时间戳

首页 > 解决方案 > Nginx 反向代理背后的 Mercure 集线器

symfony - Nginx 反向代理背后的 Mercure 集线器

问题描述

我尝试在服务器上部署 Mercure 集线器。

已经有一个 Symfony 应用程序(REST API)服务于 Apache2(以及在反向代理中配置的 Nginx)。我的想法是将 API 代理保留为 Apache2,并将 Mercure 订阅配置为转发到 Mercure Hub(Caddy 服务器)。

API 部分一切正常,但无法正确配置 Nginx 和 Caddy 以协同工作。我准确地说,当它不在 Nginx 后面时,我成功地到达了集线器。我使用自定义证书,出于某种原因,每次尝试订阅集线器时,都会出现以下错误:

DEBUG http.stdlib http: TLS handshake error from 127.0.0.1:36250: no
certificate available for '127.0.0.1'

proxy_pass https://mydomain:3000;如果我使用而不是修改我的 Nginx 配置proxy_pass https://127.0.0.1:3000;,则错误变为:

DEBUG http.stdlib http: TLS handshake error from PUBLIC-IP:36250: no
certificate available for 'PRIVATE-IP'

Caddy 或 Nginx 日志中没有进一步的解释。

我的猜测是 Nginx 没有将正确的请求域转移到 Caddy,但我不知道为什么,因为我正确应用了我在规范中找到的配置说明。任何帮助将不胜感激,谢谢!

Caddy.dev 配置

{
    # Debug mode (disable it in production!)
    {$DEBUG:debug}

    # Port update
    http_port 3001
    https_port 3000

    # HTTP/3 support
    servers {
        protocol {
            experimental_http3
        }
    }
}

{$SERVER_NAME:localhost}

log

tls /path-to-certificate/fullchain.pem /path-to-certificate/privkey.pem

route {
    redir / /.well-known/mercure/ui/
    encode zstd gzip

    mercure {
        # Transport to use (default to Bolt)
        transport_url {$MERCURE_TRANSPORT_URL:bolt://mercure.db}
        # Publisher JWT key
        publisher_jwt {env.MERCURE_PUBLISHER_JWT_KEY} {env.MERCURE_PUBLISHER_JWT_ALG}
        # Subscriber JWT key
        subscriber_jwt {env.MERCURE_SUBSCRIBER_JWT_KEY} {env.MERCURE_SUBSCRIBER_JWT_ALG}
        # Permissive configuration for the development environment
        cors_origins http://localhost
        publish_origins *
        demo
        anonymous
        subscriptions
        # Extra directives
        {$MERCURE_EXTRA_DIRECTIVES}
    }

    respond /healthz 200

    respond "Not Found" 404
}

NGinx 虚拟主机配置

server {
  listen      80 http2;
  server_name mercure-hub-domain.com;
  return 301 https://mercure-hub-domain.com;
}

server {
  listen      443 ssl http2;
  listen [::]:443 ssl http2;
  server_name mercure-hub-domain.com;

  ssl_certificate /path-to-certificate/fullchain.pem; # managed by Certbot
  ssl_certificate_key /path-to-certificate/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

  location / {
    proxy_pass https://127.0.0.1:3000;
    proxy_read_timeout 24h;
    proxy_http_version 1.1;
    proxy_set_header Connection "";
    proxy_connect_timeout 300s;

    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Proto $scheme;
  }

  # Configuration des logs
  access_log  /var/log/nginx/my-project/access.log;
  error_log   /var/log/nginx/my-project/error.log;
}

启动 Mercure 中心的命令

sudo SERVER_NAME='mercure-hub-domain.com:3000' DEBUG=debug MERCURE_PUBLISHER_JWT_KEY='MY-KEY' MERCURE_SUBSCRIBER_JWT_KEY='MY-KEY' ./mercure run -config Caddyfile.dev

标签: symfonynginxcaddymercure

解决方案

推荐阅读