DEV Community: Shanmugananthan A K

🚀 Getting Started with Nagios Core: Monitoring Made Simple

Shanmugananthan A K — Thu, 25 Sep 2025 11:52:26 +0000

When it comes to IT infrastructure monitoring, Nagios Core is one of the most widely adopted open-source tools. It gives sysadmins the power to keep an eye on servers, networks, applications, and even devices like printers — all in one place.

In this post, I’ll walk you through how Nagios works, its components, and a real-time example of monitoring a Linux server.

🔎 What is Nagios?

Nagios is an open-source monitoring engine that continuously tracks your IT environment. It detects issues (like high CPU usage, disk running out of space, or services going down) and alerts admins immediately, helping reduce downtime.

Nagios Core can scale to monitor thousands of hosts and services, making it a great fit for small setups as well as large enterprise infrastructures.

⚙️ Nagios Architecture

A Nagios setup usually has:

Nagios Server (Central host) → Runs Nagios Core, holds all configs, and processes results.
Plugins → Small executables/scripts that check specific resources (disk, CPU, HTTP, FTP, etc.).
NRPE (Nagios Remote Plugin Executor) → Allows Nagios to run plugins on remote Linux/Unix hosts.
NSClient++ → Windows equivalent for running checks remotely.

🔄 How Nagios Works

Nagios schedules checks using its monitoring engine.
It executes plugins locally or remotely (via NRPE/NSClient++).
Plugins return results like:

OK (all good)
WARNING (threshold breached)
CRITICAL (service down/major problem)
1. Nagios updates its status database and triggers alerts based on configuration.
2. Alerts can be sent via email, SMS, Slack, Telegram, or custom scripts.

📬 Active vs Passive Checks

Active Check → Nagios runs the check itself (e.g., check_http connects to port 80 of a web server).
Passive Check → External apps or agents send results back to Nagios (e.g., SNMP traps).

📦 Nagios Directory Structure

When you install Nagios Core, you’ll see something like this:

nagios/
├── bin       # Nagios main daemon
├── etc       # All configuration files
├── libexec   # Plugins (check_http, check_ping, etc.)
├── sbin      # CGI executables for web interface
├── share     # Web interface files (HTML/PHP)
└── var       # Runtime data (logs, cache, status.dat)

🖥️ Real-Time Example: Monitoring an HTTP Service

Let’s say you have a server at 44.233.51.131 and you want to monitor if its web service is up.

Here’s how a Nagios service definition might look:

define service {
    use                   local-service
    host_name             web-server-1
    service_description   HTTP
    check_command         check_http!-H 44.233.51.131 -p 80
    check_interval        1
    retry_interval        1
    notifications_enabled 1
    contact_groups        admins
}

✅ What this does:

Every 1 minute, Nagios checks port 80 on 44.233.51.131.
If the service is down (CRITICAL), Nagios immediately alerts the admins group.
Once it’s back online (RECOVERY), Nagios sends another notification.

This ensures your team knows the moment downtime happens, minimizing business impact.

🔧 Extend with Custom Plugins

Nagios comes with many plugins (check_disk, check_ping, check_http, etc.), but you can also write your own in Python, PHP, or Shell scripts. For example, you could monitor:

Application log files for errors
Database query response times
API health endpoints

🎯 Why Nagios?

Scalable → Monitors 10,000+ hosts easily
Flexible → Active & passive checks, NRPE, SNMP, and custom plugins
Reliable → Fast alerting system with escalation policies (e.g., L1 alert to on-call admin, L2 alert to ops team)
Extensible → Works with other tools like Grafana, Prometheus, or ELK for visualization

📂 Key Configuration Files in `/etc/nagios`

Nagios stores most of its configuration in the etc directory. Some of the most important files include:

.htpasswd → Secures the web interface by storing GUI login passwords.
cgi.cfg → Manages the web interface settings, including login permissions and who can access what.
resource.cfg → Stores sensitive information such as credentials and common paths, keeping them out of command definitions.
objects/ → Contains definitions for what Nagios monitors, including hosts, services, contacts, and commands.

🔹 Important Nagios Config Files

File	Purpose
nagios.cfg	Main configuration file. Defines global settings, intervals for host/service checks, and points to other object configuration files.
resource.cfg	Secure storage for sensitive data like usernames, passwords, and directory paths.
contacts.cfg	Defines who gets notifications when hosts or services go down. Includes contacts (users) and contact groups. Typically contains a default contact like `Nagios admin`.
command.cfg	Lists the commands Nagios uses for service checks, notifications, and event handlers. You can also add custom commands here.
templates.cfg	Contains object templates (blueprints) for hosts, services, and contacts. Real objects can inherit defaults from these templates.
timeperiods.cfg	Defines reusable schedules for monitoring and notifications (e.g., `24x7`, `workhours`). Can be referenced by hosts, services, and contacts.

⚙️ How Nagios Works

Nagios monitors two main object types:

Hosts → Any entity on your network: servers, printers, switches, etc.
Services → Checks performed on hosts, like CPU load, disk space, web server status, or network connectivity.

Nagios uses commands to perform checks, send notifications, and handle events. You can also write custom plugins in Python, PHP, or Shell scripts and add them to libexec, then reference them in command.cfg.

🔹 Common Nagios Commands

Here are some of the most widely used Nagios plugins:

Command	Purpose
check_http	Checks Apache/Nginx/web server status
check_ping	Monitors network connectivity (latency, packet loss)
check_ssh	Checks if SSH service is running
check_disk	Checks disk usage on partitions
check_load	Monitors CPU load average
check_users	Counts logged-in users
check_procs	Monitors number of processes or specific process status
check_swap	Checks swap memory usage
check_snmp	Monitors SNMP-enabled devices like printers, switches, routers
check_tcp	Checks TCP port availability (e.g., DB, mail, custom services)
check_dns	Checks DNS resolution status
check_smtp	Monitors mail server (SMTP) status
check_mysql	Checks MySQL/MariaDB availability (if installed)

🔹 Example: Monitoring a Web Server

Here’s a simple service definition to monitor an HTTP server at IP 44.233.51.131:

define service {
    use                   local-service
    host_name             web-server-1
    service_description   HTTP
    check_command         check_http!-H 44.233.51.131 -p 80
    check_interval        1
    retry_interval        1
    notifications_enabled 1
    contact_groups        admins
}

Every 1 minute, Nagios checks port 80 on the server.
Alerts are sent to the admins group if the service goes CRITICAL.
Recovery notifications are sent once the server is back online.

🔹 Step-by-Step Guide: Monitoring a Remote Host with NRPE in Nagios

Nagios Core can monitor remote Linux hosts using NRPE (Nagios Remote Plugin Executor). This allows your Nagios master server to execute checks on a remote slave host. Let’s go through the process step by step.

Step 1: Configure NRPE on the Slave Host

The NRPE daemon runs on the remote host you want to monitor. Its configuration file location depends on your installation:

Common paths: /etc/nagios/nrpe.cfg or /usr/local/nagios/etc/nrpe.cfg

Open the file with your editor (I’ll use nano here):

sudo nano /usr/local/nagios/etc/nrpe.cfg

Locate the allowed_hosts directive and add your Nagios master IP:

allowed_hosts=127.0.0.1,192.168.1.10

Replace 192.168.1.10 with your Nagios master server IP.

Save the file and restart the NRPE service to apply changes:

sudo systemctl restart nrpe
# or, depending on your OS:
sudo service nrpe restart

Step 2: Verify Connection from the Master

On your Nagios master server, test if it can communicate with the slave host:

/usr/local/nagios/libexec/check_nrpe -H <Slave_IP_Address>

Replace <Slave_IP_Address> with the actual IP of your remote host.
If configured correctly, NRPE should respond with its version number or a test message.

Step 3: Define the Slave Host in Nagios

Create a configuration file for the slave host, e.g., /usr/local/nagios/etc/objects/slave.cfg:

define host{
    use                     linux-server
    host_name               Slave-Server-01
    alias                   My Remote Linux Host
    address                 <Slave_IP_Address>
    max_check_attempts      5
    check_period            24x7
    notification_interval   30
    notification_period     24x7
    contact_groups          admins
    register                1
}

linux-server is a host template defined in templates.cfg
register 1 → This is a real host definition
Replace <Slave_IP_Address> with the remote host IP

Step 4: Define Services (The Actual Checks)

You can define services in the same file (slave.cfg) or a separate services.cfg. Here are some common checks using check_nrpe:

# Check CPU Load
define service{
    use                     generic-service
    host_name               Slave-Server-01
    service_description     CPU Load
    check_command           check_nrpe!check_load
}

# Check Current Users
define service{
    use                     generic-service
    host_name               Slave-Server-01
    service_description     Current Users
    check_command           check_nrpe!check_users
}

# Check Root Disk Space
define service{
    use                     generic-service
    host_name               Slave-Server-01
    service_description     Root Disk Space
    check_command           check_nrpe!check_disk
}

🔹 How it works

check_command = check_nrpe!check_load
- check_nrpe → Nagios command defined on the master
- !check_load → Argument passed to NRPE, which corresponds to the remote command defined in the slave’s nrpe.cfg

Step 5: Include the New Host Config and Restart Nagios

Ensure your main Nagios configuration (nagios.cfg) includes your new host configuration:

cfg_file=/usr/local/nagios/etc/objects/slave.cfg

Finally, restart Nagios to apply the changes:

sudo systemctl restart nagios
# or
sudo service nagios restart

✅ That's it!
Your Nagios master can now monitor the remote slave host via NRPE. You can repeat this process for additional hosts and customize the services to monitor CPU, memory, disk, users, or any custom script.

🔹 How to Configure Email Notifications in Nagios Core

Nagios Core can alert administrators via email whenever a host or service goes down, recovers, or reaches a threshold. Setting up email notifications requires configuring contacts, contact groups, and ensuring the Nagios server can send emails. Here’s a step-by-step guide.

Step 1: Ensure the Nagios Server Can Send Mail

Nagios itself does not send emails directly. It relies on a Mail Transfer Agent (MTA) like mail, sendmail, Postfix, or Postmail.

Install and configure your preferred MTA. I prefer using Postfix.
Test email sending from the command line:

echo "Test email from Nagios" | mail -s "Nagios Test" user@example.com

If the email arrives successfully, your Nagios server can send notifications.

Step 2: Define the Contact in `contacts.cfg`

Open the contacts configuration file (usually /usr/local/nagios/etc/objects/contacts.cfg) and define a new contact:

define contact {
    contact_name                shanmugananthan
    use                         generic-contact
    alias                       Shan
    email                       shan@example.com
    service_notification_period 24x7
    host_notification_period    24x7
    service_notification_options w,u,c,r,f,s
    host_notification_options   d,u,r,f,s
    service_notification_commands notify-service-by-email
    host_notification_commands  notify-host-by-email
}

Explanation:

service_notification_options w,u,c,r,f,s → Notifications for Warning, Unknown, Critical, Recovery, Flapping, Scheduled Downtime
host_notification_options d,u,r,f,s → Notifications for Down, Unreachable, Recovery, Flapping, Scheduled Downtime
notify-service-by-email / notify-host-by-email → Commands that send email notifications

Step 3: Define or Update the Contact Group

If you use contact groups, make sure your new contact is included:

define contactgroup{
    contactgroup_name admins
    alias             Nagios Administrators
    members           nagiosadmin,shanmugananthan
}

You can assign multiple contacts to a group for centralized notifications.

Step 4: Apply the Contact / Contact Group to Hosts or Services

When defining hosts or services, reference the contact or contact group so they receive alerts.

Example Host Definition:

define host {
    use                     linux-server
    host_name               web-server-01
    alias                   Web Server
    address                 192.168.1.10
    contact_groups          admins
}

Example Service Definition:

define service {
    use                     generic-service
    host_name               web-server-01
    service_description     HTTP
    check_command           check_http
    contacts                shanmugananthan
    contact_groups          admins
}

contacts → individual notifications
contact_groups → group notifications

Step 5: Verify and Restart Nagios

Check the Nagios configuration for errors:

/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

Restart Nagios to apply changes:

sudo systemctl restart nagios

If the verification shows no errors, your email notifications are now active.

✅ Tips:

Use a generic-contact template to avoid repeating notification options.
Test notifications by manually stopping a service or host to ensure emails are sent correctly.
Consider integrating Slack, Telegram, or SMS notifications for faster alerts.

Docker – Complete Learning Guide 🐳

Shanmugananthan A K — Tue, 16 Sep 2025 11:34:19 +0000

🚀 Docker Explained Simply (With Real-Life Examples)

If you’ve ever faced the dreaded “It works on my machine but not on yours” problem — Docker is the hero you need.
It allows developers to package applications into isolated environments called containers, ensuring they run the same everywhere.

✅ Think of it like this:
You built a school project website that runs fine on your laptop. But when you copy it to your friend’s system, it crashes because they have a different PHP version. With Docker, you can package your code, PHP, and dependencies into a single container. Now it works everywhere 🚀.

⚙️ Docker Architecture

Docker has two main parts:

🖥️ 1. Docker Client

The tool we use to interact with Docker.
Runs commands like:
- docker run → Start a container
- docker pull → Download an image
Can even talk to a remote Docker Daemon over a network.

⚡ 2. Docker Daemon

The engine of Docker running in the background.
Responsible for building, running, and managing containers, images, networks, and volumes.

🔗 Communication

Client ↔ Daemon communicate via:
- REST API
- Unix socket
- Network interface

👉 Analogy: You (client) say “Make tea!” ☕ and the kitchen (daemon) makes it.

🧩 Docker Components

📦 1. Docker Images

Read-only templates used to create containers.
Built in layers, so if one layer changes, only that part rebuilds.

👉 Example:

Base: ubuntu
Add Python → new layer
Add Flask → another layer

docker pull ubuntu

🏃 2. Docker Containers

A running instance of an image.
You can start, stop, delete, or move them.
Each has its own read-write layer and connects to storage + networks.
Ephemeral by default (data gone when removed) — unless a volume is attached.

📌 Flow:

Pull image → 2. Create container → 3. Add read-write layer → 4. Connect to virtual network → 5. Get unique container IP → 6. Interact via terminal.

docker container create --name shan ubuntu /bin/bash

🔥 3. Docker Engine

The core runtime that builds and runs containers locally.

☁️ 4. Docker Hub

Cloud-based repo where you store and share images.

📝 5. Dockerfile

A script with step-by-step instructions to build an image.
Executed top to bottom by Docker Daemon.

📌 Workflow:

Dockerfile → docker build → Docker Image → docker run → Container

✅ Example:

FROM ubuntu
RUN apt-get update && apt-get install -y nginx
CMD ["nginx", "-g", "daemon off;"]

📦 Docker Registry

A service that stores Docker images.
Docker Hub is the most popular public registry.

🔧 Common Docker Commands

🔹 Image Commands

docker image ls → List images
docker pull <image> → Download image
docker rmi <image> → Remove image
docker history <image> → View layers

🔹 Container Commands

docker run <image> → Run container
docker ps -a → List containers
docker exec -it <id> /bin/bash → Open terminal inside container
docker logs <id> → View logs

👉 Example: Run Nginx on port 80

docker run -d -p 80:80 nginx

🥊 Docker vs Virtual Machine

Feature	Docker (Container)	Virtual Machine (VM)
Startup Time	Seconds ⚡	Minutes 🕒
Resource Usage	Lightweight 🪶	Heavy 💻
OS Requirement	Shares Host OS	Needs Full OS
Performance	Faster 🚀	Slower 🐢
Isolation	Process-level	Hardware-level

👉 Example:

Want to run 10 microservices? Use containers.
Want to run Windows on Linux? Use a VM.

🎯 Final Thoughts

Docker has become a must-have skill for developers and DevOps engineers.
It’s lightweight, fast, and makes your apps portable across environments.

✨ Next time you hear “but it worked on my laptop…”, just smile and say:
👉 “Let’s put it in Docker.” 🐳

🗄️ Docker Storage & Networking (with Real-World Examples)

Containers are temporary by nature → once they’re removed, their data is gone ❌.
That’s where Docker Storage comes in to keep your data safe.

📂 Docker Storage – Volumes

A volume is storage that lives outside of containers, so your data survives even if the container is deleted.

🔹 Types of Storage

Bind Mount → Maps a host path to a container path.
Docker Volume → Managed by Docker, stored under /var/lib/docker/volumes.
tmpfs → Stores data in RAM (super fast, but temporary).

🔹 Volume Commands

docker volume ls          # List volumes
docker volume create ak   # Create a volume
docker volume inspect ak  # Inspect volume

👉 Example: Mount a volume inside a container

docker run -d -it --name ubuntu \
  --mount source=ak,destination=/var/app/data ubuntu /bin/bash

🔹 Volume Drivers

local → Store files on host machine
NFS → Remote storage
type=tmpfs → Store in RAM
type=none → Bind mount

👉 Example: Create tmpfs volume

docker volume create --driver local \
  -o type=tmpfs -o device=tmpfs myvol

🌐 Docker Networking

Containers need networking to talk to each other or the outside world.

🔹 Types of Networks

None → No network assigned.
Host → Shares host machine’s IP.
Bridge (default) → Creates a private network with unique container IPs.

🔹 Network Commands

docker network ls                # List networks
docker network create mynet      # Create new network
docker network inspect mynet     # Inspect network
docker network prune             # Delete unused networks

👉 Example: Create a custom bridge network

docker network create --driver bridge \
  --subnet 192.168.50.1/24 \
  --ip-range 192.168.50.128/25 \
  --gateway 192.168.50.1 mynet

👉 Assign manual IP to a container

docker run -d --network mynet --ip 192.168.50.50 httpd

📖 Dockerfile – The Recipe of Docker

A Dockerfile is like a recipe card 🍰.
Each line is an instruction, read top to bottom, that builds your image step by step.

👉 Fun fact: Dockerfile is case-sensitive → FROM ✅ but from ❌.

✅ Example analogy: Baking a cake 🧁

Recipe: Take flour, add sugar, bake
Dockerfile: FROM Ubuntu, RUN apt-get update, COPY code, CMD run app

🛠️ Dockerfile Instructions (with Examples)

📌 Essential Instructions

FROM → Base image

FROM ubuntu:latest

LABEL → Add metadata

LABEL version="1.0"

ENV → Environment variable

ENV owner="shan"

VOLUME → Persistent storage

VOLUME ["/data"]

WORKDIR → Set working directory

WORKDIR /lak

COPY → Copy files from host → image

COPY AStc /lak

ADD → Like COPY, but can unzip/download

ADD dumptar /lak

RUN → Run commands while building

RUN apt update && useradd -ms /bin/bash shan

USER → Change user

USER shan

EXPOSE → Open port

EXPOSE 8080

CMD → Default command (only one allowed)

CMD ["ping", "8.8.8.8"]

ENTRYPOINT → Make container behave like an executable

ENTRYPOINT ["ping"]

🎭 Foreground vs Background in Containers

Foreground process = Main task (must keep running).
Background process = Helper tasks.

👉 If no foreground process exists, the container stops immediately.

✅ Example:

Apache server running = foreground
Logging system = background

🏷️ Docker Tags

Tags = version labels for images.

docker tag <container_id> username/app:v1

👉 Like: Essay_v1.docx, Essay_v2.docx

Fact: If no tag → Docker uses latest.

📤 Building & Pushing Docker Images

🔹 Build Image

docker build -t username/app:1.0 .

🔹 Push to Docker Hub

docker push username/app:1.0

👉 Just like saving your project locally (build) and then uploading it to Google Drive (push).

✅ Quick Recap

Volumes keep your data safe.
Networking connects your containers.
Dockerfile = Recipe card 📝
Instructions like FROM, RUN, COPY, CMD, ENTRYPOINT are must-know.
Containers need a foreground process to stay alive.
Tags = versions, and pushing = sharing your app with the world 🌍.

🐳 Docker Swarm – Container Orchestration Made Simple

Running a single container is easy. Running hundreds across multiple servers? That’s chaos… unless you use orchestration.

👉 Enter Docker Swarm: Docker’s native orchestration tool that makes managing containers across multiple hosts simple, scalable, and reliable.

⚡ 1. What is Docker Swarm?

Definition: A clustering and orchestration tool built into Docker.
Purpose: Ensures high availability, load balancing, and scaling.
Why: Real-world apps need many containers across many servers → orchestration makes this manageable.

✅ Fun fact: Kubernetes is the industry leader, but Docker Swarm is simpler to set up and works out of the box with Docker.

👉 Analogy:

One pizza shop = One Docker host 🍕
Many shops across the city = Swarm cluster 🏙️
Manager decides which shop handles orders = Swarm Manager assigns containers to nodes.

🧩 2. Key Concepts in Docker Swarm

Swarm Mode → Special mode that enables clustering.
Swarm Manager → Brain of the cluster (handles scheduling, scaling, service mgmt).
Swarm Nodes → Machines in the cluster (Manager or Worker).
- Manager node = controls cluster
- Worker node = runs containers

👉 Only one leader manager exists at a time (others are backups).

🚀 3. Setting Up a Swarm

On Manager Node

docker swarm init --advertise-addr <IP>

On Worker Nodes

docker swarm join --token <token> <manager-ip>:2377

Verify Nodes

docker node ls

🛠️ 4. Services in Docker Swarm

A Service is Swarm’s way of managing containers. Instead of “just run this container,” you say:
👉 “Run 3 copies of this app across the cluster.” Swarm makes it happen ✅.

docker service create --replicas 2 -p 80:80 --name myweb nginx

Runs 2 replicas of Nginx web server on port 80.

Check services:

docker service ls
docker service ps myweb

📦 5. Service Modes

Replicated Mode → You choose how many replicas.
Global Mode → Runs one container on every node.

👉 Example:

Replicated → Run 5 replicas of Nginx across 3 nodes.
Global → Run monitoring agents (like Prometheus) everywhere.

📈 6. Scaling Services

Scale up/down instantly:

docker service scale myweb=5   # scale up
docker service scale myweb=2   # scale down

Swarm will redistribute replicas automatically.

🔄 7. Service Updates & Rollbacks

Update app version:

docker service update --image nginx:1.25 myweb

Rollback if things break:

docker service rollback myweb

👉 Just like deploying v2.5, and rolling back to v2.1 if users complain 🚨.

🧑‍💻 8. Node Management

Promote worker → manager

docker node promote worker2

Demote manager → worker

docker node demote manager2

Drain node (move workloads away)

docker node update --availability drain worker2

Pause node (keep current workloads, stop new ones)

docker node update --availability pause worker2

👉 Example:

Drain = closing a shop, orders shift to others.
Pause = shop still runs, but no new orders.

🌐 9. Networks in Swarm

When Swarm starts, it creates an ingress overlay network by default.
This lets containers across different nodes talk securely.

👉 Example:
Two replicas of a web app running on Node1 & Node2 → both accessible under the same service name.

📝 10. Useful Commands Summary

Command	Purpose
`docker swarm init`	Initialize swarm
`docker swarm leave`	Leave swarm
`docker node ls`	List nodes
`docker node promote <node>`	Promote worker → manager
`docker node demote <node>`	Demote manager → worker
`docker node rm <node>`	Remove node
`docker node update --availability drain <node>`	Drain containers from node
`docker service create ...`	Create new service
`docker service ls`	List services
`docker service ps <service>`	Show service tasks
`docker service scale <service>=<n>`	Scale replicas
`docker service update --image <image>`	Update service image
`docker service rollback <service>`	Rollback service

✅ Final Recap

Docker Swarm = Cluster & orchestration tool.
Manager nodes control, workers run containers.
Services = higher-level objects (can have replicas).
Modes: Replicated vs Global.
Scaling = instant with docker service scale.
Updates & Rollbacks = safe deployments.
Node Management = promote, demote, drain, pause.
Networking = ingress overlay ensures secure communication.

👉 With Docker Swarm, you can manage hundreds of containers like a pro — no manual chaos, just smooth orchestration 🐳✨.

📖 Docker — CPU, Memory & Security

1. Why Set CPU & Memory Limits?

Definition:
Docker allows you to reserve and limit CPU & memory per container.
- Reservation = soft guarantee (minimum resources).
- Limit = hard cap (maximum usage).
Why it matters:
- Prevents one container from hogging all host resources.
- Ensures stable performance in multi-container environments.
- Protects against crashes if an app goes out of control.

✅ Fact: Without limits, a single buggy container can bring down the whole server.

2. Units & Key Facts

CPU units in Docker:
- --cpus="0.5" → 50% of 1 CPU core.
- --cpu-shares → relative weight (default = 1024).
- --cpu-period & --cpu-quota → fine-grained control.
CPU units in Kubernetes:
- 100m = 0.1 CPU (10% of 1 core).
- 1000m = 1 CPU.
Memory units:
- 256m = 256 MB
- 1g = 1 GB

✅ Rule of thumb: Don’t allocate 100% of host resources. Keep ~20–30% for the OS.

3. Examples of CPU & Memory Settings

Memory Reservation + Limit

docker run -d --name web1 \
  --memory-reservation=256m --memory=512m httpd

256 MB reserved (soft).
512 MB hard cap — container killed if exceeded.

CPU Limit (Simple)

docker run -d --name web2 --cpus="0.5" httpd

👉 Max 50% of one CPU core.

CPU Shares (Relative Priority)

docker run -d --cpu-shares=512 --name web3 httpd

👉 Gets 50% weight compared to default 1024.

CPU Quota/Period (Advanced)

docker run -d --cpu-period=100000 --cpu-quota=50000 httpd

👉 50% of CPU (50,000 ÷ 100,000).

Memory + Swap Control

docker run -d --memory=512m --memory-swap=512m httpd

👉 No swap allowed (only 512 MB RAM).

4. Practical Planning (Worked Example)

Host: 4 CPUs, 8 GB RAM.

Reserve ~30% for OS → usable = 2.8 CPUs, 5.6 GB RAM.
For 4 containers:
- --cpus=0.5 each → 2 CPUs total.
- --memory=1g each → 4 GB total.
Leaves headroom for spikes.

✅ Use docker stats to monitor and adjust.

5. Observability Commands

docker stats → Live CPU, memory, I/O per container.
docker inspect <container> → Shows configured limits.
Host tools: top, htop, free -m.

6. Security Considerations

Why important: Even with limits, a compromised container could:
- Attack other containers.
- Escalate to host system.
Best practices:
- Run as non-root (--user).
- Use minimal base images (e.g., alpine).
- Apply AppArmor/SELinux profiles.
- Keep images updated & signed.
- Restrict network/volume access.

✅ Example: Running Nginx as non-root prevents attackers from gaining full system privileges if the container is hacked.

✅ Final Summary

CPU & Memory limits protect host stability.
Reservation vs Limit = soft guarantee vs hard cap.
Docker units: --cpus, --memory, etc.
Kubernetes units: m (millicores) for CPU.
Always leave buffer for the OS.
Use security hardening (non-root, minimal images, profiles).

📖 Docker Security – Best Practices

1. Definition

Docker security = practices that reduce attack surface and protect containers, hosts, and data.
Covers image hygiene, runtime restrictions, network control, and host hardening.

2. Key Security Practices (with Examples)

Use lightweight base images

Smaller = fewer packages = fewer vulnerabilities.
Example:
```
 FROM alpine:3.18
```

Run as non-root user

   RUN adduser -D appuser
   USER appuser

Keep images updated

Regularly rebuild and pull patched versions.

Use multi-stage builds

Builder stage has compilers/tools.
Final stage contains only the app binary → smaller & safer.

Drop privileges at runtime

   docker run --security-opt=no-new-privileges --cap-drop=ALL ...

Limit CPU & memory (DoS protection)

   docker run -d --memory=512m --cpus="0.5" nginx

Use Docker Secrets (Swarm mode)

Store DB passwords, API keys securely (not in env).

Network hygiene

Expose only needed ports.
Use user-defined networks for isolation.

Host hardening

Enable SELinux/AppArmor.
Keep Docker & kernel patched.

Scan & rebuild images regularly

Tools: trivy, clair.

Keep containers minimal

One process per container.
Avoid running SSHd inside.

3. Practical Secure Run Example

docker run -d --name safe-app \
  --memory=512m --cpus="0.5" \
  --security-opt=no-new-privileges \
  --cap-drop=ALL \
  --read-only \
  --tmpfs /tmp:rw,size=64m \
  myuser/app:1.0

✅ Non-root, read-only FS, no extra capabilities, tmpfs for writes.

📖 Docker Command Reference

🔹 1. System & Info

docker --version        # Show version
docker info             # Host + engine info
docker ps               # List running containers
docker ps -a            # List all containers
docker inspect <ctr>    # Detailed info
docker stats            # Live CPU, memory usage
docker top <ctr>        # Show processes in container

🔹 2. Running & Managing Containers

docker run -it --name mybox alpine /bin/sh    # Interactive
docker run -d --name web -p 8080:80 httpd     # Detached mode
docker create --name test httpd               # Create only
docker start/stop/restart <ctr>               # Manage lifecycle
docker pause/unpause <ctr>                    # Freeze/unfreeze

🔹 3. Logs & Monitoring

docker logs <ctr>                # Show logs
docker logs -f --tail 100 <ctr>  # Follow logs

🔹 4. Copy & Rename

docker cp <ctr>:/path/in/ctr /path/on/host
docker rename old_name new_name

🔹 5. Resource Controls

docker run -d --memory=512m httpd
docker run -d --cpus="1.5" --memory=512m httpd
docker update --cpus=1.5 --memory=512m <ctr>

🔹 6. Remove Containers & Images

docker rm <ctr>              # Remove container
docker rmi <image>           # Remove image
docker system prune -a       # Remove unused

🔹 7. Import / Export

docker export <ctr> > ctr.tar
docker import ctr.tar myimg:latest
docker save -o img.tar myimg
docker load -i img.tar

🔹 8. Images

docker images                        # List
docker image history httpd           # Layers
docker image inspect httpd           # Metadata
docker pull httpd:latest             # Download
docker tag httpd:latest myrepo/httpd # Retag
docker push myrepo/httpd             # Push
docker search nginx                  # Search Hub

🔹 9. Volumes

docker volume ls
docker volume create myvol
docker volume rm myvol
docker volume prune
docker run -d -v myvol:/data httpd
docker run -d --mount type=bind,source=/host,target=/ctr alpine
docker run -d --mount type=tmpfs,destination=/app,tmpfs-size=70m alpine

🔹 10. Networks

docker network ls
docker network create mybridge
docker network create --driver overlay myoverlay   # Swarm only
docker network connect mybridge <ctr>
docker network disconnect mybridge <ctr>
docker run -d --name web --network mybridge nginx
docker run -d --network none nginx   # Isolated
docker network rm mybridge

📱✨ Host a Live Website from Your Android Phone Using Termux + Cloudflare Tunnel

Shanmugananthan A K — Wed, 23 Jul 2025 05:09:15 +0000

A Step-by-Step Guide for Beginners (No Root Needed!)

🌟 What You’ll Learn

In this tutorial, you’ll learn how to:

Turn your Android phone into a mini web server using Termux
Serve a simple HTML website
Make your site accessible publicly over the internet (with HTTPS!)
Use Cloudflare Tunnel with your custom domain
All of this — without root access, and just using your mobile device!

🧰 Requirements

📱 Android Phone = Any modern device (no root required)
📲 Termux App Install = from F-Droid (recommended)
🌐 Internet Access = WiFi or Mobile Data
🔐 Cloudflare Account = Free plan is enough
🌍 A Domain Name = Optional, but recommended

🏗️ Step-by-Step Instructions

Let’s walk through the entire setup with real commands. 🔧

🟢 1. Install Termux & Update Packages
pkg update && pkg upgrade

This updates Termux and its tools to the latest versions.

🌩️ 2. Install Cloudflared (Cloudflare Tunnel CLI)
pkg install cloudflared

Cloudflared allows you to create a secure tunnel to your local web server.

🗂️ 3. Create a Simple Website
mkdir ~/mysite cd ~/mysite echo '<h1>Welcome to Termux Site</h1>' > index.html

This creates a simple HTML page with a welcome message.

🌐 4. Start a Local Web Server
cd ~/mysite python -m http.server 8000 This starts a local server at http://localhost:8000.

📍 You can test it by visiting http://localhost:8000 in Termux’s browser or with curl.

🌍 5. Make Your Site Public with Cloudflare Tunnel
cloudflared tunnel --url http://localhost:8000

This will create a public link like:

https://some-random-string.trycloudflare.com

✅ Now your site is live on the internet! Share the link!

💡 Optional: Keep Server & Tunnel Running in Background

nohup python -m http.server 8000 > python.log 2>&1 & nohup cloudflared tunnel --url http://localhost:8000 > tunnel.log 2>&1 &

This keeps the server and tunnel running even if you close Termux.

🌐 Bonus: Use Your Own Domain with Cloudflare

🔐 6. Login to Cloudflare
cloudflared login

This opens a URL to authenticate with Cloudflare. Open it in your phone browser and follow the instructions.

🔧 7. Create a Named Tunnel
cloudflared tunnel create app.shanmugananthan

This creates a persistent tunnel named app.shanmugananthan.

🛠️ 8. Configure Tunnel
mkdir -p ~/.cloudflared nano ~/.cloudflared/config.yml

Paste the following into the file:
`tunnel: app.shanmugananthan
credentials-file: /data/data/com.termux/files/home/.cloudflared/app.shanmugananthan.json

ingress:

hostname: app.shanmugananthan.com service: http://localhost:8000
service: http_status:404`

Press CTRL + O → Enter to save, and CTRL + X to exit.

Route Domain to Tunnel cloudflared tunnel route dns app.shanmugananthan app.shanmugananthan.com

This tells Cloudflare to route requests to your domain through the tunnel.

🚀 10. Run the Tunnel
cloudflared tunnel run app.shanmugananthan

Or, run it in the background:
nohup cloudflared tunnel run app.shanmugananthan > tunnel.log 2>&1 &

Now your site is live on your own custom domain (with free HTTPS via Cloudflare)!

🔁 Recap of Commands
`pkg update && pkg upgrade
pkg install cloudflared
mkdir ~/mysite && cd ~/mysite
echo '

Welcome to Termux Site

' > index.html
python -m http.server 8000
cloudflared tunnel --url http://localhost:8000

Background:

nohup python -m http.server 8000 > python.log 2>&1 &
nohup cloudflared tunnel --url http://localhost:8000 > tunnel.log 2>&1 &
`

For custom domain setup:
cloudflared login cloudflared tunnel create <tunnel-name> nano ~/.cloudflared/config.yml cloudflared tunnel route dns <tunnel-name> <your-domain.com> cloudflared tunnel run <tunnel-name>

✅ Final Output

Your site is now:

✅ Live
🔒 Secured with HTTPS
🌐 Accessible globally
🧠 Hosted entirely from your Android phone!

💬 FAQs

Q: Can I use this for dynamic websites?
Yes, you can use frameworks like Flask, Node.js, or PHP with a bit more setup.

Q: Will it stay online 24/7?
As long as Termux and your phone stay awake. You can use apps like Termux:Boot and battery settings to keep it alive longer.

Q: Is it free?
Yes! Everything used — Termux, Python server, and Cloudflare Tunnel — is 100% free.

✨ Conclusion

You just turned your Android phone into a live web server, accessible worldwide via Cloudflare Tunnel, using only Termux — no root, no paid hosting, and HTTPS included. 💥

This approach is perfect for:

⚡ Quick project demos
🧪 Learning web hosting basics
🛠️ Emergency backup sites
🌐 Personal landing pages
If this helped you, feel free to connect or follow me for more tutorials and self-hosted tech setups:

🔗 Let’s Connect

💼 LinkedIn
📸 Instagram
🐙 GitHub
▶️ YouTube

DEV Community: Shanmugananthan A K

🚀 Getting Started with Nagios Core: Monitoring Made Simple

🔎 What is Nagios?

⚙️ Nagios Architecture

🔄 How Nagios Works

📬 Active vs Passive Checks

📦 Nagios Directory Structure

🖥️ Real-Time Example: Monitoring an HTTP Service

🔧 Extend with Custom Plugins

🎯 Why Nagios?

📂 Key Configuration Files in /etc/nagios

🔹 Important Nagios Config Files

⚙️ How Nagios Works

🔹 Common Nagios Commands

🔹 Example: Monitoring a Web Server

🔹 Step-by-Step Guide: Monitoring a Remote Host with NRPE in Nagios

Step 1: Configure NRPE on the Slave Host

Step 2: Verify Connection from the Master

Step 3: Define the Slave Host in Nagios

Step 4: Define Services (The Actual Checks)

🔹 How it works

Step 5: Include the New Host Config and Restart Nagios

🔹 How to Configure Email Notifications in Nagios Core

Step 1: Ensure the Nagios Server Can Send Mail

Step 2: Define the Contact in contacts.cfg

Step 3: Define or Update the Contact Group

Step 4: Apply the Contact / Contact Group to Hosts or Services

Step 5: Verify and Restart Nagios

Docker – Complete Learning Guide 🐳

🚀 Docker Explained Simply (With Real-Life Examples)

⚙️ Docker Architecture

🖥️ 1. Docker Client

⚡ 2. Docker Daemon

🔗 Communication

🧩 Docker Components

📦 1. Docker Images

🏃 2. Docker Containers

🔥 3. Docker Engine

☁️ 4. Docker Hub

📝 5. Dockerfile

📦 Docker Registry

🔧 Common Docker Commands

🔹 Image Commands

🔹 Container Commands

🥊 Docker vs Virtual Machine

🎯 Final Thoughts

🗄️ Docker Storage & Networking (with Real-World Examples)

📂 Docker Storage – Volumes

🔹 Types of Storage

🔹 Volume Commands

🔹 Volume Drivers

🌐 Docker Networking

🔹 Types of Networks

🔹 Network Commands

📖 Dockerfile – The Recipe of Docker

🛠️ Dockerfile Instructions (with Examples)

📌 Essential Instructions

🎭 Foreground vs Background in Containers

🏷️ Docker Tags

📤 Building & Pushing Docker Images

🔹 Build Image

🔹 Push to Docker Hub

✅ Quick Recap

🐳 Docker Swarm – Container Orchestration Made Simple

⚡ 1. What is Docker Swarm?

🧩 2. Key Concepts in Docker Swarm

🚀 3. Setting Up a Swarm

On Manager Node

On Worker Nodes

Verify Nodes

🛠️ 4. Services in Docker Swarm

📦 5. Service Modes

📈 6. Scaling Services

🔄 7. Service Updates & Rollbacks

🧑‍💻 8. Node Management

🌐 9. Networks in Swarm

📝 10. Useful Commands Summary

✅ Final Recap

📖 Docker — CPU, Memory & Security

1. Why Set CPU & Memory Limits?

📂 Key Configuration Files in `/etc/nagios`

Step 2: Define the Contact in `contacts.cfg`