Topics created by Woti

@Woti said in Fedora 39 Server as host with HAproxy and Qemu/KVM virtual machines. Trouble with communication.:

Yes, I tried bridge mode. That hadn't worked. But I found the error at least and the bridge between the host and the VMs works now. I can ping the VMs from the host and vice versa, with IP address and domain name.

However, I can only reach the VMs via their local IP address, not via the domains when using a browser.

I think you should first solve the issue why you can't reach your VMs from outside your LAN (I mean before you setup HAproxy).
I would first test, can I reach them via external IP address. (have you tried this?)
If that is OK, then test access via DynDNS domain.

Finally I got it to work 🙂
I need to use httpd_log_t to get access through SELinux to the logfile for both httpd, php-fpm and fail2ban.
I tried and my test-IPs was banned 🙂

I see 🙂 I haven't tried your solution yet. But I did read about your kind of solution on Redhat Access sites.
The case with default.target is that, if podman containers runs as user they have no access on multi-user.target through systemd. If I did understand right 😄 That's why you have to use default.target instead.

I'll try your solution in a VM soonly.

@Woti said in Fedora 31 Server Edition filesystem permissions changed to 777:

I see. I am just scared about all those entries. I need to get more knowledge about those stuff.
Need to harden Fedora server 🙂 Found this one here but no response at all 😄
https://mangolassi.it/topic/19719/what-hardening-standards-are-you-using-for-fedora

It's not really Fedora that you are hardening in this case. It's Apache. It's an application that you are looking to limit. What OS it is running on won't matter. Jared's Fail2Ban item is probably your best bet.