Fatal编程技术网
  • symfony/
  • Symfony Nginx反向代理后的Mercure hub

Symfony Nginx反向代理后的Mercure hub

symfony nginx

Symfony Nginx反向代理后的Mercure hub,symfony,nginx,caddy,mercure,Symfony,Nginx,Caddy,Mercure,我尝试在服务器上部署Mercure hub 已经有一个Symfony应用程序(RESTAPI)与Apache2(以及在反向代理中配置的Nginx)一起提供服务。我的想法是将API代理保留到Apache2,并将Mercure订阅配置为转发到Mercure Hub(一个Caddy服务器) API部分一切正常,但不可能正确配置Nginx和Caddy以协同工作。我精确地说,当中心不在Nginx后面时,我成功地到达了中心。我使用自定义证书,由于某些原因,每次尝试订阅集线器时,都会出现以下错误: 如果我使用

我尝试在服务器上部署Mercure hub

已经有一个Symfony应用程序(RESTAPI)与Apache2(以及在反向代理中配置的Nginx)一起提供服务。我的想法是将API代理保留到Apache2,并将Mercure订阅配置为转发到Mercure Hub(一个Caddy服务器)

API部分一切正常,但不可能正确配置Nginx和Caddy以协同工作。我精确地说,当中心不在Nginx后面时,我成功地到达了中心。我使用自定义证书,由于某些原因,每次尝试订阅集线器时,都会出现以下错误:

如果我使用
proxy\u pass修改我的Nginx配置https://mydomain:3000;而不是
代理\u passhttps://127.0.0.1:3000;,错误变为:

Caddy或Nginx日志中没有进一步解释

我猜Nginx没有将正确的请求域转移到Caddy,但我不知道为什么,因为我正确地应用了在规范中找到的配置说明。任何帮助都将不胜感激,谢谢

Caddy.dev配置


{
    # Debug mode (disable it in production!)
    {$DEBUG:debug}

    # Port update
    http_port 3001
    https_port 3000

    # HTTP/3 support
    servers {
        protocol {
            experimental_http3
        }
    }
}

{$SERVER_NAME:localhost}

log

tls /path-to-certificate/fullchain.pem /path-to-certificate/privkey.pem

route {
    redir / /.well-known/mercure/ui/
    encode zstd gzip

    mercure {
        # Transport to use (default to Bolt)
        transport_url {$MERCURE_TRANSPORT_URL:bolt://mercure.db}
        # Publisher JWT key
        publisher_jwt {env.MERCURE_PUBLISHER_JWT_KEY} {env.MERCURE_PUBLISHER_JWT_ALG}
        # Subscriber JWT key
        subscriber_jwt {env.MERCURE_SUBSCRIBER_JWT_KEY} {env.MERCURE_SUBSCRIBER_JWT_ALG}
        # Permissive configuration for the development environment
        cors_origins http://localhost
        publish_origins *
        demo
        anonymous
        subscriptions
        # Extra directives
        {$MERCURE_EXTRA_DIRECTIVES}
    }

    respond /healthz 200

    respond "Not Found" 404
}



server {
  listen      80 http2;
  server_name mercure-hub-domain.com;
  return 301 https://mercure-hub-domain.com;
}

server {
  listen      443 ssl http2;
  listen [::]:443 ssl http2;
  server_name mercure-hub-domain.com;

  ssl_certificate /path-to-certificate/fullchain.pem; # managed by Certbot
  ssl_certificate_key /path-to-certificate/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

  location / {
    proxy_pass https://127.0.0.1:3000;
    proxy_read_timeout 24h;
    proxy_http_version 1.1;
    proxy_set_header Connection "";
    proxy_connect_timeout 300s;

    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Proto $scheme;
  }

  # Configuration des logs
  access_log  /var/log/nginx/my-project/access.log;
  error_log   /var/log/nginx/my-project/error.log;
}


NGinx虚拟主机配置


{
    # Debug mode (disable it in production!)
    {$DEBUG:debug}

    # Port update
    http_port 3001
    https_port 3000

    # HTTP/3 support
    servers {
        protocol {
            experimental_http3
        }
    }
}

{$SERVER_NAME:localhost}

log

tls /path-to-certificate/fullchain.pem /path-to-certificate/privkey.pem

route {
    redir / /.well-known/mercure/ui/
    encode zstd gzip

    mercure {
        # Transport to use (default to Bolt)
        transport_url {$MERCURE_TRANSPORT_URL:bolt://mercure.db}
        # Publisher JWT key
        publisher_jwt {env.MERCURE_PUBLISHER_JWT_KEY} {env.MERCURE_PUBLISHER_JWT_ALG}
        # Subscriber JWT key
        subscriber_jwt {env.MERCURE_SUBSCRIBER_JWT_KEY} {env.MERCURE_SUBSCRIBER_JWT_ALG}
        # Permissive configuration for the development environment
        cors_origins http://localhost
        publish_origins *
        demo
        anonymous
        subscriptions
        # Extra directives
        {$MERCURE_EXTRA_DIRECTIVES}
    }

    respond /healthz 200

    respond "Not Found" 404
}



server {
  listen      80 http2;
  server_name mercure-hub-domain.com;
  return 301 https://mercure-hub-domain.com;
}

server {
  listen      443 ssl http2;
  listen [::]:443 ssl http2;
  server_name mercure-hub-domain.com;

  ssl_certificate /path-to-certificate/fullchain.pem; # managed by Certbot
  ssl_certificate_key /path-to-certificate/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

  location / {
    proxy_pass https://127.0.0.1:3000;
    proxy_read_timeout 24h;
    proxy_http_version 1.1;
    proxy_set_header Connection "";
    proxy_connect_timeout 300s;

    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Proto $scheme;
  }

  # Configuration des logs
  access_log  /var/log/nginx/my-project/access.log;
  error_log   /var/log/nginx/my-project/error.log;
}


启动Mercure hub的命令


sudo SERVER_NAME='mercure-hub-domain.com:3000' DEBUG=debug MERCURE_PUBLISHER_JWT_KEY='MY-KEY' MERCURE_SUBSCRIBER_JWT_KEY='MY-KEY' ./mercure run -config Caddyfile.dev



我认为您不应该在反向代理后面使用https,因为它是无用的:
proxy\u passhttp://127.0.0.1:3001;不幸的是,它不是无用的,因为Mercure Hub必须以HTTPS模式启动才能发送私有发布()。