Skip to content


Building small Java Docker images

When you take a look at the Java Official Docker images, you will immediately notice how fat they are: a whopping 243MB announced for a simple Java 8 JDK base image! It takes forever to download them from a regular DSL connection here.

Usually, your Dockerfile for Java apps starts with something like:

FROM java:8


Just try the following command: (you must have docker installed)

docker pull java:8
docker images | grep java

Scheduling Docker containers on a cluster

Docker makes it incredibly easy to run a variety of processes on a cluster of machines. Rancher offers container orchestration on top of Docker. Rancher allows you to manage a cluster of Docker-enabled machines. We use Rancher extensively at Octoperf to run JMeter containers on machines all over the world. We quickly faced an issue with Rancher here: container scheduling.

Rancher Administration


When you have a single machine running your docker container, everything is simple. You can run containers until the machines resources (CPU, RAM) are depleted. When you start working with 2+ nodes, you start to ask yourself new questions:

  • What is the optimal way to run containers on a cluster of machines?
  • How do I maximize resources utilization?

Deploying Jekyll using Docker

To build the website of Octoperf, our load testing tool, we use Jekyll. I also use it for this website.

It's great to generate static content, hosted on Amazon S3 like OctoPerf or on Github for this blog. But we had trouble upgrading jekyll to version 3 on our build server. We use plugin that are not yet available for this version. So we had to revert back to 2.5.

Docker to the rescue

The whole process took us time. So I decided to use Docker to build, optimize and deploy our website. Now all we need is Docker installed on our build server and available in Jenkins, the Continuous Integration tool we use.

I wrote a simple script that:

Backup Couchbase to S3 automatically

Couchbase is a popular NoSQL Database. I'm working with this database for about a year. I like this database for several reasons:

  • Easy to install: a single .deb file to dpkg on Ubuntu,
  • Fast: it serves queries within milliseconds,
  • Distributed: you can build a distributed cluster with tens of machines.

The biggest downside with this database is that it consumes almost 20% of cpu on our m3.large AWS instance for no reason. As soon as you setup query views, it consumes cpu cycles even if no data is stored.

The point of this article is not to debate about the pros and cons of this database, but i though sharing some thoughts about it can be useful.

HTTPS should be the standard

OctoPerf is fully HTTPS. There is a are several reasons for it. Setting up HTTPS for all our websites (Documentation, Application and Website) is a little bit tedious and pricey1. It took us two days to complete the operation but the result is satisfying for number of reasons.

Why is HTTP so dangerous

HTTPS ensures that the communication between our servers and our customers is fully encrypted. Lots of people are using a Wifi connection to go on the internet. For example, if you connect from a HotSpot from Starbucks Coffee, the Wifi connection is completely unsecure. Any login or password transiting with non-secure HTTP protocol can be easily intercepted.

Software like Wireshark can sniff the network packets transiting over the Wifi connection, even if the communication is not targeted for your computer. It switches the network card to promiscuous mode: the Wifi card accepts any packet over the air.


How does HTTPS work

When surfing on an HTTPS secured website, the connection is encrypted from client to server. Only the server can decrypt what the client has encrypted. To make things short:

  1. The server sends a public key to the client,
  2. The client encrypts the request to send with the public key, and sends itself its own public key within,
  3. The server decrypts the request sent by the client using a private key, it encrypts the response using the client provided public key,
  4. Then the client decrypts the server response using its private key.

Okay, it's probably more complicated than that. But, we're surely on the right track.