Skip to main content

Ralsina.Me — Roberto Alsina's website

CORS config for FaaS

Be­cause I want to be able to de­ploy ran­dom python code eas­i­ly to my own server, I have set­up a "Func­tion as a Ser­vice" thing, called faasd (think of it as poor peo­ple's AWS lamb­da). More de­tails on how, why and how it turned out will come in the fu­ture. BUT: this ex­plains how to fix the un­avoid­able headache CORS will give you.


What will happen?

You will set­up your func­tion, test it out us­ing curl, be hap­py it work­s, then set it up in your web app and get an er­ror in the con­sole about how CORS is not al­low­ing the re­quest.

What is CORS and why is it annoying me?

CORS is a way for a ser­vice liv­ing in a cer­tain URL to say which oth­er URLs are al­lowed to call it. So, if the app are in, say, http­s://nom­bres.ralsi­ and the func­tion lives in http­s://­faas.ralsi­ then the ORI­GIN for the app is not the same as the ORI­GIN for the func­tion, so this is a "Cross Ori­gin Re­quest" and you are try­ing to do "Cross Ori­gin Re­source Shar­ing" (CORS) and the brows­er won't let you.

How do I fix it?

There are a num­ber of fix­es you can try, but they all come down to the same two ba­sic ap­proach­es:

Option 1

Make it so the re­quest is not cross-­source. To do that, move the func­tion some­how in­to the same URL as the page, and bob's your un­cle.

So, just change the proxy con­fig so nom­bres.ralsi­­func­tions is prox­ied to the faasd server's /func­tions and change the page to use a re­quest that is not cross-o­rig­in, and that's fixed.

I don't want to do this be­cause I don't want to have to set­up the proxy dif­fer­ent­ly for each ap­p.

Option 2

Have the func­tion re­turn a head­er that says "Ac­cess-­Con­trol-Al­low-O­rig­in: some­thing". That "some­thing" should be the ori­gin of the re­quest (in our ex­am­ple nom­bres.ralsi­ or "*" to say "I don't care".

So, you may say "Fine, I'll just add that head­er in my re­sponse and it will work!". Oh sweet sum­mer child. That will NOT work (at least not in the case of Faas­d)


Be­cause web browsers don't just make the re­quest they want and then look at the head­er­s. They do a spe­cial pre­flight re­quest, which is some­thing like "Hey, server, if I were to ask you to give me /func­tion­s/what­ev­er from this orig­in, would you give me a CORS per­mis­sion or not?"

That re­quest is done us­ing the OP­TIONS HTTP method, and Faasd (and, to be hon­est, most web frame­work­s) will not process those by pass­ing them to your code.

So, even if your func­tion says CORS is al­lowed, you still will get CORS er­rors.

You can see this if you ex­am­ine your browser's HTTP traf­fic us­ing the de­vel­op­er tool­s. There will be an OP­TIONS pre­flight re­quest, and that one does­n't have the head­er.

So, the eas­i­est thing is to add those in the proxy.

So, in my case, in the prox­y's ng­inx.­con­f, I had to add this in "the right place":

  add_header 'Access-Control-Allow-Origin' '*';

What is the right place will vary de­pend­ing on how you have con­fig­ured things. But hey, there you go.

En que ando? (19/7/22)

Es­to es una es­pe­cie de se­cue­la a Lo que an­do ha­cien­do de ha­ce un me­s.

Si­go ha­cien­do lo mis­mo? Ma­so. Arran­que­mos con qué pa­só con lo que es­ta­ba ha­cien­do.

Lo que estaba haciendo antes

Compu Artesanal

Hi­ce co­sas, pe­ro de­ci­dí cam­biar la CPU por una Ra­d­xa Ze­ro ... que no an­da con mi mo­ni­to­r, así que me creé un su­bpro­yec­to de "ha­cer que an­de".

Software configurado para pantallas raras/malas

Ter­mi­na­do, por lo me­nos a un ni­vel de co­mo­di­dad su­fi­cien­te. So­lo fal­ta pu­bli­car de al­gu­na ma­ne­ra.

Software que creo que nadie usa, pero debieran!

No vol­ví a usar nin­gu­na de las co­sas que men­cio­né :-D

Sin em­bar­go, acá es­tá el so­ftwa­re que na­die usa pe­ro de­bie­ran, de es­te me­s.

  • dolt una ba­­se de da­­tos co­m­­pa­­ti­­ble con MyS­­QL pe­­ro que vis­­ta de otra ma­­ne­­ra es ... co­­­mo gi­­t?

    La pe­r­­fo­r­­man­­ce es me­­dio fa­­lo­­­pa pe­­ro es muy pio­­­la pa­­ra pu­­bli­­car da­­to­­s. Eje­m­­plo.

  • rq­­li­­te la res­­pues­­ta a "Ne­­ce­­si­­to usar sq­­li­­te pe­­ro no quie­­ro mo­­­ver un ar­­chi­­vo de da­­tos de un la­­do pa­­ra otro"

  • st una te­r­­mi­­nal su­­per li­­via­­na que no es una ba­­zo­­­fia! Ten­­go un fo­­­rk

El Mouse-Joystick

Aban­do­na­do (o ter­mi­na­do, que es lo mis­mo­).

Programar Raspberry Pi Pico

No mu­cho

Lo que estoy haciendo ahora

Nuevo server

Mi­gré mi ser­ver a una Ra­d­xa Ze­ro una com­pu que tie­ne per­for­man­ce ti­po ras­pi 4, pe­ro en un for­ma­to fí­si­co ti­po ras­pi ze­ro.

Al te­ner más ca­pa­ci­dad de cóm­pu­to y me­mo­ria, le me­tí mas ser­vi­cio­s!

Mo­ví to­do http://­nom­bres.­ral­si­na.­me pa­ra que se eje­cu­te ahí. Eso im­pli­ca una ba­se de da­tos (r­q­li­te) y un en­torno de eje­cu­ción es­pe­cia­l, por­que no quie­ro que si de gol­pe la gen­te lo usa me ti­re aba­jo los otros ser­vi­cio­s. Por eso ...

Firecracker + Ignite + Faasd

Quie­ro po­der pu­bli­car bo­lu­de­ces he­chas rá­pi­do en Py­thon (o en otros len­gua­je­s) sin te­ner que pen­sar en có­mo ha­cer el de­plo­y­men­t, o de si a mi ser­ver no le va a dar el cue­ro y me va a ti­rar al­go "im­por­tan­te", o de pro­ble­mas de se­gu­ri­da­d, etc.


  • Pa­ra de­plo­year fá­ci­l: faasd
  • Pa­ra ais­lar­lo den­tro del ser­ve­r: ig­ni­te
  • Pa­ra te­ner ba­se de da­tos pa­ra bo­lu­dea­r: rq­li­te

De esa ma­ne­ra tie­ne un to­pe en cuan­to a con­su­mo de re­cur­so­s, y pue­do de­plo­year sim­ple­men­te con un co­man­do.

Impresión y Diseño 3D

Si quie­ro ha­cer una no­te­book, ob­via­men­te eso im­pli­ca di­se­ñar la car­ca­za y un mon­tón de otras co­sas, por lo que he te­ni­do que apren­der so­bre co­mo ha­cer esas co­sas.

He usa­do una va­rie­dad de he­rra­mien­tas y es­toy MUY FE­LIZ con una que se lla­ma Ca­d­Que­ry que per­mi­te crear ob­je­tos es­cri­bien­do Py­tho­n!

He lle­ga­do al mo­men­to en que me sien­to có­mo­do, cuan­do no ten­go el ob­je­to que ne­ce­si­to, o ten­go par­tes y me fal­tan otra­s, sim­ple­men­te de de­cir "o­k, la ha­go yo­".

Datos sobre nombres de Argentina

Ha­ce unos años pu­bli­qué una "a­pp" en http://­nom­bres.­ral­si­na.­me pa­ra ju­gar con la ba­se de da­tos ofi­cial de nom­bres de Ar­gen­ti­na. El RE­NA­PER ha­bía pu­bli­ca­do la lis­ta de nom­bres de pi­la y canti­dad de gen­te con ese nom­bre en ca­da año des­de 1922 has­ta 2015 y da­ba pa­ra ha­cer una co­si­ta di­ver­ti­da cu­yo uso prin­ci­pal ha si­do ha­cer­me el gra­cio­so en twi­tte­r.

Esos da­tos los sa­qué de acá y se usa­ban en es­ta pá­gi­na ... que ya no an­da

Pe­ro ... los da­tos es­tán pu­bli­ca­dos co­mo CS­V, y la ca­li­dad es muy ma­la, y pa­ra po­der usar­los hay que im­por­tar­los en una ba­se, y ha­cer bús­que­das cuan­do la or­to­gra­fía de los nom­bres es va­ria­ble es un lío y ...

Así que de­ci­dí pu­bli­car mi ba­se "lim­pia" en al­gu­na par­te, y ya que es­ta­mos tam­bién una co­pia de los da­tos ori­gi­na­le­s, pe­ro en una ba­se SQL que se pue­da usar di­rec­to.

Bus­can­do co­mo ha­cer­lo en­contré Dol­tHub que es "co­mo Gi­tHub pe­ro pa­ra da­to­s" así que de­ci­dí usar­lo.

Sin más pro­le­gó­me­no­s: http­s://www.­dol­thu­b.­co­m/­re­po­si­to­rie­s/­ral­si­na/­nom­bres_ar­gen­ti­na_1922_2005/­da­ta/­main

Gra­cias al RE­NA­PER por pu­bli­car es­tos da­tos con una li­cen­cia que me per­mi­te ha­cer­lo.

My Backup Solution


Back­ups are im­por­tant ok? I know that. You should know that. So, why don't most peo­ple do prop­er back­ups of their com­put­er­s?

Be­cause most of the ways to do back­ups are ei­ther in­con­ve­nient or use­less.

So, here's how the so­lu­tion I have im­ple­ment­ed that makes back­ups con­ve­nient and use­ful.

The backup tool itself

I use restic be­cause it kicks as­s. It work­s, it's fast, it's space ef­fi­cien­t, and it's easy.

You just need to write a short script like this one:

#!/bin/bash -x

# Where to backup?

if [ -d $BACKUPDIR ]
    # Backups are password protected
    export RESTIC_PASSWORD=passwordgoeshere

    # What to backup
    restic -r $BACKUPDIR --verbose backup \
            /home/ralsina \
            --exclude ~ralsina/.cargo \
            --exclude ~ralsina/.local/share/Steam/ \
            --exclude ~ralsina/.cache \
            --exclude ~ralsina/.config/google-chrome/ \
            --exclude ~ralsina/.rustup \
            --exclude ~ralsina/.npm \
            --exclude ~ralsina/.gitbook \
            /etc/systemd/system/backup.* \

    # Keep at most one backup for the last 7 days that have backups
    restic -r $MOUNTDIR/backup-pinky forget --prune --keep-daily=7
    # Cleanup
    restic -r $MOUNTDIR/backup-pinky prune
    # Make really sure things are stored
    sync; sync; sync; sync

Backup rule 3-2-1

The 3-2-1 rule:

  • 3 copies of the back­up da­ta (1 pri­ma­ry, 2 copies)
  • 2 dif­fer­ent me­dia
  • 1 must be off­site

In my case, these are:

  • Pri­ma­ry back­up is to disk
  • Sec­ondary back­up is to a disk in an­oth­er ma­chine (sim­i­lar scrip­t, us­ing sftp)
  • Ter­tiary back­up is to a pen drive (d­if­fer­ent me­di­a) I then put in my pock­et (off­site).

To per­form the pri­ma­ry and sec­ondary back­up­s, it's just two slight­ly dif­fer­ent ver­sions of that script (ac­tu­al­ly, it's just one script with ar­gu­ments, left as an ex­er­cise for the read­er).

The ter­tiary back­up is a bit more com­pli­cat­ed, be­cause I want­ed it to be con­ve­nient

The Convenient Way To Backup to a Removable Drive

My us­er sto­ry was this:

As a per­son that needs an off­site back­up but don't want to trans­mit all that data, I want to plug a pen drive in­to the ma­chine and have it AU­TO­MAT­I­CAL­LY start back­ing the da­ta in­to the pen drive.

Then, once the back­up is fin­ished, at some point, I can just un­plug it and take it with me.

Let's just say that find­ing a way that works took me a few hours and I am pret­ty sure my so­lu­tion is more com­pli­cat­ed than it needs to be. But hey, it work­s, so it's good enough.

This be­ing Lin­ux and the year be­ing 2022 ... this so­lu­tion in­volves sys­temd. And be­cause it's sys­temd, it's com­pli­cat­ed.


First part is we need to mount the pen drive automatically in a well known location. For this we need two things. An automount service, so systemd will automatically mount something in /backup:


Description=Automount Backup



And a mount service so it knows what to mount in /backup and how:





The in­ter­est­ing parts are:

  • Wants and Before: that backup.service is going to be a systemd service that actually runs the backup script. We want it to run, and to run AFTER the device is mounted.
  • Where and What: Where is the mountpoint, and What is the pen drive's UUID as shown by sudo blkid

En­able and start the au­to­mount ser­vice, no need to do any­thing to the mount one.

Then of course we need the back­up ser­vice it­self. Just a "oneshot". When it's start­ed, it runs the back­up scrip­t:





En­able but don't start this ser­vice. Since it's "Want­ed" by the moun­t, that means when the de­vice is ef­fec­tive­ly mount­ed the back­up will start.


Sadly, the device is only mounted when, after being inserted, something tries to use the mountpoint. So, with these three services installed nothing happens unless, after you plug the pen drive you go and do something like ls /backup, which triggers the mount, which triggers the backup script.

So, how does one fix that? No idea. My workaround was to add TWO MORE SERVICES, so that ls /backup runs every minute.


Description=Try to run backup




Description=Trigger Backup

ExecStart=/bin/ls /backup


And with that, yes, I can just plug the pen drive when I get to the of­fice in the morn­ing and un­plug it lat­er, know­ing there is a back­up in it.

Radxa Zero!

Lo qué?

Las Ras­pbe­rry Pi son úti­le­s, bue­nas y ba­ra­ta­s. Ex­cep­to por un de­ta­lle: es im­po­si­ble com­prar­la­s.

No hay sto­ck de Ras­pbe­rry PI 4, no hay sto­ck de Ras­pbe­rry Pi Ze­ro 2W, no hay sto­ck de na­da, ex­cep­to Pi Pi­co (que son mi­cro­con­tro­la­do­res) y Pi 400 (que no son lo que quie­ro­).

En­ton­ces bus­qué al­ter­na­ti­va­s, y en­contré la bue­na gen­te de All­net Chi­na que ven­de la lí­nea Ro­ck Pi.

¿Cómo son las Rock Pi?

  • Son ... pa­re­ci­das a las Ras­pbe­rry
  • En har­dwa­re, en al­gu­nos ca­so­s, son me­jo­res!
  • En so­ftwa­re ... es­tán un po­co más cru­da­s.
  • En com­pa­ti­bi­li­dad son más com­pli­ca­da­s.


Así que me com­pre un par de Ra­d­xa Ze­ro­s. Son co­mo una Pi Ze­ro ... pe­ro la CPU es mas o me­nos co­mo la de una Pi 4????

Tu­ve un pro­ble­mi­ta ini­cial­men­te pa­ra pa­gar­lo pe­ro me lo re­sol­vie­ron de in­me­dia­to y me upgra­dea­ron el shi­pping a Fe­dEx, así que lle­ga­ron en dos se­ma­nas y no pa­gué adua­na.

Eso sí, Fe­dEx no te avi­sa que cuan­do te lo traen te van a co­brar "al­go­", y no te di­cen cuán­to ni que te­nés que pa­gar cas­h.

En mi ca­so fue­ron $5400 y no me avi­sa­ron a tiem­po asi que tu­ve que es­pe­rar un día ex­tra.

Y qué tal andan?

Her­mo­so. La CPU es rá­pi­da. Man­ja­ro an­da 10 pun­tos (u­na vez que en­ten­dí co­mo ins­ta­lar­lo­).

Tie­ne eM­MC así que no ne­ce­si­ta tar­je­ta SD!

Un pro­ble­ma es que no he po­di­do ha­cer an­dar mi dis­play 1920­x480 (hay so­lo una men­ción de otra per­so­na en la In­ter­net in­ten­tán­do­lo, tam­po­co le an­du­vo)

Sal­vo eso? Ex­ce­len­te.

Es­toy mi­gran­do mi ser­ver Pi­nky a una Ra­d­xa, ya que la ten­go y con­su­me lo mis­mo que la Pi 3

Si bien leí va­rias ad­ver­ten­cias so­bre que se pue­den re­ca­len­tar no pa­re­cen pa­sar de los 48 gra­dos en uso nor­ma­l.

En ge­ne­ra­l, las re­co­mien­do, pe­ro ca­da uno ten­drá que ver cuán­to quie­re gas­tar y pa­ra qué.

Contents © 2000-2022 Roberto Alsina