Roman Surkoff

Deploying Keycloak on a VPS Using Docker-compose, Nginx, Certbot, and SSL

2024-10-17T00:00:00+00:00

The article explains how to deploy Keycloak, an open-source identity management system, on a VPS using Docker-compose, Nginx, Certbot, and SSL for secure access. It covers essential setup steps, including creating a domain, configuring Nginx, setting up SSL certificates, and using Docker for deployment automation. The guide also details how to handle automatic certificate renewal and import Keycloak realms during startup.

Hello everyone!

In this article, I would like to share how to deploy Keycloak on a VPS using Docker-compose, Nginx, Certbot, and SSL.

Key Points:

- Keycloak v.25.0.1

- SSL protection for Keycloak

- Certbot v.2.11.0 for obtaining and renewing SSL certificates

- Nginx v.1.27.0 as a reverse proxy

- Postgres v.14 to replace the default internal H2 DB of Keycloak

- Automatic realm import during deployment

- Docker-compose for deployment automation

- .env file for managing environment variables

For those who might not be familiar, Keycloak is a powerful access management system with SSO support that can significantly simplify user management and authentication.

The desire to deploy your own Keycloak can arise both for experimenting with your projects and for handling your usual backend tasks. This happened to me as well. I decided to kill two birds with one stone. However, I couldn't find a comprehensive guide. I don't need Keycloak locally, but setting it up on a separate, always-available server with backup and the ability to export/import realms, etc., is excellent. Plus, the deployment process is automated, making it easier to switch to another VPS provider.

Everyone has their own motivation, but let's get to the point.

Introduction

What is Keycloak?

Keycloak is an open-source identity and access management solution. It provides features such as SSO (Single Sign-On), user management, authentication, and authorization.

Why Docker-compose?

Docker-compose makes it easy to manage multi-component applications like Keycloak and simplifies the deployment and scaling process. This guide uses containers for Keycloak, Certbot, Nginx, and the Postgres database.

Why Nginx and Certbot?

Nginx will act as a reverse proxy, ensuring security and performance, while Certbot will help obtain and automatically renew SSL certificates from Let's Encrypt, saving us a couple of thousand rubles on certificates for our domain, which is nice.

Let's get started!

Step 1: Preparing the Environment

Cloning the Repository

First, clone the repository with ready-made configurations to our VPS, which I have carefully prepared for you. It contains docker-compose.yml for managing deployment, nginx configs, and an environment variables file needed for docker-compose.

    git clone git@github.com:s-rb/keycloak-dockerized-ssl-nginx.git
    cd keycloak-dockerized-ssl-nginx

Editing the .env File

Open the .env file and edit the following variables:

- KEYCLOAK_ADMIN_PASSWORD - Admin password for accessing Keycloak

- KC_DB_PASSWORD - Password for Keycloak service access to the Postgres DB (should match `POSTGRES_PASSWORD` if a separate user is not created)

- POSTGRES_PASSWORD - Admin password for Postgres

Replace `password` with your values unless you want anyone to connect to your services ;)

Example of a complete environment variables file:

    KEYCLOAK_ADMIN=admin
    KEYCLOAK_ADMIN_PASSWORD=password
    PROXY_ADDRESS_FORWARDING=true
    KC_PROXY=edge
    

    KC_DB=postgres
    KC_DB_URL=jdbc:postgresql://keycloak-postgres:5432/keycloak
    KC_DB_USERNAME=keycloak
    KC_DB_PASSWORD=password
    POSTGRES_DB=keycloak
    POSTGRES_USER=keycloak
    POSTGRES_PASSWORD=password

Step 2: Domain Registration and DNS Setup

This step can be done before the first step - it does not depend on it. In the following instructions, we assume you have registered your domain (e.g., surkoff.com) and we want Keycloak to be accessible at my-keycloak.surkoff.com.

Domain Registration

Creating an A Record for the Subdomain

Create an A record pointing to your server's IP. For example, for the subdomain my-keycloak.surkoff.com, specify your server's IP.

Checking the DNS Record

Ensure the DNS record is correctly configured:

ping my-keycloak.surkoff.com

The response should show your server's IP address.

Step 3: Configuring Nginx

Nginx Configuration

In the nginx configs - `default.conf_with_ssl`, `default.conf_without_ssl` specify your domain:

- In the `server_name` section

- In the path to the certificate `ssl_certificate`

- In the path to the key `ssl_certificate_key`

Example configuration with SSL:

server {
    listen 443 ssl;
    server_name my-keycloak.surkoff.com;

    ssl_certificate /etc/letsencrypt/live/my-keycloak.surkoff.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/my-keycloak.surkoff.com/privkey.pem;

    location / {
        proxy_pass http://keycloak:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Step 4: Obtaining an SSL Certificate

Obtaining a Test Certificate

Use the configuration without SSL:

cp nginx/conf.d/default.conf_without_ssl nginx/conf.d/default.conf
docker-compose up -d

Obtain a test certificate (replace the domain and email with your own):

docker exec certbot certbot certonly --webroot --webroot-path=/data/letsencrypt -d my-keycloak.surkoff.com --email your_email@gmail.com --agree-tos --no-eff-email --staging

Checking the Certificate

docker exec certbot certbot certificates

Deleting the Test Certificate (replace the domain with your own)

docker exec certbot certbot delete --cert-name my-keycloak.surkoff.com

Obtaining a Real Certificate (replace email and domain with your own)

docker exec certbot certbot certonly --webroot --webroot-path=/data/letsencrypt -d my-keycloak.surkoff.com --email your_email@gmail.com --agree-tos --no-eff-email

Step 5: Final Configuration and Launch

Updating Nginx Configuration to Use SSL

docker-compose down
cp nginx/conf.d/default.conf_with_ssl nginx/conf.d/default.conf
docker-compose up -d

Checking Access to Keycloak

Open a browser and go to my-keycloak.surkoff.com (your domain).

You should see the admin login page where you can log in using the username and password you specified in the .env file.

For configuring Keycloak, there are interesting articles on other resources, which we won't cover in this publication.

Automatic Certificate Renewal

To automatically renew certificates and restart Nginx, create the `renew_and_reload.sh` script (already available in the repository):

#!/bin/bash
# Renew certificates
docker exec certbot certbot renew --webroot --webroot-path=/data/letsencrypt

# Restart Nginx
docker restart nginx

Make the script executable:

chmod +x renew_and_reload.sh

Add it to crontab for regular execution:

crontab -e

Add a line to crontab, remembering to specify the path to the script:

0 0 1 * * /path/to/renew_and_reload.sh

Importing Realms

If you want to import a realm at startup, you can place it in the `keycloak/config/` folder, and it will be imported when the application starts.

Conclusion

That's it! Now you have a deployed latest Keycloak with SSL on your VPS. I hope this article was helpful! If you have any questions or suggestions, feel free to write to me in private messages.

The source code is available at the link - https://github.com/s-rb/keycloak-dockerized-ssl-nginx.

The optimal Docker image for Spring Boot. Part 3

2024-10-16T00:00:00+00:00

The Jib plugin is an open-source tool developed by Google that allows developers to build Docker images without needing Docker installed or writing a Dockerfile. It integrates directly with Maven and Gradle, creating Docker images by layering dependencies and resources efficiently. Jib also supports both local and remote builds, sending images directly to registries like Docker Hub, while producing slightly larger images compared to traditional methods.

Jib plugin

This is an open-source tool from Google that doesn't require Docker to work. You also don't need to write a Dockerfile.

To use Jib, add the following to your pom.xml:


    
        
            org.springframework.boot
            spring-boot-maven-plugin

Building without Docker

One of the advantages of this plugin is building without installing Docker:

    mvn compile jib:build

After the build, I searched for the image in my local storage. Then it hit me. In this mode, Docker is not used, so the image was sent to the registry on Docker Hub.

Pull the image and analyze it using dive:

The final weight came out to be 321 MB, which is 12 megabytes more than the previous method. Among them:

78 + 48 MB - Linux and various certificates.
140 MB - JDK.
55 MB - layer with release dependencies.
14 KB - layer with snapshot dependencies.
981 bytes - only resources. Resources folder.
22 KB - our written code.

Jib runs your image on behalf of the root user.

Similar to the Spring plugin, Jib separates dependencies into separate layers, but it goes even further and creates a separate layer for the resources folder. After all, resources are also rarely changed but can weigh a lot. For example, if you have many Liquibase migration scripts.

Building using Docker

For this, add the plugin as in the previous step but run a different command:

    mvn compile jib:dockerBuild

The size and structure of the layers are no different from the image we built without Docker.

Conclusions on Jib

If you have an ARM processor, the image will still be built for amd64.

I have never used this plugin in projects, only heard about it, so I can't make any deep conclusions. It surprised me that it can work without Docker; sometimes this can be useful. But I don't see the point in using it when there is a Spring plugin available.

The optimal Docker image for Spring Boot. Part 4

2024-10-16T00:00:00+00:00

The article explores the process of building optimized Dockerfiles by reducing the size of the JDK using Java modules and determining necessary dependencies with the jdeps tool. It also introduces multi-stage Docker builds, where the JDK is custom-built in the first stage and then added to a minimal Linux image in the second stage, keeping the final image as lightweight as possible. This approach not only reduces the image size but also enhances control over the build, making it a flexible and efficient solution for large systems.

Advanced build with Dockerfile

If you want something done right, do it yourself. No plugin knows your application like you do. So the next level is writing optimized Dockerfiles.

The first thing we'll do is reduce the JDK size. This is possible thanks to modules added since Java 9. All classes in the JDK have been divided into these modules. We will use only those that are truly necessary.

But how do you know which modules are needed for the application and which are not? Moreover, you must also consider all application dependencies. If they use a class from a module you don't include, the application will either fail to build or crash at runtime.

To determine the necessary modules, use the jdeps utility located in the bin folder of your JDK. But first, we need to build our JAR and get all dependencies. To do this, run the command:

mvn clean install dependency:copy-dependencies

Scan all the obtained JARs:

jdeps --ignore-missing-deps -q -recursive --multi-release 9 --print-module-deps --class-path 'target/dependency/*' target/*.jar

The --multi-release 9 flag may not be suitable for you; try changing it.

This command will output the module names used by the application and all dependencies. In my case, they are:

java.base, java.compiler, java.desktop, java.instrument, java.management, java.prefs, java.rmi, java.scripting, java.security.jgss, java.sql.rowset, jdk.httpserver, jdk.jfr, jdk.unsupported

Now that we know which JDK modules are involved in the application, let's build our custom JDK from these modules using the jlink utility.

jlink --add-modules [your_modules_here] --strip-debug --no-man-pages --no-header-files --compress=2 --output javaruntime

Replace the value for the --add-modules flag with the package names found by jdeps. After running this command, you will get a javaruntime folder in the project root. This is a trimmed-down version of the JDK specifically for your JAR. In my case, the trimmed version weighs 50 MB, while the full JDK weighs 315 MB.

Now let's optimize the spring-boot-jar. I think it's no secret that you can simply unpack the spring-boot-jar using an archiver:

Here you can find all dependencies, including Tomcat, code, and application resources. It makes sense to organize everything into layers as spring-plugin and Jib do.

But before unpacking our JAR with an archiver, let's use the layertools utility. It allows us to unpack our JAR a bit smarter.

Create a separate folder and navigate to it:

mkdir build-app && cd build-app

Then run the unpacking command:

java -Djarmode=layertools -jar ../target/*.jar extract

You should see four folders:

application: Your code is here.
snapshot-dependencies: Snapshot dependencies are here.
spring-boot-loader: Spring boot loaders are here.
dependencies: Release dependencies are here.

Now it's time to combine all this knowledge into a single Dockerfile.

    FROM eclipse-temurin:17 as app-build
    ENV RELEASE=17

WORKDIR /opt/build
    COPY ./target/spring-boot-*.jar ./application.jar

RUN java -Djarmode=layertools -jar application.jar extract
    RUN $JAVA_HOME/bin/jlink \
         --add-modules `jdeps --ignore-missing-deps -q -recursive --multi-release
        ${RELEASE} --print-module-deps -cp 'dependencies/BOOT-INF/lib/*':'snapshot-dependencies/BOOT-INF/lib/*'
        application.jar` \
         --strip-debug \
         --no-man-pages \
         --no-header-files \
         --compress=2 \
         --output jdk
    FROM debian:buster-slim
    ARG BUILD_PATH=/opt/build
    ENV JAVA_HOME=/opt/jdk
    ENV PATH "${JAVA_HOME}/bin:${PATH}"
    RUN groupadd --gid 1000 spring-app \
  && useradd --uid 1000 --gid spring-app --shell /bin/bash --create-home spring-app
    USER spring-app:spring-app
    WORKDIR /opt/workspace
    COPY --from=app-build $BUILD_PATH/jdk $JAVA_HOME
    COPY --from=app-build $BUILD_PATH/spring-boot-loader/ ./

COPY --from=app-build $BUILD_PATH/dependencies/ ./
    COPY --from=app-build $BUILD_PATH/snapshot-dependencies/ ./
    COPY --from=app-build $BUILD_PATH/application/ ./
    ENTRYPOINT ["java", "org.springframework.boot.loader.JarLauncher"]

If the project does not use snapshot dependencies, remove 'snapshot-dependencies/BOOT-INF/lib/' from the jlink command. Otherwise, the build will fail because the /BOOT-INF/lib/ folders will not exist.

To build this Dockerfile on Windows, replace 'dependencies/BOOT-INF/lib/':'snapshot-dependencies/BOOT-INF/lib/' with 'dependencies/BOOT-INF/lib/';'snapshot-dependencies/BOOT-INF/lib/'. The difference lies in the delimiter: Linux uses ':', while Windows uses ';'.

It may look intimidating, but by now, you are familiar with most of it. Don't forget to run the command mvn clean package to get the target folder with the JAR file.

The Dockerfile contains 2 FROM commands. This is called a multi-stage build. In the first stage, we build the necessary JDK for our application, and in the second stage, we build the image. The subtlety here is that in the second build stage, we only take the necessary files, namely the JDK files.

Let's break down the first stage. It doesn't matter which base image you specify; the important thing is that JDK is installed there. We transfer our JAR there, then unpack it, determine the dependencies used, and build the JDK. With that, the first build stage is complete. Let's move on to the second stage.

Here, as the base image, we use an image on which the application will run at runtime. Usually, this is the thinnest possible Linux. Next, we specify the JAVA_HOME environment variable and add it to PATH.

After that, we copy our JDK and JAR layers from the previous build stage. To do this, along with COPY, we use the --from=app-build flag, which indicates that we are copying files not from our machine but from the build stage under the alias app-build. Don't forget about the sequence; the less chance of a layer changing, the earlier it is specified. The last line specifies the Spring loader that will launch our application.

If desired, you can also separate the resources folder into a separate layer.

Let's explore the image layers. Our image weighs only 173 MB:

63 MB — Linux;
338 KB — added due to user creation;
56 MB — our custom JDK;
53 MB — release dependencies;
252 KB — Spring loaders;
14 KB — snapshot dependencies;
34 KB — our code and resources.

Conclusions on Dockerfile-pro:

We've eliminated almost all the downsides of Dockerfiles, turning them into advantages. With this build, you have the opportunity to customize everything to your liking. It's worth noting that this is the smallest image of all.

You can also use build capabilities for different platforms, a feature that plugins lack.

In summary:

In this article, we've explored various ways to create images. Each method has its pros and cons.

If you need quick results, use the spring-boot-maven-plugin or Jib. Remember that they currently cannot build images for ARM processors, and Jib runs the application on behalf of the root user.

A properly written Dockerfile will be the best option for a large system. Pay special attention to writing your Dockerfile.

The optimal Docker image for Spring Boot. Part 2

2024-10-15T00:00:00+00:00

This article discusses the use of the spring-boot-maven-plugin to simplify the process of packaging Spring Boot applications into Docker images. The plugin allows developers to easily create a Docker image without manually writing a Dockerfile, while also optimizing the image structure by layering dependencies for better caching. The article explains how to configure the image name, build the Docker image using Maven, and analyze the resulting layers for more efficient deployment.

Spring Boot Plugin

Spring Boot simplifies development to the maximum. Added a couple of starters, filled in the application.properties, and voilà, the microservice is ready. Seriously, take a look at the Spring Data REST project, which generates controllers based on JpaRepository.

Obviously, something was also invented for containerization. And it's the good old spring-boot-maven-plugin. It can not only transform a regular JAR into a JAR file with an embedded Tomcat but also build a full-fledged Docker image.

First, in the plugin configuration, let's specify the name of the future image. If you don't specify a tag, it will automatically be set to the latest.


      
        
          org.springframework.boot
          spring-boot-maven-plugin
          
            upagge/spring-boot-docker:spring-plugin

# Image version
# If you want to specify the image version, you can do so using Maven project variables:
upagge/spring-boot-docker:${project.version}

To build, run the command:

mvn spring-boot:build-image

And voilà, we have a working image. Let's explore the layers created by Spring:

dive upagge/spring-boot-docker:spring-plugin

The created image weighs 309 megabytes, which is 139 megabytes less than the one we built ourselves. But even more notable is the structure of the image.

63 mb - still Linux;
24 mb - various certificates;
1.4 kb - clearly adds a user, on behalf of which the application will run;
157 mb - layer with JDK;
53 mb - separate layer of release dependencies;
252 kb - layer with all Spring Boot loaders;
14 kb – layer of snapshot dependencies;
34 kb - actual code we wrote and resources for it;

An important optimization has been made here - application dependencies are placed in separate layers. Thanks to this, they will also be cached and reused by Docker. Therefore, when making changes to the code, you will be sending not 53 megabytes (jar weight), but only 3-5 mb.

Moreover, an important feature is that snapshot dependencies are placed in a separate layer from the release dependencies. After all, the likelihood of their changes is much higher.

Let's launch our container.

Notice how much information was provided to us before starting. Spring has made some optimizations for us, as reported in this log:

It clearly still doesn't know how to build images for M1.
Set up 5 active processors.
Calculated available memory for JVM. And then distributed it.
Displayed all additional keys applied at startup.

Conclusions on the spring-plugin

An even simpler packaging method that uses optimizations because it understands the peculiarities of Spring Boot Java applications. The main thing is to monitor what it does under the hood so that these advantages do not turn into problems.

If you have an arm processor, the image will still be built for amd64.

A separate user is created to run the application. This is considered a more secure method.

Also, we do not need to create a Dockerfile, which does not give us the flexibility in image settings needed for complex projects.

A good packaging method for simple pet projects.

The optimal Docker image for Spring Boot. Part 1

2024-10-14T00:00:00+00:00

This article discusses popular methods for packaging a Spring Boot application into a Docker container, emphasizing the importance of optimal packaging to avoid security vulnerabilities. It explores four specific approaches: a simple Dockerfile, building with the spring-boot-maven-plugin, using Google’s Jib plugin, and writing an optimized Dockerfile. The article also provides practical steps for building and running the application, along with an analysis of the resulting Docker image.

Let's consider popular ways to package an application into a container. We'll write our optimal Dockerfile for Spring Boot.

We live in the era of microservices architecture, and containers have become the primary means of packaging and delivering applications to various environments. However, many developers do not pay enough attention to how to properly package a service, how to do it optimally, and most importantly, how not to leave security holes. In this article, we will explore 4 packaging methods:

- Simple Dockerfile - build and get the image.

- Building with the spring-boot-maven-plugin.

- Using the special Jib plugin from Google.

- Writing an optimized Dockerfile.

For experiments, we will use the following project: github.com/Example-uPagge/spring_boot_docker. This is a Spring Boot application that contains a couple of simple controllers and repositories with an H2 database.

Simple Dockerfile

A typical Dockerfile that developers write looks like this:


FROM openjdk:17.0.2-jdk-slim-buster

ARG JAR_FILE=target/*.jar
COPY ${JAR_FILE} app.jar
ENTRYPOINT ["java","-jar","/app.jar"]

Like a cake, a Docker image consists of a stack of layers. Each represents a change from the previous layer. When we pull a Docker image from the registry, it is pulled layer by layer and cached on the host.

Our typical Docker image consists of a base layer with Linux - the thinner, the better. Then comes the JDK layer. And on top is the application layer, which is effectively just a jar file.

Spring Boot uses the "Fat JAR" packaging format by default. This means that all dependencies required for execution are added to a single JAR file.

But enough theory, let's move on to practice. To obtain the image, first build the application using Maven:

mvn clean package

Then build the image:

docker build -t upagge/spring-boot-docker:dockerfile .

In this case, 'upagge' is your DockerHub login, 'spring-boot-docker' is the image name, and 'dockerfile' is the tag. If you do not plan to push the image to DockerHub, you can specify the name without using the login. For example:

docker build -t spring-boot-docker:0.0.1 .

To analyze the image, use the dive utility. Dive allows you to show differences between layers: which files were added, changed, or removed.

dive upagge/spring-boot-docker:dockerfile

The total size of the image is 448 MB, of which:

63+8.4 MB is the Linux layer.
324 MB is the JDK size.
53 MB is our spring-boot-jar.

Pay attention to the application layer size: 53 megabytes, even though the project contains almost no code. With any code change, we would have to send 53 megabytes over the network and the server would have to download 53 megabytes. The other layers are unlikely to change, so Docker will not transmit them over the network and will use the cache. We'll figure out how to fix this shortly.

To ensure everything works, run the image with the command:

docker run -p 8080:8080 upagge/spring-boot-docker:0.0.1

Open a browser and go to: http://localhost:8080/api/person/1. If the image was started successfully, you will see the word 'valid' in response.

Conclusions on Dockerfile

This is how easily and simply we can package an application. However, this approach has several drawbacks that we will address shortly.

Pros of this approach:

Full control. You can build your image as you like.
Fairly simple method.

Cons:

Full control. You can break something or create a security hole.
We haven't even started development, and the image is already heavy.
A large volume of changing layers.
Runs as root user.

Jenkins: executing script over ssh in a pipeline

2024-10-13T00:00:00+00:00

This article explains how to use the Jenkins Pipeline with the sshPublisher plugin to run a bash script on a remote server. It covers key steps, such as setting up server authentication by generating and copying SSH keys, configuring Jenkins with the necessary plugin, and running the pipeline to transfer and execute files remotely. The final step is testing and verifying the pipeline output on the remote server.

In this post, I'll demonstrate the process of executing a bash script on a remote server using a Jenkins Pipeline Step with the sshPublisher plugin.

Server authentication setup

Generate a new key pair by logging in with the Jenkins service user and creating a key pair without a passphrase (leave it blank or set it for private key security):

# using the service user
sudo su -s /bin/bash jenkins
# generate key pair
ssh-keygen -f ~/.ssh/id_pipessh -t rsa

The private key ('id_pipessh') and the public key ('id_pipessh.pub') will be created in ~/.ssh

Copy the public key to the remote server:

ssh-copy-id -i ~/.ssh/id_pipessh.pub user@host

# if the ssh-copy-id command is not available, do it manually

cat ~/.ssh/id_pipessh.pub | ssh user@host "mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys $$ chmod -R go= ~/.ssh && cat >> /.ssh/authorized_keys"

Note: If the password prompt is disabled on the remote server, ask the administrator to add your public key to the file '/.ssh/authorized_keys' (create it if it doesn't exist) and ensure proper permissions:

chmod 600 ~/.ssh/authorized_keys
chmod 700 ~/.ssh/

2. Enable key authentication on the remote server by editing the /etc/ssh/sshd_config file and ensuring that 'PubkeyAuthentication yes' is set. Save it and restart the sshd service. In my case, I'm using an RHEL server:

sudo systemctl restart sshd

Test the connection:

# using verbose mode -v
ssh -i ~/.ssh/id_pipessh user@host -v

Jenkins setup

Install the plugin by navigating to Manage Jenkins > Manage Plugins > Available, check 'Publish Over SSH', and select 'install without restart'.

Configure the ssh key in Jenkins by going to Manage Jenkins > Configure System > Publish over SSH. Select the Add button > Advanced to set configuration. Complete the fields Name, Hostname, Username, Remote Directory, check the option 'Use password authentication, or use a different key', set the Passphrase (if applicable), and Path to key to the private key.

Finally, click 'Test Configuration' to validate if everything is set up correctly.

Create a new Pipeline and add the script content for creating two text files in a zip to be transferred to the remote server for unzipping.

    pipeline {
  agent any
  stages {
    stage('ssh') {
      steps {
        script{
          cleanWs()
          sh "echo 'hello' >> file1.txt"
          sh "echo 'hello' >> file2.txt"
          sh "zip -r oneFile.zip file1.txt file2.txt"
          echo 'Local files.....'
          sh 'ls -l'
          command='''
          unzip -o -d ./ oneFile.zip
          ls -l
          date
          cat /etc/os-release
          '''
        }

        // Copy file to remote server
        sshPublisher(publishers: [sshPublisherDesc(configName: 'dummy-server',
        transfers: [ sshTransfer(flatten: false,
        remoteDirectory: './',
        sourceFiles: 'oneFile.zip'
        )])
        ])
      }
    }
}
}

Save and execute the pipeline.

Jenkins output log:

[Pipeline] {
[Pipeline] stage
[Pipeline] { (ssh)
[Pipeline] script
[Pipeline] {
[Pipeline] cleanWs
[WS-CLEANUP] Deleting project workspace...
[WS-CLEANUP] Deferred wipeout is used...
[WS-CLEANUP] done
[Pipeline] sh
+ echo hello
[Pipeline] sh
+ echo hello
[Pipeline] sh
+ zip -r oneFile.zip file1.txt file2.txt
  adding: file1.txt (stored 0%)
  adding: file2.txt (stored 0%)
[Pipeline] echo
Local files.....
[Pipeline] sh
+ ls -l
total 12
-rw-r--r--. 1 jenkins jenkins   6 jun 22 19:36 file1.txt
-rw-r--r--. 1 jenkins jenkins   6 jun 22 19:36 file2.txt
-rw-r--r--. 1 jenkins jenkins 326 jun 22 19:36 oneFile.zip
[Pipeline] sshPublisher
SSH: Connecting from host [dummy]
SSH: Connecting with configuration [dummy-server] ...
SSH: Disconnecting configuration [dummy-server] ...
SSH: Transferred 1 file(s)
[Pipeline] sshPublisher
SSH: Connecting from host [dummy]
SSH: Connecting with configuration [dummy-server] ...
SSH: EXEC: STDOUT/STDERR from command [
                        unzip -o -d ./ oneFile.zip
                        ls -l
                        date
                        cat /etc/os-release
                    ] ...
Archive:  oneFile.zip
 extracting: ./file1.txt
 extracting: ./file2.txt
total 16
-rw-r--r--. 1 asanchez asanchez    6 jun 22 19:36 file1.txt
-rw-r--r--. 1 asanchez asanchez    6 jun 22 19:36 file2.txt
-rw-rw-r--. 1 asanchez asanchez  326 jun 22 19:36 oneFile.zip
drwxrwxr-x. 2 asanchez asanchez 4096 jun 20 23:31 out
mié jun 22 19:36:22 CDT 2022
NAME="Red Hat Enterprise Linux Server"
VERSION="7.4 (Maipo)"
ID="rhel"
ID_LIKE="fedora"
VARIANT="Server"
VARIANT_ID="server"
VERSION_ID="7.4"
PRETTY_NAME="Red Hat Enterprise Linux"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:7.4:GA:server"
HOME_URL="https://www.redhat.com/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"

REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 7"
REDHAT_BUGZILLA_PRODUCT_VERSION=7.4
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="7.4"
SSH: EXEC: completed after 200 ms
SSH: Disconnecting configuration [dummy-server] ...
SSH: Transferred 0 file(s)
[Pipeline] }
[Pipeline] // script
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
Finished: SUCCESS

And that is all!

GitHub Profile Trophy: enhance your profile

2024-10-12T00:00:00+00:00

GitHub Profile Trophy is a service that enhances your GitHub profile with visual trophies showcasing your achievements, such as the number of repositories and open-source contributions. To use it, visit the GitHub Profile Trophy website, enter your account name, and get the code to insert into your README. You can customize the trophies’ theme, number of columns, and categories to make your profile more engaging and visually appealing.

GitHub Profile Trophy: enhance your profile

GitHub Profile Trophy is a service to enhance your GitHub profile with visual trophies that showcase your achievements: number of repositories, open-source contributions, and much more.

How to use?

Go to GitHub Profile Trophy, enter your account name, and get the code to insert into your README:

[![trophy](https://github-profile-trophy.vercel.app/?username=your_username)](https://github.com/ryo-ma/github-profile-trophy)

Settings

You can customize the theme, number of columns, and categories:

[![trophy](https://github-profile-trophy.vercel.app/?username=your_username&theme=onedark&row=2&column=3)]

Advantages

Visual appeal: makes your profile more engaging. Flexibility: customize the trophies to your preferences. GitHub is your portfolio, and this service helps make it stand out and look better.

Try it now.

You can check out my trophies on my profile.

Deploying Multiple Apps on a Single VPS

2024-10-12T00:00:00+00:00

Deploying multiple applications on a single VPS using Docker allows for efficient isolation and management of each app in containers. By installing Docker and creating a docker-compose.yml file, you can easily launch and manage services like Node.js and PHP. Additionally, tools like Portainer provide a user-friendly web interface for streamlined container management, making updates and oversight simpler.

Deploying Multiple Apps on a Single VPS with Docker

Docker enables efficient deployment of multiple applications on a single VPS by isolating them in containers. This simplifies management and updates.

Step 1: Install Docker

Install Docker on your server. For Ubuntu, use the following commands:

sudo apt update
sudo apt install docker.io

Start Docker:

sudo systemctl start docker
sudo systemctl enable docker

Step 2: Using Docker Compose

Create a docker-compose.yml file to manage your containers. Here’s an example with two apps (Node.js and PHP):

version: '3'
services:
  node-app:
    image: node:14
    ports:
      - "3000:3000"
  php-app:
    image: php:7.4-apache
    ports:
      - "8080:80"

Launch the services:

docker-compose up -d

Step 3: Manage via Portainer

To simplify container management, use Portainer, a web-based UI for managing Docker containers. To install it:

docker run -d -p 9000:9000 --name=portainer \
--restart=always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v portainer_data:/data portainer/portainer-ce

Once installed, Portainer will be available on port 9000.

Conclusion

Using Docker and tools like Portainer allows you to deploy and manage multiple applications on a single VPS easily, simplifying service management and updates.

Commit Message Style in Git

2024-10-11T00:00:00+00:00

Maintaining a clear and structured change history in Git is essential for effective version control, and following best practices for commit messages can greatly enhance this process. Key guidelines include writing concise messages in the imperative mood, explaining the reasons for changes, and separating messages into a clear header and body. By grouping related changes and regularly reviewing the commit history, you can ensure better organization and collaboration within your projects.

Commit Message Style in Git

Working with Git is not only about version control, but also about maintaining a change history that can be clear and structured. Below are best practices for writing commit messages:

1. Write a clear and concise message The commit message should be clear and explain the essence of the change. For example:

git commit -m "Fixed button display on the homepage"

2. Use the imperative mood Phrase commit messages in the imperative mood. This helps create consistency in the history. Example:

git commit -m "Add date filtering capability"

3. Indicate the reason for changes A good practice is to briefly explain why you made the change. For example:

git commit -m "Optimize image loading for better performance"

4. Separate messages into a header and body Use a header of up to 50 characters, and then add a more detailed description after a blank line. Example:


git commit -m "Update library dependencies"

Updated libraries to the latest versions for improved security and performance.

5. Group related changes Avoid creating too many small commits. Try to combine logically related changes into one commit:

git commit -m "Add new functionality: upload and delete files"

6. Avoid using timestamps Do not include time or date in messages, as this is already recorded in the commit itself. Instead, it is better to specify what was changed:

git commit -m "Fix bug in message sending function"

7. Check the commit history Regularly review the commit history using the command:

git log --oneline

This will help you maintain order and structure in your project.

Conclusion By following these simple rules, you will be able to create a clear and accessible change history in your project, making work easier for both you and your colleagues. 👍

25 Powerful and Free APIs Every Developer Should Know in 2024

2024-10-10T00:00:00+00:00

Developers in 2024 have access to a variety of free APIs that can significantly enhance their projects. These 25 APIs range from weather data and news aggregation to AI-powered text generation and real-time exchange rates, allowing for diverse functionality across different application types. Whether you’re building entertainment apps with The Movie Database API or integrating powerful geolocation with Google Maps, these tools are invaluable for modern software development.

25 Powerful and Free APIs Every Developer Should Know in 2024

In the world of development, access to powerful APIs can significantly simplify the task of creating applications. Here’s a list of 25 essential free APIs that will be useful for developers in 2024:

1. OpenWeatherMap Provides current weather data and forecasts. Ideal for applications related to weather.
Usage: 60 calls per minute for free.

2. News API Collects the latest news from various sources to create your own news applications.
Usage: 500 requests per day for free.

3. Google Maps API Integrates maps and geolocation features into your applications.
Usage: Free tier includes $200 worth of credits monthly.

4. The Movie Database (TMDB) API Accesses information about movies, TV shows, and actors. Great for entertainment-related applications.
Usage: No rate limits.

5. JSONPlaceholder Provides fake data for testing and prototyping your applications.
Usage: Unlimited requests.

6. Spotify API Gives access to music data, playlists, and Spotify user information.
Usage: Rate limits are based on user authentication; generally, around 10 requests per second.

7. GitHub API Interact with GitHub: access repositories, commits, and user data.
Usage: 5000 requests per hour for authenticated users.

8. Facebook Graph API Integrates with Facebook to access user and page data.
Usage: Rate limits depend on the access token type.

9. Twitter API Access tweets and user data from Twitter.
Usage: 900 requests per 15 minutes for user timeline.

10. Bored API Provides ideas for leisure activities if you’re unsure what to do.
Usage: Unlimited requests.

11. ExchangeRate API Offers real-time exchange rates for financial applications.
Usage: 250 requests per month for free.

12. OpenAI API Leverage the power of AI for text generation and analysis.
Usage: Pricing based on usage; free tier available.

13. IP Geolocation API Determine user location based on their IP address.
Usage: 1,000 requests per month for free.

14. Feral Hosting API Manage hosting and services through an API.
Usage: Depends on the hosting plan.

15. PocketBase API A real-time database for mobile and web applications.
Usage: Unlimited requests.

16. NASA API Access data about space, images, and NASA missions.
Usage: 1,000 requests per hour for free.

17. GitHub REST API Additional access to GitHub resources and data.
Usage: 5000 requests per hour for authenticated users.

18. WooCommerce API Integrates with the WooCommerce platform for online store management.
Usage: Rate limits depend on server settings.

19. VirusTotal API Checks files and URLs for viruses and threats.
Usage: 4 requests per minute for free.

20. Dog API Provides information and images of dogs for animal lovers.
Usage: Unlimited requests.

21. Cat Facts API Offers interesting facts about cats to entertain users.
Usage: Unlimited requests.

22. RapidAPI A platform for finding and integrating various APIs.
Usage: Varies by individual API.

23. OpenAI GPT-3 API Creates powerful text generators and chatbots.
Usage: Pricing based on usage; free tier available.

24. Yahoo Weather API Provides weather data from Yahoo.
Usage: 2,000 requests per day for free.

25. OpenStreetMap API Access community-generated mapping data.
Usage: Unlimited requests.

Conclusion These 25 APIs offer a wide range of capabilities for developers, enabling the creation of innovative applications that integrate diverse data and functionality. Use them to enhance your projects and make them more interactive. 👍