symfonyproxyreverse-proxysymfony4mercure

How to run Mercure in production

I'm trying to run Mercure on Symfony within a production env.

[1st problem]

It seems that I need to keep my ssh connection active in order to keep mercure running.
Also, I would like to be able to run multiple instance of Mercure (one per vhost)

[2nd problem]

As my vhost is already using HTTPS, I'm using the following command to run Mercure:

JWT_KEY='4e2da03eda9acdfdb9253ab0f8f9e4011706fd6ba6d8293d9727e833752fb15b' CERT_FILE='/etc/letsencrypt/live/my-project.my-domain.com/fullchain.pem' KEY_FILE='/etc/letsencrypt/live/my-project.my-domain.com/privkey.pem' ALLOW_ANONYMOUS=1 ./mercure/mercure

If I try this command with my web user (www-data), I get the following error:

ERRO[0000] listen tcp :443: bind: permission denied

If I try to run it with root, I get this error instead:

ERRO[0000] listen tcp :443: bind: address already in use

Some messages here and there on the web suggested to use a proxy, but don't provide any example.

Can someone provide a solution to, first, run Mercure without having to keep my user connection on ssh, and if possible, being able to run one instance of mercure per project (vhost) (mercure is at the root of my project)

Second, provide a full example and how to solve the problem of either, ports issue or how to use a proxy.

Solution

    1. You can use nohup command, e.g JWT_KEY='[key]' nohup ./mercure/mercure &

      The right way would be to use supervisord to manage this process as you want to automatically run mercure at the server start

    2. There is an ADDR env for this, e.g. JWT_KEY='[key]' ADDR=127.0.0.1:3000 ./mercure/mercure will listen 127.0.0.1:3000 address. You need to run multiple instances of mercure on different ports for each of your project.

      You could use nginx proxy something like this:

    server {
    listen 80 ssl http2;
    listen [::]:80 ssl http2;
    server_name project1.exmaple.com;

    ssl_certificate /path/to/ssl/cert.crt;
    ssl_certificate_key /path/to/ssl/cert.key;

    location / {
        proxy_pass http://127.0.0.1:3001;
        proxy_read_timeout 24h;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
    }
}

server {
    listen 80 ssl http2;
    listen [::]:80 ssl http2;
    server_name project2.exmaple.com;

    ssl_certificate /path/to/ssl/cert.crt;
    ssl_certificate_key /path/to/ssl/cert.key;

    location / {
        proxy_pass http://127.0.0.1:3002;
        proxy_read_timeout 24h;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
    }
}

    Ports < 1024 can be bound only by root user. That's why you've got permission denied error, for www-data user