I have a spring boot application that run in aws as a ECS. This application use a pool of connections for connect to an instance of Aurora RDS serverless. I want to know if there are a mode to "destroy" the pool connection when there are no connection to the database. It's possible?
Thanks,
Andrea
Just for documentation. I find a resolution by use com.zaxxer.hikari.HikariDataSource driver and the following configuration:
connectionTimeout: 60000
idleTimeout: 900000
maxLifetime: 900000
minimumIdle: 0
maximumPoolSize: 10
Related
I am currently trying to host a small spring boot backend with an oauth server via docker.
The vServer I choose has unfortunately a limit of 400 Process/Kernel-Threads set in the /proc/user_beancounters.
When starting the jwilder/nginx-proxy, the spring boot app with db (set to only 1 tomcat thread) and the Keycloak server with db this limit is exceeded and everything stalls.
My approach is to limit the workers in Keycloak since I don't need this many.
14:35:23,948 INFO [org.wildfly.extension.io] (ServerService Thread Pool -- 40) WFLYIO001: Worker 'default' has auto-configured to 8 IO threads with 64 max task threads based on your 4 available processors
But I really can't find any explanation on how to configure this parameter in Keycloak.
So the question: How can I configure the limit? Or maybe there is a better approach to the problem?
You can configure this in standalone.xml of the WildFly/Keycloak instance. Parameters are under io subsystem:
<subsystem xmlns="urn:jboss:domain:io:3.0">
<worker name="default" io-threads="8" task-max-threads="64"/>
<buffer-pool name="default"/>
</subsystem>
I have reactive micro service that talks to AWS RDS Aurora serverless. I want to know if there are any JDBC drivers that are non blocking for this like r2dbc.
The Reactive JDBC Driver for Mysql worked with AWS RDS Aurora Serverless.
https://github.com/mirromutth/r2dbc-mysql
AWS recently announced the need to:
Update Your Amazon RDS SSL/TLS Certificates by October 31, 2019
I have a Rails application hosted with a classic Elastic Beanstalk load balancer, which connects to a Postgres DB using RDS.
The required steps according to Amazon are:
Download the new SSL/TLS certificate from Using SSL/TLS to Encrypt a Connection to a DB Instance.
Update your database applications to use the new SSL/TLS certificate.
Modify the DB instance to change the CA from rds-ca-2015 to rds-ca-2019.
(https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html)
Since I have my load balancers set up like this (connecting to my EC2 instances via HTTP port 80 (not SSL), does this mean I don't need to follow steps 1 and 2? And only follow step 3?
Or do I have to download the updated certificates and install/add them to my Load balancer or EC instances manually? Not sure how to do that.
Step 1 & 2 only required if your application connection with MySQL is TLS encrypted.
Do not change LB TLS setting it can break your application, LB TLS is something else, where RDS TLS is something else.
If your application just creation plain connection you are safe to perform directly the step 3.
Modify the DB instance to change the CA from rds-ca-2015 to
rds-ca-2019.
Normally practice for DB, DB should be in private subnet and it should not accessible from the public, TLS is helpfull when your Database and Backend connection is on the internet, not within VPC.
With an unencrypted connection between the MySQL client and the
server, someone with access to the network could watch all your
traffic and inspect the data being sent or received between client and
server.
There is a much easier answer to the question:
You do not need to install anything in your Beanstalk environment if
you upgrade the CA Certificate used by the RDS attached to it.
https://stackoverflow.com/a/59742149/7051819
Just follow point 3 and ignore 1 and 2.
(Yes I wrote that answer myself).
I am using Ssh.net nuget package in a .net core app to connect to remote Ubuntu servers on AWS.
I have dockerized my app and it works perfectly on local Windows envionment and a local ubuntu server.
Same docker image does not work if deployed on Aws Lightsail or other server providers like upcloud.com and vultr.com.
Below are the error details:
Connection failed to establish within 30000 milliseconds.
at Renci.SshNet.Abstractions.SocketAbstraction.Connect(IPEndPoint remoteEndpoint, TimeSpan connectTimeout) at Renci.SshNet.Session.SocketConnect(String host, Int32 port) at Renci.SshNet.Session.Connect() at Renci.SshNet.BaseClient.Connect()
I have tried turning off firewalls on all of the tested platforms but it doesn't make a difference.
Any ideas what I should do to resolve the issue?
At beginning of project I use http for connecting with ec2 directly with ip address not domain name and its connects fine and worked fine to my c# client and web client that connected to ec2 through ip adderess.
Recently I added Https to my load balancer and configured all ec2 with https security groups and there trouble started.
Signalr web client with https and ip address connects fine on ec2 but c# client with https and ip address not connecting. C# client throw connection close method continuously.
To solve that I change my connection url from ip to elastic beanstalk domain name to c# client and signalr connected but following things happen.
1) First time when I connect with beanstalk domain name, it response with 400 header error on connection establishment and serve also reply data from database so first time connection established.
2) After server's reply I invoke another method of server at that time error occurred stated that connection disconnected please start connection before making request to server.
3) In signalr there is a connection close method that invoke if connection has been close and it is not invoking.
4) I have searched my query in Internet and found that we have to configured socket connection on beanstalk as they have same issue with nginx. I am using IIS and there is no particular answer for that.
5) I have try to connect directly on ec2 instance domain name but signalr did not established connection and directly fire connection close method without any error or warning.
6) In my network configuration I have enabled inbound port with 443 and 80. If i made request from my browser to that domain url of beanstalk or ec2 its works fine
If you have any idea to configure socket on aws ec2 or elastic beanstalk might help to solve this problem.