Author: Alexius Dionysius Diakogiannis

Deploying a Quarkus or any java based microservice behind an Nginx reverse proxy with ssl using docker

Posted by Alexius Dionysius Diakogiannis on in Others, Spring 4 Comments
Deploying a Quarkus or any java based microservice behind an Nginx reverse proxy with ssl using docker diakogiannis jee.gr

Reposted in my medium blog here 

It has been a while but as per a friend requested I am going to show you how to deploy a Quarkus microservice behind an Nginx reverse proxy using docker.

What are we going to do…

I am going to install docker and docker-compose on a centos 8 host and I am going to deploy a docker container that will expose Nginx on ports 80 and 443 and a microservice using Quarkus. The same technique can be used with ANY java microservices framework like microprofile, Springboot etc because in the end what you will do is run a simple jar file (java is magic right?).

Let’s start…

I am going to skip the installation details for docker and docker-compose. In case you haven’t heard of docker-compose have look here https://gabrieltanner.org/blog/docker-compose and you’ll love it. It automates your container deployments and it just rocks! Continue reading “Deploying a Quarkus or any java based microservice behind an Nginx reverse proxy with ssl using docker”

Git Essentials Crash Course

Posted by Alexius Dionysius Diakogiannis on in Open Source, Others

Introduction

This is not Java but several newbie developers ask the same question, how to use GIT and how does GIT works so here it goes…

Have you ever work in SVN? Well forget everything you know and lets start over 🙂

What is a GIT repo?

In general there are two mirror repos. Your local repo and the remote repo. Yes TWO REPOS. Everyone in the team has an actual copy of the whole repo so even if your remote server dies you can set it up again and just push (spoiler) your repo to the repote server.
Continue reading “Git Essentials Crash Course”

Can/Should I use parallel streams in a transaction context?

Posted by Alexius Dionysius Diakogiannis on in JEE
Java

Introduction

To make a long story short, you should not use transactions within a parallel stream. This is because each thread in the parallel stream has its own name thus it does participate in the transaction.

The Streams API is designed to work correctly under certain guidelines. In practice, to benefit from parallelism, each operation is not allowed to change the state of shared objects (such operations are called side-effect-free). Provided you follow this guideline, the internal implementation of parallel streams cleverly splits the data, assigns different parts to independent threads, and merges the final result.

Continue reading “Can/Should I use parallel streams in a transaction context?”

The Transient Keyword in Java and Its Use

Posted by Alexius Dionysius Diakogiannis on in JEE, Others

This article is originally posted by me in Java Code Geeks with title

The Transient Keyword in Java and Its Use

I recently came a cross in a study project of one of my friends that are studding the basics of programming in Java some forgotten sensitive information printed in text files and remembered the transient keyword in Java.

The transient keyword in Java plays an important role in terms of security and can be very useful in “accidents” like the one above as it will prevent the transmission of sensitive information like for example passwords to files, JSON messages etc that will require serialization.

To cut the long story short, if you define any variable as transient, it will not be serialized unless you define it as static or final.

Lets see some examples bellow. Continue reading “The Transient Keyword in Java and Its Use”

Oracle’s Weblogic CVE-2019-2725 CRITICAL vulnerability allows spreading of sodinokibi ransomware

Posted by Alexius Dionysius Diakogiannis on in Application Servers, Security

Malicious users are exploiting a vulnerability in Oracle WebLogic CVE-2019-2725 to install a ransomware called Sodinokibi.

Once executed, the Trojan creates the followoing file:
[PATH TO ENCRYPTED FILES]\[RANDOM EXTENSION]-HOW-TO-DECRYPT.txt and deletes Shadow Volume Copies and disables Windows startup repair.

Next, the Trojan encrypts files on the compromised server. The Trojan appends a random extension to encrypted files that is unique for each compromised computer and creates the a ransom note file in each folder containing encrypted files: [PATH TO ENCRYPTED FILES]\[RANDOM EXTENSION]-HOW-TO-DECRYPT.txt

The ransom note informs the user their files have been encrypted and provides instructions on how they may pay to have the files decrypted.

Unfortunately CVE-2019-2725 is very easy for attackers to exploit, as anyone with HTTP access to a WebLogic server could carry out an attack. Because of this, the bug has a CVSS v3.0 Base Score: 9.8 CRITICAL.

So how safe are you feeling when vising a Weblogic server app these days? :/

Apache NetBeans (incubating) 10.0 Released

Posted by Alexius Dionysius Diakogiannis on in NetBeans, Open Source
nekobean the Apache Netbeans mascot

The Apache NetBeans proudly announced the release of Apache NetBeans (incubating) 10.0.

Finally the first Apache NetBeans incubating release with full support for Java SE, PHP and JavaScript development

You can download it here: https://netbeans.apache.org/download/nb100/nb100.html

Apache NetBeans (incubating) 10.0 constitutes all but the enterprise cluster in the Apache NetBeans Git repo, which together provide the NetBeans Platform (i.e., the underlying application framework), as well as all the modules that provide the Java SE, PHP, JavaScript and Groovy features of Apache NetBeans.

In short, Apache NetBeans (incubating) 10.0 is a full IDE for Java SE, PHP and JavaScript development with some Groovy language support.

New features of the 10.0 Release:

  • JDK 11 support
  • Miscellaneous Features
  • PHP

Continue reading “Apache NetBeans (incubating) 10.0 Released”

We are switching to ENGLISH

Posted by Alexius Dionysius Diakogiannis on in Others

We decided to switch the blogs main language to english. Why?

Because programmers MUST know English!

To be able to act in a community or group we must able to share our ideas. Whether we like it or now English is the glue that ties all people together, hence we decided to adopt it here.

So sorry guys but we need to change 🙂

Apache Tomcat – Critical Remote Code Execution (RCE) vulnerability (CVE-2017-12617)

Posted by Alexius Dionysius Diakogiannis on in Application Servers, Security

Η ομάδα του Apache Tomcat έχει πρόσφατα επιδιορθώσει πολλές ευπάθειες ασφάλειας. Μια από αυτές θα μπορούσε να επιτρέψει σε έναν μη εξουσιοδοτημένο εισβολέα να εκτελέσει από απόσταση κακόβουλο κώδικα σε επηρεαζόμενους διακομιστές.
Continue reading “Apache Tomcat – Critical Remote Code Execution (RCE) vulnerability (CVE-2017-12617)”