Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
B
B
BonBon Slick2021-03-03 19:01:46
Nginx
BonBon Slick, 2021-03-03 19:01:46

Mercure caddy server setup?

server {
#       listen 8181;
#       listen [::]:8181;

        listen 443 ssl;
        listen [::]:443 ssl;
        ssl on;
        ssl_certificate /etc/ssl/localcerts/localhost.crt;
        ssl_certificate_key /etc/ssl/localcerts/localhost.key;

        root /var/www/symf-chat/public;

        # Add index.php to the list if you are using PHP
        index index.php index.html index.htm index.nginx-debian.html;

        server_name symfchat.loc;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri /index.php$is_args$args;

        }

        # pass PHP scripts to FastCGI server
        #
        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_param HTTPS on;

                # With php-fpm (or other unix sockets):
                fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
                # With php-cgi (or other tcp sockets):
        #       fastcgi_pass 127.0.0.1:9000;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one

        location ~ /\.ht {
                deny all;
        }
}

symfchat.loc {
  root * /var/www/symf-chat/public
  php_fastcgi unix:/var/run/php/php7.4-fpm.sock
  file_server
}
#:80 {
#  root * /var/www
#  gzip
#}

[email protected]:~/Downloads$ caddy validate --config /etc/caddy/Caddyfile
2021/03/03 15:55:59.768 INFO    using provided configuration    {"config_file": "/etc/caddy/Caddyfile", "config_adapter": ""}                                                                                     
2021/03/03 15:55:59.769 INFO    http    server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}                        
2021/03/03 15:55:59.769 INFO    http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}                                                                                                   
2021/03/03 15:55:59.769 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc00011b1f0"}                                                                                 
2021/03/03 15:55:59.770 INFO    tls.cache.maintenance   stopped background certificate maintenance      {"cache": "0xc00011b1f0"}

[email protected]:~/Downloads$ sudo systemctl status caddy
● caddy.service - Caddy
   Loaded: loaded (/etc/systemd/system/caddy.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2021-03-03 17:55:42 EET; 4min 5s ago
     Docs: https://caddyserver.com/docs/
 Main PID: 19540 (caddy)
    Tasks: 9 (limit: 4915)
   Memory: 18.8M
   CGroup: /system.slice/caddy.service
           └─19540 /usr/local/bin/caddy run --environ --config /etc/caddy/Caddyfile

Mar 03 17:55:42 bonbon caddy[19540]: {"level":"info","ts":1614786942.230126,"logger":"tls","msg":"cleaned up storage units"}

Mar 03 17:55:42 bonbon caddy[19540]: {"level":"info","ts":1614786942.2304304,"logger":"tls.obtain","msg":"acquiring 
lock","identifier":"symfchat.loc"}
Mar 03 17:55:42 bonbon caddy[19540]: {"level":"info","ts":1614786942.230622,"logger":"tls.obtain","msg":"lock 
acquired","identifier":"symfchat.loc"}
Mar 03 17:55:42 bonbon caddy[19540]: {"level":"info","ts":1614786942.245152,"logger":"tls.issuance.acme","msg":"waiting on 
internal rate limiter","identifiers":["symfchat.loc"]}
Mar 03 17:55:42 bonbon caddy[19540]: {"level":"info","ts":1614786942.245165,"logger":"tls.issuance.acme","msg":"done 
waiting on internal rate limiter","identifiers":["symfchat.loc"]}
Mar 03 17:55:43 bonbon caddy[19540]: {"level":"info","ts":1614786943.4065554,"logger":"tls.issuance.acme","msg":"waiting on 
internal rate limiter","identifiers":["symfchat.loc"]}
Mar 03 17:55:43 bonbon caddy[19540]: {"level":"info","ts":1614786943.406638,"logger":"tls.issuance.acme","msg":"done 
waiting on internal rate limiter","identifiers":["symfchat.loc"]}
Mar 03 17:55:44 bonbon caddy[19540]: {"level":"error","ts":1614786944.9124198,"logger":"tls.obtain","msg":"will retry","error":"
[symfchat.loc] Obtain: [symfchat.loc] creating new order: request to https://acme.z
Mar 03 17:56:47 bonbon caddy[19540]: {"level":"error","ts":1614787007.024926,"logger":"tls.obtain","msg":"will retry","error":"
[symfchat.loc] Obtain: [symfchat.loc] creating new order: request to https://acme.ze
Mar 03 17:58:48 bonbon caddy[19540]: {"level":"error","ts":1614787128.9641027,"logger":"tls.obtain","msg":"will retry","error":"
[symfchat.loc] Obtain: [symfchat.loc] creating new order: request to https://acme.z
lines 1-20/20 (END)

zerossl.com/v2/DV90/newOrder failed after 1 attempts: HTTP 400 urn:ietf:params:acme:error:rejectedIdentifier - 
Invalid DNS identifier [symfchat.loc] (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_i
erossl.com/v2/DV90/newOrder failed after 1 attempts: HTTP 400 urn:ietf:params:acme:error:rejectedIdentifier - Invalid DNS 
identifier [symfchat.loc] (ca=https://acme.zerossl.com/v2/DV90)","attempt":2,"retrying_in
zerossl.com/v2/DV90/newOrder failed after 1 attempts: HTTP 400 urn:ietf:params:acme:error:rejectedIdentifier - Invalid DNS 
identifier [symfchat.loc] (ca=https://acme.zerossl.com/v2/DV90)","attempt":3,"retrying_i
erossl.com/v2/DV90/newOrder failed after 1 attempts: HTTP 400 urn:ietf:params:acme:error:rejectedIdentifier - Invalid DNS 
identifier [symfchat.loc] (ca=https://acme.zerossl.com/v2/DV90)","attempt":4,"retrying_i


But the site is not available.
603fb2df7ecd0459191896.png
It can be seen that HTTP 400 urn:ietf:params:acme:error:rejectedIdentifier - Invalid DNS identifier [symfchat.loc]

TLS connection
symfchat.loc {
  root * /var/www/symf-chat/public
  php_fastcgi unix:/var/run/php/php7.4-fpm.sock
  file_server
  tls /etc/ssl/localcerts/localhost.crt  /etc/ssl/localcerts/localhost.key
}


Leads to a server error, that's all that is in the server caddy log
Mar 03 18:09:20 bonbon caddy[20240]: {"level":"error","ts":1614787760.6202424,"logger":"http.log.error","msg":"dialing 
backend: dial unix:: unknown network unix:","request":{"remote_addr":"127.0.0.1:52510","protmsg":"dialing backend: dial unix:: 
unknown network unix:","request":
{"remote_addr":"127.0.0.1:52510","proto":"HTTP/2.0","method":"GET","host":"symfchat.loc","uri":"/","headers":{"Accept-Encoding":
["gzip, deflateto":"HTTP/2.0","method":"GET","host":"symfchat.loc","uri":"/","headers":{"Accept-Encoding":["gzip, deflate, 
br"],"Accept-Language":["ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7,de;q=0.6,uk;q=0.5,da;q=0.4"],"Cache-Contro....

And so on, the whole body is overgrown and at the end
s9aa","err_trace":"reverseproxy.statusError (reverseproxy.go:783)"}

[email protected]:~/Downloads$ caddy validate --config /etc/caddy/Caddyfile
2021/03/03 16:12:45.554 INFO    using provided configuration    {"config_file": "/etc/caddy/Caddyfile", "config_adapter": ""}
2021/03/03 16:12:45.558 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": 
"0xc000363dc0"}
2021/03/03 16:12:45.560 WARN    tls     stapling OCSP   {"error": "no OCSP stapling for [localhost.local localhost api.hint.loc 
henty.loc storage.api.henty.loc symfchat.loc]: no OCSP server specified in certificate"}
2021/03/03 16:12:45.560 INFO    http    skipping automatic certificate management because one or more matching 
certificates are already loaded  {"domain": "symfchat.loc", "server_name": "srv0"}
2021/03/03 16:12:45.560 INFO    http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2021/03/03 16:12:45.561 INFO    tls.cache.maintenance   stopped background certificate maintenance      {"cache": 
"0xc000363dc0"}

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
B
BonBon Slick, 2021-03-06
@BonBonSlick

Well, I had to abandon the idea of ​​​​hitting 2 server instances on the same machine and separate mercure / API separate servers.
API works at itself, and mercury by other machine. Here is the working config

GNU nano 4.8                                           /etc/caddy/Caddyfile                                                     

caddy.tamilchatz.com
file_server


log {
#   output stdout
   output stderr
#   output file /var/log/caddy/access.log
   format json
}


route {
#    redir / /.well-known/mercure/
#    encode gzip
  mercure {
        transport_url local://local
        publisher_jwt // Required to publish events
        subscriber_jwt  // same token for PHP  API, required to susbcribe to events
#        cors_origins symfchat.loc
        cors_origins *
        anonymous
        subscriptions
  }

  respond "Not Found" 404
}

Important Details
// IMPORTANT! If we do not pass token with user payload, we can not render user list because user has no fields
        // const event = new EventSource(url);
        let mercureToken = 'Bearer ' + Cookies.get("mercureAuthorization");
         const event = new EventSourcePolyfill(
            url,
            {
                heartbeatTimeout: 3600*1000,
                headers: {
                  'Authorization': mercureToken,
              },
            },
        );

        event.onmessage = (message) => {
            onMessageCallback(message);
            console.info('[EventSource EVENT]', message);
        };

https://github.com/Yaffle/EventSource/issues/79
https://github.com/symfony/mercure-bundle/issues/40
https://mercure.rocks/docs/hub/troubleshooting#401...
For debugging half file does not work, you can use
https://demo.mercure.rocks/
or if you set demo Caddyfle config
https://mercure.rocks/docs/hub/config
on your server, you can test it on your own, for example
https:/ /my.mercure.hub.api.url.com/.well-known/mer...
It took 10 days for a task that I estimated in 3-4 days, I do not advise anyone to contact symfony + mercury.
While damp, very, extremely. The documentation is blurry, Google gives out the left results, outdated or non-working instead of a link to the off-doc where the answer was, it gave outdated caddy 1 configs and so on.
In general, another 4-6 years and how the base will be, you can use mercure. If the project does not die because there is not much support there.

Similar questions
A
Anton2015-01-19 22:30:41
How to properly configure security in nginx? 3Reply
T
The Whiz2017-01-18 16:32:24
How to set rules in nginx location for all folders except one and its subfolders? 1Reply
J
jidckii2015-01-20 13:35:35
How to change umask for www-data user in debian 7? 3Reply
K
Konstantin B.2019-06-13 15:54:59
Why doesn't Nginx start automatically? 1Reply
A
Andrey2021-02-01 16:33:46
nginx config, can't start website? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question