The latest articles on DEV Community by Yash (@yash_step2dev). https://dev.to/yash_step2dev https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3794083%2Fbb7174f5-3e2b-496b-ba7f-fd8bdec78c79.png https://dev.to/yash_step2dev en Yash Fri, 03 Apr 2026 07:37:45 +0000 https://dev.to/yash_step2dev/how-to-run-a-nodejs-app-in-production-with-pm2-complete-guide-i5i https://dev.to/yash_step2dev/how-to-run-a-nodejs-app-in-production-with-pm2-complete-guide-i5i <h1> How to Run a Node.js App in Production with PM2 (Complete Guide) </h1> <p>Most Node.js tutorials end at <code>node server.js</code>. That's fine for development. In production, you need process management: auto-restart, logging, monitoring, and zero-downtime deploys.</p> <p>PM2 handles all of this.</p> <h2> Install PM2 </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> <span class="nt">-g</span> pm2 </code></pre> </div> <h2> Basic Usage </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Start your app</span> pm2 start server.js <span class="nt">--name</span> my-app <span class="c"># Start with specific Node version</span> pm2 start server.js <span class="nt">--name</span> my-app <span class="nt">--interpreter</span> /usr/bin/node <span class="c"># List running processes</span> pm2 list <span class="c"># Monitor live</span> pm2 monit <span class="c"># View logs</span> pm2 logs my-app pm2 logs my-app <span class="nt">--lines</span> 100 <span class="c"># Restart / reload (reload = zero downtime)</span> pm2 restart my-app pm2 reload my-app <span class="c"># Stop / delete</span> pm2 stop my-app pm2 delete my-app </code></pre> </div> <h2> The ecosystem.config.js (Use This Always) </h2> <p>Running PM2 from the command line works, but an ecosystem config is more powerful and reproducible:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// ecosystem.config.js</span> <span class="nx">module</span><span class="p">.</span><span class="nx">exports</span> <span class="o">=</span> <span class="p">{</span> <span class="na">apps</span><span class="p">:</span> <span class="p">[{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">api</span><span class="dl">'</span><span class="p">,</span> <span class="na">script</span><span class="p">:</span> <span class="dl">'</span><span class="s1">./src/server.js</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// Process management</span> <span class="na">instances</span><span class="p">:</span> <span class="dl">'</span><span class="s1">max</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// One per CPU core (cluster mode)</span> <span class="na">exec_mode</span><span class="p">:</span> <span class="dl">'</span><span class="s1">cluster</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// Enable load balancing</span> <span class="c1">// Memory management</span> <span class="na">max_memory_restart</span><span class="p">:</span> <span class="dl">'</span><span class="s1">512M</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// Restart if memory exceeds 512MB</span> <span class="c1">// Crash recovery</span> <span class="na">min_uptime</span><span class="p">:</span> <span class="dl">'</span><span class="s1">30s</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// Must stay up 30s to be considered healthy</span> <span class="na">max_restarts</span><span class="p">:</span> <span class="mi">10</span><span class="p">,</span> <span class="c1">// Max restarts before giving up</span> <span class="na">restart_delay</span><span class="p">:</span> <span class="mi">4000</span><span class="p">,</span> <span class="c1">// Wait 4s between restarts</span> <span class="c1">// Zero-downtime deploys</span> <span class="na">wait_ready</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="c1">// Wait for process.send('ready')</span> <span class="na">listen_timeout</span><span class="p">:</span> <span class="mi">10000</span><span class="p">,</span> <span class="c1">// 10s to emit ready signal</span> <span class="na">kill_timeout</span><span class="p">:</span> <span class="mi">5000</span><span class="p">,</span> <span class="c1">// 5s to gracefully shut down</span> <span class="c1">// Logging</span> <span class="na">log_file</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/var/log/pm2/api.log</span><span class="dl">'</span><span class="p">,</span> <span class="na">out_file</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/var/log/pm2/api-out.log</span><span class="dl">'</span><span class="p">,</span> <span class="na">error_file</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/var/log/pm2/api-error.log</span><span class="dl">'</span><span class="p">,</span> <span class="na">log_date_format</span><span class="p">:</span> <span class="dl">'</span><span class="s1">YYYY-MM-DD HH:mm:ss</span><span class="dl">'</span><span class="p">,</span> <span class="na">merge_logs</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="c1">// Environment</span> <span class="na">env</span><span class="p">:</span> <span class="p">{</span> <span class="na">NODE_ENV</span><span class="p">:</span> <span class="dl">'</span><span class="s1">development</span><span class="dl">'</span><span class="p">,</span> <span class="na">PORT</span><span class="p">:</span> <span class="mi">3000</span> <span class="p">},</span> <span class="na">env_production</span><span class="p">:</span> <span class="p">{</span> <span class="na">NODE_ENV</span><span class="p">:</span> <span class="dl">'</span><span class="s1">production</span><span class="dl">'</span><span class="p">,</span> <span class="na">PORT</span><span class="p">:</span> <span class="mi">3000</span> <span class="p">}</span> <span class="p">}]</span> <span class="p">};</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Start with production env</span> pm2 start ecosystem.config.js <span class="nt">--env</span> production <span class="c"># Reload zero-downtime</span> pm2 reload ecosystem.config.js <span class="nt">--env</span> production </code></pre> </div> <h2> Survive Server Reboots </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Generate startup script (run as root or with sudo)</span> pm2 startup <span class="c"># Follow the output — it gives you a command to run</span> <span class="c"># Example output:</span> <span class="c"># [PM2] To setup the Startup Script, copy/paste the following command:</span> <span class="c"># sudo env PATH=$PATH:/usr/bin /usr/lib/node_modules/pm2/bin/pm2 startup systemd -u ubuntu --hp /home/ubuntu</span> <span class="c"># Save current process list</span> pm2 save <span class="c"># Verify it will restart</span> <span class="nb">sudo </span>systemctl status pm2-ubuntu <span class="c"># (or your username)</span> </code></pre> </div> <h2> Useful PM2 Commands </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Real-time dashboard</span> pm2 monit <span class="c"># Show detailed process info</span> pm2 describe my-app <span class="c"># Flush logs</span> pm2 flush my-app <span class="c"># Rotate logs (set up log rotation)</span> pm2 <span class="nb">install </span>pm2-logrotate pm2 <span class="nb">set </span>pm2-logrotate:max_size 50M pm2 <span class="nb">set </span>pm2-logrotate:retain 7 <span class="c"># Reset restart count</span> pm2 reset my-app <span class="c"># Scale up/down instances</span> pm2 scale my-app 4 <span class="c"># Set to 4 instances</span> pm2 scale my-app +2 <span class="c"># Add 2 more instances</span> </code></pre> </div> <h2> Graceful Shutdown in Your App </h2> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// server.js</span> <span class="kd">const</span> <span class="nx">server</span> <span class="o">=</span> <span class="nx">app</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="nx">PORT</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">send</span><span class="p">)</span> <span class="nx">process</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">ready</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Signal PM2 we're ready</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">shutdown</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">server</span><span class="p">.</span><span class="nf">close</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Close DB connections, etc.</span> <span class="nx">process</span><span class="p">.</span><span class="nf">exit</span><span class="p">(</span><span class="mi">0</span><span class="p">);</span> <span class="p">});</span> <span class="c1">// Force exit if graceful shutdown takes too long</span> <span class="nf">setTimeout</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="nx">process</span><span class="p">.</span><span class="nf">exit</span><span class="p">(</span><span class="mi">1</span><span class="p">),</span> <span class="mi">5000</span><span class="p">);</span> <span class="p">};</span> <span class="nx">process</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">SIGTERM</span><span class="dl">'</span><span class="p">,</span> <span class="nx">shutdown</span><span class="p">);</span> <span class="nx">process</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">SIGINT</span><span class="dl">'</span><span class="p">,</span> <span class="nx">shutdown</span><span class="p">);</span> </code></pre> </div> <p>I built ARIA to solve exactly this.<br> Try it free at step2dev.com — no credit card needed.</p> node devops pm2 production Yash Thu, 02 Apr 2026 17:00:24 +0000 https://dev.to/yash_step2dev/how-to-set-up-log-aggregation-for-multiple-servers-elk-stack-basics-1k64 https://dev.to/yash_step2dev/how-to-set-up-log-aggregation-for-multiple-servers-elk-stack-basics-1k64 <h1> How to Set Up Log Aggregation for Multiple Servers (ELK Stack Basics) </h1> <p>When you have one server, <code>tail -f /var/log/app.log</code> works fine. When you have three servers and something goes wrong, you need to search logs across all of them simultaneously.</p> <p>That's what log aggregation solves.</p> <h2> The Lightweight Alternative First: Loki + Grafana </h2> <p>Before we go full ELK, consider Loki — it's significantly lighter and integrates with Grafana (which you may already have from monitoring):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># docker-compose.yml for Loki stack</span> <span class="na">version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">3.8'</span> <span class="na">services</span><span class="pi">:</span> <span class="na">loki</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">grafana/loki:2.9.0</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">3100:3100"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">loki-data:/loki</span> <span class="na">promtail</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">grafana/promtail:2.9.0</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">/var/log:/var/log:ro</span> <span class="pi">-</span> <span class="s">./promtail-config.yml:/etc/promtail/config.yml</span> <span class="na">command</span><span class="pi">:</span> <span class="s">-config.file=/etc/promtail/config.yml</span> <span class="na">grafana</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">grafana/grafana:latest</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">3000:3000"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="na">loki-data</span><span class="pi">:</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># promtail-config.yml</span> <span class="na">server</span><span class="pi">:</span> <span class="na">http_listen_port</span><span class="pi">:</span> <span class="m">9080</span> <span class="na">positions</span><span class="pi">:</span> <span class="na">filename</span><span class="pi">:</span> <span class="s">/tmp/positions.yaml</span> <span class="na">clients</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">url</span><span class="pi">:</span> <span class="s">http://loki:3100/loki/api/v1/push</span> <span class="na">scrape_configs</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">job_name</span><span class="pi">:</span> <span class="s">system</span> <span class="na">static_configs</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">targets</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">localhost</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">job</span><span class="pi">:</span> <span class="s">varlogs</span> <span class="na">host</span><span class="pi">:</span> <span class="s">server-1</span> <span class="na">__path__</span><span class="pi">:</span> <span class="s">/var/log/*.log</span> <span class="pi">-</span> <span class="na">job_name</span><span class="pi">:</span> <span class="s">app</span> <span class="na">static_configs</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">targets</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">localhost</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">job</span><span class="pi">:</span> <span class="s">app</span> <span class="na">host</span><span class="pi">:</span> <span class="s">server-1</span> <span class="na">__path__</span><span class="pi">:</span> <span class="s">/var/log/myapp/*.log</span> </code></pre> </div> <h2> ELK Stack Setup (More Powerful) </h2> <p>ELK = Elasticsearch + Logstash + Kibana</p> <h3> Install with Docker Compose </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">3.8'</span> <span class="na">services</span><span class="pi">:</span> <span class="na">elasticsearch</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">docker.elastic.co/elasticsearch/elasticsearch:8.12.0</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">discovery.type=single-node</span> <span class="pi">-</span> <span class="s">xpack.security.enabled=false</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">ES_JAVA_OPTS=-Xms512m</span><span class="nv"> </span><span class="s">-Xmx512m"</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">9200:9200"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">esdata:/usr/share/elasticsearch/data</span> <span class="na">logstash</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">docker.elastic.co/logstash/logstash:8.12.0</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./logstash.conf:/usr/share/logstash/pipeline/logstash.conf</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">5044:5044"</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">elasticsearch</span> <span class="na">kibana</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">docker.elastic.co/kibana/kibana:8.12.0</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">5601:5601"</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">ELASTICSEARCH_HOSTS=http://elasticsearch:9200</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">elasticsearch</span> <span class="na">volumes</span><span class="pi">:</span> <span class="na">esdata</span><span class="pi">:</span> </code></pre> </div> <h3> Logstash Pipeline Config </h3> <div class="highlight js-code-highlight"> <pre class="highlight conf"><code><span class="c"># logstash.conf </span><span class="n">input</span> { <span class="n">beats</span> { <span class="n">port</span> =&gt; <span class="m">5044</span> } } <span class="n">filter</span> { <span class="n">if</span> [<span class="n">fields</span>][<span class="n">app</span>] == <span class="s2">"nodejs"</span> { <span class="n">json</span> { <span class="n">source</span> =&gt; <span class="s2">"message"</span> } <span class="n">date</span> { <span class="n">match</span> =&gt; [<span class="s2">"timestamp"</span>, <span class="s2">"ISO8601"</span>] } } <span class="n">grok</span> { <span class="n">match</span> =&gt; { <span class="s2">"message"</span> =&gt; <span class="s2">"%{COMBINEDAPACHELOG}"</span> } } } <span class="n">output</span> { <span class="n">elasticsearch</span> { <span class="n">hosts</span> =&gt; [<span class="s2">"elasticsearch:9200"</span>] <span class="n">index</span> =&gt; <span class="s2">"logs-%{+YYYY.MM.dd}"</span> } } </code></pre> </div> <h3> Install Filebeat on Each Server </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Install on each server you want to collect logs from</span> curl <span class="nt">-L</span> <span class="nt">-O</span> https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-8.12.0-amd64.deb <span class="nb">sudo </span>dpkg <span class="nt">-i</span> filebeat-8.12.0-amd64.deb <span class="nb">sudo </span>nano /etc/filebeat/filebeat.yml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">filebeat.inputs</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">type</span><span class="pi">:</span> <span class="s">log</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">paths</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">/var/log/myapp/*.log</span> <span class="na">fields</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">nodejs</span> <span class="na">server</span><span class="pi">:</span> <span class="s">production-1</span> <span class="na">output.logstash</span><span class="pi">:</span> <span class="na">hosts</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">your-elk-server:5044"</span><span class="pi">]</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl <span class="nb">enable </span>filebeat <span class="nb">sudo </span>systemctl start filebeat </code></pre> </div> <h2> What to Search for in Kibana </h2> <p>Once data is flowing, useful queries:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># All errors in last hour level:error # Errors from specific server level:error AND server:production-1 # 5xx responses response:&gt;499 # Slow requests (&gt;1000ms) duration:&gt;1000 </code></pre> </div> <p>I built ARIA to solve exactly this.<br> Try it free at step2dev.com — no credit card needed.</p> devops logging elk linux Yash Thu, 02 Apr 2026 08:22:24 +0000 https://dev.to/yash_step2dev/how-to-set-up-a-reverse-proxy-with-nginx-for-multiple-apps-on-one-server-36ji https://dev.to/yash_step2dev/how-to-set-up-a-reverse-proxy-with-nginx-for-multiple-apps-on-one-server-36ji <h1> How to Set Up a Reverse Proxy with nginx for Multiple Apps on One Server </h1> <p>Running multiple apps on a single $5/month VPS? nginx can route traffic to each one based on the domain name.</p> <p>Here's the complete setup.</p> <h2> The Architecture </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Internet ↓ nginx (port 80/443) ├── app1.yourdomain.com → localhost:3001 ├── app2.yourdomain.com → localhost:3002 └── api.yourdomain.com → localhost:8080 </code></pre> </div> <p>Each app runs on a different local port. nginx routes incoming requests to the right one.</p> <h2> Step 1: Install nginx </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt update <span class="o">&amp;&amp;</span> <span class="nb">sudo </span>apt <span class="nb">install </span>nginx <span class="nt">-y</span> <span class="nb">sudo </span>systemctl <span class="nb">enable </span>nginx <span class="nb">sudo </span>systemctl start nginx </code></pre> </div> <h2> Step 2: Create Server Blocks </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Create config for each app</span> <span class="nb">sudo </span>nano /etc/nginx/sites-available/app1.yourdomain.com </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight nginx"><code><span class="k">server</span> <span class="p">{</span> <span class="kn">listen</span> <span class="mi">80</span><span class="p">;</span> <span class="kn">server_name</span> <span class="s">app1.yourdomain.com</span><span class="p">;</span> <span class="kn">location</span> <span class="n">/</span> <span class="p">{</span> <span class="kn">proxy_pass</span> <span class="s">http://127.0.0.1:3001</span><span class="p">;</span> <span class="kn">proxy_http_version</span> <span class="mf">1.1</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Upgrade</span> <span class="nv">$http_upgrade</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Connection</span> <span class="s">'upgrade'</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Host</span> <span class="nv">$host</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Real-IP</span> <span class="nv">$remote_addr</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-For</span> <span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-Proto</span> <span class="nv">$scheme</span><span class="p">;</span> <span class="kn">proxy_cache_bypass</span> <span class="nv">$http_upgrade</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Enable the site</span> <span class="nb">sudo ln</span> <span class="nt">-s</span> /etc/nginx/sites-available/app1.yourdomain.com /etc/nginx/sites-enabled/ <span class="c"># Repeat for app2</span> <span class="nb">sudo </span>nano /etc/nginx/sites-available/app2.yourdomain.com <span class="nb">sudo ln</span> <span class="nt">-s</span> /etc/nginx/sites-available/app2.yourdomain.com /etc/nginx/sites-enabled/ <span class="c"># Test config</span> <span class="nb">sudo </span>nginx <span class="nt">-t</span> <span class="c"># Reload</span> <span class="nb">sudo </span>systemctl reload nginx </code></pre> </div> <h2> Step 3: Add SSL with Certbot </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt <span class="nb">install </span>certbot python3-certbot-nginx <span class="nt">-y</span> <span class="c"># Get certs for all your domains at once</span> <span class="nb">sudo </span>certbot <span class="nt">--nginx</span> <span class="nt">-d</span> app1.yourdomain.com <span class="nt">-d</span> app2.yourdomain.com <span class="nt">-d</span> api.yourdomain.com <span class="c"># Auto-renewal</span> <span class="nb">sudo </span>systemctl <span class="nb">enable </span>certbot.timer </code></pre> </div> <p>Certbot automatically updates your nginx configs to handle HTTPS and redirect HTTP → HTTPS.</p> <h2> Step 4: Optimize the Shared nginx Config </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>nano /etc/nginx/nginx.conf </code></pre> </div> <p>Add inside the <code>http {}</code> block:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight nginx"><code><span class="c1"># Gzip compression (applies to all sites)</span> <span class="k">gzip</span> <span class="no">on</span><span class="p">;</span> <span class="k">gzip_vary</span> <span class="no">on</span><span class="p">;</span> <span class="k">gzip_min_length</span> <span class="mi">1024</span><span class="p">;</span> <span class="k">gzip_types</span> <span class="nc">text/plain</span> <span class="nc">text/css</span> <span class="nc">text/xml</span> <span class="nc">application/json</span> <span class="nc">application/javascript</span> <span class="nc">application/xml</span><span class="s">+rss</span><span class="p">;</span> <span class="c1"># Rate limiting zone (use in server blocks)</span> <span class="k">limit_req_zone</span> <span class="nv">$binary_remote_addr</span> <span class="s">zone=api:10m</span> <span class="s">rate=10r/s</span><span class="p">;</span> <span class="c1"># Security headers (apply to all)</span> <span class="k">add_header</span> <span class="s">X-Frame-Options</span> <span class="s">DENY</span> <span class="s">always</span><span class="p">;</span> <span class="k">add_header</span> <span class="s">X-Content-Type-Options</span> <span class="s">nosniff</span> <span class="s">always</span><span class="p">;</span> <span class="c1"># Logging</span> <span class="k">access_log</span> <span class="n">/var/log/nginx/access.log</span><span class="p">;</span> <span class="k">error_log</span> <span class="n">/var/log/nginx/error.log</span> <span class="s">warn</span><span class="p">;</span> </code></pre> </div> <h2> Step 5: Handle WebSockets (if needed) </h2> <div class="highlight js-code-highlight"> <pre class="highlight nginx"><code><span class="k">location</span> <span class="n">/socket.io/</span> <span class="p">{</span> <span class="kn">proxy_pass</span> <span class="s">http://127.0.0.1:3001</span><span class="p">;</span> <span class="kn">proxy_http_version</span> <span class="mf">1.1</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Upgrade</span> <span class="nv">$http_upgrade</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Connection</span> <span class="s">"upgrade"</span><span class="p">;</span> <span class="kn">proxy_read_timeout</span> <span class="mi">86400</span><span class="p">;</span> <span class="c1"># Keep connection alive for 24h</span> <span class="p">}</span> </code></pre> </div> <h2> Useful nginx Commands </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>nginx <span class="nt">-t</span> <span class="c"># Test config</span> <span class="nb">sudo </span>systemctl reload nginx <span class="c"># Reload without downtime</span> <span class="nb">sudo </span>systemctl restart nginx <span class="c"># Full restart</span> <span class="nb">sudo </span>nginx <span class="nt">-T</span> <span class="c"># Print full parsed config</span> <span class="nb">sudo tail</span> <span class="nt">-f</span> /var/log/nginx/error.log <span class="c"># Watch errors live</span> </code></pre> </div> <p>I built ARIA to solve exactly this.<br> Try it free at step2dev.com — no credit card needed.</p> nginx devops linux selfhosted Yash Wed, 01 Apr 2026 17:55:19 +0000 https://dev.to/yash_step2dev/terraform-basics-manage-your-infrastructure-as-code-in-30-minutes-pkj https://dev.to/yash_step2dev/terraform-basics-manage-your-infrastructure-as-code-in-30-minutes-pkj <h1> Terraform Basics: Manage Your Infrastructure as Code in 30 Minutes </h1> <p>If you're still managing servers by clicking through cloud consoles — this is for you.</p> <p>Terraform lets you define your entire infrastructure in code. Reproducible, version-controlled, reviewable.</p> <h2> Why Infrastructure as Code </h2> <p>Without IaC:</p> <ul> <li>"I'm not sure what settings I used on the production server"</li> <li>Can't recreate your setup if the server dies</li> <li>No audit trail for infrastructure changes</li> </ul> <p>With Terraform:</p> <ul> <li>Your entire infra is a git repo</li> <li>Recreate production in 10 minutes</li> <li>Review infrastructure changes like code reviews</li> </ul> <h2> Install Terraform </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Mac</span> brew tap hashicorp/tap <span class="o">&amp;&amp;</span> brew <span class="nb">install </span>hashicorp/tap/terraform <span class="c"># Ubuntu/Debian</span> wget <span class="nt">-O-</span> https://apt.releases.hashicorp.com/gpg | <span class="nb">sudo </span>gpg <span class="nt">--dearmor</span> <span class="nt">-o</span> /usr/share/keyrings/hashicorp-archive-keyring.gpg <span class="nb">echo</span> <span class="s2">"deb [arch=</span><span class="si">$(</span>dpkg <span class="nt">--print-architecture</span><span class="si">)</span><span class="s2"> signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com </span><span class="si">$(</span>lsb_release <span class="nt">-cs</span><span class="si">)</span><span class="s2"> main"</span> | <span class="nb">sudo tee</span> /etc/apt/sources.list.d/hashicorp.list <span class="nb">sudo </span>apt update <span class="o">&amp;&amp;</span> <span class="nb">sudo </span>apt <span class="nb">install </span>terraform terraform <span class="nt">--version</span> </code></pre> </div> <h2> Your First Terraform Config (DigitalOcean Droplet) </h2> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1"># main.tf</span> <span class="nx">terraform</span> <span class="p">{</span> <span class="nx">required_providers</span> <span class="p">{</span> <span class="nx">digitalocean</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"digitalocean/digitalocean"</span> <span class="nx">version</span> <span class="p">=</span> <span class="s2">"~&gt; 2.0"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">provider</span> <span class="s2">"digitalocean"</span> <span class="p">{</span> <span class="nx">token</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">do_token</span> <span class="p">}</span> <span class="nx">variable</span> <span class="s2">"do_token"</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"DigitalOcean API token"</span> <span class="nx">sensitive</span> <span class="p">=</span> <span class="kc">true</span> <span class="p">}</span> <span class="nx">resource</span> <span class="s2">"digitalocean_droplet"</span> <span class="s2">"web"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"web-server-1"</span> <span class="nx">region</span> <span class="p">=</span> <span class="s2">"nyc3"</span> <span class="nx">size</span> <span class="p">=</span> <span class="s2">"s-1vcpu-1gb"</span> <span class="nx">image</span> <span class="p">=</span> <span class="s2">"ubuntu-22-04-x64"</span> <span class="nx">ssh_keys</span> <span class="p">=</span> <span class="p">[</span><span class="nx">digitalocean_ssh_key</span><span class="p">.</span><span class="nx">default</span><span class="p">.</span><span class="nx">fingerprint</span><span class="p">]</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"web"</span><span class="p">,</span> <span class="s2">"production"</span><span class="p">]</span> <span class="p">}</span> <span class="nx">resource</span> <span class="s2">"digitalocean_ssh_key"</span> <span class="s2">"default"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"my-key"</span> <span class="nx">public_key</span> <span class="p">=</span> <span class="nx">file</span><span class="p">(</span><span class="s2">"~/.ssh/id_ed25519.pub"</span><span class="p">)</span> <span class="p">}</span> <span class="nx">output</span> <span class="s2">"droplet_ip"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">digitalocean_droplet</span><span class="p">.</span><span class="nx">web</span><span class="p">.</span><span class="nx">ipv4_address</span> <span class="p">}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Initialize (downloads provider plugins)</span> terraform init <span class="c"># Preview what will be created</span> terraform plan <span class="c"># Apply (creates the resources)</span> terraform apply <span class="c"># Destroy when done</span> terraform destroy </code></pre> </div> <h2> State Management </h2> <p>Terraform tracks what it's created in a state file. For teams, store state remotely:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">terraform</span> <span class="p">{</span> <span class="nx">backend</span> <span class="s2">"s3"</span> <span class="p">{</span> <span class="nx">bucket</span> <span class="p">=</span> <span class="s2">"my-terraform-state"</span> <span class="nx">key</span> <span class="p">=</span> <span class="s2">"production/terraform.tfstate"</span> <span class="nx">region</span> <span class="p">=</span> <span class="s2">"us-east-1"</span> <span class="c1"># Enable state locking</span> <span class="nx">dynamodb_table</span> <span class="p">=</span> <span class="s2">"terraform-locks"</span> <span class="nx">encrypt</span> <span class="p">=</span> <span class="kc">true</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Practical Example: Full Stack (Droplet + Firewall + Domain) </h2> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"digitalocean_droplet"</span> <span class="s2">"app"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"app-server"</span> <span class="nx">region</span> <span class="p">=</span> <span class="s2">"nyc3"</span> <span class="nx">size</span> <span class="p">=</span> <span class="s2">"s-2vcpu-2gb"</span> <span class="nx">image</span> <span class="p">=</span> <span class="s2">"ubuntu-22-04-x64"</span> <span class="nx">ssh_keys</span> <span class="p">=</span> <span class="p">[</span><span class="nx">digitalocean_ssh_key</span><span class="p">.</span><span class="nx">default</span><span class="p">.</span><span class="nx">fingerprint</span><span class="p">]</span> <span class="p">}</span> <span class="nx">resource</span> <span class="s2">"digitalocean_firewall"</span> <span class="s2">"app"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"app-firewall"</span> <span class="nx">droplet_ids</span> <span class="p">=</span> <span class="p">[</span><span class="nx">digitalocean_droplet</span><span class="p">.</span><span class="nx">app</span><span class="p">.</span><span class="nx">id</span><span class="p">]</span> <span class="nx">inbound_rule</span> <span class="p">{</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"tcp"</span> <span class="nx">port_range</span> <span class="p">=</span> <span class="s2">"22"</span> <span class="nx">source_addresses</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"YOUR_IP/32"</span><span class="p">]</span> <span class="c1"># SSH only from your IP</span> <span class="p">}</span> <span class="nx">inbound_rule</span> <span class="p">{</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"tcp"</span> <span class="nx">port_range</span> <span class="p">=</span> <span class="s2">"80"</span> <span class="nx">source_addresses</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">,</span> <span class="s2">"::/0"</span><span class="p">]</span> <span class="p">}</span> <span class="nx">inbound_rule</span> <span class="p">{</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"tcp"</span> <span class="nx">port_range</span> <span class="p">=</span> <span class="s2">"443"</span> <span class="nx">source_addresses</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">,</span> <span class="s2">"::/0"</span><span class="p">]</span> <span class="p">}</span> <span class="nx">outbound_rule</span> <span class="p">{</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"tcp"</span> <span class="nx">port_range</span> <span class="p">=</span> <span class="s2">"all"</span> <span class="nx">destination_addresses</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">,</span> <span class="s2">"::/0"</span><span class="p">]</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">resource</span> <span class="s2">"digitalocean_domain"</span> <span class="s2">"app"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"yourdomain.com"</span> <span class="nx">ip_address</span> <span class="p">=</span> <span class="nx">digitalocean_droplet</span><span class="p">.</span><span class="nx">app</span><span class="p">.</span><span class="nx">ipv4_address</span> <span class="p">}</span> </code></pre> </div> <h2> Essential Terraform Commands </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>terraform init <span class="c"># Initialize project</span> terraform plan <span class="c"># Preview changes</span> terraform apply <span class="c"># Apply changes</span> terraform destroy <span class="c"># Destroy all resources</span> terraform show <span class="c"># Show current state</span> terraform output <span class="c"># Show outputs</span> terraform <span class="nb">fmt</span> <span class="c"># Format .tf files</span> terraform validate <span class="c"># Validate config syntax</span> </code></pre> </div> <p>I built ARIA to solve exactly this.<br> Try it free at step2dev.com — no credit card needed.</p> terraform devops infrastructure cloud Yash Wed, 01 Apr 2026 07:50:07 +0000 https://dev.to/yash_step2dev/how-to-debug-memory-leaks-in-nodejs-production-apps-1nib https://dev.to/yash_step2dev/how-to-debug-memory-leaks-in-nodejs-production-apps-1nib <h1> How to Debug Memory Leaks in Node.js Production Apps </h1> <p>Your Node.js app works fine for hours, then slows to a crawl. Memory climbs steadily. A restart fixes it temporarily — then it happens again.</p> <p>That's a memory leak. Here's how to find and fix it.</p> <h2> Confirm It's a Leak </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Watch RSS memory of your Node process over time</span> watch <span class="nt">-n</span> 30 <span class="s1">'ps -o pid,rss,vsz,comm -p $(pgrep -f "node server")'</span> <span class="c"># Or log it from inside the app</span> setInterval<span class="o">(()</span> <span class="o">=&gt;</span> <span class="o">{</span> const m <span class="o">=</span> process.memoryUsage<span class="o">()</span><span class="p">;</span> console.log<span class="o">(</span>JSON.stringify<span class="o">({</span> rss: Math.round<span class="o">(</span>m.rss / 1024 / 1024<span class="o">)</span> + <span class="s1">'MB'</span>, heap: Math.round<span class="o">(</span>m.heapUsed / 1024 / 1024<span class="o">)</span> + <span class="s1">'MB'</span>, <span class="nb">time</span>: new Date<span class="o">()</span>.toISOString<span class="o">()</span> <span class="o">}))</span><span class="p">;</span> <span class="o">}</span>, 60000<span class="o">)</span><span class="p">;</span> </code></pre> </div> <p>If RSS grows steadily and never drops, you have a leak.</p> <h2> Step 1: Generate a Heap Snapshot </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Start Node with inspector</span> node <span class="nt">--inspect</span> server.js <span class="c"># Or send signal to running process</span> <span class="nb">kill</span> <span class="nt">-USR1</span> &lt;PID&gt; <span class="c"># Opens inspector on port 9229</span> </code></pre> </div> <p>Then in Chrome: <code>chrome://inspect</code> → Open dedicated DevTools → Memory → Take heap snapshot.</p> <p>Take a snapshot, do some actions, take another. Compare — look for objects accumulating.</p> <h2> Step 2: Use clinic.js (Easiest Method) </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> <span class="nt">-g</span> clinic <span class="c"># Profile your app under load</span> clinic heapprofile <span class="nt">--</span> node server.js <span class="c"># In another terminal, run load</span> npx autocannon <span class="nt">-c</span> 10 <span class="nt">-d</span> 60 http://localhost:3000/api/endpoint <span class="c"># Ctrl+C clinic — it generates a flamegraph</span> </code></pre> </div> <p>The flamegraph shows where memory is being allocated. Tall bars = lots of allocation from that function.</p> <h2> Step 3: Common Leak Patterns </h2> <h3> Pattern 1: Event Listener Accumulation </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Leak: adding listener every request without removing</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/stream</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">emitter</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">data</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">chunk</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">res</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="nx">chunk</span><span class="p">));</span> <span class="c1">// Never removed!</span> <span class="p">});</span> <span class="c1">// Fix: remove listener on connection close</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/stream</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">handler</span> <span class="o">=</span> <span class="p">(</span><span class="nx">chunk</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">res</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="nx">chunk</span><span class="p">);</span> <span class="nx">emitter</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">data</span><span class="dl">'</span><span class="p">,</span> <span class="nx">handler</span><span class="p">);</span> <span class="nx">req</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">close</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nx">emitter</span><span class="p">.</span><span class="nf">off</span><span class="p">(</span><span class="dl">'</span><span class="s1">data</span><span class="dl">'</span><span class="p">,</span> <span class="nx">handler</span><span class="p">));</span> <span class="c1">// Cleanup</span> <span class="p">});</span> </code></pre> </div> <h3> Pattern 2: Global Cache Without Expiry </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Leak: cache grows forever</span> <span class="kd">const</span> <span class="nx">cache</span> <span class="o">=</span> <span class="p">{};</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/user/:id</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">cache</span><span class="p">[</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">])</span> <span class="p">{</span> <span class="nx">cache</span><span class="p">[</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">]</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">getUser</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">);</span> <span class="p">}</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">cache</span><span class="p">[</span><span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">id</span><span class="p">]);</span> <span class="p">});</span> <span class="c1">// Fix: use a proper cache with TTL</span> <span class="kd">const</span> <span class="nx">NodeCache</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">node-cache</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">cache</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">NodeCache</span><span class="p">({</span> <span class="na">stdTTL</span><span class="p">:</span> <span class="mi">300</span><span class="p">,</span> <span class="na">maxKeys</span><span class="p">:</span> <span class="mi">1000</span> <span class="p">});</span> </code></pre> </div> <h3> Pattern 3: Closures Holding References </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Leak: closure keeps large object alive</span> <span class="kd">function</span> <span class="nf">processData</span><span class="p">(</span><span class="nx">largeArray</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">summary</span> <span class="o">=</span> <span class="nf">computeSummary</span><span class="p">(</span><span class="nx">largeArray</span><span class="p">);</span> <span class="k">return</span> <span class="kd">function</span> <span class="nf">getSummary</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">summary</span><span class="p">;</span> <span class="c1">// largeArray stays in memory via closure</span> <span class="p">};</span> <span class="p">}</span> <span class="c1">// Fix: only keep what you need</span> <span class="kd">function</span> <span class="nf">processData</span><span class="p">(</span><span class="nx">largeArray</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">summary</span> <span class="o">=</span> <span class="nf">computeSummary</span><span class="p">(</span><span class="nx">largeArray</span><span class="p">);</span> <span class="nx">largeArray</span> <span class="o">=</span> <span class="kc">null</span><span class="p">;</span> <span class="c1">// Help GC</span> <span class="k">return</span> <span class="kd">function</span> <span class="nf">getSummary</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">summary</span><span class="p">;</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <h3> Pattern 4: Uncleared Timers </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Leak: interval never cleared</span> <span class="kd">function</span> <span class="nf">startMonitoring</span><span class="p">()</span> <span class="p">{</span> <span class="nf">setInterval</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">checkHealth</span><span class="p">();</span> <span class="p">},</span> <span class="mi">5000</span><span class="p">);</span> <span class="c1">// No reference kept, can't clear it</span> <span class="p">}</span> <span class="c1">// Fix: keep reference and clear on shutdown</span> <span class="kd">let</span> <span class="nx">monitorInterval</span><span class="p">;</span> <span class="kd">function</span> <span class="nf">startMonitoring</span><span class="p">()</span> <span class="p">{</span> <span class="nx">monitorInterval</span> <span class="o">=</span> <span class="nf">setInterval</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="nf">checkHealth</span><span class="p">(),</span> <span class="mi">5000</span><span class="p">);</span> <span class="p">}</span> <span class="nx">process</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">SIGTERM</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nf">clearInterval</span><span class="p">(</span><span class="nx">monitorInterval</span><span class="p">));</span> </code></pre> </div> <h2> Step 4: Detect with Automated Testing </h2> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Add to your test suite</span> <span class="kd">const</span> <span class="nx">v8</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">v8</span><span class="dl">'</span><span class="p">);</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">endpoint does not leak memory</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nb">global</span><span class="p">.</span><span class="nf">gc</span><span class="p">();</span> <span class="c1">// Force GC (run with --expose-gc)</span> <span class="kd">const</span> <span class="nx">before</span> <span class="o">=</span> <span class="nx">v8</span><span class="p">.</span><span class="nf">getHeapStatistics</span><span class="p">().</span><span class="nx">used_heap_size</span><span class="p">;</span> <span class="c1">// Run the operation 100 times</span> <span class="k">for </span><span class="p">(</span><span class="kd">let</span> <span class="nx">i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="nx">i</span> <span class="o">&lt;</span> <span class="mi">100</span><span class="p">;</span> <span class="nx">i</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">request</span><span class="p">(</span><span class="nx">app</span><span class="p">).</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/users</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="nb">global</span><span class="p">.</span><span class="nf">gc</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">after</span> <span class="o">=</span> <span class="nx">v8</span><span class="p">.</span><span class="nf">getHeapStatistics</span><span class="p">().</span><span class="nx">used_heap_size</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">growthMB</span> <span class="o">=</span> <span class="p">(</span><span class="nx">after</span> <span class="o">-</span> <span class="nx">before</span><span class="p">)</span> <span class="o">/</span> <span class="mi">1024</span> <span class="o">/</span> <span class="mi">1024</span><span class="p">;</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">growthMB</span><span class="p">).</span><span class="nf">toBeLessThan</span><span class="p">(</span><span class="mi">5</span><span class="p">);</span> <span class="c1">// Allow &lt;5MB growth</span> <span class="p">});</span> </code></pre> </div> <p>I built ARIA to solve exactly this.<br> Try it free at step2dev.com — no credit card needed.</p> node devops performance debugging Yash Tue, 31 Mar 2026 17:47:04 +0000 https://dev.to/yash_step2dev/docker-multi-stage-builds-cut-your-image-size-by-80-4e6a https://dev.to/yash_step2dev/docker-multi-stage-builds-cut-your-image-size-by-80-4e6a <h1> Docker Multi-Stage Builds: Cut Your Image Size by 80% </h1> <p>A Node.js app with a standard Dockerfile can easily produce an 800MB+ image. The same app with a multi-stage build: 80-120MB.</p> <p>Here's how it works and how to implement it.</p> <h2> Why Images Get So Big </h2> <p>A typical Node.js Dockerfile:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> node:20</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">COPY</span><span class="s"> package*.json ./</span> <span class="k">RUN </span>npm <span class="nb">install</span> <span class="c"># Installs devDependencies too</span> <span class="k">COPY</span><span class="s"> . .</span> <span class="k">RUN </span>npm run build <span class="k">CMD</span><span class="s"> ["node", "dist/server.js"]</span> </code></pre> </div> <p>Problems:</p> <ul> <li> <code>node:20</code> base image is ~900MB</li> <li> <code>npm install</code> includes all devDependencies (TypeScript, webpack, etc.)</li> <li>Source files, test files, build tools all end up in the final image</li> </ul> <h2> The Multi-Stage Solution </h2> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="c"># Stage 1: Build</span> <span class="k">FROM</span><span class="w"> </span><span class="s">node:20-alpine</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">builder</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">COPY</span><span class="s"> package*.json ./</span> <span class="k">RUN </span>npm ci <span class="c"># Install everything including devDeps</span> <span class="k">COPY</span><span class="s"> . .</span> <span class="k">RUN </span>npm run build <span class="c"># Compile TypeScript, etc.</span> <span class="c"># Stage 2: Production</span> <span class="k">FROM</span><span class="w"> </span><span class="s">node:20-alpine</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">production</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">ENV</span><span class="s"> NODE_ENV=production</span> <span class="c"># Only copy what's needed for production</span> <span class="k">COPY</span><span class="s"> --from=builder /app/dist ./dist</span> <span class="k">COPY</span><span class="s"> --from=builder /app/package*.json ./</span> <span class="k">RUN </span>npm ci <span class="nt">--only</span><span class="o">=</span>production <span class="c"># Only production deps</span> <span class="k">RUN </span>addgroup <span class="nt">-S</span> appgroup <span class="o">&amp;&amp;</span> adduser <span class="nt">-S</span> appuser <span class="nt">-G</span> appgroup <span class="k">USER</span><span class="s"> appuser</span> <span class="k">EXPOSE</span><span class="s"> 3000</span> <span class="k">CMD</span><span class="s"> ["node", "dist/server.js"]</span> </code></pre> </div> <p><strong>Result</strong>: 800MB → ~95MB</p> <h2> Python Multi-Stage Example </h2> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="c"># Build stage</span> <span class="k">FROM</span><span class="w"> </span><span class="s">python:3.12</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">builder</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">COPY</span><span class="s"> requirements.txt .</span> <span class="k">RUN </span>pip <span class="nb">install</span> <span class="nt">--user</span> <span class="nt">-r</span> requirements.txt <span class="c"># Production stage</span> <span class="k">FROM</span><span class="w"> </span><span class="s">python:3.12-slim</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">production</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">COPY</span><span class="s"> --from=builder /root/.local /root/.local</span> <span class="k">COPY</span><span class="s"> . .</span> <span class="k">ENV</span><span class="s"> PATH=/root/.local/bin:$PATH</span> <span class="k">CMD</span><span class="s"> ["python", "main.py"]</span> </code></pre> </div> <p><code>python:3.12-slim</code> is 45MB vs <code>python:3.12</code> at 900MB+.</p> <h2> Go Multi-Stage Example </h2> <p>Go is the best case for multi-stage builds — you can produce a static binary with zero runtime dependencies:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="c"># Build stage</span> <span class="k">FROM</span><span class="w"> </span><span class="s">golang:1.22-alpine</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">builder</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">COPY</span><span class="s"> go.mod go.sum ./</span> <span class="k">RUN </span>go mod download <span class="k">COPY</span><span class="s"> . .</span> <span class="k">RUN </span><span class="nv">CGO_ENABLED</span><span class="o">=</span>0 <span class="nv">GOOS</span><span class="o">=</span>linux go build <span class="nt">-o</span> server . <span class="c"># Final stage — scratch image (ZERO MB base)</span> <span class="k">FROM</span><span class="s"> scratch</span> <span class="k">COPY</span><span class="s"> --from=builder /app/server /server</span> <span class="k">EXPOSE</span><span class="s"> 8080</span> <span class="k">CMD</span><span class="s"> ["/server"]</span> </code></pre> </div> <p>A Go app in a <code>scratch</code> image can be as small as 5-10MB total.</p> <h2> How to Verify Size Reduction </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Build and compare</span> docker build <span class="nt">-t</span> myapp:single-stage <span class="nt">-f</span> Dockerfile.old <span class="nb">.</span> docker build <span class="nt">-t</span> myapp:multi-stage <span class="nt">-f</span> Dockerfile.new <span class="nb">.</span> docker images | <span class="nb">grep </span>myapp <span class="c"># myapp single-stage ... 847MB</span> <span class="c"># myapp multi-stage ... 94MB</span> </code></pre> </div> <h2> Layer Caching Best Practices </h2> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="c"># Order by change frequency (least-changed first)</span> <span class="k">COPY</span><span class="s"> package*.json ./ # Changes rarely</span> <span class="k">RUN </span>npm ci <span class="c"># Cached until package.json changes</span> <span class="k">COPY</span><span class="s"> src/ ./src/ # Changes often — at the end</span> <span class="k">RUN </span>npm run build </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Inspect what's in your image</span> docker <span class="nb">history </span>myapp:multi-stage docker run <span class="nt">--rm</span> myapp:multi-stage <span class="nb">du</span> <span class="nt">-sh</span> /app </code></pre> </div> <p>I built ARIA to solve exactly this.<br> Try it free at step2dev.com — no credit card needed.</p> docker devops containers node Yash Tue, 31 Mar 2026 06:01:05 +0000 https://dev.to/yash_step2dev/building-a-developer-tool-in-public-60-days-of-real-metrics-3ip0 https://dev.to/yash_step2dev/building-a-developer-tool-in-public-60-days-of-real-metrics-3ip0 <h1> Building a Developer Tool in Public: 60 Days of Real Metrics </h1> <p>60 days since I launched ARIA publicly. Here's every metric I track and what it's telling me.</p> <h2> The Full 60-Day Dashboard </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Metric</th> <th>Day 1</th> <th>Day 30</th> <th>Day 60</th> </tr> </thead> <tbody> <tr> <td>MRR</td> <td>$0</td> <td>$84</td> <td>$163</td> </tr> <tr> <td>Signups</td> <td>0</td> <td>89</td> <td>187</td> </tr> <tr> <td>DAU</td> <td>0</td> <td>22</td> <td>41</td> </tr> <tr> <td>Paying customers</td> <td>0</td> <td>8</td> <td>15</td> </tr> <tr> <td>Organic SEO sessions</td> <td>0</td> <td>4,200</td> <td>18,000</td> </tr> <tr> <td>Articles published</td> <td>0</td> <td>21</td> <td>42</td> </tr> <tr> <td>Errors diagnosed</td> <td>0</td> <td>1,847</td> <td>5,210</td> </tr> <tr> <td>Avg session length</td> <td>—</td> <td>4.2 min</td> <td>7.1 min</td> </tr> <tr> <td>48h retention</td> <td>—</td> <td>31%</td> <td>52%</td> </tr> </tbody> </table></div> <h2> What the Trends Are Telling Me </h2> <p><strong>SEO is the channel that scales.</strong> Content compounding is real. Month 1 I wrote 21 articles. Month 2 I wrote 21 more. But month 2 SEO traffic was 4x month 1 — because month 1 articles were now ranking.</p> <p><strong>Session length increasing is a good sign.</strong> Average session went from 4.2 to 7.1 minutes. Users are staying longer, using more features, having deeper interactions with ARIA.</p> <p><strong>48h retention jump came from onboarding.</strong> The change I made in week 6 (get users to their first error diagnosis immediately) directly caused the retention jump from 31% to 52%.</p> <h2> What I'd Tell Someone Starting Today </h2> <ol> <li><p><strong>Build the simplest thing that demonstrates core value.</strong> I spent too long on the repo scanner before the error diagnosis flow was good enough to retain users.</p></li> <li><p><strong>Content before launch, not after.</strong> Build an audience of the exact developers you're targeting while you build. When you launch, there are already people who care.</p></li> <li><p><strong>SEO is slow but compounding.</strong> First 2 weeks: nothing. Week 4: first trickle. Week 8: real traffic. Patience required.</p></li> <li><p><strong>Onboarding is more important than features.</strong> A user who can't find the value in 60 seconds is gone. No feature adds value if users don't see it.</p></li> <li><p><strong>Talk to every churned user.</strong> I've emailed every person who cancelled. 3 out of 3 gave me specific, actionable feedback. That's gold.</p></li> </ol> <h2> Month 3 Goals </h2> <ul> <li>MRR: $300</li> <li>Product Hunt launch</li> <li>Annual pricing live</li> <li>Referral program live</li> </ul> <p>Will report back on day 90.</p> <p>I built ARIA to solve exactly this.<br> Try it free at step2dev.com — no credit card needed.</p> buildinpublic saas devtools growth Yash Mon, 30 Mar 2026 19:08:19 +0000 https://dev.to/yash_step2dev/how-to-set-up-automated-database-backups-on-linux-postgresql-and-mysql-47ak https://dev.to/yash_step2dev/how-to-set-up-automated-database-backups-on-linux-postgresql-and-mysql-47ak <h1> How to Set Up Automated Database Backups on Linux (PostgreSQL and MySQL) </h1> <p>If your production database isn't being backed up automatically, you're one bad deploy away from losing everything.</p> <p>This is how to set up automated backups that actually work.</p> <h2> PostgreSQL Automated Backup </h2> <h3> The Backup Script </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>nano /usr/local/bin/pg-backup.sh </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="nb">set</span> <span class="nt">-e</span> <span class="nv">BACKUP_DIR</span><span class="o">=</span><span class="s2">"/var/backups/postgresql"</span> <span class="nv">DATE</span><span class="o">=</span><span class="si">$(</span><span class="nb">date</span> +%Y%m%d_%H%M%S<span class="si">)</span> <span class="nv">KEEP_DAYS</span><span class="o">=</span>7 <span class="nv">DB_NAME</span><span class="o">=</span><span class="s2">"</span><span class="k">${</span><span class="nv">1</span><span class="k">:-</span><span class="nv">all</span><span class="k">}</span><span class="s2">"</span> <span class="c"># Pass db name or backs up all</span> <span class="nb">mkdir</span> <span class="nt">-p</span> <span class="s2">"</span><span class="nv">$BACKUP_DIR</span><span class="s2">"</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="nv">$DB_NAME</span><span class="s2">"</span> <span class="o">=</span> <span class="s2">"all"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span> <span class="c"># Backup all databases</span> pg_dumpall <span class="nt">-U</span> postgres | <span class="nb">gzip</span> <span class="o">&gt;</span> <span class="s2">"</span><span class="nv">$BACKUP_DIR</span><span class="s2">/all_</span><span class="k">${</span><span class="nv">DATE</span><span class="k">}</span><span class="s2">.sql.gz"</span> <span class="k">else</span> <span class="c"># Backup specific database</span> pg_dump <span class="nt">-U</span> postgres <span class="nt">-Fc</span> <span class="s2">"</span><span class="nv">$DB_NAME</span><span class="s2">"</span> <span class="o">&gt;</span> <span class="s2">"</span><span class="nv">$BACKUP_DIR</span><span class="s2">/</span><span class="k">${</span><span class="nv">DB_NAME</span><span class="k">}</span><span class="s2">_</span><span class="k">${</span><span class="nv">DATE</span><span class="k">}</span><span class="s2">.dump"</span> <span class="k">fi</span> <span class="c"># Remove backups older than KEEP_DAYS</span> find <span class="s2">"</span><span class="nv">$BACKUP_DIR</span><span class="s2">"</span> <span class="nt">-type</span> f <span class="nt">-mtime</span> +<span class="nv">$KEEP_DAYS</span> <span class="nt">-delete</span> <span class="c"># Verify backup file exists and is not empty</span> <span class="nv">LATEST</span><span class="o">=</span><span class="si">$(</span><span class="nb">ls</span> <span class="nt">-t</span> <span class="s2">"</span><span class="nv">$BACKUP_DIR</span><span class="s2">"</span> | <span class="nb">head</span> <span class="nt">-1</span><span class="si">)</span> <span class="k">if</span> <span class="o">[</span> <span class="o">!</span> <span class="nt">-s</span> <span class="s2">"</span><span class="nv">$BACKUP_DIR</span><span class="s2">/</span><span class="nv">$LATEST</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"ERROR: Backup file is empty!"</span> | mail <span class="nt">-s</span> <span class="s2">"DB Backup FAILED"</span> you@email.com <span class="nb">exit </span>1 <span class="k">fi </span><span class="nb">echo</span> <span class="s2">"Backup successful: </span><span class="nv">$BACKUP_DIR</span><span class="s2">/</span><span class="nv">$LATEST</span><span class="s2"> (</span><span class="si">$(</span><span class="nb">du</span> <span class="nt">-h</span> <span class="s2">"</span><span class="nv">$BACKUP_DIR</span><span class="s2">/</span><span class="nv">$LATEST</span><span class="s2">"</span> | <span class="nb">cut</span> <span class="nt">-f1</span><span class="si">)</span><span class="s2">)"</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">chmod</span> +x /usr/local/bin/pg-backup.sh </code></pre> </div> <h3> Set Up pg_hba.conf for Passwordless Local Backup </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>nano /etc/postgresql/<span class="k">*</span>/main/pg_hba.conf </code></pre> </div> <p>Add (for local connections):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight conf"><code><span class="n">local</span> <span class="n">all</span> <span class="n">postgres</span> <span class="n">trust</span> </code></pre> </div> <p>Or use a <code>.pgpass</code> file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># ~/.pgpass</span> <span class="c"># hostname:port:database:username:password</span> localhost:5432:<span class="k">*</span>:postgres:your_password <span class="nb">chmod </span>600 ~/.pgpass </code></pre> </div> <h3> Schedule with Cron </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>crontab <span class="nt">-e</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Daily backup at 2 AM</span> 0 2 <span class="k">*</span> <span class="k">*</span> <span class="k">*</span> /usr/local/bin/pg-backup.sh mydb <span class="o">&gt;&gt;</span> /var/log/pg-backup.log 2&gt;&amp;1 <span class="c"># Weekly full backup on Sunday</span> 0 1 <span class="k">*</span> <span class="k">*</span> 0 /usr/local/bin/pg-backup.sh all <span class="o">&gt;&gt;</span> /var/log/pg-backup.log 2&gt;&amp;1 </code></pre> </div> <h2> MySQL Automated Backup </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>nano /usr/local/bin/mysql-backup.sh </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="nb">set</span> <span class="nt">-e</span> <span class="nv">BACKUP_DIR</span><span class="o">=</span><span class="s2">"/var/backups/mysql"</span> <span class="nv">DATE</span><span class="o">=</span><span class="si">$(</span><span class="nb">date</span> +%Y%m%d_%H%M%S<span class="si">)</span> <span class="nv">KEEP_DAYS</span><span class="o">=</span>7 <span class="nv">MYSQL_USER</span><span class="o">=</span><span class="s2">"backup_user"</span> <span class="nv">MYSQL_PASS</span><span class="o">=</span><span class="s2">"</span><span class="k">${</span><span class="nv">MYSQL_BACKUP_PASSWORD</span><span class="k">}</span><span class="s2">"</span> <span class="c"># Set as env var in cron</span> <span class="nb">mkdir</span> <span class="nt">-p</span> <span class="s2">"</span><span class="nv">$BACKUP_DIR</span><span class="s2">"</span> <span class="c"># Get all databases</span> <span class="nv">DATABASES</span><span class="o">=</span><span class="si">$(</span>mysql <span class="nt">-u</span> <span class="s2">"</span><span class="nv">$MYSQL_USER</span><span class="s2">"</span> <span class="nt">-p</span><span class="s2">"</span><span class="nv">$MYSQL_PASS</span><span class="s2">"</span> <span class="nt">-e</span> <span class="s2">"SHOW DATABASES;"</span> | <span class="nb">grep</span> <span class="nt">-Ev</span> <span class="s2">"(Database|information_schema|performance_schema|sys)"</span><span class="si">)</span> <span class="k">for </span>DB <span class="k">in</span> <span class="nv">$DATABASES</span><span class="p">;</span> <span class="k">do </span>mysqldump <span class="nt">-u</span> <span class="s2">"</span><span class="nv">$MYSQL_USER</span><span class="s2">"</span> <span class="nt">-p</span><span class="s2">"</span><span class="nv">$MYSQL_PASS</span><span class="s2">"</span> <span class="nt">--single-transaction</span> <span class="nt">--routines</span> <span class="nt">--triggers</span> <span class="s2">"</span><span class="nv">$DB</span><span class="s2">"</span> | <span class="nb">gzip</span> <span class="o">&gt;</span> <span class="s2">"</span><span class="nv">$BACKUP_DIR</span><span class="s2">/</span><span class="k">${</span><span class="nv">DB</span><span class="k">}</span><span class="s2">_</span><span class="k">${</span><span class="nv">DATE</span><span class="k">}</span><span class="s2">.sql.gz"</span> <span class="nb">echo</span> <span class="s2">"Backed up: </span><span class="nv">$DB</span><span class="s2">"</span> <span class="k">done </span>find <span class="s2">"</span><span class="nv">$BACKUP_DIR</span><span class="s2">"</span> <span class="nt">-type</span> f <span class="nt">-mtime</span> +<span class="nv">$KEEP_DAYS</span> <span class="nt">-delete</span> <span class="nb">echo</span> <span class="s2">"Backup complete. Files in </span><span class="nv">$BACKUP_DIR</span><span class="s2">"</span> </code></pre> </div> <p>Create a dedicated backup user:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">USER</span> <span class="s1">'backup_user'</span><span class="o">@</span><span class="s1">'localhost'</span> <span class="n">IDENTIFIED</span> <span class="k">BY</span> <span class="s1">'strong_password'</span><span class="p">;</span> <span class="k">GRANT</span> <span class="k">SELECT</span><span class="p">,</span> <span class="k">SHOW</span> <span class="k">VIEW</span><span class="p">,</span> <span class="k">TRIGGER</span><span class="p">,</span> <span class="k">LOCK</span> <span class="n">TABLES</span> <span class="k">ON</span> <span class="o">*</span><span class="p">.</span><span class="o">*</span> <span class="k">TO</span> <span class="s1">'backup_user'</span><span class="o">@</span><span class="s1">'localhost'</span><span class="p">;</span> <span class="n">FLUSH</span> <span class="k">PRIVILEGES</span><span class="p">;</span> </code></pre> </div> <h2> Off-Site Backup (Critical) </h2> <p>Local backups protect against mistakes. Off-site protects against server failure.</p> <h3> Sync to S3 </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Install AWS CLI</span> <span class="nb">sudo </span>apt <span class="nb">install </span>awscli <span class="nt">-y</span> aws configure <span class="c"># Add your AWS credentials</span> <span class="c"># Add to backup script</span> aws s3 <span class="nb">cp</span> <span class="s2">"</span><span class="nv">$BACKUP_DIR</span><span class="s2">/</span><span class="nv">$LATEST</span><span class="s2">"</span> s3://your-backup-bucket/postgresql/ <span class="c"># Or sync entire directory</span> aws s3 <span class="nb">sync</span> <span class="s2">"</span><span class="nv">$BACKUP_DIR</span><span class="s2">"</span> s3://your-backup-bucket/postgresql/ </code></pre> </div> <h3> Test Your Backups Monthly </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># PostgreSQL restore test</span> pg_restore <span class="nt">-U</span> postgres <span class="nt">-d</span> test_restore_db /var/backups/postgresql/latest.dump <span class="c"># MySQL restore test</span> <span class="nb">gunzip</span> <span class="nt">-c</span> /var/backups/mysql/mydb_latest.sql.gz | mysql <span class="nt">-u</span> root <span class="nt">-p</span> test_restore_db </code></pre> </div> <p>A backup you've never tested is not a backup.</p> <p>I built ARIA to solve exactly this.<br> Try it free at step2dev.com — no credit card needed.</p> postgres mysql devops linux Yash Mon, 30 Mar 2026 06:49:08 +0000 https://dev.to/yash_step2dev/ssh-hardening-how-to-secure-your-server-against-brute-force-attacks-5d7c https://dev.to/yash_step2dev/ssh-hardening-how-to-secure-your-server-against-brute-force-attacks-5d7c <h1> SSH Hardening: How to Secure Your Server Against Brute Force Attacks </h1> <p>If your server is publicly accessible, it's being attacked right now. SSH brute force is constant and automated.</p> <p>Here's how to lock it down.</p> <h2> Check If You're Being Attacked </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># See failed SSH login attempts</span> <span class="nb">sudo </span>journalctl <span class="nt">-u</span> sshd | <span class="nb">grep</span> <span class="s2">"Failed password"</span> | <span class="nb">tail</span> <span class="nt">-20</span> <span class="c"># Or</span> <span class="nb">sudo grep</span> <span class="s2">"Failed password"</span> /var/log/auth.log | <span class="nb">tail</span> <span class="nt">-20</span> <span class="c"># Count failed attempts by IP</span> <span class="nb">sudo grep</span> <span class="s2">"Failed password"</span> /var/log/auth.log | <span class="nb">awk</span> <span class="s1">'{print $(NF-3)}'</span> | <span class="nb">sort</span> | <span class="nb">uniq</span> <span class="nt">-c</span> | <span class="nb">sort</span> <span class="nt">-rn</span> | <span class="nb">head</span> <span class="nt">-10</span> </code></pre> </div> <p>You'll probably see hundreds or thousands of failed attempts from random IPs. This is normal. Let's stop them from succeeding.</p> <h2> Step 1: Disable Password Authentication </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>nano /etc/ssh/sshd_config </code></pre> </div> <p>Set these:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ssh"><code><span class="k">PasswordAuthentication</span> <span class="no">no</span> <span class="k">PermitRootLogin</span> <span class="no">no</span> <span class="k">PubkeyAuthentication</span> <span class="no">yes</span> <span class="k">AuthorizedKeysFile</span> .ssh/authorized_keys <span class="k">MaxAuthTries</span> <span class="m">3</span> <span class="k">LoginGraceTime</span> <span class="m">30</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl restart sshd </code></pre> </div> <p><strong>Before doing this, make sure your SSH key is added to <code>~/.ssh/authorized_keys</code> on the server.</strong></p> <h2> Step 2: Install and Configure Fail2ban </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt <span class="nb">install </span>fail2ban <span class="nt">-y</span> <span class="nb">sudo cp</span> /etc/fail2ban/jail.conf /etc/fail2ban/jail.local <span class="nb">sudo </span>nano /etc/fail2ban/jail.local </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="nn">[DEFAULT]</span> <span class="py">bantime</span> <span class="p">=</span> <span class="s">86400 # Ban for 24 hours</span> <span class="py">findtime</span> <span class="p">=</span> <span class="s">3600 # In 1 hour window</span> <span class="py">maxretry</span> <span class="p">=</span> <span class="s">3 # After 3 failures</span> <span class="nn">[sshd]</span> <span class="py">enabled</span> <span class="p">=</span> <span class="s">true</span> <span class="py">port</span> <span class="p">=</span> <span class="s">ssh</span> <span class="py">filter</span> <span class="p">=</span> <span class="s">sshd</span> <span class="py">logpath</span> <span class="p">=</span> <span class="s">/var/log/auth.log</span> <span class="py">maxretry</span> <span class="p">=</span> <span class="s">3</span> <span class="py">bantime</span> <span class="p">=</span> <span class="s">604800 # Ban SSH attackers for 7 days</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl <span class="nb">enable </span>fail2ban <span class="nb">sudo </span>systemctl start fail2ban <span class="c"># Check banned IPs</span> <span class="nb">sudo </span>fail2ban-client status sshd </code></pre> </div> <h2> Step 3: Change the Default SSH Port (Optional but Effective) </h2> <p>This doesn't stop determined attackers but eliminates 95% of automated scans:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>nano /etc/ssh/sshd_config </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ssh"><code><span class="k">Port</span> <span class="m">2222</span> <span class="c1"># Or any port above 1024</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Update firewall before restarting SSH</span> <span class="nb">sudo </span>ufw allow 2222/tcp <span class="nb">sudo </span>ufw delete allow ssh <span class="c"># Remove default port</span> <span class="nb">sudo </span>systemctl restart sshd </code></pre> </div> <p>Connect with: <code>ssh -p 2222 user@your-server</code></p> <h2> Step 4: Use SSH Config File for Easy Access </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># On your LOCAL machine</span> nano ~/.ssh/config </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ssh"><code><span class="k">Host</span> myserver <span class="k">HostName</span> your-server-ip <span class="k">User</span> deploy <span class="k">Port</span> <span class="m">2222</span> <span class="k">IdentityFile</span> ~/.ssh/id_ed25519 <span class="k">ServerAliveInterval</span> <span class="m">60</span> </code></pre> </div> <p>Now connect with just: <code>ssh myserver</code></p> <h2> Step 5: Set Up an SSH Bastion Host (Advanced) </h2> <p>For production infrastructure with multiple servers, use a bastion host — a single hardened entry point:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Internet → Bastion host (public IP) → Internal servers (private IPs only) </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># SSH through bastion to internal server</span> ssh <span class="nt">-J</span> user@bastion-ip user@internal-server-ip <span class="c"># Or in ~/.ssh/config</span> Host internal-server HostName 10.0.0.5 User deploy ProxyJump bastion-host </code></pre> </div> <h2> Quick Hardening Checklist </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># 1. Verify key-based auth works (test before disabling password auth!)</span> ssh <span class="nt">-i</span> ~/.ssh/your_key user@server <span class="c"># 2. Disable password auth</span> <span class="nb">sudo sed</span> <span class="nt">-i</span> <span class="s1">'s/PasswordAuthentication yes/PasswordAuthentication no/'</span> /etc/ssh/sshd_config <span class="c"># 3. Disable root login</span> <span class="nb">sudo sed</span> <span class="nt">-i</span> <span class="s1">'s/PermitRootLogin yes/PermitRootLogin no/'</span> /etc/ssh/sshd_config <span class="c"># 4. Restart SSH</span> <span class="nb">sudo </span>systemctl restart sshd <span class="c"># 5. Install fail2ban</span> <span class="nb">sudo </span>apt <span class="nb">install </span>fail2ban <span class="nt">-y</span> <span class="o">&amp;&amp;</span> <span class="nb">sudo </span>systemctl <span class="nb">enable </span>fail2ban <span class="c"># 6. Verify fail2ban is working</span> <span class="nb">sudo </span>fail2ban-client status </code></pre> </div> <p>I built ARIA to solve exactly this.<br> Try it free at step2dev.com — no credit card needed.</p> linux security ssh devops Yash Sun, 29 Mar 2026 17:53:06 +0000 https://dev.to/yash_step2dev/how-to-diagnose-and-fix-high-ram-usage-on-linux-servers-1mdd https://dev.to/yash_step2dev/how-to-diagnose-and-fix-high-ram-usage-on-linux-servers-1mdd <h1> How to Diagnose and Fix High RAM Usage on Linux Servers </h1> <p>Your server is slow and you think it's RAM. Or you got an alert saying memory is at 92%. Or your app is randomly crashing and you suspect a memory leak.</p> <p>Here's the systematic approach.</p> <h2> Step 1: Check Overall Memory Usage </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>free <span class="nt">-h</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="go"> total used free shared buff/cache available Mem: 3.8Gi 3.1Gi 142Mi 45Mi 612Mi 542Mi Swap: 2.0Gi 1.4Gi 614Mi </span></code></pre> </div> <p>Key numbers:</p> <ul> <li> <strong>available</strong>: what's actually usable for new processes (not "free")</li> <li> <strong>Swap used</strong>: if swap &gt; 0, you're RAM-constrained. Swapping is ~100x slower than RAM.</li> </ul> <p>If available &lt; 10% of total and swap is active, you have a RAM problem.</p> <h2> Step 2: Find Which Process Is Using RAM </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Sort by memory usage</span> ps aux <span class="nt">--sort</span><span class="o">=</span>-%mem | <span class="nb">head</span> <span class="nt">-20</span> <span class="c"># Or with more readable output</span> ps <span class="nt">-eo</span> pid,ppid,cmd,%mem,%cpu <span class="nt">--sort</span><span class="o">=</span>-%mem | <span class="nb">head</span> <span class="nt">-20</span> </code></pre> </div> <p>If you want live monitoring:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># top — press M to sort by memory</span> top <span class="c"># htop (more readable, install if needed)</span> htop </code></pre> </div> <h2> Step 3: Investigate the Top Process </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Detailed memory breakdown for a specific PID</span> <span class="nb">cat</span> /proc/&lt;PID&gt;/status | <span class="nb">grep</span> <span class="nt">-i</span> mem <span class="c"># Virtual vs resident memory</span> pmap <span class="nt">-x</span> &lt;PID&gt; | <span class="nb">tail</span> <span class="nt">-1</span> </code></pre> </div> <p>For Node.js processes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Get V8 heap statistics</span> <span class="nb">kill</span> <span class="nt">-USR2</span> &lt;PID&gt; <span class="c"># Generates heap dump if --inspect is set</span> <span class="c"># Or add this to your app</span> setInterval<span class="o">(()</span> <span class="o">=&gt;</span> <span class="o">{</span> const mem <span class="o">=</span> process.memoryUsage<span class="o">()</span><span class="p">;</span> console.log<span class="o">(</span><span class="sb">`</span>RSS: <span class="k">${</span><span class="nv">Math</span><span class="p">.round(mem.rss/1024/1024)</span><span class="k">}</span>MB, Heap: <span class="k">${</span><span class="nv">Math</span><span class="p">.round(mem.heapUsed/1024/1024)</span><span class="k">}</span>MB<span class="sb">`</span><span class="o">)</span><span class="p">;</span> <span class="o">}</span>, 60000<span class="o">)</span><span class="p">;</span> </code></pre> </div> <h2> Step 4: Check for Memory Leaks </h2> <p><strong>Is RSS growing over time?</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Watch a process's memory over 10 minutes</span> <span class="k">for </span>i <span class="k">in</span> <span class="si">$(</span><span class="nb">seq </span>1 10<span class="si">)</span><span class="p">;</span> <span class="k">do </span>ps <span class="nt">-o</span> pid,rss,vsz <span class="nt">-p</span> &lt;PID&gt; <span class="nb">sleep </span>60 <span class="k">done</span> </code></pre> </div> <p>If RSS grows consistently without dropping, you have a leak.</p> <p><strong>Node.js specific</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Install clinic for leak detection</span> npm <span class="nb">install</span> <span class="nt">-g</span> clinic clinic heapprofile <span class="nt">--</span> node server.js <span class="c"># Run load against your app for a few minutes, then Ctrl+C</span> <span class="c"># Clinic generates a flamegraph showing memory allocation</span> </code></pre> </div> <h2> Step 5: Immediate Relief Options </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Drop page cache (safe — kernel re-reads from disk as needed)</span> <span class="nb">sync</span> <span class="o">&amp;&amp;</span> <span class="nb">echo </span>1 | <span class="nb">sudo tee</span> /proc/sys/vm/drop_caches <span class="c"># If a specific process is leaking, restart it</span> pm2 restart your-app <span class="nb">sudo </span>systemctl restart your-service <span class="c"># Add swap if you're out of options temporarily</span> <span class="nb">sudo </span>fallocate <span class="nt">-l</span> 2G /swapfile <span class="nb">sudo chmod </span>600 /swapfile <span class="nb">sudo </span>mkswap /swapfile <span class="nb">sudo </span>swapon /swapfile <span class="nb">echo</span> <span class="s1">'/swapfile none swap sw 0 0'</span> | <span class="nb">sudo tee</span> <span class="nt">-a</span> /etc/fstab </code></pre> </div> <h2> Prevention: Set Memory Limits </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># For systemd services</span> <span class="nb">sudo </span>systemctl edit your-service </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ini"><code><span class="nn">[Service]</span> <span class="py">MemoryMax</span><span class="p">=</span><span class="s">512M</span> <span class="py">MemorySwapMax</span><span class="p">=</span><span class="s">0 # Prevent swap</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># For Docker</span> docker run <span class="nt">--memory</span><span class="o">=</span>512m <span class="nt">--memory-swap</span><span class="o">=</span>512m your-image <span class="c"># For PM2</span> pm2 start server.js <span class="nt">--max-memory-restart</span> 400M </code></pre> </div> <p>I built ARIA to solve exactly this.<br> Try it free at step2dev.com — no credit card needed.</p> linux devops performance sysadmin Yash Sun, 29 Mar 2026 06:26:37 +0000 https://dev.to/yash_step2dev/how-to-monitor-docker-container-health-and-auto-restart-on-failure-46ep https://dev.to/yash_step2dev/how-to-monitor-docker-container-health-and-auto-restart-on-failure-46ep <h1> How to Monitor Docker Container Health and Auto-Restart on Failure </h1> <p>Your container is running but not actually working. It's accepting connections but returning 500s. Or it started but hasn't finished initializing.</p> <p>Docker's built-in health checks handle all of this.</p> <h2> The Basic Health Check </h2> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> node:20-alpine</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">COPY</span><span class="s"> . .</span> <span class="k">RUN </span>npm ci <span class="c"># Health check: runs every 30s, fails after 3 attempts</span> <span class="k">HEALTHCHECK</span><span class="s"> --interval=30s --timeout=10s --start-period=30s --retries=3 CMD curl -f http://localhost:3000/health || exit 1</span> <span class="k">CMD</span><span class="s"> ["node", "server.js"]</span> </code></pre> </div> <p>Or in docker-compose.yml:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">your-app</span> <span class="na">healthcheck</span><span class="pi">:</span> <span class="na">test</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">CMD"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">curl"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">-f"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">http://localhost:3000/health"</span><span class="pi">]</span> <span class="na">interval</span><span class="pi">:</span> <span class="s">30s</span> <span class="na">timeout</span><span class="pi">:</span> <span class="s">10s</span> <span class="na">retries</span><span class="pi">:</span> <span class="m">3</span> <span class="na">start_period</span><span class="pi">:</span> <span class="s">30s</span> <span class="c1"># Grace period on startup</span> </code></pre> </div> <h2> Check Container Health Status </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># See health status</span> docker ps <span class="c"># Detailed health info</span> docker inspect <span class="nt">--format</span><span class="o">=</span><span class="s1">'{{json .State.Health}}'</span> &lt;container&gt; | python3 <span class="nt">-m</span> json.tool <span class="c"># Watch health checks in real time</span> watch <span class="nt">-n</span> 5 <span class="s1">'docker inspect --format="{{.State.Health.Status}}" &lt;container&gt;'</span> </code></pre> </div> <p>Possible statuses: <code>starting</code>, <code>healthy</code>, <code>unhealthy</code></p> <h2> The /health Endpoint (Node.js) </h2> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Simple health endpoint</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/health</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">200</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">status</span><span class="p">:</span> <span class="dl">'</span><span class="s1">ok</span><span class="dl">'</span><span class="p">,</span> <span class="na">uptime</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nf">uptime</span><span class="p">(),</span> <span class="na">timestamp</span><span class="p">:</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">().</span><span class="nf">toISOString</span><span class="p">()</span> <span class="p">});</span> <span class="p">});</span> <span class="c1">// With dependency checks</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/health</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">checks</span> <span class="o">=</span> <span class="p">{};</span> <span class="k">try</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">db</span><span class="p">.</span><span class="nf">query</span><span class="p">(</span><span class="dl">'</span><span class="s1">SELECT 1</span><span class="dl">'</span><span class="p">);</span> <span class="nx">checks</span><span class="p">.</span><span class="nx">database</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">ok</span><span class="dl">'</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">{</span> <span class="nx">checks</span><span class="p">.</span><span class="nx">database</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">failed</span><span class="dl">'</span><span class="p">;</span> <span class="p">}</span> <span class="k">try</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">redis</span><span class="p">.</span><span class="nf">ping</span><span class="p">();</span> <span class="nx">checks</span><span class="p">.</span><span class="nx">redis</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">ok</span><span class="dl">'</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">{</span> <span class="nx">checks</span><span class="p">.</span><span class="nx">redis</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">failed</span><span class="dl">'</span><span class="p">;</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">allOk</span> <span class="o">=</span> <span class="nb">Object</span><span class="p">.</span><span class="nf">values</span><span class="p">(</span><span class="nx">checks</span><span class="p">).</span><span class="nf">every</span><span class="p">(</span><span class="nx">v</span> <span class="o">=&gt;</span> <span class="nx">v</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">ok</span><span class="dl">'</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="nx">allOk</span> <span class="p">?</span> <span class="mi">200</span> <span class="p">:</span> <span class="mi">503</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">status</span><span class="p">:</span> <span class="nx">allOk</span> <span class="p">?</span> <span class="dl">'</span><span class="s1">ok</span><span class="dl">'</span> <span class="p">:</span> <span class="dl">'</span><span class="s1">degraded</span><span class="dl">'</span><span class="p">,</span> <span class="nx">checks</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <h2> Auto-Restart on Unhealthy </h2> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">your-app</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">healthcheck</span><span class="pi">:</span> <span class="na">test</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">CMD"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">curl"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">-f"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">http://localhost:3000/health"</span><span class="pi">]</span> <span class="na">interval</span><span class="pi">:</span> <span class="s">30s</span> <span class="na">timeout</span><span class="pi">:</span> <span class="s">10s</span> <span class="na">retries</span><span class="pi">:</span> <span class="m">3</span> </code></pre> </div> <p>With <code>restart: unless-stopped</code>, Docker automatically restarts an unhealthy container.</p> <h2> Alert on Unhealthy Containers </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="c"># health-monitor.sh — run via cron every minute</span> <span class="k">for </span>container <span class="k">in</span> <span class="si">$(</span>docker ps <span class="nt">--format</span> <span class="s1">'{{.Names}}'</span><span class="si">)</span><span class="p">;</span> <span class="k">do </span><span class="nv">STATUS</span><span class="o">=</span><span class="si">$(</span>docker inspect <span class="nt">--format</span><span class="o">=</span><span class="s1">'{{.State.Health.Status}}'</span> <span class="s2">"</span><span class="nv">$container</span><span class="s2">"</span> 2&gt;/dev/null<span class="si">)</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="nv">$STATUS</span><span class="s2">"</span> <span class="o">=</span> <span class="s2">"unhealthy"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"UNHEALTHY: </span><span class="nv">$container</span><span class="s2"> at </span><span class="si">$(</span><span class="nb">date</span><span class="si">)</span><span class="s2">"</span> | mail <span class="nt">-s</span> <span class="s2">"Container Unhealthy: </span><span class="nv">$container</span><span class="s2">"</span> you@email.com <span class="c"># Optionally restart it</span> <span class="c"># docker restart "$container"</span> <span class="k">fi done</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">chmod</span> +x /usr/local/bin/health-monitor.sh <span class="c"># Add to cron</span> <span class="k">*</span> <span class="k">*</span> <span class="k">*</span> <span class="k">*</span> <span class="k">*</span> /usr/local/bin/health-monitor.sh </code></pre> </div> <p>I built ARIA to solve exactly this.<br> Try it free at step2dev.com — no credit card needed.</p> docker devops monitoring containers Yash Sat, 28 Mar 2026 15:23:00 +0000 https://dev.to/yash_step2dev/5-devops-errors-that-cost-developers-the-most-time-and-how-to-fix-each-1fi4 https://dev.to/yash_step2dev/5-devops-errors-that-cost-developers-the-most-time-and-how-to-fix-each-1fi4 <h1> 5 DevOps Errors That Cost Developers the Most Time (And How to Fix Each) </h1> <p>After diagnosing 1,800+ errors through ARIA, I've noticed patterns. The same five categories of errors cost developers the most debugging time — not because they're complex, but because developers look in the wrong place.</p> <p>Here's each one and the fastest path to a fix.</p> <h2> 1. Disk Full (Silent App Killer) </h2> <p><strong>Time lost on average</strong>: 45-90 minutes</p> <p><strong>Why it's hard</strong>: Apps crash without disk-related errors. You see a generic crash, a failed write, or a database refusing connections — not "disk full."</p> <p><strong>The fix</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">df</span> <span class="nt">-h</span> <span class="c"># Check disk usage</span> <span class="nb">du</span> <span class="nt">-sh</span> /var/log/<span class="k">*</span> | <span class="nb">sort</span> <span class="nt">-rh</span> | <span class="nb">head</span> <span class="nt">-10</span> <span class="c"># Find what's using space</span> <span class="nb">sudo </span>journalctl <span class="nt">--vacuum-time</span><span class="o">=</span>14d <span class="c"># Clear old system logs</span> docker system prune <span class="nt">-f</span> <span class="c"># Clear unused Docker data</span> find /tmp <span class="nt">-mtime</span> +7 <span class="nt">-delete</span> <span class="c"># Clear old temp files</span> </code></pre> </div> <p><strong>Prevention</strong>: Add a daily cron that alerts you when disk &gt; 80%.</p> <h2> 2. Environment Variable Missing in Production </h2> <p><strong>Time lost on average</strong>: 30-60 minutes</p> <p><strong>Why it's hard</strong>: The error is usually not "env var missing." It's a downstream failure — database connection refused, API call failing with auth error, app crashing on startup.</p> <p><strong>The fix</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Compare what your app expects vs what's in production</span> <span class="nb">cat</span> .env.example | <span class="nb">grep</span> <span class="nt">-v</span> <span class="s1">'^#'</span> | <span class="nb">grep</span> <span class="s1">'='</span> | <span class="nb">cut</span> <span class="nt">-d</span><span class="o">=</span> <span class="nt">-f1</span> | <span class="nb">sort</span> <span class="o">&gt;</span> /tmp/expected.txt <span class="nb">printenv</span> | <span class="nb">cut</span> <span class="nt">-d</span><span class="o">=</span> <span class="nt">-f1</span> | <span class="nb">sort</span> <span class="o">&gt;</span> /tmp/actual.txt diff /tmp/expected.txt /tmp/actual.txt </code></pre> </div> <p><strong>Prevention</strong>: Use <code>.env.example</code> as your source of truth. Run the diff above before every production deploy.</p> <h2> 3. Database Connection Refused After Config Change </h2> <p><strong>Time lost on average</strong>: 60-120 minutes</p> <p><strong>Why it's hard</strong>: A server update, a package upgrade, or a misconfigured connection pool can break database connectivity without changing your app code.</p> <p><strong>The fix</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Is the DB service running?</span> <span class="nb">sudo </span>systemctl status postgresql ss <span class="nt">-tlnp</span> | <span class="nb">grep </span>5432 <span class="c"># Can you connect directly?</span> psql <span class="nt">-h</span> localhost <span class="nt">-U</span> youruser <span class="nt">-d</span> yourdb <span class="c"># Check pg_hba.conf for auth issues</span> <span class="nb">sudo tail</span> <span class="nt">-20</span> /etc/postgresql/<span class="k">*</span>/main/pg_hba.conf <span class="nb">sudo tail</span> <span class="nt">-50</span> /var/log/postgresql/<span class="k">*</span>.log </code></pre> </div> <h2> 4. Memory Leak Causing Gradual Slowdown </h2> <p><strong>Time lost on average</strong>: 2-4 hours</p> <p><strong>Why it's hard</strong>: It's not a crash. It's a slow degradation over hours or days. By the time you investigate, the process has been running for hours and the memory usage graph requires context to interpret.</p> <p><strong>The fix</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Track memory usage over time</span> <span class="k">while </span><span class="nb">true</span><span class="p">;</span> <span class="k">do </span>ps <span class="nt">-o</span> pid,vsz,rss,comm <span class="nt">-p</span> <span class="si">$(</span>pgrep node<span class="si">)</span> <span class="o">&gt;&gt;</span> /tmp/memory_log.txt <span class="nb">sleep </span>60 <span class="k">done</span> <span class="c"># For Node.js — generate a heap snapshot</span> <span class="nb">kill</span> <span class="nt">-USR2</span> &lt;PID&gt; <span class="c"># Generates heapdump if using --inspect</span> <span class="c"># Or use clinic.js</span> npx clinic doctor <span class="nt">--</span> node server.js </code></pre> </div> <h2> 5. CI/CD Passes But Production Fails </h2> <p><strong>Time lost on average</strong>: 45-90 minutes</p> <p><strong>Why it's hard</strong>: Your tests pass. Your staging looks fine. Production breaks. The cause is almost always an environment difference.</p> <p><strong>The fix</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Compare env vars between staging and production</span> <span class="c"># On staging:</span> <span class="nb">printenv</span> | <span class="nb">sort</span> <span class="o">&gt;</span> /tmp/staging_env.txt <span class="c"># On production:</span> <span class="nb">printenv</span> | <span class="nb">sort</span> <span class="o">&gt;</span> /tmp/prod_env.txt <span class="c"># Compare</span> diff /tmp/staging_env.txt /tmp/prod_env.txt <span class="c"># Check if production has different Node/Python version</span> node <span class="nt">--version</span> python3 <span class="nt">--version</span> </code></pre> </div> <p>Common causes: different Node versions, missing production secrets, different database connection limits, missing system packages.</p> <p>The pattern across all five: the error message points to a symptom, not the cause. The fix requires knowing where to look.</p> <p>I built ARIA to solve exactly this.<br> Try it free at step2dev.com — no credit card needed.</p> devops linux productivity debugging