2

I'm trying to run Mercure on Symfony within a production env.

[1st problem]

It seems that I need to keep my ssh connection active in order to keep mercure running.
Also, I would like to be able to run multiple instance of Mercure (one per vhost)

[2nd problem]

As my vhost is already using HTTPS, I'm using the following command to run Mercure:

JWT_KEY='4e2da03eda9acdfdb9253ab0f8f9e4011706fd6ba6d8293d9727e833752fb15b' CERT_FILE='/etc/letsencrypt/live/my-project.my-domain.com/fullchain.pem' KEY_FILE='/etc/letsencrypt/live/my-project.my-domain.com/privkey.pem' ALLOW_ANONYMOUS=1 ./mercure/mercure

If I try this command with my web user (www-data), I get the following error:

ERRO[0000] listen tcp :443: bind: permission denied

If I try to run it with root, I get this error instead:

ERRO[0000] listen tcp :443: bind: address already in use

Some messages here and there on the web suggested to use a proxy, but don't provide any example.

Can someone provide a solution to, first, run Mercure without having to keep my user connection on ssh, and if possible, being able to run one instance of mercure per project (vhost) (mercure is at the root of my project)

Second, provide a full example and how to solve the problem of either, ports issue or how to use a proxy.

Preciel
  • 2,666
  • 3
  • 20
  • 45
  • In case of if anyone has this issue that they don't receive Mercure request (stuck on pending status), check this issue on Github for "Multiple subscribers limit · Issue #254 · dunglas/mercure" https://github.com/dunglas/mercure/issues/254 – Amin Sep 19 '21 at 08:31

1 Answers1

4

  1. You can use nohup command, e.g JWT_KEY='[key]' nohup ./mercure/mercure &

    The right way would be to use supervisord to manage this process as you want to automatically run mercure at the server start

  2. There is an ADDR env for this, e.g. JWT_KEY='[key]' ADDR=127.0.0.1:3000 ./mercure/mercure will listen 127.0.0.1:3000 address. You need to run multiple instances of mercure on different ports for each of your project.

    You could use nginx proxy something like this:

server {
    listen 80 ssl http2;
    listen [::]:80 ssl http2;
    server_name project1.exmaple.com;

    ssl_certificate /path/to/ssl/cert.crt;
    ssl_certificate_key /path/to/ssl/cert.key;

    location / {
        proxy_pass http://127.0.0.1:3001;
        proxy_read_timeout 24h;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
    }
}

server {
    listen 80 ssl http2;
    listen [::]:80 ssl http2;
    server_name project2.exmaple.com;

    ssl_certificate /path/to/ssl/cert.crt;
    ssl_certificate_key /path/to/ssl/cert.key;

    location / {
        proxy_pass http://127.0.0.1:3002;
        proxy_read_timeout 24h;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
    }
}

Ports < 1024 can be bound only by root user. That's why you've got permission denied error, for www-data user

Community
  • 1
  • 1
BoShurik
  • 458
  • 1
  • 5
  • 15
  • I'm not using `ADDR` parameter here. I'm out of the demo, I use my project URL (which is specified with the SSL certificate). I didn't know that ports < 1024 vcould only be bind by root, good to know. – Preciel Apr 26 '19 at 13:57
  • @Preciel Default port for https is 443. If you want to run multiple instances on the same server you should use `ADDR` env – BoShurik Apr 26 '19 at 14:27
  • I see. What about the message `listen tcp :443: bind: address already in use` when I run mercure, as root without changing port? Is there any way to solve this? – Preciel Apr 26 '19 at 14:34
  • @Preciel looks like web server already listen this port and you must choose another – BoShurik Apr 26 '19 at 14:37
  • Yeah, Apache is listening to it, which is logic in fact. Thanks for the details, I will try all that monday and let you know – Preciel Apr 26 '19 at 14:39
  • 1
    @Preciel Did it work? I've tried the same solution, but it doesn't work for me. I found this issue: https://github.com/dunglas/mercure/issues/234 – Stephan Vierkant Feb 22 '20 at 11:48
  • It worked @StephanVierkant, proxy is the solution. Then just change port for multiple runs. On the other hand, because Mercure is quite limited for now, we moved to socket.io instead. – Preciel Feb 22 '20 at 14:24