ubuntu – Nginx Directory Index is Forbidden

I Have Laravel Rest Api for mobile app running under ubuntu – nginx and every thing is working just fine till today, woke up and users can’t access the api and I check nginx error log and found below

2021/04/18 01:21:52 (error) 2772#2772: *138808 directory index of "/var/www/html/mydomain/public/" is forbidden, client: 9x.1x.1x.5x, server: mydomain.com, request: "GET / HTTP/1.>
2021/04/17 23:16:01 (error) 2772#2772: *138792 directory index of "/var/www/html/mydomain/public/" is forbidden, client: 4x.15x.20x.2x1, server: mydomain.com, request: "GET /?XDEBUG>

this is my Nginx config :

server {

    
    root /var/www/html/mydomain/public;

    # Add index.php to the list if you are using PHP
    index index.php;

    server_name mydomain.com www.mydomain.com;

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ /index.php?$query_string;
    }

    # pass PHP scripts to FastCGI server
    #
    location ~ .php$ {
        include snippets/fastcgi-php.conf;
    #
    #   # With php-fpm (or other unix sockets):
        fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
    #   # With php-cgi (or other tcp sockets):
    #   fastcgi_pass 127.0.0.1:9000;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    location ~ /.ht {
        deny all;
    }

    listen (::):443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}

server {
    if ($host = www.mydomain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = mydomain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    listen (::):80;

    server_name mydomain.com www.mydomain.com;
    return 404; # managed by Certbot

No one changed any thing on the server side and it was working, what is the issue here

Appreciate any help and ideas this is a live project

active directory – Windows AD OU Block (Read/List) Objects from other OU

I have a Root OU that has an OU called “Clients” and under I have multiple OU’s and the client’s PC’s/User Accounts in sub-OU’s.

The issue is, my clients can see other groups’ user accounts/computers and need to prevent this as if they’re on completely different machines and not under the same Domain. I am guessing I have to go make Deny rules for every single OU Group about every Client OU Group?

Currently, they can search AD for users and see other clients (not within a said company).

Any thoughts on how to do it and potentially with Powershell or just in general?

Special characters directory issue

I have a cpanel server and when I use special characters in directories , I will not be able to access the files in that directory.

Here … | Read the rest of https://www.webhostingtalk.com/showthread.php?t=1843416&goto=newpost

How to change the site directory to the directory of another site in VestaCP?

How to change the site directory to another site directory in VestaCP? As a result, another site should show files from another site

active directory – How to remove AdmPwd Permission from BUILTINUsers (MS LAPS)

I’ve deployed MS LAPS to manage local admin passwords and all is working fine, except that non-privileged users are able to access the local admin password, in both Powershell and LAPS UI.

Running the command below shows me that in addition to the intended groups, BUILTINUsers can also read the password. (This command is the same that the LAPS_OperationalGuide suggests, but I piped results to a ForEach and Out-File so that output was not truncated.)

    Find-AdmPwdExtendedRights -Identity 'All Computers' | `
     ForEach-Object -Begin $null -Process {$_.ObjectDN}, {$_.ExtendedRightHolders} -End $null |`
      Out-File C:TempWTF.txt

mydomainDomain Users group is a member of BUILTINUsers (which is normal), so maybe this is where the problem is coming from…? Regardless, I cannot find a way to remove the AdmPwd permission from BUILTINUsers or from mydomainDomain Users. I’ve stepped through every single account listed in ADSIEditAllComputersPropertiesSecurityAdvanced but no user or group has the AdmPwd permission, except those that should. Did same in ADUC with same result.

Can someone please tell me how to remove the AdmPwd permission from BUILTINUsers? There is a Set-AdmPwdExtendedRights cmdlet, but no Remove-AdmPwdExtendedRights cmdlet. Failing that, can someone tell me how to find where the permission is coming from?

Before folks start asking, yes, I have closely followed the LAPS_OperationGuide, have run all the Powershell cmdlets, have gone to ADSI Edit and removed “All Extended Rights”, and have given rights to my two intended groups. Everything about LAPS is working properly except for the BUILTINUsers problem.

active directory – How easily and quickly access workstations that are two or three servers away from mine

I work for a small IT firm whose main client has dozens of Windows Servers (2012 R2) catering to thousands of workstations in several dozen cities.

We routinely and remotely assist end-users, and to do that, we have to:

  1. Log onto a main server in our own domain;

  2. From there, log onto a server (VM) on the client’s domain;

  3. From there, log onto yet another server where the Active Directory is set;

  4. From there, finally access the end-user workstation, either via RDP, Veyon or UltraVNC, depending on the OS the workstation has under the hood.

That’s a lot of hoops and a lot of wasted time entering credentials before finally doing our job, so I was wondering how we could speed things up by passing directly from our own workstation to the end-user’s, thus automating the whole authentication process on two server rebounds.

csv – ¿Como actualizar un atributo personalizado en Active Directory?

Hola chicos mi nombre es Bastián y soy estudiante.
vengo para pedir ayuda sobre un script de actualización de usuarios en active directory con archivo CSV.
cree las columnas en el esquema de active directory, todas aparecen en el perfil del usuario cuando los busco, pero cuando realizo la actualización el mensaje marca que el parámetro no existe.
Las actualizaciones mediante PowerShell de manera directa funciona y se ve reflejado, pero mediante el archivo CSV no encuentra las columnas, necesito su ayuda, para corregir mi error, les agradecería orientación

Import-Module ActiveDirectory (String)$Ruta = Read-Host “Ingrese la ruta donde está el archivo csv (Por Ejemplo C:archivocsv.csv)” $ou=”OU=DominioExtendido” + “,” + (Get-ADDomain).DistinguishedName If(-Not(Get-ADOrganizationalUnit -Filter {Name -eq “DominioExtendido”})){New-ADOrganizationalUnit “DominioExtendido” -Path (Get-ADDomain).DistinguishedName} $dominio=(Get-ADDomain).DNSRoot Import-Csv -Path $Ruta | foreach-object { $UPN = $.Cuenta + “@” + “$dominio” New-ADUser -SamAccountName $.Cuenta -UserPrincipalName $UPN -Name $.Nombre -DisplayName $.Nombre -SurName $.Apellidos -GivenName $.Nombres -Description $.Descripcion -Office $.Oficina -OfficePhone $.Telefono -EmailAddress $.Email -Title $.Titulo -Department $.Departamento -Company $.Compania -City $.Ciudad -State $.Region -AccountPassword (ConvertTo-SecureString $.Clave -AsPlainText -force) -Path $ou -Enabled $true -ChangePasswordAtLogon $true -Verbose -companyCode $_.CodigoEmpresa -companyID $._RutEmpresa -socialReason $._razonSocial -acronymCountryCode $._CodigoPais -contractType $._TipoContrato -businessUnity $._BU -officeLicence $._Licencia365} “”

introducir la descripción de la imagen aquí

Failed to open stream: No such file or directory – Laravel 5.6

les comento:
Cada cierto tiempo (generalmente una vez por semana), cuando un usuario ingresa a la pagina le aparece el error de la imagen, si bien pensé que seria algún tema de permisos pero ese error persiste, así que para arreglar esto basta con limpiar la cache, pero ese error es algo incomodo para el usuario por lo que lo han reportado, si bien hay la solución, aun no entendemos porque suele pasar eso. Les agradecería mucho su ayuda.

introducir la descripción de la imagen aquí

permissions – Adding domain user to local group when access to active directory no longer exists

We used to have a domain (foo) but the domain controller machine has been dead for a long time.

I am logged into my Windows 10 workstation as foomike and would like to add foomike to a local group which already has fooAdministrator as a user.

It is not possible to select foomike as an additional user for this local group because it is “not from a domain listed in the Select Location dialogue box”. This of course makes sense.

Is it possible to add this domain user to the local group somehow or is my only option to build a domain controller so the foo domain exists again (and even then I do not know if it would work to set up foomike in the new AD)?

apache 2.4 – DocumentRoot and Directory – necessary outside of VirtualHosts?

The default config had the following in the root:

DocumentRoot "${SRVROOT}/htdocs"
<Directory "${SRVROOT}/htdocs">
    Require all granted
</Directory>

Is it correctly understood that this is only used if server is reached using it’s IP address directly?

In my case, the server will only be reached by a domain names, using VirtualHost. In other words, I should just remove both the Directory and DocumentRoot located outside VirtualHosts?