Nginx+Mercure problems
Closed this issue · 9 comments
Right now, I have to use Nginx instead of Docker image. But for last 2 days, I tried infinite number of combinations to make it work; the only one that did work was one with symfony server:start but that can't be put on server.
From multiple nginx configs tried, this is the one I don't get exceptions anymore: (used mysite.flex as an example):
Nginx config
server {
listen *:80;
server_name *.mysite.flex mysite.flex;
root /mnt/Development/mysite/public;
location ~ ^/.well-known/mercure {
proxy_pass http://localhost:3000;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;
}
location / {
try_files $uri /index.php$is_args$args;
add_header 'Access-Control-Allow-Origin' '*';
}
location ~ ^/index\.php(/|$) {
add_header Access-Control-Allow-Origin *;
fastcgi_pass unix:/run/php/php8.0-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
fastcgi_param BASE_URL mysite.flex;
proxy_ignore_client_abort on;
}
}
Mercure is listening at localhost:3000. When I execute code like this (made a command):
$update = new Update( '/new_pbx_call', 'test' );
$this->hub->publish($update);and open either http://localhost:3000/.well-known/mercure?topic=%2Fnew_pbx_call or http://whitenights.flex/.well-known/mercure?topic=%2Fnew_pbx_call, nothing happens except for infinite loading.
But same thing did work when I used symfony server:start.
Mercure reports this:
My hub.url value is url: 'http://localhost:3000'. When I change it to http://localhost:3000/.well-known/mercure then I get 401:
even though JWT is identical.
Any help? I would be happy just to make basic functionality first, will fine tune it later.
Is it related to https://github.com/symfony/cli/issues/424?
If it's not, can you copy your Mercure configuration please?
@dunglas I checked that issue as well, it isn't. I run Mercure like this (all in one line, I split it for readability):
SERVER_NAME=:3000
MERCURE_PUBLISHER_JWT_KEY=’{{ value from env.local:MERCURE_JWT_TOKEN }}’
MERCURE_SUBSCRIBER_JWT_KEY=’{{ value from env.local:MERCURE_JWT_TOKEN }}’
./mercure run -config Caddyfile.dev
Is there a way I can find what the actual error was? Right now, I get Topic selectors not matched, not provided or authorization error so I don't know what exactly was wrong.
You should have more details about the error in the logs of the hub.
@dunglas May sound strange but where can I find that log file? Already looked into /var/log and root of application; nothing.
autosave.json shows same thing as command line.
Is my setup correct? I believe it is just a matter of missconfiguration somewhere because it did work when I used symfony server:start.
Just looked at profiler, it fails in HTTP client. This is the trace:
HTTP client log
"info" => [▼
"header_size" => 307
"request_size" => 380
"total_time" => 0.001044
"namelookup_time" => 8.2E-5
"connect_time" => 0.000435
"pretransfer_time" => 0.000487
"size_upload" => 34.0
"size_download" => 13.0
"speed_download" => 12452.0
"speed_upload" => 32567.0
"download_content_length" => 13.0
"upload_content_length" => 34.0
"starttransfer_time" => 0.00089
"primary_ip" => "127.0.0.1"
"primary_port" => 3000
"local_ip" => "127.0.0.1"
"local_port" => 36656
"start_time" => 1617543862.2851
"pause_handler" => Closure(float $duration) {#1144 ▼
class: "Symfony\Component\HttpClient\Response\CurlResponse"
use: {▼
$ch: CurlHandle {#1181 …}
$multi: Symfony\Component\HttpClient\Internal\CurlClientState {#1149 …}
$execCounter: -9223372036854775808
}
}
"debug" => """
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 3000 (#0)
> POST /.well-known/mercure HTTP/1.1
Host: localhost:3000
Accept: */*
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtZXJjdXJlIjp7InB1Ymxpc2giOlsiKiJdfX0.iHLdpAEjX4BqCsHJEegxRmO-Y6sMxXwNATrQyRNt3GY
User-Agent: Symfony HttpClient/Curl
Accept-Encoding: gzip
Content-Length: 34
Content-Type: application/x-www-form-urlencoded
* upload completely sent off: 34 out of 34 bytes
< HTTP/1.1 401 Unauthorized
< Content-Security-Policy: default-src 'self' mercure.rocks cdn.jsdelivr.net
< Content-Type: text/plain; charset=utf-8
< Server: Caddy
< X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
< X-Xss-Protection: 1; mode=block
< Date: Sun, 04 Apr 2021 13:44:22 GMT
< Content-Length: 13
<
"""
]
"response_headers" => [▼
"HTTP/1.1 401 Unauthorized"
"Content-Security-Policy: default-src 'self' mercure.rocks cdn.jsdelivr.net"
"Content-Type: text/plain; charset=utf-8"
"Server: Caddy"
"X-Content-Type-Options: nosniff"
"X-Frame-Options: DENY"
"X-Xss-Protection: 1; mode=block"
"Date: Sun, 04 Apr 2021 13:44:22 GMT"
"Content-Length: 13"
]
"response_content" => [▼
"Unauthorized"
]
My suspicion is on this part:
HTTP/1.1 401 Unauthorized"
"Content-Security-Policy: default-src 'self' mercure.rocks cdn.jsdelivr.net"
Caddyfile.dev has cors allowed:
cors_origins *
publish_origins *
could that be a problem?
For that same request, Mercure reported this:
Topic selectors not matched, not provided or authorization error {"remote_addr": "127.0.0.1:41184", "error": "unable to parse JWT: signature is invalid"}
but my JWT is (hopefully) correct i.e. same from .env.local:
# The default token is signed with the secret key: !ChangeMe!
MERCURE_JWT_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtZXJjdXJlIjp7InB1Ymxpc2giOlsiKiJdfX0.iHLdpAEjX4BqCsHJEegxRmO-Y6sMxXwNATrQyRNt3GY
Caddy logs on stderr by default.
I updated my previous comment. Help me @dunglas , you are my only hope 😄
UPDATE:
To further remove variables, I made sure that token generated comes from jwt.io. So for a default !ChangeMe! secret, token is eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtZXJjdXJlIjp7InB1Ymxpc2giOlsiKiJdfX0.obDjwCgqtPuIvwBlTxUEmibbBf0zypKCNzNKP7Op2UM
Updated my env.local, updated mercure command line, same error.
you've closed it as completed, care to comment? I'm trying to solve something similar, your input could point in the right direction.