It’s sometimes useful to quickly connect to JMX console, to checkout what’s going on in your application, but the whole thing get’s tricky if you’re running your app in a container. I need it from time to time and I keep myself few times searching for set of params below: ~/2021/02/how-to-run-jmx-monitoring-in-docker-image/ java \ ... -Dcom.sun.management.jmxremote \ -Dcom.sun.management.jmxremote.rmi.port=${PORT1} \ -Dcom.sun.management.jmxremote.port=${PORT1} \ -Dcom.sun.management.jmxremote.local.only=false \ -Dcom.sun.management.jmxremote.authenticate=false \ -Dcom.sun.management.jmxremote.ssl=false \ -Djava.rmi.server.hostname=${HOST} The whole magic here is that PORT1 in container is app’s second port. So if you expose both HTTP and HTTPS on two separate ports, you will need here PORT2. I setup both RMI and JMX ports to same value. Second thing here is a hostname, it have to be hostname which you will use to connect to the container. If you use domain name, it have to be this domain name. If you want to use IP, set it to IP. It’s because it’s actually a virtual hostname for JMX HTTP server - if you mix them, you won’t get results. Container orchestrators often automatically export variable like HOST or HOSTNAME which you can use too hook. ...

We’re all divided with recent decision to focus on CentOS Stream  external link , which essentially means that stable, professional distro will turn into rolling release now. Also CentOS board members don’t gave us more confidence for the future  external link . I don’t want to be totally sceptic, I would like to test it on my own and only then, decide if it’s stable enough. But I work mostly with Docker containers and there are no official Docker images with Stream variant. I decided to create it on my own, based on official instruction  external link . ...

Info ...

I started my blog on custom (written by my) engine, but as I didn’t had enough time to enhance it I switched to Wordpress. I’ve been using Wordpress as an engine of my blog for past 8~9 years. I have small VPS with PHP + Nginx and you can find a lot of configuration examples from my config on this site 😄 There was a time, when I was really satisfied by what it provides. Not only because of features, but also beacause I was able to play with insane configuration options (check out my caching reverse proxy config ). For me it was opportuninty to excel with my skills. ...

Few years ago I moved from Linux desktop to MacOS for my business, day to day work. There were 2 main reasons for that: Corporations don’t like Linux - they can’t manage it, they can’t support it, so they blocked it with “Security policy”, ISO20001, or other nonsense. Actually they’re partially right but in different place - many business collaboration applications don’t work well on LInux (or they don’t work at all) Skype for Business - there’s open source alternative but to get full support you have to pay for additional codecs (as far as I remember) - it’s not working stable even in paid version Outlook and calendar support - I love Thunderbird and I use it for years, but calendar invitations didn’t work nice (honestly, they didn’t work nice even between different Outlook versions…) Corporate VPN apps - Christ, I always was able to get it working eventually, but… why bother I’m older, maybe lazier, maybe smarter - I don’t like to spend my time resolving problems that don’t give me any value. That’s how I switched to MacOS - for business purposes only. Privately I still prefer Linux. ...

I had stragne statistics on one memcached servers. I had to look what it’s doing there. I found such commands that may be used to sniff, extract and make statistics from running memcached server. Debug GET commands tcpflow -c dst port 11211 | cut -b46- | grep ^get cut command will remove 46 bytes at beginning of every string (src, dst, port). You may need to adjust numeric parameter for cut to leave commands only. Output should look like: ...

It happen to me all the time that one of developers notifies me about some kind of problem that I can’t confirm from my account. Sometimes it was because of bad ssh keys configuration, other times file permissions, mostly such stuff. It’s sometimes convenient to “enter into someone’s shoes” to see what’s going on there. If you’re root on machine you may do that like this: su developer - Easy one but that’s not enough for all cases. When you use bastion host (or similar solutions) sometimes users have connection problems and it’s harder to check. When such user have ForwardAgent ssh option enabled you may stole this session to check login problems. After you switch to such user, you may wan’t to hide history (it’s optional 😉 ) - disable history like that: ...

Virtualenvs in python are cheap but from time to time you will install something with pip on your system and when time comes removing all this crap could be difficult. I found this bash snippet1 that will uninstall package with all dependencies: Recursive pip uninstall for dep in $(pip show python-neutronclient | grep Requires | sed 's/Requires: //g; s/,//g') ; do pip uninstall -y $dep ; done pip uninstall -y python-neutronclient Depending how you installed it, you might need to use sudo. ...

I’ve been using standard MySQL dumps as backup technique on my VPS for few years. It works fine and backups were usable few times when I needed them. But in other places I’m using xtrabackup. It’s faster when crating backups and a lot faster when restoring them - they’re binary so there is no need to reevaluate all SQL create tables/inserts/etc. Backups also include my.cnf config file so restoring on other machine should be easy. ...

When you deploy your application in cloud you don’t need and don’t want your hosts exposed via SSH to the world. Malware scans whole network for easy SSH access and when find something will try some brute force attacks, overloading such machines. It’s easier to have one exposed, but secured host, that doesn’t host anything and is used as proxy/gateway to access our infrastructure- it’s called bastion host  external link . ...