Nginx+Mercure problems
Closed this issue · 9 comments
Right now, I have to use Nginx instead of Docker image. But for last 2 days, I tried infinite number of combinations to make it work; the only one that did work was one with symfony server:start
but that can't be put on server.
From multiple nginx configs tried, this is the one I don't get exceptions anymore: (used mysite.flex as an example):
Nginx config
server {
listen *:80;
server_name *.mysite.flex mysite.flex;
root /mnt/Development/mysite/public;
location ~ ^/.well-known/mercure {
proxy_pass http://localhost:3000;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;
}
location / {
try_files $uri /index.php$is_args$args;
add_header 'Access-Control-Allow-Origin' '*';
}
location ~ ^/index\.php(/|$) {
add_header Access-Control-Allow-Origin *;
fastcgi_pass unix:/run/php/php8.0-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
fastcgi_param BASE_URL mysite.flex;
proxy_ignore_client_abort on;
}
}
Mercure is listening at localhost:3000
. When I execute code like this (made a command):
$update = new Update( '/new_pbx_call', 'test' );
$this->hub->publish($update);
and open either http://localhost:3000/.well-known/mercure?topic=%2Fnew_pbx_call
or http://whitenights.flex/.well-known/mercure?topic=%2Fnew_pbx_call
, nothing happens except for infinite loading.
But same thing did work when I used symfony server:start.
Mercure reports this:
My hub.url
value is url: 'http://localhost:3000'
. When I change it to http://localhost:3000/.well-known/mercure
then I get 401:
even though JWT is identical.
Any help? I would be happy just to make basic functionality first, will fine tune it later.
Is it related to https://github.com/symfony/cli/issues/424?
If it's not, can you copy your Mercure configuration please?
@dunglas I checked that issue as well, it isn't. I run Mercure like this (all in one line, I split it for readability):
SERVER_NAME=:3000
MERCURE_PUBLISHER_JWT_KEY=’{{ value from env.local:MERCURE_JWT_TOKEN }}’
MERCURE_SUBSCRIBER_JWT_KEY=’{{ value from env.local:MERCURE_JWT_TOKEN }}’
./mercure run -config Caddyfile.dev
Is there a way I can find what the actual error was? Right now, I get Topic selectors not matched, not provided or authorization error
so I don't know what exactly was wrong.
You should have more details about the error in the logs of the hub.
@dunglas May sound strange but where can I find that log file? Already looked into /var/log
and root of application; nothing.
autosave.json
shows same thing as command line.
Is my setup correct? I believe it is just a matter of missconfiguration somewhere because it did work when I used symfony server:start
.
Just looked at profiler, it fails in HTTP client. This is the trace:
HTTP client log
"info" => [▼
"header_size" => 307
"request_size" => 380
"total_time" => 0.001044
"namelookup_time" => 8.2E-5
"connect_time" => 0.000435
"pretransfer_time" => 0.000487
"size_upload" => 34.0
"size_download" => 13.0
"speed_download" => 12452.0
"speed_upload" => 32567.0
"download_content_length" => 13.0
"upload_content_length" => 34.0
"starttransfer_time" => 0.00089
"primary_ip" => "127.0.0.1"
"primary_port" => 3000
"local_ip" => "127.0.0.1"
"local_port" => 36656
"start_time" => 1617543862.2851
"pause_handler" => Closure(float $duration) {#1144 ▼
class: "Symfony\Component\HttpClient\Response\CurlResponse"
use: {▼
$ch: CurlHandle {#1181 …}
$multi: Symfony\Component\HttpClient\Internal\CurlClientState {#1149 …}
$execCounter: -9223372036854775808
}
}
"debug" => """
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 3000 (#0)
> POST /.well-known/mercure HTTP/1.1
Host: localhost:3000
Accept: */*
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtZXJjdXJlIjp7InB1Ymxpc2giOlsiKiJdfX0.iHLdpAEjX4BqCsHJEegxRmO-Y6sMxXwNATrQyRNt3GY
User-Agent: Symfony HttpClient/Curl
Accept-Encoding: gzip
Content-Length: 34
Content-Type: application/x-www-form-urlencoded
* upload completely sent off: 34 out of 34 bytes
< HTTP/1.1 401 Unauthorized
< Content-Security-Policy: default-src 'self' mercure.rocks cdn.jsdelivr.net
< Content-Type: text/plain; charset=utf-8
< Server: Caddy
< X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
< X-Xss-Protection: 1; mode=block
< Date: Sun, 04 Apr 2021 13:44:22 GMT
< Content-Length: 13
<
"""
]
"response_headers" => [▼
"HTTP/1.1 401 Unauthorized"
"Content-Security-Policy: default-src 'self' mercure.rocks cdn.jsdelivr.net"
"Content-Type: text/plain; charset=utf-8"
"Server: Caddy"
"X-Content-Type-Options: nosniff"
"X-Frame-Options: DENY"
"X-Xss-Protection: 1; mode=block"
"Date: Sun, 04 Apr 2021 13:44:22 GMT"
"Content-Length: 13"
]
"response_content" => [▼
"Unauthorized"
]
My suspicion is on this part:
HTTP/1.1 401 Unauthorized"
"Content-Security-Policy: default-src 'self' mercure.rocks cdn.jsdelivr.net"
Caddyfile.dev has cors allowed:
cors_origins *
publish_origins *
could that be a problem?
For that same request, Mercure reported this:
Topic selectors not matched, not provided or authorization error {"remote_addr": "127.0.0.1:41184", "error": "unable to parse JWT: signature is invalid"}
but my JWT is (hopefully) correct i.e. same from .env.local
:
# The default token is signed with the secret key: !ChangeMe!
MERCURE_JWT_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtZXJjdXJlIjp7InB1Ymxpc2giOlsiKiJdfX0.iHLdpAEjX4BqCsHJEegxRmO-Y6sMxXwNATrQyRNt3GY
Caddy logs on stderr
by default.
I updated my previous comment. Help me @dunglas , you are my only hope 😄
UPDATE:
To further remove variables, I made sure that token generated comes from jwt.io. So for a default !ChangeMe!
secret, token is eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtZXJjdXJlIjp7InB1Ymxpc2giOlsiKiJdfX0.obDjwCgqtPuIvwBlTxUEmibbBf0zypKCNzNKP7Op2UM
Updated my env.local
, updated mercure
command line, same error.
you've closed it as completed, care to comment? I'm trying to solve something similar, your input could point in the right direction.