Ctrl + ↑ Later
Aug 31, 2017, 15:35


Very interesting open source project with Unikernels

OSv is the open source operating system designed for the cloud. Built from the ground up for effortless deployment and management, with superior performance.
Simplified cloud stack
The language runtime, OS and hypervisor all provide protection and abstraction. OSv minimizes the redundancy in these layers by simplifying the OS.


Here is my results when I changed base image from openjdk:latest to clojure:alpine

registry.it-expert.com.ua/nexus/privat-manager latest 61e0537043a3 24 hours ago 260MB
registry.it-expert.com.ua/nexus/privat-manager 8b8634a576b1 3 days ago 863MB

Difference is 603 fucking megabytes with equally the same functionality!

Here is short script you can use to make backups into Hetzner storage box using CIFS aka Windows Share.

mount.cifs //uXXXXXX.your-storagebox.de/backup /mnt/hetzner/ -o user=uXXXXXX,pass=YYYYYYYY
cp -r /mnt/HD/HD_a2/backups2/hourly.0/ /mnt/hetzner/dns-320
umount /mnt/hetzner

Deadly simple.

And what I want is to backup everything what has been done by the rsnapshot, that's why I've added following to the crontab

30 3 * * *  rsnapshot daily && /mnt/HD/HD_a2/ffp/home/root/backup-hetzner.sh

So right after rsnapshot finish its job backup to remote host starts.

The main idea is to have fully automated docker database backup from low end D-Link NAS DNS-320.

Solution design is following:

  1. My backup box will copy backup.sh script to the remote coreos-03 host.
  2. Then remote host copies backup.sh script into database container.
  3. Backup box executes docker command «docker exec itservice_db_1 backup.sh» on coreos-03 host, which, in turn, executes mysqlbackup. SQL dump is captured directly from command output and then gzipped.
  4. Rsnapshot saves folder with gzipped SQL dump and rotates old backup folders as necessary.

So, we will need only

  • ssh
  • tar
  • rsnapshot

Here is my working implementation:

script backup.sh

## env vars are already in docker container

script backup-coreos-itservice.sh

/ffp/bin/scp /ffp/home/root/backup.sh core@coreos-03:/home/core/itservice/backup.sh
/usr/sbin/ssh -C core@coreos-03 "docker cp /home/core/itservice/backup.sh itservice_db_1:/usr/local/bin/backup.sh"
/usr/sbin/ssh -C core@coreos-03 "docker exec itservice_db_1 /usr/local/bin/backup.sh" > latest.sql
/opt/bin/tar czf itservice-sql-dump.tar.gz latest.sql --remove-files


backup_script	/mnt/HD/HD_a2/ffp/home/root/backup-coreos-itservice.sh	coreos-03/itservice_db_1


0 */4 * * * rsnapshot hourly
30 3 * * *  rsnapshot daily
0  3 * * 1  rsnapshot weekly
30 2 1 * *  rsnapshot monthly

Keep in mind, that you will need to generate ssh keys for your backup box and add it to authorized_keys on coreos-03 host, but this is out of scope this article.

just put in /etc/coreos/update.conf

Aug 4, 2017, 17:28

Docker clean stale containers

This will clean up stale docker containers in status «created»

docker ps -a -f "status=created" -q | xargs docker rm
Mar 31, 2017, 16:49

Docker tradeoffs

In order to make better decisions mind tradeoffs. For instance for Docker here is my list.


  • mobility. Your app become more mobile, easy to deploy.
  • better version control. You can always revert in no time
  • single approach for app deployment
  • easy to scale
  • storage for source code (dockerhub, docker cloud)


  • longer app deploy time
  • longer app compile time
  • more storage used
  • less responsive code in development
  • change every process from deployment to backup
  • easier to shoot self in foot with wrong data storage design
  • new abstraction layer = more knowledge to acquire
  • it's harder to recover data in case of loss
  • testing process will include one more step

Life hack goto


and then do «delete domain» in hacky chrome interface.

curl -H 'Host:stage.it-premium.com.ua'

where Host is your host and is your nginx server.

For coreos that's enough to use something like this

docker run -d \
  -v /home/core/certificates:/etc/nginx/certs:rw \
  --volumes-from nginx-proxy \
  -v /var/run/docker.sock:/var/run/docker.sock:ro \

docker run -d -p 80:80 -p 443:443 \
  --name nginx-proxy \
  -v /home/core/certificates:/etc/nginx/certs:ro \
  -v /etc/nginx/vhost.d \
  -v /usr/share/nginx/html \
  -v /var/run/docker.sock:/tmp/docker.sock:ro \
  -v /home/core/conf.d/external.conf:/etc/nginx/conf.d/external.conf  \
  --restart always \

and then not to forget to specify


in your docker-compose section.

More is here https://hub.docker.com/r/mickaelperrin/docker-letsencrypt-nginx-proxy-companion/

Ctrl + ↓ Earlier