Author Archives: Jonathan Demers

How to Migrate 3 MySQL Databases to Amazon RDS in 5 Minutes

I had a LAMT (Linux-Apache-MySQL-Tomcat) on Amazon EC2 and I wanted to move all remaining MySQL databases (3) to an existing Amazon RDS instance. This would allow me to shutdown the MySQL instance on EC2, freeing RAM for Tomcat and leveraging RDS automated backups for those 3 databases in case of a disaster. The databases to migrate only contain low volume TEST data, but I already have that RDS instance, so why not use it?

I also have a SLA with my clients that allows me to perform “Standard daily maintenance“. Basically, the “Standard daily maintenance” must be performed outside business hours and must last at most 15 minutes.

The key to the success of this migration was to prepare, prepare and prepare before the actual migration. So here is what I did before the migration:

  • Create 3 empty databases and users on the RDS instance
  • Prepare new configuration files with the new JDBC url pointing to the RDS instance
  • Prepare all the commands that must be executed
  • Review and test the commands as needed

Now that I am prepared I just need to wait for the “Standard daily maintenance” time. Then, I just copy and paste the commands in a terminal. I prefer to copy/paste the commands one by one, so if any command fails (for any reason), it can be fixed right away before running the next commands. Here is a summary of the commands:

  1. Shutdown Tomcat
  2. MySQL dump/restore from EC2 to RDS (3 databases)
  3. Copy the configuration files with JDBC url pointing to RDS (3 files)
  4. Prevent MySQL from starting during boot: echo manual > /etc/init/mysql.override
  5. sudo reboot (I want to verify that MySQL on EC2 won’t start after a reboot)

Everything went fine. After reboot, the MySQL instance on EC2 was not started, as expected. The Tomcat webapps were fine as well and there is more free RAM for Tomcat.

For those webapps, I have uptime monitoring at one minute interval with Pingdom. I receive emails when a webapp go down and up again. Here is the “UP” email from Pingdom, showing 5 minutes of downtime for that migration:

OpCode is UP again at 12/22/2014 08:25:36PM, after 5m of downtime.


Sharing few thoughts on my startup experience

I am glad to learn that IO Road has been published on FeedMyApp. Lately, I’ve been doing some PR for and it is good to get a tiny bit of recognition from an independent organization. I believe I am very good at developing software, but launching a product like IO Road requires more than “begin good with software development”. So if you need a lesson of humility, you may consider launching a new product 🙂 . I am learning a lot in this process, which is good because it was one of the intended goals (and I was prepared to that)

The biggest challenge for me is to choose where to put the resources (time and money, but mostly time). I am trying to apply some principles of the Lean Startup and I realize the more I apply them, the more I understand them. Which mean I did not fully grasp them in the first place. Like the ‘MVP‘ thing, I realize I could have been much further with the ‘M’ part :).

Also, sometimes it is tempting to fall to the dark side of SEO, but I don’t believe I can actually beat Google’s algorithm, lol. If I had to develop a search engine, after a few days of thinking, I believe I could come up with pretty clever ways of using machine learning (mostly clustering) to detect “unusual linking patterns”. So I don’t even want to imagine what top engineers at Google came up with after years and years of improvements to their algorithm. This keeps me on the safe side, or at least, that is what I believe. For that matter, I am wondering how Google actually sees this post. At least, it is an honest attempt to share few thoughts on my experience. causes OutOfMemoryError

The problem

Few days ago, a reader contacted me with a problem he had in a piece of code. The code was creating thumbnails from images and was throwing an OutOfMemoryError after few dozens of images.  Here is the simplified code, line 26 throws OutOfMemoryError:

And here is the stacktrace with the OutOfMemoryError:

The cause of the OutOfMemoryError

The cause of that problem is not obvious. The stacktrace (and the title of this article) is somewhat misleading. Here is what happens: The call to fullSizeImage.getScaledInstance() (lines 33-34) produces a smaller image thumbnail, but that thumbnail object keeps a reference to the fullSizeImage. Since JPEG files are highly compressed, reading and parsing them takes a significant amount of memory and that memory can never be freed.

The solution: Do not use Image.getScaledInstance()

The solution was to replace the call to fullSizeImage.getScaledInstance() with the lines 34-38 highlighted below. That solution allowed the code to read thousands of images, because the fullSizeImage was no longer kept in memory.


From Oracle’s website: How do I create a resized copy of an image?

For this particular problem, I did not need to produce a heap dump, because the code was small enough. With a few tests and a few searches on Google, I could figure-out what was happening. However, if you have no idea where the OutOfMemoryError comes from, you may want to read this article: How to fix java.lang.OutOfMemoryError: Java heap space

HTTPS Wildcard Subdomain: DNS + Apache + Tomcat Config

I recently had to configure HTTPS on a wildcard subdomain with Apache HTTP server as reverse proxy to a Tomcat backend. I had few more requirements:

  1. Redirect all http traffic to https and preserve the subdomain (hostname). For instance:
    • -> redirect to ->
    • -> redirect to ->
    • etc.
  2. I want to have a PHP wiki on the subdirectory /wiki and I want to send the rest of the traffic to Tomcat.
  3. Tomcat needs to know the subdomain (hostname) and will serve content accordingly.
  4. I don’t know the subdomains in advance because they are chosen by users, just like *

Few parts were not trivial, so I will share my setup.

DNS Wildcard Subdomain Configuration

DNS is probably the easiest part. Nowadays, most domain registrar offer good DNS support for free with your domain. If that is not the case of your registrar, you may want to consider namecheap. Their DNS also support wildcard entries. Otherwise, you can use the popular Bind DNS server. Here is how to configure a wildcard entry in BIND. Change with your IP address.

Apache Wildcard Subdomain Configuration

This was trickier. The Apache HTTP server configuration has 2 main parts.

1. HTTP (port 80): We use mod_rewrite to redirect all traffic for * to https (port 443) and we preserve the hostname with the %{HTTP_HOST} variable.

2. HTTPS (port 443): Except for the PHP subdirectory (/wiki), we reverse proxy all traffic to Tomcat, which listen on port 9090 of localhost.

Tomcat Wildcard Subdomain Configuration

Below you’ll find the configuration of Tomcat (in server.xml), which is quite standard. Actually, we do not need to define any “wildcard“, we just define a defaultHost in the Engine element. Then we deploy a ROOT.war in the webapps directory (/opt/ to serve all content at the root context path.

How does Tomcat Know the Subdomain?

With this configuration, all content will be sent to Tomcat with “localhost” as the hostname. Fortunately, the Apache reverse proxy will send extra request headers to Tomcat, namely:

X-Forwarded-For: The IP address of the client.

X-Forwarded-Host: The original host requested by the client in the Host HTTP request header.

X-Forwarded-Server: The hostname of the proxy server.

So in Tomcat (or any other servlet container), just use the Java code below to get the value of that header “X-Forwarded-Host” and you’ll know the subdomain.


Alternatively, you may also use the ProxyPreserveHost On directive in Apache configuration and you should be able to get the hostname (subdomain) normally in Tomcat. NOTE: I haven’t tested that setup.

Bonus: Wildcard SSL Certificate

Of course you’ll need a wildcard SSL certificate. Those are usually very expensive, but Namecheap resells Comodo wildcard certificate at very good price. No, I do not have any interest in namecheap, they just happen to be very good at what they do 🙂

How to Add a Free “Client Login” to your Website

This 2 steps tutorial explains how you can add a professional and fully-functional Client Login form to any website at no cost. See below a screenshot of my website with this Client Login form (in the navbar, top-right corner):

Client Login

This “Client Login” will allow you to securely exchange any files (big and small) with your clients: invoices, statements, project plans, photo/video productions, etc.

Step 1. Get a free account at IO Road

IO Road is a professional file transfer service designed to transfer BIG files (few GB) securely. The good thing about it: no monthly fees. This means you can sign up (no credit card required), configure it (your brand), add users (clients) and it costs nothing $0. You even get free credits at sign-up.

NOTE: There will be a fee only when (and if) you transfer files, but the rates are very low anyway: $0.000122 per MegaByte.

Signing up to IO Road is straightforward, but if you need some help, refer to the wiki page Sign up to IO Road in 3 Steps. When this step is completed, you will own the new domain:

Step 2. Add the “Client Login” (HTML) to your website

Variant 1: Simple Link

On the top menu, you can add a simple link like this

In the code above, change mydomain to the domain you chose at IO Road.

Variant 2: Client Login Form

If you have more real-estate in your menu you can go with the html form with this code:

Here again, change mydomain to the domain you chose at IO Road.

Caution: Make sure to use https (not http) in the form “action” attribute, otherwise this will not work.


Ubuntu Apache Reverse Proxy Rewrite HTML Links

I just wasted few hours on this, so I will share a few tips. If you want to setup a reverse proxy and rewrite links in html pages, you can use Apache module mod_proxy_html.

Step 1. Install and enable Apache mod_proxy


Step 2. Apache configuration

In Ubuntu 14.04 LTS, it does not work “out of the box”, because some standard config is missing when enabling mod_proxy_html. More specifically, the ProxyHTMLLinks directives are missing in Ubuntu 14.04. I say “missing”, because those directives are included by default in earlier releases and in other distros (in a file called proxy_html.conf). Also, pay particular attention to the directives ProxyHTMLEnable, ProxyHTMLExtended and SetOutputFilter.

So, let’s say you want to have your apache server at to serve (proxy) the content of the server at and rewrite HTML links. Here is the config that works for me on Ubuntu 14.04 LTS.


Retiring FTP: 10 Tips for a Replacement Technology

OpCode Solutions is the creator of, a professional file transfer service designed for businesses.

If your business still uses a FTP server to transfer big files, you may already be considering a replacement. Many businesses have already moved away from FTP, and for good reasons. FTP is an old protocol with many security vulnerabilities, is hard to implement and maintain in today’s networking environment, can be difficult to administer (create users, manage permissions, etc) and challenging for non-techie users. This post is not intended to list all issues related to FTP, but rather to offer a viable alternative for companies wanting to move away from the legacy File Transfer Protocol (FTP).

There are many things you have to consider when choosing a file transfer solution for your business. Here is a list of 10 characteristics to take into account.

1. Free vs Paid

There are many “free file transfer” solutions out there. Unfortunately, transferring files cost money in terms of bandwidth and servers. Those “free” service providers make their money by displaying advertisements to users. This is OK when you send a video of your child to your mom, but it is NOT OK when sending important files to your clients. A service with No Ads is essential to maintain your credibility with clients. Also, most “free” solutions impose severe limits (file size, bandwidth, speed) and lack business features like security, multi-user, delivery notifications, etc. A few dollars from your pocket can go a long way.

2. Security

This is the #1 reason why most companies moved away from FTP. Security is very important because most files you share with clients are confidential. You want to make sure only your recipient can access the files you share. File transfers must be encrypted (https, TLS) to prevent network sniffing by hackers. Also, you want a service offering password protection. If anyone can get the file by clicking a link (without password), your confidential data is at risk.

3. Receiving files

Unlike FTP, many file transfer services work only one way: sending files. This means you’ll be able to send large files to your client, but the service will not allow you to receive files from your client. This may or may not be an issue depending on your needs. To offer a first class experience to your clients, consider file transfer solutions that work both ways and allow you to receive large files from your client, just like FTP.

4. Limits

Check for the limits. Limits can be in terms of file size, storage, bandwidth, concurrent or total file transfers. Beware of “unlimited” offerings. As said earlier, transferring data costs money. Some providers claim to offer “unlimited” service, but will have very slow file transfer speeds, effectively limiting your ability to transfer files. Waiting 25 minutes to transfer a huge file is understandable, but waiting 25 hours for that same file is long, very frustrating and can Jeopardize your business. You also want a service that can adapt to your needs over time: easy upgrade and downgrade.

5. Ease of use

This was another complaint about FTP. You want a service that is intuitive so that your clients (and employees) can use it easily. Transferring files should be as simple as sending an email. You want a service that requires no software installation. People do not like to install yet another software they do not trust (malware?). A web-based service accessed from a browser (https) is preferable. Also, some nice additions to look for are drag-n-drop and progress bars for file transfers (uploads and downloads). Transferring large files can take a lot of time, the worst thing is “not knowing if my current upload/download is working”.

6. Multi-User

This is a must-have if you are working in teams. Each team member can have his own access to the service with his own permissions, just like FTP. Employees can get sick, take vacation and even leave the company. You may be tempted to work-around this by sharing the same user/password with all team members, but this is probably not allowed by the service provider. Also, doing this has several drawbacks: you cannot give each person different permissions and you’ll allow anybody in your team to  hijack your account by changing the unique password. Moreover, if the service has some sort of “audit logs“, you will loose the ability to know who did what, because everything is done under the same username. Multi-user should not be costly, because is does not cost much for the service provider to implement this feature.

7. Delivery notifications

That feature is just too nice to be missing. It is good to know that your client correctly received your file, or that a client just uploaded a new file for you. You should not have to install yet another app on your phone to get notifications, email notifications are universal. Also, you should be able to configure the system so that notifications are sent to many people.

8. Audit logs

Sometimes, you need to know what happened with a file: who uploaded it, who downloaded it, who deleted it and when. For audit purposes, you may also need to know what did a specific user do in the last 4 weeks. Audit logs are nice to have.

9. Branding (white label)

When transferring files with your client, take that opportunity to communicate your brand. For large file transfers, your client may be on that screen for longer than when he visited your website. Offer a good experience: show your colours, your company name and tagline.

10. Price

Last but not least, you want a reasonable and sustainable price. Money is hard to earn and your business already has a lot of recurring costs. There is no reason for a service provider to ask the payment of one full year in advance. And you should not have to pay anything when you don’t use the service. Use IO ROAD and pay only for what you use.


IO ROAD is packed with all those business features and has a unique pricing model in the industry: Pay As You Go. You can register and try the service for free, no credit card required.

Programmatically Configure Hibernate (JPA) with DBCP

I recently had deadlock issues with c3p0 and statement caching. Long story short, after investigating c3p0 code, I decided to switch to DBCP (maybe I’ll write a post with the long story).

I am not a big fan of Spring (here again, maybe I’ll write a post about that). If you are like me, here is how to programmatically configure Hibernate (JPA) to use DBCP, without Spring and without JNDI.

With DBCP, all my deadlock issues disappeared. Thank you ASF.

How to fix java.lang.OutOfMemoryError: Java heap space

If you get an OutOfMemoryError with the message “Java heap space” (not to be confused with message “PermGen space“), it simply means the JVM ran out of memory. When it occurs, you basically have 2 options:

Solution 1. Allow the JVM to use more memory

With the -Xmx JVM argument, you can set the heap size. For instance, you can allow the JVM to use 2 GB (2048 MB) of memory with the following command:

Solution 2. Improve or fix the application to reduce memory usage

In many cases, like in the case of a memory leak, that second option is the only good solution. A memory leak happens when the application creates more and more objects and never releases them. The garbage collector cannot collect those objects and the application will eventually run out of memory. At this point, the JVM will throw an OOM (OutOfMemoryError).

A memory leak can be very latent. For instance, the application might behave flawlessly during development and QA. However, it suddenly throws a OOM after several days in production at customer site. To solve that issue, you first need to find the root cause of it. The root cause can be very hard to find in development if the problem cannot be reproduced. Follow those steps to find the root cause of the OOM:

Step 1. Generate a heap dump on OutOfMemoryError

Start the application with the VM argument -XX:+HeapDumpOnOutOfMemoryError. This will tell the JVM to produce a heap dump when a OOM occurs:

Step 2. Reproduce the problem

Well, if you cannot reproduce the problem in dev, you may have to use the production environment. When you reproduce the problem and the application throws an OOM, it will generate a heap dump file.

Step 3. Investigate the issue using the heap dump file

Use VisualVM to read the heap dump file and diagnose the issue. VisualVM is a program located in JDK_HOME/bin/jvisualvm. The heap dump file has all information about the memory usage of the application. It allows you to navigate the heap and see which objects use the most memory and what references prevent the garbage collector from reclaiming the memory. Here is a screenshot of VisualVM with a heap dump loaded:

Heap Dump in VisualVM

This will give you very strong hints and you will (hopefully) be able to find the root cause of the problem. The problem could be a cache that grows indefinitely, a list that keeps collecting business-specific data in memory, a huge request that tries to load almost all data from database in memory, etc.

Once you know the root cause of the problem, you can elaborate solutions to fix it. In case of a cache that grows indefinitely, a good solution could be to set a reasonable limit to that cache. In case of a query that tries to load almost all data from database in memory, you may have to change the way you manipulate data; you could even have to change the behavior of some functionalities of the application.

Manually triggering heap dump

If you do not want to wait for an OOM or if you just want to see what is in memory now, you can manually generate heap dump. Here 2 options to manually trigger a heap dump.

Option 1. Use VisualVM

Open VisualVM (JDK_HOME/bin/jvisualvm), right-click on the process on the left pane and select Heap Dump. That’s it.

Option 2. Use command line tools

If you do not have a graphical environment and can’t use vnc (VisualVM needs a graphical environment), use jps and jmap to generate the heap dump file. Those programs are also located in JDK_HOME/bin/.

Finally copy the heap dump file (heap.bin) to your workstation and use VisualVM to read the heap dump: File -> Load…

Alternatively, you can also use jhat to read heap dump files.

Solution 3 (bonus). Call me

You can also contact my application development company and I can personally help you with those kind of issues 🙂

How to fix java.lang.OutOfMemoryError: PermGen space

When you get an OutOfMemoryError with the message “PermGen space” (not to be confused with message “Java heap space“), this means the memory used for class definition is exhausted. Fortunately, most of the time, this is easy to fix.

Solution 1 (your best bet). Increase the size of PermGen space

If you have a Java process that uses a lot of classes (lots of jars) or if you have many applications deployed to your application container (Tomcat), you can allocate more memory to that “PermGen space” using the -XX:MaxPermSize VM argument. For instance, to allocate 512 MB of RAM to PermGen space, use:

Solution 2. Restart your application container

You can get this error if you redeploy an application (webapp) several time without restarting your application container (like Tomcat). Most application containers support hot-redeployment, but class-loading is complex and sometimes old class definitions remain in memory. In that case, your best option is to get used to always restart your application container (Tomcat) after you deploy an application to it. This is easy and it fixes many problems.

Solution 3. Fix your class-loader leak

If none of the above works, you are in trouble 🙁 Seriously, unless you hacked the class-loading of the JVM or application container, you should not have that problem. Or maybe it is a bug in a library you are using or in your application container. You can try to upgrade to latest versions. If you hacked the class-loaders yourself, you may want to reconsider it. Why did you do that? Unless you are developing a JVM or an application container, you should not have to do that.