Essential Server Configuration Steps for Microservice Deployments
1. Persisting Firewall Port Rules
When exposing services to external traffic, port configurations must survive system reboots. Using firewalld, rules are applied to the runtime environment by default. To make them permanent, append the --permanent flag:
sudo firewall-cmd --zone=public --add-port=8085/tcp --permanent
Permanent rules are written to disk but do not affect the active session immediately. Apply the changes to the runtime configuration without interrupting existing connections:
sudo firewall-cmd --reload
Verify that the rule is correctly stored in the persistent configuration:
sudo firewall-cmd --zone=public --list-ports
The output will display 8085/tcp, confirming the port remains open across restarts.
2. Identifying and Terminating Java Processes
Locate running JVM instances or executable JAR files by filtering the process table:
ps aux | grep -E '\.jar|java' | grep -v grep
Identify the target Process ID (PID) from the second column of the output. For example, if the PID is 41920, initiate a graceful shutdown first to allow the application to release resources:
kill -15 41920
If the process remains unresponsive, force termination using the SIGKILL signal:
kill -9 41920
3. Containerized Nacos Deployment
Running a service registry like Nacos in isolated containers simplifies environment management. The following command initializes a standalone instance with constrained memory, persistent storage mounts, and automatic recovery:
docker run -d \
--name nacos-registry \
--restart unless-stopped \
-p 8848:8848 \
-p 9848:9848 \
-p 9849:9849 \
-e MODE=standalone \
-e JVM_XMS=512m \
-e JVM_XMX=512m \
-v /opt/nacos/data/logs:/home/nacos/logs \
-v /opt/nacos/data/conf:/home/nacos/conf \
nacos/nacos-server:latest
Key parameters include MODE=standalone for single-node operation, JVM heap size limits to prevent host memory exhaustion, and volume bindings to preserve configuration and logs outside the container lifecycle.
4. Configuring Nginx Reverse Proxy for API Routing
Frontend applications hosted on Nginx frequently fail to communicate with backend microservices due to missing proxy directives. Without explicit routing, API requests result in 404 Not Found errors. Define a location block to intercept specific path prefixes and forward them to the internal gateway or service cluster:
server {
listen 80;
server_name 192.168.1.100;
root /var/www/frontend/build;
index index.html;
location /svc/ {
proxy_pass http://127.0.0.1:9090/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "keep-alive";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
The proxy_pass directive strips the /svc/ prefix and routes traffic to the backend listener on port 9090. Additional headers preserve the original client IP, protocol, and host information, ensuring downstream services receive accurate request metadata for logging and security validation.
