shadow-cljs
shadow-cljs copied to clipboard
thheller
No way to ignore ssl configuration on server startup using CLI
When :ssl key is provided inside "shadow-clj.edn" server (npx shadow-cljs server) always runs with SSL.
However, a configuration could have :dev-http entries which doesn't require SSL, e.g. using {:ssl false} option.
It would be nice to add a CLI flag to disable SSL during server start-up, e.g. npx shadow-cljs server --no-ssl and startup only HTTP servers which don't require SSL.
Alternatively, option --config-merge can be used to reset :ssl key, e.g. npx shadow-cljs server --config-merge {:ssl false}
The second option can have even more potential as it would allow modifying config before server start in a way we need in different environments, e.g. local vs CI
Another issue I have discovered, that when you have a mix of :ssl false and :ssl true inside :dev-http hot-reloading for ones with :ssl false doesn't work, and "shadow-cljs - Reconnecting ..." is shown constantly.
Errors in the console:
websocket.cljs:12 WebSocket connection to 'wss://localhost:9630/api/remote-relay?server-token=7af95972-d287-4420-87ed-503ac8b0a934' failed:
shadow$cljs$devtools$client$websocket$start @ websocket.cljs:12
shared.cljs:300 shadow-cljs - remote-error Event
eval @ shared.cljs:300
Can you please provide a full example?
have a mix of :ssl false and :ssl true inside :dev-http
I don't understand what you mean by this. In general browsers aren't too happy with mixing ssl/non-ssl so I don't expect this to work well anyways?
I see that my wording of mixing is a little bit confusing. Maybe my example is very specific but let's look at it.
{:dev-http {8021 {:root "target/test" :ssl false}
8080 {:root "target/app"}
:ssl {:keystore "app.jks"}
:builds {:app {:target :browser}
:test {:target :browser-test}}}
On the one hand, I need to serve :app output using HTTPS (simplify integration with other services), on the other hand, I don't need to serve :test over HTTPS (which complicates test execution setup).
For the browser, it will be two different URLs/ports http://localhost:8021 and http://localhost:8080 respectively, so I don't see any constraints from the browser here but I can miss something.
In what way does SSL for the test "complicate test execution setup"?
SSL is also used by the primary webserver for shadow-cljs which handles the websockets for REPL/hot-reload. So even if you had disabled the SSL for :test it'll still attempt to connect to the SSL websocket. So whatever issue you had with SSL in the first place would still be there?
Only suggestion I can make is using a separate webserver (eg. nginx) that handles the SSL and proxies to shadow-cljs when needed but keeping SSL entirely out of the shadow-cljs config.
Thanks, I like your idea of using a separate web server, which we actually have already, so it can be just a matter of configuration.
In what way does SSL for the test "complicate test execution setup"?
We are using kaocha-cljs2 which has its own WebSocket communication to run tests which means that we have to set up SSL there as well (in case we use it to serve our tests) and is what we wanted to avoid basically
SSL is also used by the primary webserver for shadow-cljs which handles the websockets for REPL/hot-reload.
And maybe there is a place for improvement. When I remove :ssl from configuration hot reloading works fine with no SSL (HTTP) servers. Maybe we can try to connect to the non-SSL WebSocket when the SLL one is failed or provide the ability to choose to which one we want to connect for the specific servers?
I still don't know what your actual problems are. A reproducible example would help a lot here.
The primary shadow-cljs HTTP currenlty only runs in full-SSL or no-SSL-at-all mode, there is no "both". Given that everything is port based that would probably become a nightmare config-wise.
My recommendation is to use a separate SSL webserver, when you only need SSL for one part. You can also tunnel the shadow-cljs websockets through that one via :devtools-url if needed. Or use the same SSL everywhere, should be easy once you have it configured once.
Or is this just a communication problem? I added the :ssl false option in https://github.com/thheller/shadow-cljs/commit/cda1b21b2b1c99e5dee3a8797316b1d444b67bd7? Seems like I missed to reference the issue in the commit message? I maybe wrongly assumed that you saw that and assumed there was another unsolved issue? Maybe I just confused myself by not closing this? :P
Hi guys any final solution ? I am new to clojurescript and still getting this remote error, can you please guide on how do I resolve this ?
