By default Linux has a somewhat brain-damaged concept of memory management: it lets you allocate more memory than your system has, then randomly shoots a process in the head when it gets in trouble. (The actual semantics of what gets killed are more complex than that - Google "Linux OOM Killer" for lots of details and arguments about whether it's a good or bad thing).

To restore some semblance of sanity to your memory management:

1. Disable the OOM Killer (Put vm.oom-kill = 0 in /etc/sysctl.conf)
2. Disable memory overcommit (Put vm.overcommit_memory = 2 in /etc/sysctl.conf) Note that this is a trinary value: 0 = "estimate if we have enough RAM", 1 = "Always say yes", 2 = "say no if we don't have the memory")

These settings will make Linux behave in the traditional way (if a process requests more memory than is available malloc() will fail and the process requesting the memory is expected to cope with that failure).

Reboot your machine to make it reload /etc/sysctl.conf, or use the proc file system to enable right away, without reboot:

echo 2 > /proc/sys/vm/overcommit_memory

refer: https://serverfault.com/questions/141988/avoid-linux-out-of-memory-application-teardown

Kong 0.13.1, I have a few snis bind to a cert which will be expired soon. So write a sh to bind these snis to a new cert (need install jq first):

#!/bin/sh
SNIS=`curl -s "http://kong-admin.kong:8001/snis"`
LEN=`echo $SNIS | jq '.data | length'`
# bash # for (( i=0; i<LEN; i++ ))
for i in $(seq 0 $(($LEN-1)))
do
  sni=$(echo $SNIS | jq .data[$i] | jq -r .name)
  found=0

  echo $sni | grep domain1.com

  if [ $? -eq 0 ]; then
    found=1
  else
    echo $sni | grep domain2.com

    if [ $? -eq 0 ]; then
      found=1
    fi
  fi

  if [ $found -eq 1 ]; then
    curl -X PATCH "http://kong-admin.kong:8001/snis/${sni}" -H "Content-Type: application/json" --data "{ \"ssl_certificate_id\": \"CHANGE TO YOUR NEW CERT ID\"}"
  fi
done