B
B
BonBon Slick2021-03-03 19:01:46
Nginx
BonBon Slick, 2021-03-03 19:01:46

Mercure caddy server setup?

server {
#       listen 8181;
#       listen [::]:8181;

        listen 443 ssl;
        listen [::]:443 ssl;
        ssl on;
        ssl_certificate /etc/ssl/localcerts/localhost.crt;
        ssl_certificate_key /etc/ssl/localcerts/localhost.key;

        root /var/www/symf-chat/public;

        # Add index.php to the list if you are using PHP
        index index.php index.html index.htm index.nginx-debian.html;

        server_name symfchat.loc;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri /index.php$is_args$args;

        }

        # pass PHP scripts to FastCGI server
        #
        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_param HTTPS on;

                # With php-fpm (or other unix sockets):
                fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
                # With php-cgi (or other tcp sockets):
        #       fastcgi_pass 127.0.0.1:9000;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one

        location ~ /\.ht {
                deny all;
        }
}

symfchat.loc {
  root * /var/www/symf-chat/public
  php_fastcgi unix:/var/run/php/php7.4-fpm.sock
  file_server
}
#:80 {
#  root * /var/www
#  gzip
#}

[email protected]:~/Downloads$ caddy validate --config /etc/caddy/Caddyfile
2021/03/03 15:55:59.768 INFO    using provided configuration    {"config_file": "/etc/caddy/Caddyfile", "config_adapter": ""}                                                                                     
2021/03/03 15:55:59.769 INFO    http    server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}                        
2021/03/03 15:55:59.769 INFO    http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}                                                                                                   
2021/03/03 15:55:59.769 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc00011b1f0"}                                                                                 
2021/03/03 15:55:59.770 INFO    tls.cache.maintenance   stopped background certificate maintenance      {"cache": "0xc00011b1f0"}

[email protected]:~/Downloads$ sudo systemctl status caddy
● caddy.service - Caddy
   Loaded: loaded (/etc/systemd/system/caddy.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2021-03-03 17:55:42 EET; 4min 5s ago
     Docs: https://caddyserver.com/docs/
 Main PID: 19540 (caddy)
    Tasks: 9 (limit: 4915)
   Memory: 18.8M
   CGroup: /system.slice/caddy.service
           └─19540 /usr/local/bin/caddy run --environ --config /etc/caddy/Caddyfile

Mar 03 17:55:42 bonbon caddy[19540]: {"level":"info","ts":1614786942.230126,"logger":"tls","msg":"cleaned up storage units"}

Mar 03 17:55:42 bonbon caddy[19540]: {"level":"info","ts":1614786942.2304304,"logger":"tls.obtain","msg":"acquiring 
lock","identifier":"symfchat.loc"}
Mar 03 17:55:42 bonbon caddy[19540]: {"level":"info","ts":1614786942.230622,"logger":"tls.obtain","msg":"lock 
acquired","identifier":"symfchat.loc"}
Mar 03 17:55:42 bonbon caddy[19540]: {"level":"info","ts":1614786942.245152,"logger":"tls.issuance.acme","msg":"waiting on 
internal rate limiter","identifiers":["symfchat.loc"]}
Mar 03 17:55:42 bonbon caddy[19540]: {"level":"info","ts":1614786942.245165,"logger":"tls.issuance.acme","msg":"done 
waiting on internal rate limiter","identifiers":["symfchat.loc"]}
Mar 03 17:55:43 bonbon caddy[19540]: {"level":"info","ts":1614786943.4065554,"logger":"tls.issuance.acme","msg":"waiting on 
internal rate limiter","identifiers":["symfchat.loc"]}
Mar 03 17:55:43 bonbon caddy[19540]: {"level":"info","ts":1614786943.406638,"logger":"tls.issuance.acme","msg":"done 
waiting on internal rate limiter","identifiers":["symfchat.loc"]}
Mar 03 17:55:44 bonbon caddy[19540]: {"level":"error","ts":1614786944.9124198,"logger":"tls.obtain","msg":"will retry","error":"
[symfchat.loc] Obtain: [symfchat.loc] creating new order: request to https://acme.z
Mar 03 17:56:47 bonbon caddy[19540]: {"level":"error","ts":1614787007.024926,"logger":"tls.obtain","msg":"will retry","error":"
[symfchat.loc] Obtain: [symfchat.loc] creating new order: request to https://acme.ze
Mar 03 17:58:48 bonbon caddy[19540]: {"level":"error","ts":1614787128.9641027,"logger":"tls.obtain","msg":"will retry","error":"
[symfchat.loc] Obtain: [symfchat.loc] creating new order: request to https://acme.z
lines 1-20/20 (END)

zerossl.com/v2/DV90/newOrder failed after 1 attempts: HTTP 400 urn:ietf:params:acme:error:rejectedIdentifier - 
Invalid DNS identifier [symfchat.loc] (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_i
erossl.com/v2/DV90/newOrder failed after 1 attempts: HTTP 400 urn:ietf:params:acme:error:rejectedIdentifier - Invalid DNS 
identifier [symfchat.loc] (ca=https://acme.zerossl.com/v2/DV90)","attempt":2,"retrying_in
zerossl.com/v2/DV90/newOrder failed after 1 attempts: HTTP 400 urn:ietf:params:acme:error:rejectedIdentifier - Invalid DNS 
identifier [symfchat.loc] (ca=https://acme.zerossl.com/v2/DV90)","attempt":3,"retrying_i
erossl.com/v2/DV90/newOrder failed after 1 attempts: HTTP 400 urn:ietf:params:acme:error:rejectedIdentifier - Invalid DNS 
identifier [symfchat.loc] (ca=https://acme.zerossl.com/v2/DV90)","attempt":4,"retrying_i


But the site is not available.
603fb2df7ecd0459191896.png
It can be seen that HTTP 400 urn:ietf:params:acme:error:rejectedIdentifier - Invalid DNS identifier [symfchat.loc]

TLS connection
symfchat.loc {
  root * /var/www/symf-chat/public
  php_fastcgi unix:/var/run/php/php7.4-fpm.sock
  file_server
  tls /etc/ssl/localcerts/localhost.crt  /etc/ssl/localcerts/localhost.key
}


Leads to a server error, that's all that is in the server caddy log
Mar 03 18:09:20 bonbon caddy[20240]: {"level":"error","ts":1614787760.6202424,"logger":"http.log.error","msg":"dialing 
backend: dial unix:: unknown network unix:","request":{"remote_addr":"127.0.0.1:52510","protmsg":"dialing backend: dial unix:: 
unknown network unix:","request":
{"remote_addr":"127.0.0.1:52510","proto":"HTTP/2.0","method":"GET","host":"symfchat.loc","uri":"/","headers":{"Accept-Encoding":
["gzip, deflateto":"HTTP/2.0","method":"GET","host":"symfchat.loc","uri":"/","headers":{"Accept-Encoding":["gzip, deflate, 
br"],"Accept-Language":["ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7,de;q=0.6,uk;q=0.5,da;q=0.4"],"Cache-Contro....

And so on, the whole body is overgrown and at the end
s9aa","err_trace":"reverseproxy.statusError (reverseproxy.go:783)"}

[email protected]:~/Downloads$ caddy validate --config /etc/caddy/Caddyfile
2021/03/03 16:12:45.554 INFO    using provided configuration    {"config_file": "/etc/caddy/Caddyfile", "config_adapter": ""}
2021/03/03 16:12:45.558 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": 
"0xc000363dc0"}
2021/03/03 16:12:45.560 WARN    tls     stapling OCSP   {"error": "no OCSP stapling for [localhost.local localhost api.hint.loc 
henty.loc storage.api.henty.loc symfchat.loc]: no OCSP server specified in certificate"}
2021/03/03 16:12:45.560 INFO    http    skipping automatic certificate management because one or more matching 
certificates are already loaded  {"domain": "symfchat.loc", "server_name": "srv0"}
2021/03/03 16:12:45.560 INFO    http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2021/03/03 16:12:45.561 INFO    tls.cache.maintenance   stopped background certificate maintenance      {"cache": 
"0xc000363dc0"}

Answer the question

In order to leave comments, you need to log in

1 answer(s)
B
BonBon Slick, 2021-03-06
@BonBonSlick

Well, I had to abandon the idea of ​​​​hitting 2 server instances on the same machine and separate mercure / API separate servers.
API works at itself, and mercury by other machine. Here is the working config

GNU nano 4.8                                           /etc/caddy/Caddyfile                                                     

caddy.tamilchatz.com
file_server


log {
#   output stdout
   output stderr
#   output file /var/log/caddy/access.log
   format json
}


route {
#    redir / /.well-known/mercure/
#    encode gzip
  mercure {
        transport_url local://local
        publisher_jwt // Required to publish events
        subscriber_jwt  // same token for PHP  API, required to susbcribe to events
#        cors_origins symfchat.loc
        cors_origins *
        anonymous
        subscriptions
  }

  respond "Not Found" 404
}

Important Details
// IMPORTANT! If we do not pass token with user payload, we can not render user list because user has no fields
        // const event = new EventSource(url);
        let mercureToken = 'Bearer ' + Cookies.get("mercureAuthorization");
         const event = new EventSourcePolyfill(
            url,
            {
                heartbeatTimeout: 3600*1000,
                headers: {
                  'Authorization': mercureToken,
              },
            },
        );

        event.onmessage = (message) => {
            onMessageCallback(message);
            console.info('[EventSource EVENT]', message);
        };

https://github.com/Yaffle/EventSource/issues/79
https://github.com/symfony/mercure-bundle/issues/40
https://mercure.rocks/docs/hub/troubleshooting#401...
For debugging half file does not work, you can use
https://demo.mercure.rocks/
or if you set demo Caddyfle config
https://mercure.rocks/docs/hub/config
on your server, you can test it on your own, for example
https:/ /my.mercure.hub.api.url.com/.well-known/mer...
It took 10 days for a task that I estimated in 3-4 days, I do not advise anyone to contact symfony + mercury.
While damp, very, extremely. The documentation is blurry, Google gives out the left results, outdated or non-working instead of a link to the off-doc where the answer was, it gave outdated caddy 1 configs and so on.
In general, another 4-6 years and how the base will be, you can use mercure. If the project does not die because there is not much support there.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question