2023/09/24 05:42:59 [crit] 765#765: *11775 stat() "/home/app/target/resources/public/" failed (13: Permission denied), client: 167.71.182.33, server: , request: "GET / HTTP/1.1", host: ""

2023/09/24 05:42:59 [crit] 765#765: *11775 stat() "/home/app/target/resources/public//index.html" failed (13: Permission denied), client: 167.71.182.33, server: , request: "GET / HTTP/1.1", host: ""

2023/09/24 05:42:59 [crit] 765#765: *11775 stat() "/home/app/resources/public/" failed (13: Permission denied), client: 167.71.182.33, server: , request: "GET / HTTP/1.1", host: ""

2023/09/24 05:42:59 [crit] 765#765: *11775 stat() "/home/app/resources/public//index.html" failed (13: Permission denied), client: 167.71.182.33, server: , request: "GET / HTTP/1.1", host: ""
2023/09/24 05:42:59 [error] 765#765: *11775 connect() failed (111: Unknown error) while connecting to upstream, client: 167.71.182.33, server: , request: "GET / HTTP/1.1", upstream: "http://[::1]:8080/", host: ""

that's weird. what does ssh ls -l target/resources/public give you?

is it possible that you somehow started the app as root on the server? E.g. if you ssh'd in as root and ran bb dev or something while you were on the server?

ssh ls -l would also be useful to see. are you on the latest biff version? I think this may be rsync-related. bb deploy I think is preserving the file permissions from your local machine, and in your case maybe that's causing problems. E.g. if the user number for your local account is different from the Ubuntu default of 1000 maybe? if that's the problem then I probably need to get rid of the --archive flag that I'm passing to rsync and replace it with a few more specific flags.

ssh ls -l target/resources/public gives

total 4
drwxr-xr-x 2 app app 4096 Sep 12 22:26 css

$ ls -l
total 336
-rw-r--r-- 1 app app    136 Sep  9 20:34  README.md
-rw-r--r-- 1 app app   1192 Aug  8  2022 'Website GroundedSol'
drwxr-xr-x 6 app app   4096 Sep 12 22:01  bb
-rw-r--r-- 1 app app 170398 Sep 20 18:59 'bb deploy log.txt'
-rw-r--r-- 1 app app   1728 Sep 12 22:42  bb.edn
-rw-r--r-- 1 app app     25 Sep  9 20:34  cljfmt-indents.edn
-rw-r--r-- 1 app app     76 Jul  6  2021  commands.txt
-rw------- 1 app app   2795 Sep 20 19:30  config.edn
-rw-r--r-- 1 app app   2120 Sep 20 20:18  deps.edn
drwxrwxr-x 2 app app   4096 Sep 12  2022  notebooks
-rw-r--r-- 1 app app    282 Jul  4  2021  package-lock.json
drwxrwxr-x 7 app app   4096 Sep 20 17:02  repo.git
drwxr-xr-x 4 app app   4096 Sep 19 14:28  resources
-rw-r--r-- 1 app app   3139 Sep 20 16:40  
drwxr-xr-x 2 app app   4096 Sep  5  2022  scripts
-rw------- 1 app app    185 Sep  9 20:34  secrets.env
-rw-r--r-- 1 app app  86634 Sep 20 18:57  server-setup-output.txt
-rw-r--r-- 1 app app   3139 Sep  9 20:34  server-setup.sh
drwxr-xr-x 3 app app   4096 Sep 14 23:07  src
drwxr-xr-x 3 app app   4096 Sep 20 17:17  storage
drwxr-xr-x 3 app app   4096 Sep 12 22:26  target
drwxr-xr-x 3 app app   4096 May 31  2022  test

I don’t believe I ever logged in as app@groundedsol before. Maybe I missed a beat in tutorial.

hm, well so much for that hypothesis. that all looks correct

I did log in initally with doctl, but it didn’t have the copy file command referenced in tutorial

every minute there’s a set of errors like that.

no need to log in as the app user; I think the only time the tutorial has you log in is as root so you can run the server setup script

I have live.js for local, but it’s under a flag, and not showing up in prod html

hm, and going to the website in my browser, it seems to work fine I see

are you able to trigger these error messages?

and the error output is from bb logs ? I'm surprised there's not a stack trace. or are these the nginx logs?

actually if this is just from the nginx error logs or something else other than bb logs and you're not seeing any broken behavior in your app, it might not be anything to worry about... on every request, biff checks to see if there's a static file that can be served, and only if one isn't found does it send the request to your reitit handlers. so it's normal whenever someone goes to your website for biff to check for files in the locations that are mentioned in those error messages (E.g. /home/app/target/resources/public/index.html) and not find anything there. and maybe those attempted file accesses are just getting logged somewhere

(relevant code: https://github.com/jacobobryant/biff/blob/b730c8524fa113832865b6f41312dd87a514465f/src/com/biffweb/impl/middleware.clj#L58)

No bb-logs are clean. And yes the site seems to be loading fine from my local testing

Sep 24 15:44:57 groundedsol sh[7899]: [qtp1268830482-87] INFO com.biffweb.impl.middleware -   0ms 200 get  /js/accordionscript.js
Sep 24 15:44:57 groundedsol sh[7899]: [qtp1268830482-91] INFO com.biffweb.impl.middleware -   0ms 200 get  /js/old_main.js
Sep 24 15:44:57 groundedsol sh[7899]: [qtp1268830482-102] INFO com.biffweb.impl.middleware -   5ms 404 get  /js/main.js
Sep 24 15:44:57 groundedsol sh[7899]: [qtp1268830482-90] INFO com.biffweb.impl.middleware -   0ms 200 get  /js/calendar02.js
Sep 24 15:44:57 groundedsol sh[7899]: [qtp1268830482-93] INFO com.biffweb.impl.middleware -   0ms 200 get  /img/logo200.png
Sep 24 15:44:57 groundedsol sh[7899]: [qtp1268830482-98] INFO com.biffweb.impl.middleware -   0ms 200 get  /img/final-designs/design-1-vert.png
Sep 24 15:44:57 groundedsol sh[7899]: [qtp1268830482-95] INFO com.biffweb.impl.middleware -   0ms 200 get  /img/social-icons/instagram-icon.png
Sep 24 15:44:57 groundedsol sh[7899]: [qtp1268830482-99] INFO com.biffweb.impl.middleware -   1ms 200 get  /img/social-icons/youtube-icon.png
Sep 24 15:44:57 groundedsol sh[7899]: [qtp1268830482-102] INFO com.biffweb.impl.middleware -   0ms 200 get  /img/hand-drawn-designs/hand-sketch.jpg
Sep 24 15:44:57 groundedsol sh[7899]: [qtp1268830482-95] INFO com.biffweb.impl.middleware -   0ms 200 get  /img/horizontalrule.png
Sep 24 15:44:57 groundedsol sh[7899]: [qtp1268830482-87] INFO com.biffweb.impl.middleware -   0ms 200 get  /img/social-icons/facebook-icon.png
Sep 24 15:44:57 groundedsol sh[7899]: [qtp1268830482-93] INFO com.biffweb.impl.middleware -   3ms 404 get  /samples/monarchegg.jpg
Sep 24 15:44:57 groundedsol sh[7899]: [qtp1268830482-99] INFO com.biffweb.impl.middleware -   0ms 200 get  /img/social-icons/small/youtube-icon.png
Sep 24 15:44:57 groundedsol sh[7899]: [qtp1268830482-98] INFO com.biffweb.impl.middleware -   0ms 200 get  /img/social-icons/small/instagram-icon.png
Sep 24 15:44:57 groundedsol sh[7899]: [qtp1268830482-91] INFO com.biffweb.impl.middleware -   0ms 200 get  /img/social-icons/small/facebook-icon.png
Sep 24 15:44:58 groundedsol sh[7899]: [qtp1268830482-97] INFO com.biffweb.impl.middleware -   0ms 200 get  /favicon-32x32.png
Sep 24 15:44:58 groundedsol sh[7899]: [qtp1268830482-91] INFO com.biffweb.impl.middleware -   0ms 200 get  /site.webmanifest
Sep 24 15:44:59 groundedsol sh[7899]: [qtp1268830482-95] INFO com.biffweb.impl.middleware -   7ms 200 get  /
Sep 24 15:45:59 groundedsol sh[7899]: [qtp1268830482-90] INFO com.biffweb.impl.middleware -   5ms 200 get  /
Sep 24 15:46:59 groundedsol sh[7899]: [qtp1268830482-97] INFO com.biffweb.impl.middleware -   5ms 200 get  /
Sep 24 15:47:59 groundedsol sh[7899]: [qtp1268830482-91] INFO com.biffweb.impl.middleware -   5ms 200 get  /
Sep 24 15:48:11 groundedsol sh[7899]: [qtp1268830482-102] INFO com.biffweb.impl.middleware -   0ms 200 get  /img/logo400.png
Sep 24 15:48:59 groundedsol sh[7899]: [qtp1268830482-97] INFO com.biffweb.impl.middleware -   6ms 200 get  /
Sep 24 15:49:56 groundedsol sh[7899]: [qtp1268830482-95] INFO com.biffweb.impl.middleware -   2ms 404 get  /js/main.js
Sep 24 15:49:59 groundedsol sh[7899]: [qtp1268830482-87] INFO com.biffweb.impl.middleware -   6ms 200 get  /
Sep 24 15:50:59 groundedsol sh[7899]: [qtp1268830482-97] INFO com.biffweb.impl.middleware -   5ms 200 get  /
Sep 24 15:51:59 groundedsol sh[7899]: [qtp1268830482-102] INFO com.biffweb.impl.middleware -   7ms 200 get  /
Sep 24 15:52:59 groundedsol sh[7899]: [qtp1268830482-91] INFO com.biffweb.impl.middleware -   5ms 200 get  /

Those errors are from /var/logs/nginx/error.log

OK, gotcha. I wouldn't worry about it then. I'll have to see if I have the same errors in my nginx logs.

Ok, thanks. I got a user report of some kind of “site not accessible” error the other day. That’s why I was digging into the logging stuff. But I havn’t been able to replicate.

hm interesting. do you know what time it was? you could look into the regular nginx access logs. you can also go further back in bb logs; not sure how long those are retained

How do you go further back in to bb logs?

It was from day and 1/2 ago. I have not located that exact log window yet. Just got into the lates ones it and saw the stream of errors.

an easy way is E.g. bb logs 3000 which will show the last 3000 lines (default is 300)

this is the underlying command: https://github.com/jacobobryant/biff/blob/b730c8524fa113832865b6f41312dd87a514465f/tasks/src/com/biffweb/tasks.clj#L390 you can ssh into the server and do man journalctl probably for more options

I am doing something a bit funky with my routes. I was trying to add coverage for my previous routes from my ssg build.

{:routes
     (vec
       (concat
         [["" {:middleware [mid/wrap-redirect-signed-in]}
           ["/"                  {:get gs.pages.index/home-page}]]
          ["/link-sent"          {:get link-sent}]
          ["/verify-link"        {:get verify-email-page}]
          ["/signin"             {:get signin-page}]
          ["/signup"             {:get signup-page}]
          ["/verify-code"        {:get enter-code-page}]
          #_["/consultationanddesign"        {:get gs.pages.consultation/page}]
          ]
         (->>
           {:notes gs.pages.notes/page-hiccup
            :florida-plants gs.pages.fl-plants/page-hiccup
            :services gs.pages.services/page-hiccup
            :consultation gs.pages.consultation/page-hiccup
            :contact gs.pages.contact/page-hiccup
            :about gs.pages.about/page-hiccup}
           (mapv
             (fn [[page-key page-hiccup]]
               (let [rout-base-str (str "/" ( page-key))
                     route-fn
                     (fn [{:keys [recaptcha/site-key params] :as ctx}]
                       (ui/page
                         (assoc ctx ::ui/recaptcha false)
                         page-hiccup))]
                 [[(str rout-base-str ".html") {:get route-fn}]
                  [rout-base-str {:get route-fn}]])))
           (apply concat))))}

-->

{:routes
 [[""
   {:middleware [#function[gs.groundedsol.middleware/wrap-redirect-signed-in]]}
   ["/" {:get #function[gs.pages.index/home-page]}]]
  ["/link-sent" {:get #function[gs.groundedsol.home/link-sent]}]
  ["/verify-link" {:get #function[gs.groundedsol.home/verify-email-page]}]
  ["/signin" {:get #function[gs.groundedsol.home/signin-page]}]
  ["/signup" {:get #function[gs.groundedsol.home/signup-page]}]
  ["/verify-code" {:get #function[gs.groundedsol.home/enter-code-page]}]
  ["/notes.html" {:get #function[gs.groundedsol.home/fn--43815/route-fn--43820]}]
  ["/notes" {:get #function[gs.groundedsol.home/fn--43815/route-fn--43820]}]
  ["/floridaplants.html" {:get #function[gs.groundedsol.home/fn--43815/route-fn--43820]}]
  ["/floridaplants" {:get #function[gs.groundedsol.home/fn--43815/route-fn--43820]}]
  ["/services.html" {:get #function[gs.groundedsol.home/fn--43815/route-fn--43820]}]
  ["/services" {:get #function[gs.groundedsol.home/fn--43815/route-fn--43820]}]
  ["/consultationanddesign.html" {:get #function[gs.groundedsol.home/fn--43815/route-fn--43820]}]
  ["/consultationanddesign" {:get #function[gs.groundedsol.home/fn--43815/route-fn--43820]}]
  ["/contact.html" {:get #function[gs.groundedsol.home/fn--43815/route-fn--43820]}]
  ["/contact" {:get #function[gs.groundedsol.home/fn--43815/route-fn--43820]}]
  ["/about.html" {:get #function[gs.groundedsol.home/fn--43815/route-fn--43820]}]
  ["/about" {:get #function[gs.groundedsol.home/fn--43815/route-fn--43820]}]]}

I realized now I can just add a new route kv like /myroute/ in addition to default /myroute , and that will have the .html appended..

here is some reference for the journalctl command https://www.digitalocean.com/community/tutorials/how-to-use-journalctl-to-view-and-manipulate-systemd-logs

@foo Thanks for helping me orient to the logging situation!

no problem!

From my experience, GMail will want the DKIM record to be correct.

Ps. @foo confirmed I needed to migrate my previous DNS records to Digital Ocean DNS config email seems to be working now! I am able to send an email to a gmail account. This is personal email and not bulk delivery though. Haven’t tested much yet. I will still try to do the DKIM

awesome, glad it's working

for bulk delivery I would recommend going through an ESP like postmark or mailgun

Yes will do postmark for offical app emails. This was just for a personal mailbox that was on the domain.

yes, all the old dns records no longer take effect, and yes, I would migrate all of them over as-is. no need to fiddle with stuff that was already working. that should make stuff work exactly the same as it was before, and then you can always do more fiddling going forward.

you can double check current records with E.g. dig MX by the way

Ok, thanks. My registart points nameservers to Digital ocean, and the base record on DO are these? https://clojurians.slack.com/files/U09D96P9B/F05U27JKXLZ/image.png I am assuming this is a default congig, and prefereable to having an A record on the registar DNS records.

yeah, if the registrar sets the NS records to digitalocean , then the A record (and all other records) have to be set in digitalocean

ok thanks, im a bit out of my element w server config

no worries!

> I would migrate all of them over as-is Even the A records?

yep

Ok but would some of the IP addresses need to point to the DO droplet? Obviously the NS records would not be carried over from that as is.

any new records you've set up on digitalocean, E.g. A records for droplets, you wouldn't want to overwrite. I'm just saying that in general, when you point a domain at a new DNS provider, it's safe/recommended to migrate all the DNS records as well. you may need to do additional configuring, but migrating the records will at least give you the same DNS setup that you had before pointing the domain at digitolocean

happy to help figure out any additional configuration you may need to do, though I'd need some more context

Ok thanks again for the confidence!

I can't see the link to Playtub in the post and I haven't seen before!

ah yes, sorry about that: https://github.com/jacobobryant/platypub

I'd say that for your initial target audience, that will be a better setup. And if you ever want to go mainstream, you can probably just host some docker container running everything in it for the customer on something like Cloud Run. Or go through the hassle of supporting web-first version later.

yeah, I think if/when I/someone wants to do a web version, probably will be best to do a web version from scratch

I like the direction. I feel like “closer to the metal” is fertile ground for power user custom crowd. A more open surface area for integrations. And potentially more able to leverage Command line apps, babashka universe, native UI toolkits, and open source apps with exising UI’s, seamlelssy, for rich, low-latency REPL-like experiences across all the levels of publishing workflow. I love the stuff @U7RJTCH6J is doing in this space. Tapping into powerful native api’s as needed to do custom tooling hard to concieve on the web. Nothing wrong with using the web stack locally too..(better sharability)

just looked at the membrane readme--looks pretty interesting! I hadn't seen it before. it's basically a generic reactive ui thing that you can use with different concrete ui implementations if I'm understanding right? mostly I just want something that works with babashka/graalvm so the app can have fast startup time and doesn't need the jvm to be installed. though the fact that I'm already familiar with web ui is also a bonus 🙂. and platypub doesn't need a complex ui anyway.

someone mentioned Portal here: https://clojureverse.org/t/fastest-start-up-time-for-windows-gui-application-in-clojure/10153 which now that I think about it, it does spawn a web ui in a standalone window that doesn't include the address bar. so that seems like a pretty good approach

htmx also would work pretty well since there's near zero latency for requests

as of a week or two ago, new projects come with a simple wrap-debug middleware that you can stick before/after the middleware you want to debug: https://github.com/jacobobryant/biff/blob/b730c8524fa113832865b6f41312dd87a514465f/example/src/com/example/middleware.clj#L23 if you only need to see responses, you can comment out the bit that prints the requests

I haven't seen the metosin middleware before, but I'm guessing it's basically a fancier version of what wrap-debug is doing

oh, that’s great! Thanks Jacob 🙂

yep--you can write your own plugins and/or components and share them as regular libs, which can then be used by anyone. for a password-based auth plugin, you could copy and paste biff's auth plugin as a starting point and then make whatever changes you need. I bet there are others who would be interested in password auth

Yeah, I know it's very straightforward to implement. I'm just curious if we should have a "centralized" way of keeping track of those plugins? It can make biff more accessible and have more folks adopting it.

I'd definitely put it in the docs on http://biffweb.com somewhere--maybe a "community" section. I'm just waiting for people to publish libs/blog posts/apps so I can list them 😉

Ok, I'll share the password auth plugin for review once completed 🙂

is biff/submit-tx supposed to wait for a transaction to finish? I have this seemingly simple code, but it always returns nil (even when it is supposed to throw), though the document is created okay.

it's because you're setting :biff.xtdb/retry false -- biff only waits for the transaction to finish if that isn't set.

relevant code: https://github.com/jacobobryant/biff/blob/master/src/com/biffweb/impl/xtdb.clj#L406

(and this: https://github.com/jacobobryant/biff/blob/master/src/com/biffweb/impl/xtdb.clj#L391)

oh, ok, that explains why it was working yesterday 🙂 is :biff/db in ctx has a snapshot of database before edit and I still need this to get the state after edit? (xt/db (:biff.xtdb/node ctx))

Doesn't seem to work without extracting the new db from node.

Removing retry works. Thank you very much!

> is :biff/db in ctx has a snapshot of database before edit and I still need this to get the state after edit? (xt/db (:biff.xtdb/node ctx)) yep, that's correct

Implemented the first pass, but there is so much coupling with the form that is rendered by the other plugin... Will need to come up with some ideas on how to make it more universal. Plus things like forgot password....

the forgot password flow is a big part of why I just went with email-based auth--you have to do it anyway for resetting passwords, so I just did that part first and then never finished the rest 😉

https://github.com/momerath42/biff-plugins-auth

This actually talks about the same problem: https://github.com/donut-party/service. How to build a plugin for auth without making assumptions about schema and working around the htmx's kinks where you have to report errors with either redirect or with 200 and HTML that renders error state 🙂

In biff's case it's easier since we already have all required dependencies in place.

That's an approach for separating the core logic away from UI/DB specifics, though the specifics do still have to be implemented somewhere of course. I'd be open to separating the default auth plugin's core logic out somewhere, but would be best to start from a few concrete plugin implementations. I'd be wary of premature abstraction/if separating the logic out would actually bring enough reuse benefits to be worth the added indirection. My initial feeling is basically "keep it simple, and if you really need something more complex you should probably be using auth0 or similar anyway"

philosophy o' biff: "how I learned to stop worrying and love copy-and-paste" 😉

+1 for copy-paste-driven-development lol

in tandem with “optimize for deletion”

@foo might be worth standardizing a plugin naming convention, like biff-plugin-hello-world (each one should start with biff-plugin). Directus (https://github.com/directus/directus) does this with directus-extension and it makes finding extensions on github substantially easier (https://github.com/search?utf8=%E2%9C%93&q=directus+extension&type=repositories). Just food for thought.

no clue, I think I'm still on Java 11

I would just go with the latest LTS release, 17 I think?

oh, I see 21 is an lts release haha. either way I have no opinions on which distribution to use

I think you could use the "least powerful" (least features) version until you'll have a reason not to. For instance some stability improvement or a bug.

Interesting; why such an old one, Jacob? And why so conservative Martynas? Performance has generally improved with each release (jit optimizations and smoother garbage collection). I'm on 17 because I'm using libpython-clj, which requires an older memory model, but if I weren't I'd at least have tried the latest.

> jit optimizations and smoother garbage collection This would be a good reason to take the new version. > And why so conservative Martynas Because there are multiple JDK vendors and older version means that there would be flexibility to hop onto another vendor if the current version doesn't work anymore. i.e. OpenMPI allows to run Java6 bytecode. So it's easier to compile stuff into JDK6 from Java11 than to come back from the JDK21. This is another way to see flexibility. Also AdoptOpenJDK may not implement JDK21 for a short while and when they do then you could use them. So if you stay with older version (clojure doesn't care that much) then you can think more about where you want to deploy if the vendors didn't yet implement everything. Everything is a tradeoff

ah- good answer 🙂

> why such an old one > I just haven't gotten around to upgrading 🤷