Fork me on GitHub
#clojure-uk
<
2018-09-13
>
3Jane06:09:02

sudo finger juxt ?

guy06:09:44

morning all, im sick today 😞

3Jane07:09:14

That sucks :( (And if the world was just you would be now owed a day of summer in winter, in lieu)

πŸ˜„ 4
thomas07:09:59

get well soon @guy

πŸ‘Œ 4
otfrom07:09:48

I felt rough yesterday. Not πŸ’― today but a bit better. Plague maybe?

🀒 4
yeshugs 4
4
thomas07:09:50

can't be the plague if you feel (even a little bit) better today.

Conor08:09:33

As a contractor I have to come in even if I feel rough (like today)

Conor08:09:46

Gotta get paid help the clients achieve their goals

otfrom08:09:48

and a rattling cough!

otfrom08:09:54

(I really have neither of these)

mccraigmccraig08:09:19

you should probably go paint a big red cross on your front door or something, just in case

πŸ˜‚ 4
otfrom08:09:51

not a bad idea

agile_geek08:09:14

@otfrom wear a placard, ring a bell and chant warnings.

mccraigmccraig08:09:37

pest! pest! pest!

otfrom08:09:50

@agile_geek I already have people pointing at me in the streets and shouting "unclean! unclean!"

agile_geek08:09:40

Beware the guy with the cart shouting "Bring out your dead!"

cddr08:09:15

I think pomegranate is the thing you need on your classpath to load maven libs on your repl without restarting it

guy08:09:40

πŸ˜‚ i know im sick when i read this as I think pomegranate is the thing you need for you sickness/getting better

cddr08:09:37

Ah yes. It has been known to help with that too πŸ™‚

πŸ˜„ 4
firthh08:09:36

Morning

πŸ‘‹ 4
cddr09:09:02

I believe there's going to be some clojure/kafka talks at Funding Circle on November 22nd. I will attempt to create some order to my incoherent thoughts about testing asynchronous systems by talking about it in front of people with reference to badly drawn slides.

❀️ 12
mccraigmccraig09:09:23

are you thinking about testing async systems at a high pan-component level @cddr or a lower unit-test kinda level ?

cddr09:09:50

High level. I'll be talking about our "test-machine" that accepts commands and executes them against the system under test while reading the output back into an in-memory journal backed by a clojure ref that helps us define when the test has ended in terms of the output that has been observed.

manas_marthi10:09:58

hi all, is there a gRPC equivalent in clojure and also the equivalent of the context package in go?

alexlynham11:09:16

morrrrrning!

πŸ‘‹ 4
dominicm12:09:17

#!/usr/bin/env bash

readarray -t instances < <(aws ec2 describe-instances --output json | jq -r '.Reservations[] | .Instances[] | [.PrivateDnsName, ([.Placement.AvailabilityZone, ([.Tags[] | select(.Key == "Name") | .Value][0])] | join(" "))] | .[]')

ip=`dialog --clear --stdout --menu "Where to connect?" 0 0 0 "${instances[@]}"`

if [ $? -eq 0 ]; then
	ssh -J bastion.in.your.cloud "$ip"
fi
This turned out quite nicely

maleghast12:09:26

@dominicm - That's interesting... Are you automating SSH to EC2 via Bastion?

mccraigmccraig12:09:13

it's ssh via a JumpHost @maleghast - giving you a dialog with all your ec2 hosts in to select from

maleghast12:09:33

JumpHost == Bastion, no?

mccraigmccraig12:09:10

googles - oh yeah πŸ™‚

dominicm12:09:35

tbh, I can probably drop the -J flag force users to setup:

Host *.eu-west-1.compute.internal
  ProxyJump your.proxy.jump

maleghast12:09:44

While you are here... I have a *.http://cervest.com SSL cert, but when I try to point a subdomain at an ALB with that cert installed the address just doesn't "work" - it never connects... Am I doing something stoopid?

dominicm12:09:13

sounds unrelated to ssl, more like the target of the alb isn't setup?

maleghast12:09:06

well, if I use http it gets routed

maleghast12:09:59

I suppose it might__ just be me...

maleghast12:09:12

http://decisionvest-demo.cervest.com - works https://decisionvest-demo.cervest.com - doesn't work. The ALB is set up EXACTLY the same way as: http://cervest.com https://cervest.com but that works... 😞

dominicm13:09:10

by hand setup? πŸ˜›

maleghast13:09:58

Yes, and yes I realise that I should be using Terraform / CF, but honestly I've checked and re-checked.

maleghast13:09:57

I found something that I don't really understand about ACM needing the certificate to have the alternative names explicitly enumerated for them to work on an ALB / ELB, but I found other info that says that's balls.

dominicm13:09:10

I've not had to do that, for sure

dominicm13:09:22

looks like it's not even initiating a connection, according to curl -v

maleghast13:09:24

The reason we sprung for a wildcard SSL cert was so that we could have subdomains a-plenty on that domain.

dominicm13:09:38

We've had this stuff sit there forever when we don't have a listener on https

mccraigmccraig13:09:20

wildcards shouldn't be a problem @maleghast - we use a wildcard ssl cert for all our backend services with both application and classic ELB instances

maleghast13:09:23

I know what it is / was

maleghast13:09:57

I am such a fucking idiot

maleghast13:09:02

Security Groups...

dominicm13:09:21

ah, the other common problem πŸ™‚

maleghast13:09:38

@dominicm - What you can help me with is how I make an Edge App build all it's URLS for CSS / JS etc as https and re-direct any http to https

maleghast13:09:52

(if you know a quick way to achieve that)

dominicm13:09:13

bidi vhosts allows you to match http separately from https. So you can redirect that way? πŸ™‚

dominicm13:09:23

I don't have an easy example to hand though

maleghast13:09:17

Er, it's more about the URLs that are pulling in CSS and JS at the moment, as I am getting mixed protocol errors so no CSS or JS... 😞

dominicm13:09:49

Oh, you don't want full urls pulling in the css/js. Are you going cross-domain?

dominicm13:09:46

how are you referring to your css/js?

maleghast13:09:04

My Selmer templates are like this:

{% url static %}app.css

maleghast13:09:36

and

{% url static %}decisionvest.js

maleghast13:09:18

so full line is:

<link rel="stylesheet" href="{% url static %}app.css"/>

maleghast13:09:55

and:

<script src="{% url static %}decisionvest.js" type="text/javascript"></script>

dominicm13:09:03

hmm, I'd expect that to work.

dominicm13:09:17

as in, it should retain the protocol.

dominicm13:09:41

one option is to use {% href %} which I think will bypass the issue altogether

maleghast13:09:57

@dominicm - It is retaining the protocol; Yada is getting an http request. I am using ELB Termination for the HTTPS

maleghast13:09:24

Yada does not get an https request, it gets an http request from the target group, proxied through nginx

dominicm13:09:40

@maleghast configure nginx to pass along the X-Forwarded-Proto header

dominicm13:09:48

Then it will work

maleghast13:09:11

Even though the nginx instance is getting an http request?

mccraigmccraig13:09:27

what do you use the nginx proxy for @maleghast?

dominicm13:09:31

ALB passes along a special header to indicate what the upstream protocol was

dominicm13:09:45

proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; apparently does the trick

maleghast13:09:57

@mccraigmccraig - old habits, EC2s in my VPC only expose 22 and 80

maleghast13:09:48

(They only expose 22 to the Bastion server, courtesy of Security Groups)

mccraigmccraig13:09:11

what's nginx for tho ?

maleghast13:09:15

so the instance gets the request on 80 and nginx receives and proxies to 3080 (Edge Prod Port)

mccraigmccraig13:09:39

why not just configure your ALB listener to forward direct to 3080 ?

maleghast13:09:00

Because I don't have 3080 open on the instance that the app is running on

mccraigmccraig13:09:04

and limit those ports to only your ELBs

maleghast13:09:04

(I realise I could open it)

mccraigmccraig13:09:18

the only port we have open to the internet on any of our EC2s is 22 on the jump host

mccraigmccraig13:09:31

although most of our EC2s will accept on large ranges from the load-balancers

maleghast13:09:39

@dominicm - That header forward not working, but I will swap my Selmer filter to href instead of url and see if that makes a difference...

maleghast13:09:23

@mccraigmccraig - I imagine I'll go that way in the end, but for now I have EC2s that are not "behind" loadbalancers, so having 80 open on them helps...

mccraigmccraig13:09:43

ah, right, nginx makes sense then... i started out having nginx in front of yada, since on my previous project i'd been using nginx as a caching proxy, but i now use CloudFront for all my CDN and caching needs, so i ended up ditching nginx

maleghast13:09:22

*nods* Yeah, I want to put everything into S3 / CloudFront in the fullness of time, but that means some app-level tinkering, as I will want my build process to put the compiled / minified / optimised JS and CSS onto S3 as part of that process and I will therefore want my URLs to be different.

mccraigmccraig13:09:08

if you use relative urls it mostly doesn't matter - our app works the same from file:, localhost, cloudfronted domain and direct s3 url without specifying or changing any urls... the only place requiring absolute urls to be specified is email generation and our hacky theming (which implements a cloudfront origin server and pattern-match/replaces from the original s3-hosted css)

maleghast13:09:49

@dominicm - I imagine I am doing this wrong, but this:

<link rel="stylesheet" href="{% href static %}app.css"/>
& this:
<script src="{% href static %}decisionvest.js" type="text/javascript"></script>
are still being returned as http://... rather than https://... even with the header added to the Nginx Proxy (inside the location block)

firthh13:09:42

Probably not terribly relevant to what you’re doing but it was a big revelation to me when someone told me about protocol relative URLs - https://en.wikipedia.org/wiki/URL#prurl

😍 8
maleghast13:09:55

@dominicm - Fixed it:

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

maleghast13:09:15

@firthh - Going to read that in a moment or two...

maleghast13:09:02

@firthh - That's very useful to know - are they supported on all browsers, etc..?

firthh13:09:25

As far as I’m aware they are

maleghast14:09:06

That would be great...

maleghast14:09:39

@mccraigmccraig - I just re-read your comment above^^... How do you get relative URLs to work for assets that are on S3..?

maleghast14:09:49

(I am assuming on reflection that the app handles the routing)

mccraigmccraig14:09:28

i think it just works

maleghast14:09:27

That's just MAGIC?

maleghast14:09:42

I mean, seriously, I don't understand how that is possible.

mccraigmccraig14:09:22

what don't you get ? it's been a while since i set it up, so i can't really remember whether there were any gotchas

mccraigmccraig14:09:12

the http://app.yapsterchat.com is just the files from the s3 url fronted by cloudfront

maleghast14:09:44

Oh right, so they are two different URLs for the same index.html..?

maleghast14:09:29

so you must have DNS resolving https://app.yapsterchat.com/js/... to your Cloudfront Distribution

mccraigmccraig14:09:30

yep - http://app.yapsterchat.com points at the cloudfront distribution...

maleghast14:09:35

I mean CF Distros have mental URLs

mccraigmccraig14:09:12

right, but there's no need to put the CF urls into any of the source - the js url is relative to the index.html

maleghast14:09:33

Right, but I can't host a Clojure app on Cloudfront

mccraigmccraig14:09:53

ah, no - that's just the static stuff - our clojure api is on a completely different url

maleghast14:09:31

Yeah, I would like to stay the FUCK away from CORS if I can...

mccraigmccraig14:09:18

lol, you just add a couple of headers which roughly translate to "fuck off CORS!" 😬

πŸ˜‚ 4
maleghast14:09:49

Yeah, but the restrictions on Cross-Origin addressing are there for a reason.

maleghast14:09:18

Yes, if you craft very tight exemptions I believe that they can be safe, but I would rather solve the problem at the other end.

maleghast14:09:07

(This is personal preference and not religion, and if what you are doing works for you I salute you!)

maleghast14:09:26

(I could__ even be persuaded / talked around)

mccraigmccraig14:09:00

we're pretty much forced into CORS - our users are mostly on mobile devices with a hybrid app, which means a file: or url, so CORS is required

mccraigmccraig14:09:30

and every request on our API, apart from the auth requests, requires a JWT token, and they are all over https, so single-origin wouldn't be doing much for us anyway

mccraigmccraig14:09:14

but @maleghast i forgot something - "Right, but I can't host a Clojure app on Cloudfront" is not quite correct - you can't host it on CloudFront, but you can add an origin to your cloudfront distribution which will proxy requests to your clojure app... giving you a single-origin webapp backed by S3 for your static stuff and EC2 for your dynamic stuff

maleghast14:09:13

*raises eyebrow*

mccraigmccraig14:09:09

(as long as you can separate your static stuff and dynamic stuff by path... we just have all our api requests go to /api/... and that suffices)

maleghast16:09:46

Yeah, that's really nice - sorry was just doing a little happy dance about AWS adding on-ALB redirection, so all http traffic to a domain can be re-routed to https on the Load Balancer without needing to handle the protocol up-sell on the application server or proxy server.

maleghast16:09:07

I ❀️ LIVING IN THE FUTURE!

alexlynham17:09:46

Ahh yes CORS

alexlynham17:09:08

I've got cljs stuff on cloudfront, lambda backend and...

alexlynham17:09:23

Internetting is hard