We typically deploy REST APIs behind a HAProxy reverse proxy. We often need to enforce SLAs and protect those APIs from being flooded with too many concurrent requests. In this post, I’ll show you a straightforward way to do this with HAProxy’s max_conn setting. Furthermore, I’ll show you how you can quickly verify your rate-limiting strategy. We’ll create a simple test-bed consisting of two REST API instances fronted by a HAProxy instance and we’ll flood them with requests using the ab tool (Apache benchmark – which generates an arbitrary number of concurrent requests to an API). If a specific API gets too many concurrent requests, further requests will be rejected with a http 503 (service unavailable) and a message indicating[…]

Introduction We often need a simple web server as a Docker container to serve up static content (HTML or an Angular app etc). Most people are using lighttpd or nginx for this purpose (both are fast and lightweight). So in this post I’ll take you through the process of creating a minimal Docker container using lighttpd and then one using nginx. In each case, for demonstration purposes, we’ll just serve up a single index.html file. lighttpd nginx

Introduction We’ve been designing and deploying micro-services with REST APIs for a while now, using API-First design. Time to document some of the lessons we’ve learnt during that process. They’re not presented in any particular order and they relate to various parts of the development lifecycle. How to do paging If a list query (say GET /members?start=0&count=100) could return a total of, say, 15.000 results, you need to indicate this in the response (so the client can show a paging control). Our early APIs returned an “envelope” object, containing the list of 100 members plus the total count. This is OK, but it forces the client to implement an extra class for all list queries, whereas what he really expects[…]

Introduction We have been applying API-First design principles for several years now and advise our customers to do the same. As the name suggests, API-First design means designing a system around an API rather than adding an API to an already designed system as an afterthought. Note: when we say API, we mean a REST-API using JSON object representation – this is because virtually all APIs use REST these days, due to the fact that REST is based on http(s) which has emerged as the dominant communication protocol of the internet. Why API-First design? The main reasons for designing a system around an API are: * Its canonical: the API is the canonical form of a system – i.e. stripping[…]

Introduction In this post, we’ll cover the basics of using the git source control system, which has emerged as the dominant tool in this space (especially since Microsoft paid $7.5B for github.com). Audience This workshop is intended for developers who are already aware what a source control system is and why you need it. Platforms We’ll do this workshop on Ubuntu, but git itself is completely cross-platform, so everything in this workshop is applicable for other platforms such as macOS and Windows. There are various GUIs available, but we’ll concentrate on the command line, since that’s what you should learn first. Many IDEs and editors (like VSCode) have git support built in, but it’s still important to be comfortable with[…]

The VMWare Clarity Design System documentation is a bit vague about how modal dialogs should be handled. The examples presented are not really appropriate for real-world applications, where dialogs need to be reusable components, usually containing forms. So, here’s a more realistic example of how to use modal dialogs in clarity applications. The code is available as a stackblitz at https://stackblitz.com/github/rogerarmstrong/clarity-sample-modal. What we want to achieve is a modal component which can be called from anywhere in the application and which takes a model object as input and returns a modified model as output (i.e. the dialog does nothing with the object except allow the user to edit it – the caller has control over what to do with the[…]

I was looking for a simple  way to use Let’s Encrypt to enable https for a web site and I found a Docker image nmarus/docker-haproxy-certbot which met my needs. Remember, Let’s Encrypt represents a complete break from traditional certificate issuers in that: (a) its free. (b) certificate creation, installation and renewal is fully automated. These are huge advantages relative to working with the previous certificate issuers and anyone who deploys anything to the internet should immediately take advantage of them. Let’s Encrypt’s audacious goal is to improve the whole internet by getting everyone to use https. Let’s Encrypt provides a “certbot” which handles the whole lifecycle of the certificates for you. There’s plenty of Let’s Encrypt documentation on how to install the[…]

We’ve been using the free ESXi ghettoVCB backup utility for the last 5 years to backup about 150 VMs daily without a glitch. ghettoVCB snapshots the VM, copies away the files (with a configurable retention period) and then removes the snapshot. The resulting backup is a snapshot of the VM which means that when you need it, you can directly run the backup copy of the VM with ESXi and start it without having to restore it. ghettoVCB is fast and reliable (it copies sparse disks correctly to an NFS backup share so the resulting backup is as compact as the original VM disks). ghettoVCB has no deduplication capabilities, so its usually not appropriate for offsite backup of VMs. We[…]

Borg backup (https://github.com/borgbackup) is an open source backup tool which, in addition to the usual backup features like strong client-side encryption and compression, has several important characteristics which make it particularly suitable for handling large offsite backups (like virtual machine backups): Deduplication: this ensures that even if the source files move or change names, that they will not be re-backed up unnecessarily. The backup can be moved. Borg backups are just directories – this means that you can make the first, full backup locally, copy it to the destination via a USB disk and the continue incremental backups over the network. We are currently using borg for several offsite backups, including a weekly offsite backup of VMWare ghettovcb local backups[…]