Clojurians Log v2

Clojure programming
Channels
# 100-days-of-code# aatree# admin-announcements# adventofcode# ai# alda# aleph# all-the-channels# announcements# arachne# architecture# asami# atlanta-clojurians# atom-editor# autochrome-github# avi# aws# aws-lambda# babashka# babashka-sci-dev# bangalore-clj# beginners# berlin# biff# bigdata# bitcoin# boot# boot-dev# boulder-clojurians# braid-chat# braveandtrue# brevis# bristol-clojurians# business# calva# capetown# carry# cbus# cestmeetup# chestnut# chlorine-clover# cider# circleci# clara# clj-commons# cljdoc# cljfx# clj-http# clj-kondo# clj-on-windows# cljs-dev# cljs-experience# cljsfiddle# cljsjs# cljsrn# cljtogether# clojars# clojure# clojure-android# clojure-argentina# clojure-art# clojure-austin# clojure-australia# clojure-austria# clojure-bangladesh# clojure-bay-area# clojure-beijing# clojure-belgium# clojure-berlin# clojure-boston# clojure-brasil# clojurebridge# clojurebridge-ams# clojure-canada# clojure-chennai# clojure-chicago# clojure-china# clojure-colombia# clojure-conj# clojurecup# clojure-czech# clojured# clojure-denmark# clojure-denver# clojure-derby# clojuredesign-podcast# clojure-dev# clojure-dusseldorf# clojure-ecuador# clojure-egypt# clojure-estonia# clojure-europe# clojure-filipino# clojure-finland# clojure-france# clojure-gamedev# clojure-germany# clojure-greece# clojure-guangzhou# clojure-hamburg# clojure-hk# clojure-houston# clojure-hungary# clojure-india# clojureindia# clojure-indonesia# clojure-ireland# clojure-israel# clojure-italy# clojure-japan# clojure-kc# clojure-korea# clojure-losangeles# clojure-madison# clojure-mexico# clojure-miami# clojure-mk# clojure-mke# clojure-morsels# clojure-my# clojure-new-zealand# clojure-nl# clojure-nlp# clojure-norway# clojure-poland# clojure-portugal# clojure-provo# clojure-quebec# clojureremote# clojure-romania# clojure-russia# clojure-sanfrancisco# clojurescript# clojurescript-ios# clojure-sdn# clojure-seattle# clojure-serbia# clojure-sg# clojure-shanghai# clojure-spain# clojure-spec# clojuresque# clojure-survey# clojure-sweden# clojure-switzerland# clojure-taiwan# clojure-turkiye# clojure-uk# clojure-ukraine# clojureverse-ops# clojurewerkz# clojurewest# clojurex# clojure-za# clojurian-chat-app# clojutre# cloverage# cloxp# clr# code-art# code-reviews# community-development# component# conf-proposals# conjure# consulting# contributions-welcome# copenhagen-clojurians# core-async# core-logic# core-matrix# core-typed# cryogen# crypto# css# cursive# cz-clojure# d2q# datacrypt# datahike# datalevin# datalog# data-oriented-programming# data-science# datascript# datavis# dato# datomic# defnpodcast# deps-new# depstar# devcards# devops# dirac# docker# docs# domino-clj# duct# dunaj# eastwood# editors# emacs# error-message-catalog# etaoin# ethereum# euroclojure# events# exercism# expound# figwheel# figwheel-main# flambo# fulcro# funcool# functionalprogramming# funimage# garden# ghostwheel# girouette# gis# google-cloud# gorilla# graalvm# graalvm-mobile# graclj# graphql# gratitude# gsoc# hammock-driven-dev# helix# heroku# hispano# holy-lambda# honeysql# hoplon# hugsql# humor# hypercrud# hyperfiddle# immutant# improve-getting-started# incanter# indycljs# inf-clojure# instaparse# integrant# interceptors# interop# introduce-yourself# iot# iotivity# ipfs# jackdaw# jaunt# java# javascript# javelin# jobs# jobs-discuss# jobs-rus# joker# jukebox# juxt# jvm# kaocha# keechma# kekkonen# keyboards# klipse# kosmos# lambdaisland# ldnclj# ldnproclodo# lein-figwheel# leiningen# liberator# liquid# livestream# local-first-clojure# london-clojurians# lsp# luminus# lumo# mail# malli# mathematics# meander# melbourne# membrane# mental-health# microservices# mid-cities-meetup# midje# minecraft# minimallist# missionary# monads# mount# music# new-channels# new-clojure# nextjournal# nginx# nrepl# numerical-computing# nyc# observability# off-topic# om# om-next# onyx# other-languages# other-lisps# overtone# pamela# parinfer# pathom# pedestal# perun# philosophy# phzr# planck# plastic# play-clj# podcasts# polylith# portal# portkey# portland-or# powderkeg# practicalli# precept# prelude# programming-beginners# project-updates# proletarian# proton# protorepl# pulsar# pure-frame# qa# qlkit# quil# random# rdf# react# reactive# reading-clojure# reagent# reclojure# re-frame# reitit# releases# remote-jobs# respo# rethinkdb# reveal# rewrite-clj# ring# ring-swagger# robots# rum# schema# sci# sfcljs# shadow-cljs# _silence# sim-testing# sioux-falls# slack-help# sneer# sneer-br# spacemacs# specmonstah# specter# speculative# spirituality-ethics# sql# startup-in-a-month# sydney# test200# test-check# testing# thejaloniki# timbre# tmp-json-parsing# tools-build# tools-deps# trading# tree-sitter# uncomplicate# unrepl# untangled# utah-clojurians# videos# vim# vrac# vscode# wasm# web-security# windows# xtdb# yada# yleinen
Apps

pedestal

Parenoid 2020-04-14T06:13:20.071600Z

how do I enable ssl on my pedestal app so it's https as opposed to http?

KJO 2020-04-17T15:30:40.082300Z

It's a bit of a pain, but the following service map works (you can ignore the web socket stuff). Notes about the keystore are below. 

(def service-map
  (let
    [keystore-location
     (if (System/getenv "KEYSTORE_LOCATION")
       (-> (io/file (System/getenv "KEYSTORE_LOCATION"))
           (.getCanonicalPath))
       "/home/user/security/jetty-keystore")]
    {::http/host "0.0.0.0"
     ::http/allowed-origins
                 {:allowed-origins (fn[_] true)
                  :creds true}
     ::http/routes #(deref #'routes)
     ::http/type   :jetty
     ::http/container-options
     {:context-configurator jetty-websocket-configurator
      :h2c? true
      :h2 true
      :ssl? true
      :ssl-port 8081
      :keystore keystore-location
      :key-password "thepassword"
      :security-provider "Conscrypt"}
     ::http/port   8080}))
Jetty Keystore__ In order for Pedestal (the back-end server) to start with Jetty, it expects a keystore to be available in a particular location (see service-map). To create the keystore (plagiarized from web, and don't remember where) Generate a private site key (site.key) 
$ openssl genrsa -des3 -out site.key 2048
Make a copy of site.key and strip the password, so that it can be auto-loaded 
$ cp site.key site.orig.key
    $ openssl rsa -in site.orig.key -out site.key
Generate a self-signed signing request (site.csr) 
$ openssl req -new -key site.key -out site.csr
Generate a self-signed certificate (sitex509.crt - in x509 format for loading into the keystore) 
$ openssl req -new -x509 -key site.key -out sitex509.crt
Combine the self-signed certificate (sitex509.crt) and site key (site.key) and export it in pkcs12 format (site.pkcs12) 
$ openssl pkcs12 -inkey site.key -in sitex509.crt -export -out site.pkcs12
Rename the keystore (site.pkcs12) to jetty-keystore and adjust the service-map so it can be located.

hindol 2020-04-17T16:10:56.082600Z

Can you please write a blog post about this? That will be very helpful for anyone needing to do the same thing. And thanks!

KJO 2020-04-17T21:10:14.082800Z

That's a good idea. Thanks. It's at https://heykieran.github.io/posts/pedestal-jetty-https/

hindol 2020-04-17T21:21:01.083100Z

Super! Thank you.

Parenoid 2020-04-14T06:14:02.071800Z

a big topic, I know.

hindol 2020-04-14T06:25:31.072100Z

You can see the implementation here: https://github.com/pedestal/pedestal/blob/master/jetty/src/io/pedestal/http/jetty.clj Check the comments towards the end.

hindol 2020-04-14T06:26:19.072500Z

I have not tried the steps myself though.

2020-04-14T10:20:57.074700Z

I have a question about 

(fern/lit vase.datomic.cloud/client
when I try to use it, I see a 
java.lang.AbstractMethodError: Receiver class datomic.client.impl.shared.Client does not define or inherit an implementation of the resolved method abstract create_database(Ljava/lang/Object;)Ljava/lang/Object; of interface datomic.client.impl.shared.protocols.Client.
	at datomic.client.api.async$create_database.invokeStatic(async.clj:148)
	at datomic.client.api.async$create_database.invoke(async.clj:140)
	at datomic.client.api.sync.Client.create_database(sync.clj:73)
	at datomic.client.api$create_database.invokeStatic(api.clj:144)
	at datomic.client.api$create_database.invoke(api.clj:135)
	at com.cognitect.vase.fern.CloudConnection._interceptor(fern.clj:94)
which is inline with my understanding of the datomic client: it cannot create databases. but doesn't that render the CloudConnection unusable? The culprit is at https://github.com/cognitect-labs/vase/blob/407d8cda05892ee740ac22f170156a0ee4764733/src/com/cognitect/vase/fern.clj#L94

2020-04-14T10:42:29.074900Z

Oh I see, this is a special case > NOTE: create-database is not available with peer-server. > Use a Datomic Peer to create databases with Datomic On-Prem.

2020-04-14T10:46:20.075100Z

it would be nice if I could disable that (client/create-database call from the config

2020-04-14T14:05:04.075300Z

@ben.hammond thanks for pointing this out. In retrospect, DB lifecycle management should be done independently. Including calls to create-database for every request is not recommended. This new learning led to me changing the pedestal.ions sample app (https://github.com/pedestal/pedestal-ions-sample#database-life-cycle-management). I’m going to create an issue capture that this needs to be followed up on.

2020-04-14T14:06:12.075500Z

In that sample I adopted the approach taken by the Datomic Ions tutorial (https://docs.datomic.com/cloud/ions/ions-tutorial.html#orgd70504f)

2020-04-14T14:07:35.075700Z

I’m incorrect, the code you linked creates the db on interceptor creation only. Still, it should be done explicitly and elsewhere

2020-04-14T14:26:15.076Z

Yeah I'm combining integrant with vase & pedestal in order to manage lifecycle and dependencies