Hi, has anyone had experience setting up an nREPL server for an app deployed to http://fly.io? Specifically, they have a default https://fly.io/docs/reference/configuration/#services-ports-tls_options for an http_service, but if I'm using nREPL with a generated cert, do I want Fly to just let nREPL https://nrepl.org/nrepl/usage/tls.html TLS termination? I could maybe find out if there's a well-known path to pass with :tls-keys-file but I think if such a file exists that probably means Fly is doing the termination and therefore HTTP traffic to the app host is unencrypted once inside Fly's network, which seems less secure. Appreciate any guidance, thanks in advance!
nREPL TLS is two way thing: the client needs a client private key to connect to the nREPL server. I don't see how http://fly.io could support that. The keys for the nREPL client also contains the root certificate (and in this way it can trust the nREPL server). I think the short answer is: the http://fly.io app should expose a (dedicated) port for the nREPL server, and nREPL should handle all TLS things itself
If you want to run nREPL over http(s), that is a different case. I don't think there is anything well documented and supported out of the box for that. I know there was an earlier thread about doing that nREPL over json. That seems like a reasonable path to do. I did some stuff for TCP over http(s) with TLS termination ala nREPL, but never quite finished it and neither documented it well
Makes sense, thank you!
fly runs containers and you can tunnel into a container via
fly proxy <local-port>:<port-in-container> -a app-name
should be enough to connect to nrepl