Mischiefblog
I make apps for other people

HOWTO proxy with nginx

Posted by Chris Jones
On July 25th, 2012 at 13:51

Permalink | Trackback | Links In |

Comments Off
Posted in General

These instructions assume you’re using a Debian/Ubuntu-based system.

  1. Create a web service/app (i.e., a Maven CXF JAX-RS archetype, or Flask/Bottle/Django, etc.)
  2. Install curl
    sudo apt-get install curl
  3. Install nginx
    sudo apt-get install nginx-full
    which should include nginx-common as a dependency.
  4. Do not start nginx yet.
  5. Add the nginx load balancer configuration and mime.types to your web service project (called MyProject in the following examples)
    1. Copy the mime.types definition file (as an alternative to copying the nginx configuration to /etc/nginx)
      cp /etc/nginx/mime.type ~/workspace/MyProject/web/conf
    2. Copy and modify the following load balancer/proxy configuration into MyProject/web/conf/balancer.nginx

      worker_processes 1;
          
      events {
          worker_connections 64;
          # multi_accept on;
      }
          
      http {
          upstream service-backend {
              server 127.0.0.1:9260;
              # server 127.0.0.1:8102;
              # server 127.0.0.1:8103;
              # server 127.0.0.1:8104;
          }
          
          keepalive_timeout 300 300;
          charset utf-8;
          default_type application/octet-stream;
          ignore_invalid_headers on;
          include mime.types;
          keepalive_requests 20;
          recursive_error_pages on;
          sendfile on;
          server_tokens off;
          source_charset utf-8;
          gzip on;
          gzip_static on;
          
          log_format main '$remote_addr $host $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $ssl_cipher $request_time';
          
          server {
              listen 127.0.0.1:8100;
              server_name mydesktop.domain.com mydesktop;
              add_header Cache-Control public;
              access_log /var/log/nginx/access.log main buffer=32k;
              error_log /var/log/nginx/error.log error buffer=8k;
              expires max;
              root /opt/MyProject/web/html;
          
              location /svc/ {
                  proxy_pass http://127.0.0.1:9260;
              }
          
              location / {
              
              }
          
              location /favicon.ico {
                  return 204;
              }
              }
      }
  6. Create a directory to hold your static web content (HTML pages, images, JavaScript)
    mkdir MyProject/web/html
  7. Create a placeholder HTML file in the static web content/html directory
  8. Set your webservice to run on the /svc URI endpoint (to match the nginx configuration)
    1. Update the MyProject integration tests

      <parameter name="com.domain.webservices.AppRest.url"
      type="text" desc="Example service URL">
      %<value>http://localhost:9260/MyProject/svc</value>
      </parameter>
    2. Update the MyProject/web/conf/web.xml to map the Jersey web application to “/svc/*” (or whatever is appropriate for your app)
      <servlet-mapping>
      <servlet-name>Jersey Web Application/svc/*
  9. Build your project
    cd ~/workspace/MyProject
    mvn clean install
  10. Install and start your app (under /opt, for instance)
  11. Start nginx as root
    nginx -c /opt/Myproject/web/conf/balancer.nginx
  12. Verify your deployment
    1. Check your placeholder HTML page
      curl http://localhost:8100/index.html
    2. Check your service health
      curl http://localhost:8100/svc/health

HOWTO minify JavaScript

Posted by Chris Jones
On July 25th, 2012 at 13:32

Permalink | Trackback | Links In |

Comments Off
Posted in General
  1. Get a copy of jsmin.c from http://crockford.com/javascript/jsmin
  2. Compile jsmin with
    gcc -o jsmin jsmin.c
  3. Put jsmin in your path (i.e., under ~/bin)
  4. Minify JavaScript
  5. jsmin < input.js > output.min.js

As a best practice, when modifying third-party code rename your JavaScript file to something like filename.domain.min.js.

Scalability Secrets: custom content that scales

Posted by Chris Jones
On July 15th, 2012 at 11:35

Permalink | Trackback | Links In |

Comments Off
Posted in General

Caveat: this isn’t about failover, security, or cloud computing.

Imagine you have 65 million registered users and you need to provide custom content for each (beyond “Hello, Bob”), say real time subscription content from tens of thousands of sources containing millions of posts.

Don’t try to show everything at once

You probably won’t be able to show everything to the user at once. Depending on your load and back-end systems, you may be lucky to simply let the registered user know that they have something to see.

Most of your users won’t be logged in

Most page views (at least to a homepage) won’t be on logged-in users: many will be first time users, or users who haven’t visited very often. You’ll need to hit your back-end servers with a specific ratio of total visits, something you can measure early, and use as a baseline for how many servers you need to scale.
(more…)

Query timing with SQLPlus

Posted by Chris Jones
On June 15th, 2012 at 10:59

Permalink | Trackback | Links In |

Comments Off
Posted in General

SQL Developer is a good tool for creating queries, but you should be using SQLPlus when trying to time queries. If you don’t already have SQLPlus installed you can get it from Oracle:

http://www.oracle.com/technetwork/database/enterprise-edition/downloads/112010-linx8664soft-100572.html

You want Oracle Database 11g Release 2 Client (11.2.0.1.0) for Linux x86-64. Unizip the client in your home directory.

Make sure you have the following environment variables defined:


# these point to wherever you have Oracle installed
ORACLE_HOME=~/oracle/product/11.1.0/client_1
LD_LIBRARY_PATH=~/oracle/product/11.1.0/client_1
PATH=$PATH:~/oracle/product/11.1.0/client_1

If you plan to run PL/SQL DDL/DML scripts, you’ll also need a SQLPATH environment variable which points to a directory where you keep the scripts.

SQLPATH=~/sqlscripts

If you don’t already have your database defined in your /etc/tnsnames.ora file (assuming you’re using that path and not something under /home/oracle), you’ll need to add the following TNS configuration:


dbalias =
  (DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = TCP)(HOST = dbhost)(PORT = 1521))
    )
    (CONNECT_DATA =
      (SERVICE_NAME = dbname)
    )
  )

To run SQLPlus against your database as a specific user, use the following command line:

sqlplus username@dbalias

Enter the password when prompted and you’ll now be at the SQL> prompt.

To get script timings, enter the PL/SQL command:

SET TIMING ON

n-Commandments of Identity Security

Posted by Chris Jones
On May 3rd, 2012 at 09:01

Permalink | Trackback | Links In |

Comments Off
Posted in Tech
  1. Thou shalt encrypt all external communications with thy users
  2. Thou shalt encrypt some internal communications on behalf of they users
  3. Thou shalt keep thy passwords and thy email addresses in distinct and separate stores, as if they were credit card numbers
  4. Thou shalt require encrypted communication with client keys to retrieve passwords and email addresses
  5. Thou shalt never accept an unhashed or plaintext password and thy client will never send one
  6. Thou shalt treat users as salted hashes and never have immediate identification of any user or user action in thy systems
  7. Thy password and username systems shall be accessible only by API or service call and shall be implemented as separate, distinct, and secured networks, achieving defense in depth
  8. Email campaigns shall be built on salted hashes and only the emailer shall have access to user names and email addresses
  9. Customer service systems shall be able to construct salted hashes from user information but shall not keep copies of user names, email addresses, or passwords
  10. Thou shalt disable all default user ids, passwords, keys, and conveniences for thy databases, management systems, and third party tools
  11. Thou shalt never need to send an email to thy customers informing them that their private information has been accessed

In defense of Pair Programming

Posted by Chris Jones
On March 18th, 2012 at 08:42

Permalink | Trackback | Links In |

Comments Off
Posted in Tech, Work

A TechCrunch opinion piece posted yesterday, “Pair Programming Considered Extremely Beneficial,” was very complimentary about Pair Programming, a practice in which two developers work together to build software, one driving (typing) and the other navigating (describing what needs to be done). The author even included an amusing anecdote about Guy Steele pairing with Richard Stallman and how intense that experience was.

Since starting work at Overstock in 2010, I’ve had the opportunity to pair on a lot of user stories. Depending on the team lead pairing was either more or less the norm (less on my current team) but the company does have an inviolable rule when pairing must take place: when you’re working on financially impacting code. I’d extend that to say that you should pair on anything that impacts your core business and could cause the company to lose or have to restate revenue.
(more…)

Avoid my house tomorrow night, children,…

Posted by Chris Jones
On October 31st, 2011 at 02:03

Permalink | Trackback | Links In |

Comments Off
Posted in General

Avoid my house tomorrow night, children, for I will not be handing out chocolate. Enjoy your organic fruit snacks!

Moo hoo ha ha!

Hartford St, Salt Lake City, Utah

Home-made banana bread! I underestimated…

Posted by Chris Jones
On October 31st, 2011 at 00:53

Permalink | Trackback | Links In |

Comments Off
Posted in General

Home-made banana bread! I underestimated how much the raw dough would expand but it's still super yummy.

Hartford St, Salt Lake City, Utah

LMAX developed a 6 million TPS retail processor…

Posted by Chris Jones
On October 30th, 2011 at 18:48

Permalink | Trackback | Links In |

Comments Off
Posted in General

LMAX developed a 6 million TPS retail processor that runs on a single node. How?
* Using the correct data structures for the task at hand (don't use an ArrayList if you should be using a LinkedList)
* Developing data structures that take advantage of the JVM (i.e., a HashMap backed by primitive long type keys)
* Keeping the working state in memory (recovery via replay)
* Abandoning existing transactional software paradigms (actors, relational databases and transactions, queues, etc.)
* Concurrent unmarshallers and marshallers using a circular list of ring to provide natural ordering and locking (Disruptors, or a multicast graph of queues for parallel consumption)
* Designing business processes to output intermediate results when external resources are required (additional lookups, verifications, etc.)
* Performance testing and tuning with the real machine's performance in mind, not assumed performance

The LMAX Architecture

The LMAX Architecture. LMAX is a new retail financial trading platform. As a result it has to process many trades with low latency. The system is built on the JVM platform and centers on a Business Lo…

Non-blocking Node.js Here’s another one…

Posted by Chris Jones
On October 30th, 2011 at 17:50

Permalink | Trackback | Links In |

Comments Off
Posted in General

Non-blocking Node.js

Here's another one for the development toolbox: a collection of best practices and notes for non-blocking node.js development.

Node.js research Introduction Hi, I'm Ryan Wilcox. I've been

Hi, I'm Ryan Wilcox. I've been programming for about 15 years on various things, and been around the block a few times. I've done classic Mac OS applications, cross-platform applications i…