This feed does not validate.
<language>en,de</language>
^
<pubdate>Tue, 16 Apr 2024 12:38:36 +0000</pubdate>
^
line 22, column 59: (10 occurrences) [help]
<link>2024/04/maven-build-with-multiple-java-versions.html</link>
^
line 23, column 26: (10 occurrences) [help]
<author>Stephan H. Wissel</author>
^
line 24, column 43: (10 occurrences) [help]
<guid>e01d6620-fbcb-11ee-83f2-810c012896ec</guid>
^
line 25, column 23: (10 occurrences) [help]
<pubDate>16 April 2024</pubDate>
^
In addition, interoperability with the widest range of feed readers could be improved by implementing the following recommendations.
<?xml version="1.0"?><rss version="2.0"><channel> <title>wissel.net Usability - Productivity - Business - The web - Singapore and Twins</title> <link>https://wissel.net/blog/stories.rss</link> <description>Thoughts, Insights and Opinions of Stephan H. Wissel. Topics included: Salesforce, Lotus Notes and Domino, IBM Websphere, NodeJS, JavaScript, J2EE, .Net, Software Archtecture, Personcentric Development, Agile Software, SDLC, Singapore and my Twins</description> <language>en,de</language> <copyright>(C) 2003 - 2021 Stephan H. Wissel, All rights reserved</copyright> <pubdate>Tue, 16 Apr 2024 12:38:36 +0000</pubdate><item> <title>Maven build with multiple Java versions</title> <description><p>Imagine, you are tasked with maintaining a <a href="https://opensource.hcltechsw.com/Domino-rest-api/index.html">Java application</a> that needs to run on more than one Java version. You want to ensure that it compiles, tests and builds on all of them.<br> This is our story, buckle up, there are a few moving parts</p><h3>The big picture</h3><ul> <li>We use <a href="https://maven.apache.org/">Apache Maven</a> to drive the project using the <code>pom.xml</code></li> <li>The <a href="https://maven.apache.org/plugins/maven-toolchains-plugin/">Maven Toolchains</a> plugin controls the Java versions</li> <li>Using <code>&lt;properties&gt; ... &lt;/properties&gt;</code> and <a href="https://maven.apache.org/guides/introduction/introduction-to-profiles.html">Build Profiles</a> to adjust conditions for processing</li> <li>Annotatiosn like <code>@Only8</code> and <code>@Only17</code> help to qualify tests</li> <li>Our build tool (<a href="https://www.jenkins.io/">Jenkins</a> or <a href="https://github.com/features/actions">Github Actions</a>) will use a container provided (in our case based on <a href="https://www.redhat.com/en/blog/introducing-red-hat-universal-base-image">Redhat UBI</a>)</li></ul></description> <link>2024/04/maven-build-with-multiple-java-versions.html</link> <author>Stephan H. Wissel</author> <guid>e01d6620-fbcb-11ee-83f2-810c012896ec</guid> <pubDate>16 April 2024</pubDate> </item><item> <title>nginx as ingress for Docker compose</title> <description><p>In June I wrote about how to use <a href="/blog/2023/06/docker-nginx-spa-and-brotli-compression.html">Docker &amp; nginx</a> to deliver statically rendered <a href="https://github.com/google/brotli">brotli</a> files for your web (frontend) application. It improves delivery quite a bid, but left me wonder: isn't there too much static WebServer involved?</p><h3>Double hop to deliver static files</h3><p>A typical web application using micro/mini/midi services looks like this:</p><p><img src="/blog/images/2023/TypicalDockerConfig.jpg" alt="A typical Docker configuration"></p><p>It is common, easy and concerns quite separated. However it comes with a set of challenges:</p><ul> <li>nginx doesn't do http/2 on <a href="https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/"><code>proxy_pass</code></a>, so you miss the ability to serve static files directly with http/2</li> <li>For static file we have two nginx involved</li> <li>Each service needs to be exposed to the host at some port</li> <li>The service architecture leaks to the host based nginx. SO any change in service needs an update to the <code>docker-compose.yml</code> <strong>AND</strong> the host based nginx configuration</li> <li>the containers depend on that, external to them, configuration</li></ul><p>So I tried to design a better way to handle this without going all <a href="https://kubernetes.io/">K-in</a>:</p><p><img src="/blog/images/2023/DockerConfigWithNginx.jpg" alt="Docker configuration with ingress as component"></p><p>This looed like a more promising approach:</p><ul> <li>Services could be addressed with their internal network name</li> <li>Only Ports 80 and 443 of one container need exposure on the host</li> <li>The nginx configuration inside the container is immutable and can't accidentially be reconfigured in production (your image comes from a pipeline isn't it)</li></ul><h3>Challenges</h3><ul> <li>When trying to configure certbot, I initially tried using the <code>--nginx</code> parameter with an http challenge and shared data mounts. None of the attempts worked satisfactory, so at the end I settled on a<a href="https://letsencrypt.org/docs/challenge-types/#dns-01-challenge">DNS-01</a> using <a href="https://www.cloudflare.com/">CloudFlare</a>.</li> <li>Since I wanted the nginx configuration to be inside the container image (and not on a data mount), a good understandig of nginx's configuration is necessary. The only persisted information was <code>/etc/letsencrypt</code> for the certificate and a secret for CloudFlare credentials</li> <li>When the nginx configuration is statically configured for TLS, on initial load it will fail since the certs don't exist yet. Auntie Google suggested a manual run of certbot, but I favour <code>docker compose up</code> to handle everything</li> <li>I ended up creating my own docker images, which was an epiphany: it absolutely makes sense to build a container image for single use instead of trying hard to make it configurable and vulnerable to mis-configuration</li></ul></description> <link>2023/11/nginx-as-ingress-for-docker-compose.html</link> <author>Stephan H. Wissel</author> <guid>c5cd81d0-83ab-11ee-a943-5f6e43c4acd6</guid> <pubDate>15 November 2023</pubDate> </item><item> <title>Quarkus and GraalVM starter</title> <description><p>When <a href="https://www.java.com/en/">Java</a> is one of the languanges in your portfolio, you might have heard of <a href="https://quarkus.io/">Quarkus</a>, an alternative to <a href="https://spring.io/projects/spring-boot">Spring Boot</a> build on top of <a href="https://vertx.io">vert.x</a> and <a href="https://www.graalvm.org/">GraalVM</a>, a polyglot runtime for Java and other languages.</p><p>This article describes the getting started that worked for me.</p><h3>Moving parts</h3><p>The fist hurdle to overcome is to install all the bits and pieces. There are plenty of versions (Java 11 - Java 21) and methods (maven, CLI, packet managers), so it con be confusing what to pick. I tried most of them and created a mess and a deep appreciation for the "reset to snapshot" feature afforded by virtual machines. Instructions work for macOS, Linux or <a href="https://www.graalvm.org/">Linux on Windows</a>.Here we go:</p><ol> <li>install <a href="https://sdkman.io/">SdkMan</a>.</li></ol><p>The tool helps to keep your software development kits under control. From their website:</p><p><em>"Meet SDKMAN! ? your reliable companion for effortlessly managing multiple Software Development Kits on Unix systems. Imagine having different versions of SDKs and needing a stress-free way to switch between them. SDKMAN! steps in with its easy-to-use Command Line Interface (CLI) and API."</em></p><pre><code class="language-bash">curl -s "https://get.sdkman.io" | bash</code></pre><p>You can thank me later. Side note: there are 16 different JDK offerings that can be installed, we are spoiled <a href="https://thedecisionlab.com/reference-guide/economics/the-paradox-of-choice">for choices</a></p><ol> <li>install <a href="https://www.graalvm.org/">GraalVM</a></li></ol><p>Currently, as of time of writing, there are three GraalVM distributions available. The Open Source, community supported <a href="https://github.com/oracle/graal/">GraalVM Community Edition</a>, the commercial, Oracle supported <a href="https://www.graalvm.org/downloads/">Oracle GraalVM</a> which requires a license in production and the ReedHat backed <a href="https://github.com/graalvm/mandrel">Mandrel</a>. Mandrel is advertised as "specifically to support Quarkus". The Java 21 version was not yet available on sdkman, so I used the community edition. To stick with Mandrel I will use the container build option, later more on that</p><pre><code class="language-bash"># List SDKssdk list java# install GraalVMsdk install java 21-graaalce</code></pre><ol> <li>Install <a href="https://quarkus.io/">Quarkus</a></li></ol><p>This will install the Quarkus CLI and for good measure <a href="https://maven.apache.org">Apache Maven</a>. The Quarkus CLI makes a <a href="https://quarkus.io/guides/ide-tooling">pleasant developer experience</a></p><pre><code class="language-bash">sdk install quarkussdk install mvn</code></pre><ol> <li>Install <a href="https://www.docker.com/">Docker</a></li></ol><p>You can use <a href="https://www.docker.com/products/docker-desktop/">Docker desktop</a> (required a license for larger organisations) or <a href="https://rancherdesktop.io/">Rancher Desktop</a> (which also handles Kubernetes), <a href="https://podman-desktop.io/">Podman Desktop</a>, any of <a href="https://alternativeto.net/browse/search/?q=Docker">the alternatives</a> or the command line. New to Docker? There's <a href="https://www.google.com/search?q=how+to+install+docker">plenty of fish</a></p><p>Now we are good to go. Skipping the <a href="https://quarkus.io/get-started/">Code with Quarkus</a> tutorial lets build a n app in java and native put it into a container</p></description> <link>2023/10/quarkus-and-graalvm-starter.html</link> <author>Stephan H. Wissel</author> <guid>59234250-69c9-11ee-ba4c-cfc559bbd988</guid> <pubDate>13 October 2023</pubDate> </item><item> <title>Fun with Azure Active Directory & JWT</title> <description><p><a href="https://en.wikipedia.org/wiki/Active_Directory">Active Directory</a> has been the dominant standard for IT directories, even if it isn't <a href="/blog/2014/01/a-short-history-of-directory-trees.html">the prettiest tree</a> in the forrest. It's younger sibling <a href="https://en.wikipedia.org/wiki/Microsoft_Azure_Active_Directory">~~Azure Active Directory~~ Entra ID</a> is a big player in cloud based <a href="https://en.wikipedia.org/wiki/Identity_provider">Identity Providers (IdP)</a>. Unsurprisingly it behaves differently than the gold standard <a href="https://www.keycloak.org/">KeyCloak</a></p><h3>JWT expectations</h3><p>A <a href="https://en.wikipedia.org/wiki/JSON_Web_Token">Json Web Token (JWT)</a> payload is a <strong>very</strong> losely definded <a href="https://en.wikipedia.org/wiki/JSON">JSON</a> object with various claims. There is only a minimal consent of properties":</p><pre><code class="language-json">{ "iss": "https://where-it-came-from", "audience": "https://where-it-should-be-valid", "iat": "DATE/TIME -&gt; issued at", "exp": "DATE/TIME -&gt; expiry", "scope": "space separated list of scopes", "email": "user's email"}</code></pre><p>The whole thing is (un)defined in <a href="https://datatracker.ietf.org/doc/html/rfc7519">RFC7519</a>, sufficiently loose, so anyone can claim to be standard compliant and nothing is interoperable (just like <a href="https://datatracker.ietf.org/doc/html/rfc5545">ical</a>). There is a <a href="https://www.iana.org/assignments/jwt/jwt.xhtml">list of known claims</a>, but RFC7519 states: "<em>None of the claims<br> defined below are intended to be mandatory to use or implement in all<br> cases, but rather they provide a starting point for a set of useful,<br> interoperable claims.</em>"</p><p>To ease validation of signatures, one can use an URL <code>.../.well-known/openid-configuration</code> which provides a number of needed properties:</p><ul> <li>various endpoint URLs for authentication and token exchange</li> <li><code>issuer</code>: The value corresponding to the <code>iss</code> property in a JWT</li> <li><code>jwks_uri</code>: URL to read the public key to validate signatures</li> <li><code>scopes_supported</code>: what scopes does the API support</li></ul><h3>Azure - same but different</h3><p>When you setup <a href="https://help.hcltechsw.com/domino/12.0.2/admin/secu_config_http_bearer_auth_using_oidc_c.html">Domino for JWT</a> you need a series of specific conditions. The interesting parts from the documentation:</p><ul> <li><em>One of the JWT's "aud" (audience) claims must match the Domino Internet Site's host name</em></li> <li><em>JWTs must contain a "iss" (issuer) claim matching the "issuer" returned from the OIDC provider's .well-known/openid-configuration endpoint</em></li> <li><em>JWTs must contain a "scope" claim that includes "Domino.user.all"</em></li></ul><p>When you follow <a href="https://opensource.hcltechsw.com/Domino-rest-api/howto/IdP/configuringAD.html">KEEP's how to configure Azure AD</a> you will find a set of pain points, in no specific order:</p><ul> <li>You can't remove claims you don't need</li> <li>Azure AD will not issue a <code>scope</code> claim, but an <code>scp</code> claim</li> <li>The <code>aud</code> claim is fixed to the "Application ID URI"</li> <li>The <code>iss</code> claim in a token does not match the <code>issuer</code> property from <code>well-known/openid-configuration</code></li> <li>The <code>jwks_uri</code> URL does not return an <code>alg</code> property for the algorythm (nor did I find any way to request an <a href="https://en.wikipedia.org/wiki/Elliptic-curve_cryptography">Elliptic-curve</a> signer)</li></ul><p>So there's tons of fun to be had with Azure ~~Active Directory~~ Entra ID</p></description> <link>2023/08/fun-with-azure-active-directory-and-jwt.html</link> <author>Stephan H. Wissel</author> <guid>0fd1b040-465c-11ee-8527-1ded1f8f3d81</guid> <pubDate>29 August 2023</pubDate> </item><item> <title>Primary Posture Applications</title> <description><p>We use a multitude of applications per day. Each of them captures some level of attention and interaction. <a href="https://en.wikipedia.org/wiki/Alan_Cooper">Alan Cooper</a> coined the term <a href="https://en.wikipedia.org/wiki/Application_posture">Application posture</a>, with the mainly used application being the <a href="https://uxplanet.org/application-posture-d896bceda537"><strong>sovereign application</strong></a>. I personally like the term <strong>primary posture application</strong> better and will use it in this post</p><h3>Being primany</h3><p>Since users spend most of their time in it, there's a willingness to become "senior intermediate experts". Shortcuts are learned, workflows get shared and a deeper understanding is desired. Depending on the nature of your work, very different application are your primary</p><ul> <li>for a graphic desiger it might be <a href="https://www.gimp.org/">GIMP</a> or <a href="https://inkscape.org/">Inkscape</a></li> <li>a vlogger spends lot of time in <a href="https://obsproject.com/">OBS</a></li> <li>The controllers spend their days in spreadsheets</li> <li>The sales manager in <a href="https://salesforce.com/">CRM</a></li> <li>Operations is fond of <a href="https://sap.com/">ERP</a></li> <li>eMail and chat are strong contenders too</li> <li>the Scrum master lives in Jira, while developers on the command-line and IDE</li></ul><h3>Primary posture by association</h3><p>To cover anything else, aggregators were used. Trailblazer here was the <a href="https://en.wikipedia.org/w/index.php?title=Lotus_Notes">Lotus Notes Client</a>: One did everything in Notes, the main job and all the auxiliary and transient would be there. This consistency was attempted to recreate using portals and intranets (for inspiration what intranets can achieve, head over to <a href="https://www.nngroup.com/reports/topic/intranets/">The Nielsen Norman Group</a>).</p><h3>Auxiliary applications</h3><p>You need to complete a task fast and want effortless results. An auxiliary posture helps with that. Adding an appointment in a calendar, booking a ride share, filing tax returns.</p><h3>Auxiliary applications with a primary posture</h3><p>One's primary application is another's auxiliary. This is a huge problem especially for bespoke applications. Typically they are comissioned by departments who will use them in "primary posture" (e.g. the leave management system gets commissioned by HR). The leave administrator will happily learn all bells and whistles, while mortal users are irritated by the complexity. I recall working on a leave management system where the initial application form had over 30 fields to cover all eventualities. We were able to convince the application owner to take a 2 form approach: the initial form had: coming, going, type of leave and optional "on behalf". 2 buttons were offered: "more" and "submit". "More" would lead to the 30+ fields form. We monitored usage for 6 month. Not a single time the larger form was submitted.</p><h3>Multiple front-ends</h3><p>To avoid the primary auxiliary trap, a clear API that separates UI from business logic helps. It allows to build smaller front-ends that are auxiliary in nature but don't compromize integrity. <a href="https://www.openapis.org/">OpenAPI</a> is your friend</p></description> <link>2023/08/primary-posture-applications.html</link> <author>Stephan H. Wissel</author> <guid>77462770-40a2-11ee-9a9a-81b1521576ba</guid> <pubDate>21 August 2023</pubDate> </item><item> <title>Passphrase Generator</title> <description><p>Passphrases are considered easier to remember for humans and harder to crack for machines, famously explained in <a href="https://xkcd.com/936/">this comic</a>:</p><p><a href="https://xkcd.com/936/"><img src="https://imgs.xkcd.com/comics/password_strength.png" alt="Pasword strength"></a></p><p>The challenge then is to have a good word list to pick from. There are <a href="https://wordcounter.io//blog/how-many-words-does-the-average-person-know">various measurements</a> on how many words one person would <strong>use</strong> which could be as low as a thousand. Note there is a huge difference between <em>recognize</em> and <em>use</em>.</p><h3>Passphrases and dices</h3><p>In a recent <a href="https://chaos.social/@stw/110756503711275152">Toot exchange</a> <a href="https://chaos.social/@ospalh">ospalh</a> pointed me to <a href="https://en.wikipedia.org/wiki/Diceware">Diceware</a>, a method to use <a href="https://diceware.dmuth.org">dice rolls</a> and a word list to determine a passphrase. Usually one uses the regular 6 sides dices and 5 dices, which lets you pick from a 7776 member word list. The <a href="https://www.eff.org">EFF</a> published <a href="https://www.eff.org/deeplinks/2018/08/dragon-con-diceware">a version using the 20-sided dice</a> from <a href="https://en.wikipedia.org/wiki/Dungeons_%26_Dragons">Dungeon and Dragons</a> as well as various word lists.</p><h3>Wordlists</h3><p>An attacker who doesn't know that they are dealing with a passphrase, using conventional cracking methods stands little chance to decipher the phrase. However as the defender you must assume, they know your word list, so it is imperative to keep it long, while maintaining the odds to remember (in any case you can use some <a href="https://bitwarden.com">extra brain</a>). SOme of the word lists you can find online:</p><ul> <li><a href="https://theworld.com/%7Ereinhold/diceware.wordlist.asc">Arnold Reinhold's Diceware list</a>, 1995, 7776 entries</li> <li><a href="https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt">EFF list from 2016</a>, 2016, 7776 entries (introduced <a href="https://www.eff.org/deeplinks/2016/07/new-wordlists-random-passphrases">here</a>)</li> <li><a href="https://www.eff.org/deeplinks/2018/08/dragon-con-diceware">Fandom generated word lists</a> by EFF for the 20 side dice</li> <li><a href="https://www.eff.org/files/2018/08/29/gameofthrones_8k-2018.txt">Game of Thrones</a>, 2018, 4000 entries</li> <li><a href="https://www.eff.org/files/2018/08/29/harrypotter_8k_3column-txt.txt">Harry Potter</a>, 2018, 4000 entries</li> <li><a href="https://www.eff.org/files/2018/08/29/memory-alpha_8k_2018.txt">Star Track</a>, 2018, 4000 entries</li> <li><a href="https://www.eff.org/files/2018/08/29/starwars_8k_2018.txt">Star Wars</a>, 2018, 4000 entries</li></ul><h3>Math.random() to replace dices</h3><p>Let's roll (pun intended) our own passphrase generator. To make it a little more fun these are our constrains:</p><ul> <li>passphrase has 5 elements: 4 words and one 6 digit number</li> <li>the number appears at a random position</li> <li>elements are separated by a <code>-</code> (for readability, in active use you might just filter them out)</li></ul></description> <link>2023/07/passphrase-generator.html</link> <author>Stephan H. Wissel</author> <guid>20817830-29fb-11ee-8ef8-8bb241062b76</guid> <pubDate>24 July 2023</pubDate> </item><item> <title>Keep your github container registry tidy</title> <description><p>SO you drank the cool-aid, like me, and use <a href="https://github.com/features/actions">GitHub Actions</a> to build your projects and <a href="https://github.com/features/packages">GitHub pacckages</a> for your private containers, maven produced Jars, npm modules. Soon your honeymoon is over and you hit the storage limit of your account.</p><h3>You need to clean up</h3><p>Looking at the packages you will notice, that they are all there, all the version, in case of containers even the untagged ones. The root of the problem is equally the solution: a GitHub Action to <a href="https://github.com/marketplace/actions/delete-package-versions">delete package versions</a>. The package is very flexible and well documented, outlining <a href="https://github.com/marketplace/actions/delete-package-versions#scenarios">several scenarios</a> how to put it to use</p><h2>Things to watch out for</h2><p>You have to decide when you want to put it to use:</p><ul> <li>on schedule, like <a href="https://www.youtube.com/watch?v=mthSq-u2i7A">every Friday</a></li> <li>manual, pressing a button</li> <li>on each build, when you add a new package</li></ul><p>I also experienced that <code>{{ secrets.GITHUB_TOKEN }}</code> wouldn't work when the package you target is private, even when it is in the same repository. Once you know, it's not a big deal, just create a <a href="https://github.com/settings/tokens">PAT</a> and add it to the repository's secrets. You might want to add <code>workflow_dispatch</code> to all triggers, so you can test run them anytime.</p></description> <link>2023/07/keep-your-github-container-registry-tidy.html</link> <author>Stephan H. Wissel</author> <guid>8d4324b0-253b-11ee-aa6d-b183cc9640ea</guid> <pubDate>18 July 2023</pubDate> </item><item> <title>Deploy private npm packages into private containers using github actions</title> <description><p><a href="https://github.com/features/actions">GitHub Actions</a> are rapidly becoming my favorite CI environment. Their <a href="https://github.com/marketplace?type=actions">marketplace</a> has an action for everything. Sometimes it takes a little trial and error before things work smoothly. This is one of that stories.</p><h3>Authentication is everything</h3><p>Imagine the following scenario: you have developed a set of private TypeScript (or JavaScript) packages and have <a href="https://docs.github.com/en/packages/quickstart">successfully deployed</a> them to the <strong>private</strong> GitHub npm registry under the name <code>@myfamousorg/coolpackage</code> - where <code>myfamousorg</code> must match the repository owner (org or individual).</p><p>Now you want to use them in your application. That application shall be packed in a Container and made available in GitHub's private registry. All that automated using GitHub Actions.</p><h3>You will need a PAT (or two)</h3><p>In GitHub, head to the <a href="https://github.com/settings/tokens">Personal access tokens / Tokens (classic)</a> section of your developer settings in profile. You need to <a href="https://github.com/settings/tokens/new">create tokens</a> that allow you to handle packages.</p><p><img src="/blog/images/2023/GitHubToken.png" alt="GitHub Tokens"></p><p>There are two places where you want to enter that token:</p><ul> <li>In <code>https://github.com/[your-org]/[your-repo]/settings/secrets/actions</code> create a key <code>GIT_NPM_PACKAGES</code> and copy your PAT there. You can pick any name, you will need it in the GitHub action later</li> <li>In <code>~/.npmrc</code>, your global settings for npm in your home directory. Don't put the info in the <code>.npmrc</code> in your git project.</li></ul><pre><code class="language-properties">prefix=/home/[your username]/.npm-packages@myfamousorg:registry=https://npm.pkg.github.com//npm.pkg.github.com/:_authToken=[here goes the token] </code></pre><p>The <code>prefix</code> property allows you to run `npm install -g [package] without admin access.</p></description> <link>2023/07/deploy-nodejs-with-private-packages-in-docker.html</link> <author>Stephan H. Wissel</author> <guid>a81d27ba-4cf9-444d-99e6-c4813be2e9f4</guid> <pubDate>16 July 2023</pubDate> </item><item> <title>Handle HTTP chunked responses</title> <description><p>Objects <a href="https://www.youtube.com/watch?v=nFDAK8NY4JY">I need a lot of objects</a>. When dealing with APIs there is one fundamental question to answer: how much data do you want to retrieve?</p><p>The old school answer: let's page results, <a href="https://retrocomputing.stackexchange.com/questions/5629/why-did-80x25-become-the-text-monitor-standard">25 at a time</a>. Then <a href="https://www.nngroup.com/articles/infinite-scrolling-tips/">infinite scrolling came along</a> and changed expectations.</p><h3>I got some chunk for you</h3><p>One way to operate is for the server to send all data, but using <a href="https://en.wikipedia.org/wiki/Chunked_transfer_encoding"><code>Transfer-Encoding: chunked</code></a> (<a href="https://tools.ietf.org/html/rfc9112#section-7.1">RFC 9112</a>) in the header and deliver data in several packages, aptly named chunks. A client can process each chunk on arrival to allow interactivity before data transmission concludes.</p><p>However this requires adjustments on both sides. The server needs to send data with a clear delimiter, e.g. <code>\n</code> (newline) and the client needs to process the data as a stream</p><h3>The usual way won't work</h3><p>We typically find code like this:</p><pre><code class="language-js">fetch(url) .then((resp) =&gt; resp.json()) .then((json) =&gt; { for (let row in json) { addRow(json[row], parentElement); } });</code></pre><p><a href="https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API"><code>fetch</code></a> hides a lot of complexity, we need to handle when we process a chunked result as it arrives.</p></description> <link>2023/07/handle-http-chunked-responses.html</link> <author>Stephan H. Wissel</author> <guid>a73f182a6-e51d-4c0f-9b95-10c640d637dd</guid> <pubDate>04 July 2023</pubDate> </item><item> <title>Docker, nginx, SPA and brotli compression</title> <description><p>Contemporary web development separates front-end and back-end, resulting in the front-end being a few static files. Besides setting long cache headers, pre-compression is one way to speed up delivery</p><h3>Setting the stage</h3><ul> <li>we have a NodeJS project that outputs our <a href="https://en.wikipedia.org/wiki/Single-page_application">SPA</a> in <code>/usr/dist</code> directory. Highly recommended here: <a href="https://vitejs.dev/">VITE</a>. Works for multi-page applications too.</li> <li>We target only <a href="https://caniuse.com/?search=brotli">modern browsers</a> that understand <a href="https://github.com/google/brotli">brotli</a> (Sorry not IE). Legacy will have to deal with uncompressed files</li> <li>We want to go light on CPU, so we compress at build time, not runtime</li></ul><h3>Things to know</h3><ul> <li>When <a href="https://www.nginx.com/">nginx</a> is configured for brotli and the file <code>index.html</code> gets requested, the file <code>index.html.br</code> gets served if present and the browser indicated (what it does by default) that it can accept br</li> <li>There are tons of information about the <a href="https://www.sobyte.net/post/2022-04/docker-nginx-brotli/">need to compile nginx</a> due to the lack of brotli support out of the box. That's not necessary (see below)</li> <li>brotli is both OpenSource and the open standard <a href="https://www.ietf.org/rfc/rfc7932.txt">RFC 7932</a></li> <li>brotli currently <a href="https://github.com/google/brotli/issues/970">lacks</a> gzip's <code>-r</code> flag, so some bash magic is needed</li></ul><h3>Moving parts</h3><ul> <li>DockerFile</li> <li>nginx configuration</li></ul><p>The Dockerfile will handle the brotli generation</p></description> <link>2023/06/docker-nginx-spa-and-brotli-compression.html</link> <author>Stephan H. Wissel</author> <guid>61bc1e40-1231-11ee-a61a-ef046a8827ca</guid> <pubDate>24 June 2023</pubDate> </item> </channel></rss> 
