iisor's questions

I'm trying to automate the task of changing settings on 100+ power appliances via SSH but each settings change has multiple interactive prompts. Is this possible or does anyone have an example of how to do this with Python/bash script?

I'm trying to point a subdomain to a different IP address on a different server, but for some reason it's only working every once in awhile (say 1 out of 20 times). Browsing to http//galera.domain.com throws a "took to long to respond" error and changes the URL to https//galera.domain.com. Browsing directly to the IP address works fine all the time.

Here's my current setup:

Server 1 (nginx):
IP_ADDRESS_1 .
HSTS is enabled [Strict Transport Security (max-age=63072000; includeSubdomains)]
DNS for domain.com / www.domain.com points to IP_ADDRESS_1

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name domain.com www.domain.com;
    return 301 https://$server_name$request_uri;
}

server {

    # SSL configuration
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    include snippets/ssl-domain.com.conf;
    include snippets/ssl-params.conf;

    root /var/www/html;

    index index.php index.html index.htm index.nginx-debian.html;

    server_name domain.com;

    location / {
            try_files $uri $uri/ =404;
    }


    location ~ \.php$ {
            include snippets/fastcgi-php.conf;
            fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    }

    location ~ /\.ht {
            deny all;
    }

}

Here is Server 1's /etc/nginx/snippets/ssl-params.conf file:

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 10s;

add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;

ssl_dhparam /etc/ssl/certs/dhparam.pem;

Server 2 (galera cluster #1 with phpmyadmin running on apache):
IP_ADDRESS_2
DNS for galera.domain.com points to IP_ADDRESS_2

<VirtualHost *:80>

    ServerAdmin [email protected]
    ServerName galera.domain.com
    DocumentRoot /usr/share/phpmyadmin

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>  

Hoping you can all help shed some light on this most likely simple problem.

edit: HSTS [Strict Transport Security (max-age=63072000; includeSubdomains) ] is enabled on domain.com

edit 2: added the code for /etc/nginx/snippets/ssl-params.conf

edit 3: SOLVED. HSTS was preventing the insecure content from the subdomain from loading. fixed by installing an SSL cert on galera.domain.com using the same protocols (including HSTS) as is used by domain.com