Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
Stéphan Kochen
@stephank
Not sure if that's related to me using the new release script and the gh command-line, but just used web to recreate the tag, and that's fine.
Stéphan Kochen
@stephank
Alright, 0.3.4 looks good here: https://github.com/portier/portier-broker/releases/tag/v0.3.4
onli
@onli
yeah, a release :)
Stéphan Kochen
@stephank
I'm seeing issues with Redis and the new release :/ 
thread 'tokio-runtime-worker' panicked at 'Failed to read from Redis: parse error: Parse error at 1
Unexpected `117`
Unexpected `10`
', src/utils/redis/pubsub.rs:167:33
But only after a short while. Not sure what's going on here.
portier/portier-broker#234
I may investigate later, don't have the time for it right now. Perhaps finally upgrading to a tokio v1 stack will simply solve it, but there's a bit of work there.
onli
@onli
The heroku installation is still the old version, no?
Stéphan Kochen
@stephank
We don't use heroku anymore, but only staging is autodeployed from master. We need to update portier/public-infra manually to deploy to production. Plus I think that uses SQLite.
onli
@onli
Oi, of course. Old state tends to stay in the head...
Stéphan Kochen
@stephank
Fix appears to working for us, so I created 0.3.5: https://github.com/portier/portier-broker/releases/tag/v0.3.5
Stéphan Kochen
@stephank
Seems we never upgraded our server to NixOS 20.09. Going to give that a shot!
Stéphan Kochen
@stephank
All done, looks to be working fine. Will also try upgrading the production broker from 0.3.2 -> 0.3.5 later (not today).
Specifically wanted to upgrade because of the OpenSSL security release just now, and I think NixOS 20.03 was EOL already. :o
Plus, NixOS 20.09 hardened the nginx install, which is nice.
jestarray
@jestarray
are there any good self hosted versions of mailgun/postmark?
jestarray
@jestarray
also does anyone recommend what lightweight rust(or C libraries) to make a post request to the portier server for authentication?
Stéphan Kochen
@stephank
@jestarray Mailgun/Postmark have fairly specific APIs; I’m not aware of any reimplementations. But you can use any SMTP server with Portier, so Postfix, Exim, etc all work. Running a mailserver is almost its own profession, though. 😅
It’d be cool if we could extract the Rust client code from the Portier broker itself into a separate crate, but right now, we don’t have any Rust or C client libraries, unfortunately.
Stéphan Kochen
@stephank
Should add: generic OpenID Connect clients should work, in theory. We’ve fixed some issues related to those in the past, so people have tried it. Hopefully successfully. 🙂 (Would be neat if we had some docs on this, like a cookbook of how to use different popular libraries.
jestarray
@jestarray
@stephank i didnt realize setting up a mailserver would be so much of a pain in the ass lol... guess ill just use mailgun or something then
Stéphan Kochen
@stephank
Yeah, it’s full of pitfalls. Configuring Postfix is okay, especially of you let Debian do it for you, but then there’s all the extra fluff like SPF, DKIM, reverse DNS and spamlist reputation. I think, https://mailinabox.email/ could be the easiest way to run your own mailserver, because it helps with some of that stuff.
Stéphan Kochen
@stephank
The production broker is now on 0.3.5 :)
Stéphan Kochen
@stephank
A start for monitoring: https://prometheus.portier.io/
I think we can leave that open? If I read this correctly, untrusted access there is fine: https://prometheus.io/docs/operating/security/
Not really intuitive to query right now, there's no listing of metrics, I think? But it does have some exporters running and is scraping from them: https://prometheus.portier.io/targets
Also not sure what those errors there mean
Stéphan Kochen
@stephank
I also configured pushgateway because I plan on modifying autotest to push to prometheus (instead of managing its own files)
Plus I want to look at Grafana, and if that's useful on top of this
And obviously a /metrics for Portier broker itself. :)
Stéphan Kochen
@stephank
I guess you can do {job="nginx"} and see a list of everything it pulls out of nginx. Similarly, node and prometheus jobs are configured, but are worse examples (tons of metrics, apparently). :)
https://prometheus.portier.io/graph?g0.expr=%7Bjob%3D%22nginx%22%7D
And a basic graph, maybe: https://prometheus.portier.io/graph?g0.expr=nginx_http_requests_total&g0.tab=0&g0.stacked=0&g0.range_input=1h
Stéphan Kochen
@stephank
Oh, the errors on prometheus /targets are already fixed, apparently: prometheus/prometheus#8358
Stéphan Kochen
@stephank
Oh, there are example consoles: https://prometheus.portier.io/consoles/index.html.example
onli
@onli
Up status, cpu used and how many connections are open could be important
Ideal would be something like "X logins processed the last Y minutes", no?
Stéphan Kochen
@stephank
Definitely, the metrics prometheus logs of itself include counters per route, per HTTP status code too: https://prometheus.portier.io/graph?g0.expr=%7Bjob%3D%22prometheus%22%7D&g0.tab=1&g0.stacked=0&g0.range_input=1h
There's already a prometheus crate, could be useful: https://docs.rs/prometheus
Stéphan Kochen
@stephank
Hmm, at least for my work gmail account, Google has now started showing an intermediate 'choose an account' screen for every Portier login.
I'm not sure, though, if we fail when someone selects an email different from their previous input to Portier.
(I only have one account to test)
onli
@onli
I recently did a change to Pipes so that the login is not permanent (because Sinatra dropped the session if someone used Chrome and I could not fix it).
I now had multiple reports of users that can not login at all
That might be related, but it doesn't have to be the same thing...

I'm not sure, though, if we fail when someone selects an email different from their previous input to Portier.

Should depend on whether the portier client uses the nonce or the email to identify the login later

onli
@onli
Did you notice anything in that direction, that logins suddenly fail? Testing again now it works with the same account on some devices, but not on others, with the same browser version. It's frankly bizarre
onli
@onli
Hm, it seems to have been a sinatra issue. To disable the rack protection :remote_token seemed unnecessary on my initial test devices after the cookie change, but now disabling it proved necessary again
No direct portier mistake