Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Running Mercure on https with Symfony certificate #37

Open
stephanvierkant opened this issue Feb 4, 2021 · 1 comment
Open

Running Mercure on https with Symfony certificate #37

stephanvierkant opened this issue Feb 4, 2021 · 1 comment

Comments

@stephanvierkant
Copy link

As of Chrome 88, cookies must be SiteSite=Lax/Strict or SiteSite=none; Secure. That means running a Mercure server on http isn't possible when running a Symfony dev server on https. I've tried upgrading to Mercure v0.11 with HTTPS, but that uses a self-signed certificate that isn't trusted by Chrome. I tried to use the "allow-insecure-localhost" flag in Chrome, but that flag has been removed in Chrome 88. I found a workaround by setting temporary-unexpire-flags-m87. That works only temporarily and isn't a great developer experience either.

It would be great if we can use the Symfony certificate for Mercure as well, like we can with Webpack Encore's dev server.
@finnef
Copy link

finnef commented Aug 25, 2023

I use this docker-compose.yml
and copy the symfony certificates to caddy.

version: '3'

services:
  caddy:
    image: dunglas/mercure:v0.13.0
    ports:
      - "3000:80"
      - "3001:443"
    volumes:
      # copy the ~/.symfony/certs/rootCA.pem to scripts/mercure/data/caddy/pki/authorities/local/intermediate.crt
      # do the same with the key file, and again for the caddy root.crt and root.key files.
      - ./scripts/mercure/Caddyfile.docker:/etc/caddy/Caddyfile
      - ./scripts/mercure/data:/data
      - ./scripts/mercure/config:/config
    environment:
      SERVER_NAME: "127.0.0.1:443"
      MERCURE_PUBLISHER_JWT_KEY: <myKey>
      MERCURE_SUBSCRIBER_JWT_KEY: <myKey>
      MERCURE_EXTRA_DIRECTIVES: |
        cors_origins https://127.0.0.1
        publish_origins https://127.0.0.1
        ui
      GLOBAL_OPTIONS: |
        local_certs
        default_sni 127.0.0.1

and the custom Caddyfile.docker


# Learn how to configure the Mercure.rocks Hub on https://mercure.rocks/docs/hub/config
{
    {$GLOBAL_OPTIONS}
}

{$SERVER_NAME:localhost}
tls internal
log

#cors
header Access-Control-Allow-Origin https://127.0.0.1:8000
header Access-Control-Allow-Credentials true

route {
    redir / /.well-known/mercure/ui/
    encode zstd gzip

    mercure {
        # Transport to use (default to Bolt)
        transport_url {$MERCURE_TRANSPORT_URL:bolt://mercure.db}
        # Publisher JWT key
        publisher_jwt {env.MERCURE_PUBLISHER_JWT_KEY} {env.MERCURE_PUBLISHER_JWT_ALG}
        # Subscriber JWT key
        subscriber_jwt {env.MERCURE_SUBSCRIBER_JWT_KEY} {env.MERCURE_SUBSCRIBER_JWT_ALG}
        # Extra directives
        {$MERCURE_EXTRA_DIRECTIVES}
   }

    respond /healthz 200
    respond "Not Found" 404
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stephanvierkant @finnef