Server Configuration Posts

Using Containerized Nexus as Image Registry for Storing Docker Images

There are alot of image registries when we are talking about docker images, such as Quay, Docker Hub, or Nexus. And on this writing, we are trying to create a docker image repository by using Nexus.

Lets start by installing Nexus to our system,

docker run -d -p 8081:8081 -p 7000:7000 --name nexus sonatype/nexus3

After logging in by using admin credentials, and yes we need to read the generated password which is located at /nexus-data/admin.password, we need to update our admin password and after that we can create a new docker image repository.

and create a new repository by using a docker (hosted) recipe. Open port 7000 for http connection

we can test login to our Nexus image repository by using below docker command,

$ docker login localhost:7000

try pulling a new image from external, and push it into our newly created Nexus

$ docker pull alpine
Using default tag: latest
latest: Pulling from library/alpine
59bf1c3509f3: Pull complete
Digest: sha256:21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300
Status: Downloaded newer image for alpine:latest

tag it, and push into Nexus image repository,

$ docker tag alpine localhost:7000/dev/alpine

$ docker push localhost:7000/dev/alpine

and finally we can see our images in Nexus.

How to Remove Docker’s Dangling Image on Windows 10

There are times where i need to clean all unused, dangling docker images on my laptop. Previously im running below command,

docker image prune -a

But it seems like altho almost all images are gone, i can see still some images are still occupying my laptop’s disk. So i have to do something to delete them.

The workaround is quite easy, run PowerShell as Administrator and run below command,

docker rmi $(docker images --quiet --filter "dangling=true") -f

Executing that command will generates this log,

And i can see that my harddisk is now have more free spaces 🙂

Integrating Spring Boot Login with Keycloak or Red Hat Single Sign On

When we are managing many applications, one of the most painful part is managing its user and access right. Because usually different applications have their own user management, and sometimes each user have different credentials between multiple applications.

We can solve this problem by having a one point user management where other application can use this tools for managing their user authentication and authorization. This is where Red Hat Single Sign On (or its opensource product, Keycloak) can comes in handy. It provides an end to end user management lifecyle, from activating a new user, managing them, assigning their access right until deactivating them. On this example, we’ll start with a simple login page by using Keycloak, and how other application (in this example is a Spring Boot app) is connecting to it.

First we need to create a java project with below pom file, im using keycloak-adapter bom and keycloak-spring-boot-starter library for this.

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns=""











And perhaps the most important part in this project is, the In here, we are putting our Keycloak’s url, realm name, client name, and secret. Also we are defining that only user with admin role can access a URL with /admin/ pattern.

### server port
server.port=8080 Boot with RHSSO Login

### rhsso configuration

### spring boot ui configuration

### authorization[0].authRoles[0]=admin[0].securityCollections[0].patterns[0]=/admin/*

Next is we need to create a user and role on Red Hat SSO,

After that, we need to create a client and its password,

And put those corresponding values inside

We can test whether configuration works well or not by directly accessing to admin page (/admin/index). A successful configuration would prevent an unauthorized user from accessing admin page by showing a Keycloak login page. Admin page only accessible once a user has successfully login thru Keycloak or Red Hat Single Sign On.

Full code can be downloaded on my github page,

Have fun with RHSSO and Keycloak (H)

Fixing “SSL routines:tls_process_ske_dhe:dh key too small” on Containerized RHEL8

I have a very unique error today, so basically my RHEL 8 (Red Hat Enterpise Linux) cannot connect to another system due to SSL issue. The exception is quite clear, and can be seen below.

error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small

It is quite easy to do it in a standalone infrastructure, but this problem happen on a containerized application which make it much more complicated.

After searching for a solution, i come up with this Dockerfile


user root
RUN update-crypto-policies --set LEGACY 

user 185

Build it,

docker build -f Dockerfile -t application-rhel8-modified:7.8.0 .

Deploy it, and i can see that the previous error is no longer exist.

How to Connect to Red Hat AMQ using Artemis and SSL

We can protect our AMQ end point using a specific SSL, preventing those who doesnt have the exact certificate to connecting to my AMQ server’s endpoint.

In order to do so, first we need to create a very simple certificate to be use by our AMQ server with a simple keytool command

keytool -genkey -alias artemists -keyalg RSA -sigalg SHA1withRSA -keystore artemis.ts -keysize 2048

It will generate a new file, artemis.ts

And generate a new keystore,

keytool -genkey -v -keystore broker02.ks -alias broker02 -sigalg SHA1withRSA  -keyalg RSA -keysize 2048 -validity 10000

Put string “password” if you need to input a password while generating those two items.

And reference those files on our AMQ broker.xml configuration,

<acceptor name="core">

Start our server,

artemis run

We can connect using our artemis client with below command,

artemis producer --url tcp:// --message-count 1

The first time connected, it will shows error on your client’s side,

Caused by: unable to find valid certification path to requested target
        at java.base/
        at java.base/
        at java.base/
        at java.base/

And on your server’s side,

Caused by: Received fatal alert: certificate_unknown
        at java.base/ [java.base:]
        at java.base/ [java.base:]
        at java.base/ [java.base:]
        at java.base/$AlertConsumer.consume( [java.base:]
        at java.base/ [java.base:]
        at java.base/ [java.base:]
        at java.base/ [java.base:]

Means you need to use your server’s cert on your client while making request, there are multiple ways of doing that. The simplest is by putting your server’s certificate on your local client’s trust store.

keytool -exportcert -alias artemists -keystore artemis.ts -file artemis.cer
keytool -exportcert -alias broker-server -keystore broker02.ks -file broker02.cer

keytool -import -alias artemists -file artemis.cer -cacerts
keytool -import -alias broker-server -file broker02.cer -cacerts

Use password “changeit” while importing your certificate to client’s cacerts.

When re-run artemis producer again, it should gives a successful message like this

\bin>artemis producer --url tcp:// --message-count 1
Producer ActiveMQQueue[TEST], thread=0 Started to calculate elapsed time ...

Producer ActiveMQQueue[TEST], thread=0 Produced: 1 messages
Producer ActiveMQQueue[TEST], thread=0 Elapsed time in second : 0 s
Producer ActiveMQQueue[TEST], thread=0 Elapsed time in milli second : 27 milli seconds