iostat, vmstat, prstat, mpstat

iostat reports CPU, disk I/O, and NFS statistics.
vmstat reports virtual memory statistics.
mpstat reports processors statictics.

vmstat: Virtual Memory statistic. 实时收集并报告主内存,交换分区(SWAP)以及 CPU 的使用情况. 用来查找和定位内存的性能问题.

procs -----------memory---------- ---swap-- -----io---- -system-- ------cpu-----
 r  b   swpd   free   buff  cache   si   so    bi    bo   in   cs us sy id wa st
 1  0      0  90175    239   1434    0    0     0     1    3    2  0  0 100  0  0
 0  0      0  90175    239   1434    0    0     0     0  153  176  0  0 100  0  0
 1  0      0  90151    239   1434    0    0     0     4 3068 1961  1  2 97  0  0

r: process running
b: process blocked
swpd: swapped to swap
free: memory free
buff: memory committed
cache: declared or can be swapped to swap
si: swap in
so: swap out
bi: block in (read disk unit is block, memory unit is page)
bo: block out
in: interrupt
cs: context switch
us: user, sd: system/kernel, id: idle, ws: waste


JVM - jdb

jdb 是 Hotspot JDK 里面的一个命令行debug 实用工具。
实用 Java Debug Interface (JDI) 连接目标JVM。

JVM - VisualVM

Th Java VisualVM automatically detects and connects to the Java Management Extensions (JMX) agents for Java applications that are running on JDK or that have been started with the correct system properties. For the tool to detect and connect to the agents on a remote machine, the jstatd daemon must be running on the remote machine, see The jstatd Daemon. If Java VisualVM cannot automatically discover and connect to JMX agents that are running in a target application, then the tool provides a means for you to explicitly create these connections.
官方文档 在这里
you can:

  1. View a list of local and remote Java applications.
  2. View application configuration and runtime environment. For each
    application, the tool shows basic runtime information: PID, host,
    main class, arguments passed to the process, JVM version, JDK home,
    JVM flags, JVM arguments, and system properties.
  3. Enable and disable the creation of a heap dump when a specified
    application encounters an OutOfMemoryError exception.
  4. Monitor application memory consumption, running threads, and loaded
  5. Trigger a garbage collection immediately.
  6. Create a heap dump immediately. You can then view the heap dump in
    several views: summary, by class, by instance. You can also save the
    heap dump to your local file system.
  7. Profile application performance or analyze memory allocation (for
    local applications only). You can also save the profiling data.
  8. Create a thread dump (stack trace of the application's active
    threads) immediately. You can then view the thread dump.
  9. Analyze core dumps (with Oracle Solaris and Linux operating
  10. Analyze applications offline, by taking application snapshots.

JVM - JConsole

JConsole 也是 HotSpot JDK 里面一个非常有用的工具,完全使用JMX MBean 来搜集性能和CPU,内存,网络等使用状态。 除了动态搜集监控JVM, 它还可以动态改变JVM的某些参数。

若远程连接,远程机器的端口由JMX的 Agent启动设置的。

how to use JConsole
Monitoring and Management for the Java Platform
JConsole FAQ

HSTS (HTTP Strict-Transport-Security) 笔记

HSTS 是 HTTP Strict-Transport-Security 的缩写,是浏览器的一个功能. 它告诉浏览器对于某些站点只能用 HTTPS 访问, 不能用 http.

它通过服务器返回的 response 的 header 中的 Strict-Transport-Security 这一项来设置.
语法: Strict-Transport-Security: max-age=<expire-time>; includeSubDomains; preload.

当用户当前访问的是 HTTPS 站点,并且证书是合法有效的, 如果 response header 中包含 Strict-Transport-Security 做个 header, 那么浏览器就会知道: 这个站点在某个时间点之前都要使用 https 访问,如果用户输入 http 的协议, 自动转换为 https. 如果没到期, 后续的浏览又带来这个 header 会自动更新终止时间. 如果到期, 这个规则自动失效.
如果用户当前访问的是 http 站点, 并且这个站点之前还没有使用 HSTS, 那么浏览器会忽略这个 header, 因为没有使用 https, 这个回话可能会被拦截篡改.

参见: Strict-Transport-Security wiki