This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2018-09-13
Channels
- # 100-days-of-code (5)
- # adventofcode (1)
- # announcements (8)
- # beginners (148)
- # boot (17)
- # calva (26)
- # cider (17)
- # cljdoc (2)
- # cljs-dev (55)
- # cljsjs (2)
- # clojure (198)
- # clojure-dev (11)
- # clojure-finland (1)
- # clojure-italy (23)
- # clojure-nl (6)
- # clojure-spec (44)
- # clojure-uk (148)
- # clojurescript (27)
- # clojutre (20)
- # core-logic (21)
- # cursive (12)
- # datascript (10)
- # datomic (33)
- # emacs (11)
- # figwheel-main (49)
- # fulcro (19)
- # graphql (2)
- # off-topic (48)
- # onyx (2)
- # other-languages (53)
- # pedestal (3)
- # reagent (75)
- # reitit (17)
- # rum (1)
- # slack-help (2)
- # specter (2)
- # sql (3)
- # tools-deps (24)
- # unrepl (4)
- # yada (1)
That sucks :( (And if the world was just you would be now owed a day of summer in winter, in lieu)
do you have bubos @otfrom?
you should probably go paint a big red cross on your front door or something, just in case
Bore da
@otfrom wear a placard, ring a bell and chant warnings.
pest! pest! pest!
@agile_geek I already have people pointing at me in the streets and shouting "unclean! unclean!"
Beware the guy with the cart shouting "Bring out your dead!"
I think pomegranate is the thing you need on your classpath to load maven libs on your repl without restarting it
π i know im sick when i read this as I think pomegranate is the thing you need for you sickness/getting better
I believe there's going to be some clojure/kafka talks at Funding Circle on November 22nd. I will attempt to create some order to my incoherent thoughts about testing asynchronous systems by talking about it in front of people with reference to badly drawn slides.
are you thinking about testing async systems at a high pan-component level @cddr or a lower unit-test kinda level ?
High level. I'll be talking about our "test-machine" that accepts commands and executes them against the system under test while reading the output back into an in-memory journal backed by a clojure ref that helps us define when the test has ended in terms of the output that has been observed.
hi all, is there a gRPC equivalent in clojure and also the equivalent of the context package in go?
#!/usr/bin/env bash
readarray -t instances < <(aws ec2 describe-instances --output json | jq -r '.Reservations[] | .Instances[] | [.PrivateDnsName, ([.Placement.AvailabilityZone, ([.Tags[] | select(.Key == "Name") | .Value][0])] | join(" "))] | .[]')
ip=`dialog --clear --stdout --menu "Where to connect?" 0 0 0 "${instances[@]}"`
if [ $? -eq 0 ]; then
ssh -J bastion.in.your.cloud "$ip"
fi
This turned out quite nicelyit's ssh via a JumpHost
@maleghast - giving you a dialog with all your ec2 hosts in to select from
googles - oh yeah π
tbh, I can probably drop the -J
flag force users to setup:
Host *.eu-west-1.compute.internal
ProxyJump your.proxy.jump
While you are here... I have a *.http://cervest.com SSL cert, but when I try to point a subdomain at an ALB with that cert installed the address just doesn't "work" - it never connects... Am I doing something stoopid?
http://decisionvest-demo.cervest.com - works https://decisionvest-demo.cervest.com - doesn't work. The ALB is set up EXACTLY the same way as: http://cervest.com https://cervest.com but that works... π
Yes, and yes I realise that I should be using Terraform / CF, but honestly I've checked and re-checked.
I found something that I don't really understand about ACM needing the certificate to have the alternative names explicitly enumerated for them to work on an ALB / ELB, but I found other info that says that's balls.
The reason we sprung for a wildcard SSL cert was so that we could have subdomains a-plenty on that domain.
wildcards shouldn't be a problem @maleghast - we use a wildcard ssl cert for all our backend services with both application and classic ELB instances
@dominicm - What you can help me with is how I make an Edge App build all it's URLS for CSS / JS etc as https and re-direct any http to https
bidi vhosts allows you to match http separately from https. So you can redirect that way? π
Er, it's more about the URLs that are pulling in CSS and JS at the moment, as I am getting mixed protocol errors so no CSS or JS... π
and:
<script src="{% url static %}decisionvest.js" type="text/javascript"></script>
@dominicm - It is retaining the protocol; Yada is getting an http request. I am using ELB Termination for the HTTPS
Yada does not get an https request, it gets an http request from the target group, proxied through nginx
@maleghast configure nginx to pass along the X-Forwarded-Proto header
what do you use the nginx proxy for @maleghast?
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
apparently does the trick
@mccraigmccraig - old habits, EC2s in my VPC only expose 22 and 80
what's nginx for tho ?
so the instance gets the request on 80 and nginx receives and proxies to 3080 (Edge Prod Port)
why not just configure your ALB listener to forward direct to 3080 ?
and limit those ports to only your ELBs
the only port we have open to the internet on any of our EC2s is 22 on the jump host
although most of our EC2s will accept on large ranges from the load-balancers
@dominicm - That header forward not working, but I will swap my Selmer filter to href instead of url and see if that makes a difference...
@mccraigmccraig - I imagine I'll go that way in the end, but for now I have EC2s that are not "behind" loadbalancers, so having 80 open on them helps...
ah, right, nginx makes sense then... i started out having nginx in front of yada, since on my previous project i'd been using nginx as a caching proxy, but i now use CloudFront for all my CDN and caching needs, so i ended up ditching nginx
*nods* Yeah, I want to put everything into S3 / CloudFront in the fullness of time, but that means some app-level tinkering, as I will want my build process to put the compiled / minified / optimised JS and CSS onto S3 as part of that process and I will therefore want my URLs to be different.
if you use relative urls it mostly doesn't matter - our app works the same from file:, localhost, cloudfronted domain and direct s3 url without specifying or changing any urls... the only place requiring absolute urls to be specified is email generation and our hacky theming (which implements a cloudfront origin server and pattern-match/replaces from the original s3-hosted css)
@dominicm - I imagine I am doing this wrong, but this:
<link rel="stylesheet" href="{% href static %}app.css"/>
& this:
<script src="{% href static %}decisionvest.js" type="text/javascript"></script>
are still being returned as http://... rather than https://... even with the header added to the Nginx Proxy (inside the location block)Probably not terribly relevant to what youβre doing but it was a big revelation to me when someone told me about protocol relative URLs - https://en.wikipedia.org/wiki/URL#prurl
@dominicm - Fixed it:
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
@mccraigmccraig - I just re-read your comment above^^... How do you get relative URLs to work for assets that are on S3..?
check it out: http://app.yapsterchat.com.s3.amazonaws.com/index.html vs https://app.yapsterchat.com/
i think it just works
what don't you get ? it's been a while since i set it up, so i can't really remember whether there were any gotchas
the http://app.yapsterchat.com is just the files from the s3 url fronted by cloudfront
so you must have DNS resolving https://app.yapsterchat.com/js/... to your Cloudfront Distribution
yep - http://app.yapsterchat.com points at the cloudfront distribution...
right, but there's no need to put the CF urls into any of the source - the js url is relative to the index.html
ah, no - that's just the static stuff - our clojure api is on a completely different url
with CORS etc
lol, you just add a couple of headers which roughly translate to "fuck off CORS!" π¬
Yes, if you craft very tight exemptions I believe that they can be safe, but I would rather solve the problem at the other end.
(This is personal preference and not religion, and if what you are doing works for you I salute you!)
we're pretty much forced into CORS - our users are mostly on mobile devices with a hybrid app, which means a file:
or
url, so CORS is required
and every request on our API, apart from the auth requests, requires a JWT token, and they are all over https, so single-origin wouldn't be doing much for us anyway
but @maleghast i forgot something - "Right, but I can't host a Clojure app on Cloudfront" is not quite correct - you can't host it on CloudFront, but you can add an origin to your cloudfront distribution which will proxy requests to your clojure app... giving you a single-origin webapp backed by S3 for your static stuff and EC2 for your dynamic stuff
(as long as you can separate your static stuff and dynamic stuff by path... we just have all our api requests go to /api/... and that suffices)
Yeah, that's really nice - sorry was just doing a little happy dance about AWS adding on-ALB redirection, so all http traffic to a domain can be re-routed to https on the Load Balancer without needing to handle the protocol up-sell on the application server or proxy server.
Ahh yes CORS
I've got cljs stuff on cloudfront, lambda backend and...
Well yeah
Internetting is hard