This article describes the new Nginx Unit web server. In it you can learn more about the web server itself, its installation and configuration: how to use listeners, routing, how to install TLS certificates. The article will show how easy it is to work with it and that huge configs are slowly becoming a thing of the past.
System administration *
For user to be satisfied
It hasn't been that long since my last cheat sheet was published and this is the day for the new one. This time I got a task to find a solution for backing up Kafka to S3 bucket, following the terms:
As many times before, I keep writing cheat sheets after the tasks which made me search a lot and glue things together before I found a solution. Long story short, this time I was asked to set up Google SSO for Kibana without switching from a basic license to a paid one. Kibana, by the moment, already had authentication set up and the customer wanted to log in there with the use of Google Workspace user accounts. Along with that, the customer wanted to keep user account which was already there, in Kibana. There was no need for role mapping or other advanced features, just plain SSO and that's all. As you probably know Elastic provides SSO feature only on paid license, so I have had no other way to get it working except for using 3rd party software. But first things first, let's list the steps we should go over:
We're continuing to explore micro service architecture. In today's blog Alexander Solyar, Lead system architect at Innotech, describes the main challenges analysts are facing while working with micro services. He also shares a number of effective solutions and recommendations.
First mentions of micro service architecture application go back to the previous decade. Today this approach became the industry standard. Alexander Solyar, Lead software architect at Innotech, dives into details, shares professional insights and practical rules for working with micro services .
Typically when a Node falls out of the OpenShift cluster, this is resolved by simply restarting the offending element. What should you do, however, if you’ve forgotten the SSH key or left it in the office? You can attempt to restore access by using your wit and knowledge of Linux commands. Renat Garaev, lead developer at Innotech, described how he found the solution for this riddle and what was the outcome.
This article continues the series of articles on load tests. Today we will analyze the testing methodology and answer the question: "How many IP cameras can be connected to a WebRTC server?"
Do you remember how just a few years ago it was a disaster to lose a camera at the end of a vacation? All memorable pictures and videos then disappeared along with the lost device. Probably, this fact prompted the great minds to invent cloud storage, so that the safety of records no longer depends on the presence of the devices on which these records are made.
We continue to review variants of load tests. In this article we will go over the testing methodology and conduct a load test that we will use to try and determine the number of users that could watch and stream at the same time, meaning the users will simultaneously publish and view the streams.
This article is a continuation of our series of write-ups about load tests for our server. We have already discussed how to compile metrics and how to use them to choose the equipment, and we also provided an overview of various load testing methods. Today we shall look at how the server handles stream mixing.
In one of the previous articles, I’ve already written about the hybrid monitoring system from Monq. Almost two years have passed since then. During this time, Monq has significantly updated its functionality, a free version has appeared, and the licensing policy has been updated. If monitoring systems in your company start to get out of control, and their number rushes somewhere beyond the horizon, we suggest you take a look at Monq to take control of monitoring. Welcome under the cut.
In the previous article we went over a load test whose data could be used to choose a load-appropriate server. In the course of the testing, we would publish a stream on one WCS, and we would pick up that stream several times using a second WCS. The acquired results could be used as a basis for decisions on server operability.
Some would (justly) have concerns regarding the possible biases in such a test — after all, one of our servers was used to test another one of our servers. Could it be that we were using a specially optimized code that skewed the results in our favor?
If you use Zabbix to monitor your infrastructure objects but have not previously thought about collecting and storing logs from these objects then this article is for you.
In any project, a great deal of importance is placed on the selection of server hardware and WebRTC streaming is no exception. One of the key principles of such a selection is balance – the hardware should be powerful enough to handle the streams with no drops in quality, but not too powerful so as to waste resources. So, how does one choose the right server?
Monitoring systems are a vital tool for any system administrator, because they can be used to extract specific information from services, such that:
I have already written about AIOps and machine learning methods in working with IT incidents, about hybrid umbrella monitoring and various approaches to service management. Now I would like to share a very specific algorithm, how one can quickly get information about functioning conditions of business applications using synthetic monitoring and how to build, on this basis, the health metric of business services at no special cost. The story is based on a real case of implementing the algorithm into the IT system of one of the airlines.
Currently there are many APM systems, such as Appdynamics, Dynatrace, and others, having a UX control module inside that uses synthetic checks. And if the task is to learn about failures quicker than customers, I will tell you why all these APM systems are not needed. Also, nowadays health metrics are a fashionable feature of APM and I will show how you can build them without APM.
FTPS - is FTP with SSL layer, please don't mess it with SFTP. FTPS uses regular FTP protocol underneath, but all commands and data is encrypted using SSL. So mechanism of work is pretty same as in HTTPS: old protocol encapsulated in security layer. But that's breaks a lot of traditional FTP clients you are used to.
So here is 2 dead simple solutions I've tested with many FTPS servers, which setup could be much more correct then it actualy was. You can encounter FTPS servers configured in 2 ways with ports 20 + 21 and 989 + 990 used.
Filezilla is a GUI client available for both linux and windows. It has pretty specific interface. It can correctly handle wrong certificates, unusual ports and so on. Can be downloaded here. Just enter host, username, password and port(only if needed) and press Connect.
Mounting FTPS under linux
There is a an utililty called curlftpfs. It works under linux/*bsd and allows to mount remote FTPS(S) dir to you local directory. So in the simpliest ways on the ubuntu/debian it will look like:
sudo apt install curlftpfs
curlftpfscurlftpfs -o ssl ftp://USERNAME:PASSWORD@HOSTNAME:21/ /tmp/ftp-mount
If server you connecting to has wrong or outdated SSL certificate you can try:
curlftpfs -o ssl,no_verify_peer,no_verify_hostname ftp://USERNAME:PASSWORD@HOSTNAME:21/ /tmp/ftp-mount
If you need to change port from 21 to something else, remember, you can change port only in connection string, maybe via .netrc, but NOT with curlftpfs ftp_port option.
If you know a solution that allows to mount ftps folders under Windows, please mention it in comments.