Author: Ahmet Orhan

Categories
Articles Proxy Manager

Nginx Proxy Manager New Host Not Working? Check Docker ulimit

A few days ago, I ran into a strange issue while managing my Nginx Proxy Manager instance. At first, I was convinced the problem was related to Cloudflare, DNS, or even Plesk. It turned out that the real culprit was Docker’s default ulimit setting.

My server was hosting around 255 Proxy Hosts. When I added a new one, it simply wouldn’t work. Even more confusing, changes to existing hosts were no longer being applied.

Symptoms

Here’s what I experienced:

  • Newly created Proxy Hosts were unreachable.
  • Disabling and re-enabling an existing host had no effect.
  • SSL and routing changes were not applied.
  • Restarting the Docker container immediately fixed everything.

Naturally, I started troubleshooting the usual suspects:

  • DNS records
  • Cloudflare
  • Plesk
  • SSL certificates
  • Nginx Proxy Manager configuration
  • Docker networking

Everything looked perfectly fine.

Why Did a Docker Restart Fix the Problem?

This was the most confusing part.

Every time I added a new host or modified an existing one, restarting the Docker container made everything work again.

That suggested Nginx Proxy Manager wasn’t failing to read the configuration. Instead, it seemed unable to apply new changes under certain conditions.

So I started looking at the container’s resource limits.

The Real Problem: ulimit nofile

Checking the container revealed that the default nofile limit was set to 1024.

ulimit -n

1024

As a test, I increased the limit to 65536.

services:
  npm:
    image: jc21/nginx-proxy-manager:latest

    ulimits:
      nofile:
        soft: 65536
        hard: 65536

After recreating the container, the issue disappeared completely.

  • New Proxy Hosts started working immediately.
  • Enable/Disable operations were applied correctly.
  • Configuration changes took effect without restarting Docker.

Why Does This Happen?

On Linux systems, every open file and network connection consumes a File Descriptor.

Nginx uses File Descriptors for many different tasks:

  • Listening sockets
  • Proxy connections
  • SSL certificates
  • Log files
  • Internal sockets
  • Configuration files

As the number of Proxy Hosts and active connections grows, the number of required File Descriptors increases as well.

When the container is limited to only 1024 descriptors, Nginx may eventually run out of available resources. Interestingly, it doesn’t always crash.

Instead, you may see subtle and confusing symptoms:

  • New Proxy Hosts don’t work.
  • Configuration changes are ignored.
  • Enable/Disable operations fail silently.
  • Some websites stop responding.
  • Restarting the Docker container temporarily fixes the issue.

In my environment, this behavior started with approximately 255 Proxy Hosts.

The Fix

Increasing the nofile limit for the Docker container solved the problem.

ulimits:
  nofile:
    soft: 65536
    hard: 65536

Then recreate the container:

docker compose down
docker compose up -d

Conclusion

If you’re running Nginx Proxy Manager and notice that:

  • New Proxy Hosts don’t work,
  • Enable/Disable operations have no effect,
  • Configuration changes aren’t applied,
  • Everything starts working again after a Docker restart,

don’t spend hours debugging Cloudflare, DNS, or Plesk.

Take a look at your Docker container’s ulimit nofile setting first.

In my case, the problem wasn’t Nginx Proxy Manager, Cloudflare, or Plesk at all. The root cause was Docker’s default File Descriptor limit of 1024.

Sometimes the most frustrating infrastructure problems are caused by a default setting that nobody thinks about until they hit the limit.

Categories
Windows

Office LTSC (2016, 2019, 2021) Installation Guide (No Login Required)

Office LTSC (2016, 2019, 2021) Installation Guide (No Login Required)

This guide will help you install Office LTSC 2016, 2019, and 2021 versions without needing to sign in, using the Office Deployment Tool (ODT). This method is specifically for Volume License keys.

 

Step 1: Prepare the Office Deployment Tool (ODT)

 

  1. Download: Download the Office Deployment Tool from the official Microsoft site.
  2. Create Folder: Create an easily accessible folder on your computer (e.g., C:\OfficeKurulum).
  3. Extract Files: Run the officedeploymenttool.exe file you downloaded. When it asks where to extract the files, select the C:\OfficeKurulum folder you created.
  4. This folder should now contain the setup.exe file and your configuration-Office365-x64.xml file (or the file you are about to create).

 

Step 2: Edit the configuration-Office365-x64.xml File

 

This is the most critical step as it defines which version of Office you will install. Open your configuration-Office365-x64.xml file (located in C:\OfficeKurulum) with a text editor like Notepad.

Delete all existing content inside the file and paste one of the following code blocks, depending on the version you want to install.

IMPORTANT: You MUST replace PIDKEY="XXXXX-XXXXX-XXXXX-XXXXX-XXXXX" with your own 25-character product key for the specific version you are installing.

 

📦 Version 1: XML Code for Office LTSC Professional Plus 2021

 

XML

<Configuration>
  <Add OfficeClientEdition="64" Channel="PerpetualVL2021">
    <Product ID="ProPlus2021Volume" PIDKEY="XXXXX-XXXXX-XXXXX-XXXXX-XXXXX">
      <Language ID="en-us" />
    </Product>
  </Add>
  <RemoveMSI />
  <Display Level="Full" AcceptEULA="TRUE" />
  <Property Name="AUTOACTIVATE" Value="1" />
</Configuration>

(Note: This installs 64-bit, US-English LTSC 2021 Pro Plus.)

 

📦 Version 2: XML Code for Office Professional Plus 2019

 

XML

<Configuration>
  <Add OfficeClientEdition="64" Channel="PerpetualVL2019">
    <Product ID="ProPlus2019Volume" PIDKEY="XXXXX-XXXXX-XXXXX-XXXXX-XXXXX">
      <Language ID="en-us" />
    </Product>
  </Add>
  <RemoveMSI />
  <Display Level="Full" AcceptEULA="TRUE" />
  <Property Name="AUTOACTIVATE" Value="1" />
</Configuration>

(Note: This installs 64-bit, US-English Office 2019 Pro Plus.)

 

📦 Version 3: XML Code for Office Professional Plus 2016

 

XML

<Configuration>
  <Add OfficeClientEdition="64" Channel="PerpetualVL2016">
    <Product ID="ProPlus2016Volume" PIDKEY="XXXXX-XXXXX-XXXXX-XXXXX-XXXXX">
      <Language ID="en-us" />
    </Product>
  </Add>
  <RemoveMSI />
  <Display Level="Full" AcceptEULA="TRUE" />
  <Property Name="AUTOACTIVATE" Value="1" />
</Configuration>

(Note: This installs 64-bit, US-English Office 2016 Pro Plus.)

Don’t forget to save and close the XML file.

 

Step 3: Download Installation Files

 

  1. Open Command Prompt (CMD) as Administrator:
    • Click the Start menu and type cmd.
    • Right-click on “Command Prompt” and select “Run as administrator”.
  2. Navigate to Folder: In the black-and-white window that opens, navigate to your C:\OfficeKurulum folder. Type the following command and press Enter:
    cd C:\OfficeKurulum
  3. Start the Download: Now, tell the ODT to download the files based on your XML file. Type the following command and press Enter:
    setup.exe /download configuration-Office365-x64.xml
  4. Wait: The command prompt will move to the next line and blink. It may look like nothing is happening, but the files are downloading in the background. This can take 5-15 minutes depending on your internet speed. You will see a new folder named “Office” appear inside your C:\OfficeKurulum directory. The process is finished when the command prompt returns to the C:\OfficeKurulum> prompt.

 

Step 4: Install Office

 

  1. Once the files are downloaded, make sure you are still in the Administrator Command Prompt window.
  2. Type the following command and press Enter:
    setup.exe /configure configuration-Office365-x64.xml
  3. That’s it! An Office installation window will appear and begin the installation. When it’s finished, you can open an application like Word or Excel. It will not ask you to sign in, and if you entered your product key correctly in the XML file, Office should already be activated.
Categories
Articles Firewall

Samba Installation and User Authorization on Ubuntu 24.04

Samba Installation and User Authorization on Ubuntu 24.04

This document provides a step-by-step guide for installing and configuring the Samba service on an Ubuntu 24.04 server, including granting a user access to a specific shared directory (e.g., for storing 5651 logs).

1. System Update and Required Packages

sudo apt update && sudo apt upgrade -y
sudo apt install samba -y

2. Create the Shared Directory

sudo mkdir -p /srv/samba/share5651
sudo chown root:root /srv/samba/share5651
sudo chmod 755 /srv/samba/share5651

3. Create the Samba User

sudo adduser berqlog
sudo smbpasswd -a berqlog

Note: Ensure the password is set for both the system and Samba.

4. Edit Samba Configuration File

Edit /etc/samba/smb.conf with the following content:

[global]
    workgroup = WORKGROUP
    netbios name = COMPANY_SMB
    server string = Company Log Server
    security = user
    map to guest = Bad User
    dns proxy = no
    server min protocol = NT1
    ntlm auth = yes
    log file = /var/log/samba/log.%m
    max log size = 1000
    logging = file
    panic action = /usr/share/samba/panic-action %d
    server role = standalone server
    obey pam restrictions = yes
    unix password sync = yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    pam password change = yes
    usershare allow guests = no
    idmap config * : backend = tdb

[share5651]
    path = /srv/samba/share5651
    read only = no
    valid users = berqlog
    create mask = 0644
    directory mask = 0755
    browseable = yes
    guest ok = no

5. Test the Configuration

testparm

Make sure there are no syntax errors.

6. Restart Samba Service

sudo systemctl restart smbd
sudo systemctl enable smbd

7. Firewall Configuration (If Enabled)

sudo ufw allow 'Samba'

8. Access the Share

From a Windows machine:

\\<ubuntu_ip_address>\share5651

Username: berqlog, Password: the one set during setup.

9. Logs and Troubleshooting

Samba logs are located at:

/var/log/samba/log.smbd
/var/log/samba/log.nmbd
/var/log/samba/log.<client_ip_or_name>

Additional Notes:

  • The ntlm auth = yes setting allows compatibility with legacy Windows clients.
  • The server min protocol = NT1 is for compatibility with old systems. For better security, consider using SMB2 or higher.

This setup covers basic file sharing and user authorization. For advanced needs, consider configuring ACLs, audit modules, or integrating with a domain.

Categories
Articles Azure

What is Azure Identity and Access Management (AIM)?

Image by creativearton Freepik

With the proliferation of cloud computing, organizations need robust and secure solutions for identity and access management (IAM). Azure Identity and Access Management (AIM) is a platform that enables you to manage access and identities to your Azure resources. AIM unifies various Azure IAM services such as Azure RBAC, Azure AD, and Azure MFA into a single platform.Key Features of AIM:

  • Centralized identity management: AIM provides a single identity store for all your Azure resources.
  • Easy access management: AIM lets you easily manage access to Azure resources with Azure RBAC.
  • Enhanced security: AIM helps you protect your Azure resources from unauthorized access with Azure AD and Azure MFA.
  • Compliance: AIM helps you control access controls and meet compliance requirements.

AIM Use Cases:

  • Manage access to Azure resources: AIM enables you to easily manage access to Azure resources with Azure RBAC.
  • Manage identities: AIM provides a single identity store for all your Azure resources with Azure AD.
  • Enhance security: AIM helps you protect your Azure resources from unauthorized access with Azure AD and Azure MFA.
  • Ensure compliance: AIM helps you control access controls and meet compliance requirements.

Benefits of AIM:

  • Simplified IAM management: AIM simplifies IAM management by consolidating Azure IAM services into a single platform.
  • Increased security: AIM helps you protect your Azure resources from unauthorized access with Azure AD and Azure MFA.
  • Improved compliance: AIM helps you control access controls and meet compliance requirements.

Technical Details:

  • Azure RBAC: Azure RBAC is an authorization system that lets you manage access to Azure resources. Roles are predefined permissions with specific sets of permissions. The scope can be a subscription, a resource group, or a single resource.
  • Azure AD: Azure AD is an identity service that enables you to manage users and groups in your organization. Azure AD offers features such as user authentication, single sign-on, and multi-factor authentication.
  • Azure MFA: Azure MFA is a security service that lets you add an additional authentication factor to verify a user’s identity. Azure MFA offers a variety of authentication methods, such as SMS, password app codes, or phone calls.

Create a Secure and Compliant IAM Environment with AIM:

AIM is a powerful tool to protect your Azure resources and meet compliance requirements. Using AIM, you can do the following:

  • Use strong authentication and authorization: Provide user authentication and authorization with Azure AD and Azure MFA.
  • Minimize access: Give users only the access they need.
  • Ensure compliance: Control access controls and meet compliance requirements.

The result:

AIM provides a comprehensive IAM solution for your Azure resources. With AIM, you get a powerful tool to protect your Azure resources, simplify IAM management, and meet compliance requirements.

If you have any questions or details you would like to add, feel free to write me.

Categories
Articles

On Writing: Pen and Computer in the Shadow of Technology

Image by Freepik

“Söz uçar, yazı kalır.” This proverb is a piece of wisdom that emphasizes the importance and permanence of writing. As technology rapidly evolves and digitalization becomes increasingly prevalent in our lives, the role and function of writing are also undergoing transformation. So, what is the relationship between pen and computer in the shadow of this change?

Advantages of the Computer:

The computer offers many tools that facilitate and accelerate the writing process. Features such as spell checkers, grammar and word suggestions, and text editing options make writing more practical. Additionally, access to information is facilitated by internet connection, making research less time-consuming.

The Power of the Pen:

Despite all the advantages offered by the computer, the pen has its own unique power and impact. Writing by hand helps to organize thoughts more clearly and increases the emotional impact of words. In handwritten texts, the emotions and thoughts of the writer are felt in a more concrete and sincere way.

The Alliance of Technology and Writing:

The advancement of technology has allowed writing to go beyond just paper and become widespread on digital platforms. New media such as blogs, social media platforms, and e-books offer writers the opportunity to reach a wider audience.

Image by Freepik

The Enduring Power of Writing:

No matter how much computers and digital tools develop, the real power and value of writing lies in its permanence. Written texts are one of the most important tools for transmitting knowledge and experiences from the past, sharing ideas and thoughts.

Conclusion:

In the shadow of technology, pen and computer represent different aspects of the writing act. The computer offers practicality and speed, while the pen stands out as a tool of emotion and sincerity. The important thing is to use the possibilities offered by both tools consciously to preserve the power and permanence of writing.

The Future of Writing:

With the advancement of technology and the emergence of new tools, the forms and functions of writing will continue to change. The important thing is to keep up with these changes without losing sight of the core values ​​and the main purpose of writing. Writing is not only important for transmitting information or sharing ideas, but also for expressing ourselves and understanding the world.