search

dunglas / mercure

🪽 An open, easy, fast, reliable and battery-efficient solution for real-time communications
https://mercure.rocks
GNU Affero General Public License v3.0
3.84k stars 280 forks source link

Mercure inside docker and behind server host Nginx proxy #843

Open kl3sk opened 7 months ago

kl3sk commented 7 months ago

Hello,

I faced a problem. A create a route to test my update and here is the message

fopen(): SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed

Docker config

networks:
    web-staging-network:
        driver: bridge

services:
    mercure:
        container_name: mercure
        networks:
            web-staging-network:
        env_file:
            - ./.env
        image: dunglas/mercure:latest
        restart: unless-stopped
        environment:
            SERVER_NAME: ':80'
            MERCURE_PUBLISHER_JWT_KEY: '${MERCURE_PUBLISHER_JWT_KEY:-!ChangeThisDevMercureHubJWTSecretKey!}'
            MERCURE_SUBSCRIBER_JWT_KEY: '${MERCURE_SUBSCRIBER_JWT_KEY:-!ChangeThisDevMercureHubJWTSecretKey!}'
            # Set the URL of your Symfony project (without trailing slash!) as value of the cors_origins directive
            MERCURE_EXTRA_DIRECTIVES: |
                cors_origins http://app.domain.com
                use_forwarded_headers "1"
        # Comment the following line to disable the development mode
        command: /usr/bin/caddy run --config /etc/caddy/Caddyfile.dev
        volumes:
            - mercure_data:/data
            - mercure_config:/config

volumes:
    mercure_data:
    mercure_config:

Docker override:

services:
###> symfony/mercure-bundle ###
  mercure:
    ports:
      - "8181:80"
###< symfony/mercure-bundle ###
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name hub-preprod.domain.com;

    ssl_certificate path_to_crt;
    ssl_certificate_key path_to_key;

    location / {
        proxy_pass http://localhost:8181;
        proxy_read_timeout 24h;
        proxy_http_version 1.1;
        proxy_set_header Connection "";

        ## Be sure to set USE_FORWARDED_HEADERS=1 to allow the hub to use those headers ##
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    error_log /home/<user>/logs/error-hub.log;
    access_log /home/<user>/logs/access-hub.log;
}

On DEV mode (eg: command: /usr/bin/caddy run --config /etc/caddy/Caddyfile.dev, uncommented) , the UI is accessible, but no update is made and return the above error.

Thanks for any help

Note: It is a private project

kl3sk commented 7 months ago

I found a solution to pass this error, the HTTP client need this options to false.

But for now my page with the EventSource dont load correctly.

Edit: IDK yet if it is a server related problem, sometimes it load perfectly sometimes not. This is totally random

Any clues are appreciated I'll talk with my support.