker.net) wrote: > On Tue, 7 Mar 2023 at 05:26, Andy Lutomirski <luto at kernel.org> wrote: > [...] > > ssh_config contains a Match ... exec [command to refresh the certificate]. > > This sort of works, except that it runs the command far too frequently. > > For example, ssh -O exit [name] refreshes the certificate, and it

...y www.google.com shows only IPv6, when having done nalookup -type=AAAA www.google.com before??? other sample: [root at host ~]# nslookup -query=any www.bipa.at Server: 192.168.23.2 Address: 192.168.23.2#53 Non-authoritative answer: www.bipa.at canonical name = www.bipa.at.cdn.cloudflare.net. Authoritative answers can be found from: [root at host ~]# why is no IP - neither IPv4 nor IPv6 shown? doesn't matter if -query=any or -type=any Greetings, Walter

Hi, One of our AWS machines was used in an DOS attack last night and I am looking for possible attack vectors. AWS tells me it was sending UDP port 0 traffic to a cloudflare address. This instance had an incorrectly configured AWS security group exposing all ports. The server in question is a Centos 7 based FreeIPA server, OpenVPN concentrator and DNS server. With a brief inspection before the instance was stopped no evidence of intrusion could be detected in the ob...

Promox 4.2 running on 2 nodes + 1 quorum = total 3 servers. All of them have tinc 1.0.24 running. On very rare occasions (every few days or 1~2 weeks), my website hosted on this proxmox node will throw cloudflare 522 connection timed out for few seconds or few minutes: https://support.cloudflare.com/hc/en-us/articles/200171906-Error-522-Connection-timed-out This problem has been driving me crazy. I'm not sure, but I suspect this is caused by tinc vpn that somehow got disconnected. root at node1pve:/#...

...ng is key, choose your ISP wisely ?.Each icecast servers has the same multi domain ssl cert. which allows us to deliver to several customers (each customer a subdomain) the cluster is round robin load balanced by using AWS Route53. This approach may can be achived also with other DNS Providers like Cloudflare. For example, if one node need to be taken down for maintenance, Route53 throws the Node out of the DNS automatically. This will be achived with ?health checks? This mechanism is pretty fast and responsive. If a client gets disconnected and tries a reconnect, the RR DNS is passing the client immedi...

On 02/18/2017 10:24 PM, Robert L Mathews wrote: > On 2/17/17 1:38 PM, chaouche yacine wrote: > >> Seems wrong to me too, Robert. If you put your private key inside >> your certificate, won't it be sent to the client along with it ? > > No; any SSL software that uses the file will extract the parts it needs > from it and convert them to its internal format for future

...to mention 100k?s or, Lord help us, 1M?s or more), you need to get content cached in locations that are geographically close to your listeners. By far the easiest (read: most cost effective) way to do this at scale is to leverage the already existing infrastructure of CDNs (companies like Akamai or CloudFlare, that have a world-wide footprint). That means using streaming formats that utilize segmented distribution mechanisms, such as HLS or DASH. You can kinda-sorta do this sort of thing with IceCast by using relays, but it?s complex to configure and monitor while being not well supported at many CDNs (...

...ur ISP wisely ?.Each > icecast servers has the same multi domain ssl cert. which allows us to > deliver to several customers (each customer a subdomain) the cluster is > round robin load balanced by using AWS Route53. This approach may can be > achived also with other DNS Providers like Cloudflare. For example, if one > node need to be taken down for maintenance, Route53 throws the Node out of > the DNS automatically. This will be achived with ?health checks? This > mechanism is pretty fast and responsive. If a client gets disconnected and > tries a reconnect, the RR DNS is passi...

...ng is key, choose your ISP wisely ?.Each icecast servers has the same multi domain ssl cert. which allows us to deliver to several customers (each customer a subdomain) the cluster is round robin load balanced by using AWS Route53. This approach may can be achived also with other DNS Providers like Cloudflare. For example, if one node need to be taken down for maintenance, Route53 throws the Node out of the DNS automatically. This will be achived with ?health checks? This mechanism is pretty fast and responsive. If a client gets disconnected and tries a reconnect, the RR DNS is passing the client immedi...

After compiling opusenc.js to JavaScript [1], now the flac tool is also available [2][3], too. s/Check out/Clone/ https://github.com/Rillke/flac.js ! I am slightly nervous about its license, the GPL and what CloudFlare is doing: It's melting a lot of content together into one file and adding JavaScript that doesn't appear to be GPL or compatibly licensed -- by any chance, is there a possibility to get an exception (e.g. LGPL license) for JavaScript versions? It's also an issue to what happens in...

After compiling opusenc.js to JavaScript [1], now the flac tool is also available [2][3], too. s/Check out/Clone/ https://github.com/Rillke/flac.js ! I am slightly nervous about its license, the GPL and what CloudFlare is doing: It's melting a lot of content together into one file and adding JavaScript that doesn't appear to be GPL or compatibly licensed -- by any chance, is there a possibility to get an exception (e.g. LGPL license) for JavaScript versions? It's also an issue to what happens in...

On Sat, Sep 30, 2023 at 4:46?AM Jakub Sitnicki <jakub at cloudflare.com> wrote: > > Some virtual devices, such as the virtio network device, can use multiple > virtqueues (or multiple pairs of virtqueues in the case of a vNIC). In such > case, when there are multiple vCPUs present, it is possible to process > virtqueue events in parallel. Each vCP...

On Sat, Sep 30, 2023 at 4:46?AM Jakub Sitnicki <jakub at cloudflare.com> wrote: > > Some virtual devices, such as the virtio network device, can use multiple > virtqueues (or multiple pairs of virtqueues in the case of a vNIC). In such > case, when there are multiple vCPUs present, it is possible to process > virtqueue events in parallel. Each vCP...

> -----Original Message----- > From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of Always > Learning > Sent: Monday, January 09, 2017 11:23 AM > To: Centos <centos at centos.org> > Subject: Re: [CentOS] Firefox Issue > > On Thu, January 5, 2017 17:23, Always Learning wrote: > > > > > > > > > Cyber attacks are gradually replacing

...ally works much better than HTTP especially for domains like for >> email servers that don?t have an HTTP server deployed for them. >> >> Kevin > > You can't update a record without reloading configs in bind. I guess you are > using some other DNS service... I use Cloudflare (free DNS) and DNS Made Easy (paid DNS). I would never run my own DNS service except for communicating between my Docker services internally (Docker has its own internal DNS for this and there are many pre-built docker images to provide a public DNS service, if required). But, Let?s Encrypt require...

> That's one of the reasons I don't like Let's Encrypt, with one year certs it is easier to look at the certs and see what is going to expire in the coming month needing a new private key. I use dehydrated (with Cloudflare DNS challenges) and as far as I know, it seems to generate a new private key every time. All newly generated certs are generated with the timestamp in the filenames and the soft links updated to point to the latest timestamped files. I have 4 domains each with an average of 70 alt names, so Let?s E...

...ng is key, choose your ISP wisely ?.Each icecast servers has the same multi domain ssl cert. which allows us to deliver to several customers (each customer a subdomain) the cluster is round robin load balanced by using AWS Route53. This approach may can be achived also with other DNS Providers like Cloudflare. For example, if one node need to be taken down for maintenance, Route53 throws the Node out of the DNS automatically. This will be achived with ?health checks? This mechanism is pretty fast and responsive. If a client gets disconnected and tries a reconnect, the RR DNS is passing the client immedi...

...te to be publically readable. Keeping it in separate files would add slightly more security (defense in depth), that would protect from, for example, an admin fumble or bug in the SSL library. "Michael A. Peters" <mpeters at domblogger.net> writes: >> I use dehydrated (with Cloudflare DNS challenges) and as far as I know, >> it seems to generate a new private key every time. > > Yeah that would be a problem for me because I implement DANE. It's on my to-do list, but I think you can use dehydrated in signing mode. --signcsr (-s) path/to/csr.pem Sign a given...

....n .POOL. 16 p - 64 0 0.000 +0.000 0.000 3.debian.pool.n .POOL. 16 p - 64 0 0.000 +0.000 0.000 +mx.ae9.eu 237.17.204.95 2 u 1578 1024 352 27.597 -0.442 4.748 *178.215.228.24 36.224.68.195 2 u 1616 1024 316 18.896 -1.582 1.654 +time.cloudflare 10.97.8.67 3 u 1859 1024 236 19.943 -2.323 1.808 +mail.kpprs.de 185.248.189.10 2 u 757 1024 137 24.486 -1.520 1.706 +httphost1.skyte 131.188.3.220 2 u 1478 1024 236 26.967 -1.293 2.372 root at dommaster:~# service ntp restart root at dommaster:~# ntpq -p remote...