kentonv changed the topic of #sandstorm to: Welcome to #sandstorm: home of all things sandstorm.io. Say hi! | Have a question but no one is here? Try asking in the discussion group: https://groups.google.com/group/sandstorm-dev
kawaiipunk has quit [Quit: Leaving this Club]
kawaiipunk has joined #sandstorm
<abliss> "This means you have to install Meteor 1.8.2 in addition to the latest version in order to build Sandstorm. :( " -- how? the docs suggest `curl https://install.meteor.com/?release=1.8.2 | sh` but the first thing this prints is `Removing your existing Meteor installation.`
<isd> As I understand it, the way meteor is structured there's a sort of "version manager" that will automatically pull in versions of the framework that you're actually using. So if you install 1.8.2 and then try to build an app that's marked as using 1.10, it will just pull that in
<isd> The reason we need to specify 1.8.2 explicitly is because we're not actually using meteor 1.8.2, we're just using the older node it ships with to run the font thing.
<isd> It's all very upsetting.
<isd> Probably if you had a dev setup from before up upgraded past 1.8.2, it would continue to work (which is why I didn't notice this had even gone in until someone tripped over it and opened an issue)
<abliss> well i had a working build some weeks ago, and now i can't build because i don't have meteor 1.8.2. (Of course, it takes 20 minutes of "make" before it will deign to fail and tell me.)
<abliss> i ran the curl and restarted make , and that was 31 minutes ago, so i oughta be finding out pretty soon whether that worked.
<isd> Best of luck.
frigginglorious has joined #sandstorm
<abliss> actually wait, maybe it is done? i forgot that i went 'continuous' this time and it doesn't give you any indication that it finished.
<abliss> does 'make continuous' not create a sandstorm-0.tar.xz ?
frigginglorious has quit [Client Quit]
<kentonv> abliss, it doesn't. It only compiles the C++ code, and when it's done with that, stops and waits for something to change requiring rebuilding.
<abliss> i see... so the only practical way to make is `make continuous & make ` ?
<abliss> oh right, now i remember why i nuked some old meteor versions... ~/.meteor is 3Gb!
<kentonv> `make continuous` should only be used when you're hacking on the C++ code
<kentonv> if you want to build a bundle, `make` or `make fast` (which sets xz compression level to zero on the final output) will do it
<abliss> when you're hacking on the C++ code.... or if you ever plan to `git pull` in someone else's work which touches the git code, right?
<abliss> because if any of the C code is touched at all, your `make` starts over from scratch with zero reuse, right?
<kentonv> sure, if you expect to be making incremental changes to the C++ code and you don't want to rebuild the whole thing when that happens, you leave `make continuous` running in the background.
<isd> I tend to habitually do make continuous when I sit down to hack for the day. This way I don't have to think about in advance whether I'm going to need it.
<isd> Also, wow, my ~/.meteor is twice that.
nwf has quit [Ping timeout: 256 seconds]
nwf has joined #sandstorm
nwf has quit [Ping timeout: 256 seconds]
nwf has joined #sandstorm
prompt-laser has quit [Quit: Connection closed for inactivity]
limbo has quit [Ping timeout: 265 seconds]
limbo has joined #sandstorm
<JacobWeisz[m]> Anyone know if the LDAP login is sent from the server or the client? If my LDAP server is on the local network configured with a local IP, can I use those credentials when visiting Sandstorm from a remote network?
<JacobWeisz[m]> Answered my own question. It presumably handles all of it on the Sandstorm server's network. Because with LDAP configured to use a local IP address, I authenticated against it from a remote network.
<JacobWeisz[m]> For my home PCs I am setting up Active Directory so I can centrally manage them and user accounts on them.
<JacobWeisz[m]> Seemed like an opportune time to play with LDAP configuration since my Sandstorm server lives in the same network.
<xet7> I should also sometime learn LDAP
<xet7> I don't know about it
<xet7> and some just add issues about Wekan LDAP
<xet7> JacobWeisz[m]: Can you look at Wekan LDAP issues?
<JacobWeisz[m]> I am kinda an LDAP noob, to be honest. I can now say I've tested Sandstorm's LDAP though.
<JacobWeisz[m]> I can look at the issues though and see if I have any thoughts.
<xet7> Thanks!
<JacobWeisz[m]> I want to look at the LDAP docs for Sandstorm too. I remember finding the push for SAML/ADFS off-putting as a Windows admin. Though I configured this without using docs at all, FWIW.
<xet7> JacomWeisz[m]: What do you think, should I make paid Windows installer for Wekan? Would someone buy it? I could make survey about it.
<xet7> JacobWeisz[m]: ^
frigginglorious has joined #sandstorm
<JacobWeisz[m]> I opened a PR for probably the only real omission the docs has for LDAP to Active Directory. The prepopulated username field isn't used by Active Directory.
<JacobWeisz[m]> xet7: Is there currently no such installer? I imagine you could go after more enterprise customers with a Windows server install and good LDAP/Active Directory support.
<JacobWeisz[m]> Where I work we do not care if something is open source, but having paid support is critical.
<JacobWeisz[m]> And we are probably not going to even entertain something that runs on Linux unless its an appliance/virtual appliance.
<xet7> Currently there is no such installer
<JacobWeisz[m]> The appliance strategy is how a lot of enterprise vendors get away with shipping Linux: The business that buys it just sees the web interface.
<xet7> Wekan works with Windows version of Node+MongoDB
<xet7> it's just making installer, update etc gui
<JacobWeisz[m]> A good appliance is managing its own OS/security updates, but I'd generally prefer something that runs on Windows where I can manage it the same as the rest of the environment, and am not dependent on the vendor doing their job well.
<xet7> Many are installing Wekan to air gap internal network
<JacobWeisz[m]> (A lot of enterprise hardware appliances run on things like Pentium 4 chips in whitelabeled 1U server boxes running archaic CentOS builds.)
<xet7> CentOS 6 ?
<JacobWeisz[m]> I think it'd open up that market to you. Plenty of enterprise apps I see pretty much install Tomcat, Postgres, etc. on a Windows server.
<xet7> What kind of pricing those have?
<JacobWeisz[m]> Yeah, CentOS 6 is on way too many things. :P
<xet7> On those Enterprise systems, do they use macOS at all?
<xet7> Although, I think on Mac everything is deprecated too fast
<JacobWeisz[m]> I never have seen/used Macs in an IT environment. The printing company I used to work at had them prior to me working there, and got rid of them when Adobe improved their support for Windows like a decade ago.
<JacobWeisz[m]> I know Apple has tools for centrally managing Macs but I've never used them.
<xet7> I have spent many hours trying to support Macs. Once macOS upgrade corrupted local MySQL databases, with MySQL version upgrade. And some other times I spent many hours trying to get Mac show local Nginx+PHP+MySQL Drupal websites. I did get those working, after trying many things.
<JacobWeisz[m]> I am honestly curious what people in non-Windows environments use instead of Active Directory to manage accounts. I found Google's new Credential Provider for Windows announcement intriguing, as it suggests they're getting serious about managing Windows PCs without using AD.
<JacobWeisz[m]> If I have a network of Linux servers and machines today, what am I most likely to use to administer and manage accounts of non-IT users?
<xet7> Univention appliance has some web LDAP style gui for users, groups etc https://github.com/wekan/wekan/wiki/UCS
<xet7> Although, I think there is more proper features in version that has paid support
<xet7> it's web GUI
<xet7> Friend https://friendos.com/ has it's own web UI for managing users, roles, groups, permissions
<xet7> There are some other LDAP server distros that have more features than Univention
<xet7> Mostly I think Friend is the future, because it's very fast web+app desktop
<xet7> And they have own mini distro that boots directly to Friend desktop full screen
<xet7> It will be released to some GitHub repo sometime in the future
<xet7> At Friend desktop Wekan is in window
<xet7> Friend is fast websockets using server coded in C
<xet7> it also support PHP and other programming languages
<xet7> there is OnlyOffice with modifications for Friend
<xet7> music tracker app
<xet7> graphics editing
<xet7> etc etc
<xet7> iOS and Android app
<xet7> I have been thinking that maybe I could try to run Sandstorm as an app
<xet7> in window
<xet7> Wekan app is here https://github.com/wekan/FriendUPApp
<xet7> it's just defining Wekan url etc
<xet7> some html
<xet7> Although, I should translate Friend to Finnish
<xet7> But, I don't know the future
frigginglorious1 has joined #sandstorm
<isd> ocdtrekkie: The most common configuration I've seen is krb5 + openldap
<isd> So, same protocols, different implementation
frigginglorious has quit [Ping timeout: 246 seconds]
frigginglorious1 is now known as frigginglorious
<isd> I'm pretty sure these days it's even possible to connect windows clients to a Linux kerberos/ldap server setup
frigginglorious has quit [Read error: Connection reset by peer]
<isd> RedHat has put some effort into that, speaking of enterprise systems.
frigginglorious has joined #sandstorm
<isd> Usually people combine that setup with /home being an NFS mount
<JacobWeisz[m]> Okay, that's good to know.
xet7 has quit [Quit: Leaving]
xet7 has joined #sandstorm
avffa has joined #sandstorm
<avffa> Hey all, I have a weird set up that doesn't seem to be accounted for in your docs. Was wondering if I could get some input. Sandstorm conf as follows:
<avffa> or it would follow if my paste sharing was working :D
<avffa> there we go
<avffa> so my issue is that I want Sandstorm to handle SMTP but since it's bound to loopback I need a way to handle reverse proxying. I already have Nginx reverse proxying 443 and redirecting 80 to 443, and I'm almost certain there's a way to do it with Nginx so that it just passes all traffic on 25 to sandstorm
<avffa> just the config isn't apparent to me
<avffa> Perhaps this opens the dialogue for a suggestion, that SMTP could be bound to a different IP than the web interface
avffa has quit [Quit: Connection closed]
avffa has joined #sandstorm
avffa has quit [Client Quit]
avffa has joined #sandstorm
_whitelogger has joined #sandstorm
<isd> You probably want to pick a higher port for sandstorm to listen on and then have nginx do the forwarding to that. nginx needs to listen on the public-facing port
<avffa> Hmm yea I think when I configured it a couple days ago I tried forwarding from public to local
avffa has quit [Quit: Connection closed]