How to run Mercure in production with Apache - apache

I have a Symfony project on an Apache server that uses Mercure and I try to setup the Mercure hub in production.
To run the Mercure hub in production, I extract the archive mercure_0.6.2_Linux_x86_64.tar.gz (https://github.com/dunglas/mercure/releases) into a subfolder mercure at the root of my project.
Then I run the command:
JWT_KEY='myJWTKey' ACME_HOSTS='example.com' ./mercure
with my informations
But the hub doesn't run with this error:
FATA[0000] listen tcp :443: bind: permission denied
I saw a similar question (How to run Mercure in production)
but the proposed answer uses ADDR to change port, and according to the documentation, "Let's Encrypt only supports the default port: to use Let's Encrypt, do not set this variable.".
How do I run Mercure in production?

Here are the steps I did to resolve my problem :
I run Mercure with this command:
JWT_KEY='aVerySecretKey' ADDR='myhub.com:3000' CORS_ALLOWED_ORIGINS='https://mywebsite.com' DEBUG=1 ALLOW_ANONYMOUS=1 ./mercure
So, Mercure run here: http://myhub.com:3000.
I use Apache as a proxy with this parameters:
ProxyPass / http://myhub.com:3000/
ProxyPassReverse / https://myhub.com/
So now, I can access the hub in HTTPS here https://myhub.com/hub from my domain https://mywebsite.com.
Thanks to dunglas, the author of Mercure.

I don't know if this is helpful, but after a lot of struggle I got Mercure working on a live server like this. (I'm using port 9090 throughout.) In Apache domain conf:
ProxyPass /hub/ http://localhost:9090/
ProxyPassReverse /hub/ http://localhost:9090/
In Javascript:
new URL('https://www.example.com/hub/.well-known/mercure');
In Symfony:
MERCURE_PUBLISH_URL=https://www.example.com/hub/.well-known/mercure
Being careful not to confuse MERCURE_JWT_TOKEN with MERCURE_JWT_SECRET.
From root, running Mercure server like this for testing:
docker run -e JWT_KEY='!ChangeMe!' -e DEMO=1 -e ALLOW_ANONYMOUS=1 -e CORS_ALLOWED_ORIGINS='*' -e PUBLISH_ALLOWED_ORIGINS='*' -p 9090:80 dunglas/mercure
So now everything is working, without https / 443 problems.

Related

Put different containers containing a server in the same server

I have a Debian server with apache2 on it. I can access it by an ip address.
What I want is to be able to access to the containers in it (which contain an apache2 serveur) from the outside by an url like "myIpAddress/container1". What I currently have is an acces to those containers only from the Debian server.
I thought about using proxy reverse, but I cannot make it works.
Thank you for your help! :-)
Map the docker container's port to a host port and access the docker container from <host-ip>:port.
docker run -p host-port:container-port image
For example, upon running a container using the above command will make the container available at 127.0.0.1
docker run -p 80:5000 training/webapp
Update:
Setting up reverse proxy using NGINX
This example uses a plain NGINX container as site A and plain Apache server as site B.
Run the reverse proxy.
docker run -d \
--name nginx-proxy \
-p 80:80 \
-v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
Start the container for site A, specifying the domain name in the VIRTUAL_HOST variable.
docker run -d --name site-a -e VIRTUAL_HOST=a.example.com nginx
Check out your website at http://a.example.com.
With site A still running, start the container for site B.
docker run -d --name site-b -e VIRTUAL_HOST=b.example.com httpd
Check out site B at http://b.example.com.
Note: Make sure you have set up DNS to forward the subdomains to the host running nginx-proxy. If you're using AWS, the easiest way is to use Route53.
For testing locally, map sub-domains to resolve to localhost by adding entries in /etc/hosts file.
127.0.0.1 a.example.com
127.0.0.1 b.example.com
References
jwilder NGNIX Proxy Github
NGNIX reverse proxy using docker

Minishift: Could not resolve: *.192.168.64.2.nip.io

I have installed minishift on OSX with brew:
brew cask install minishift-beta
...
$ minishift version
Minishift version: 1.0.0
I have sucessfuly started minishift, and created node-ex example application and exported it:
$ oc get route
NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
nodejs-ex nodejs-ex-myproject.192.168.64.2.nip.io nodejs-ex 8080-tcp None
However I can not reach .192.168.64.2.nip.io:
$ curl nodejs-ex-myproject.192.168.64.2.nip.io
curl: (6) Could not resolve host: nodejs-ex-myproject.192.168.64.2.nip.io
$ dig +short nodejs-ex-myproject.192.168.64.2.nip.io
$
All is working with minishift web console and oc command, but I can not reach the application domain.
Thank you #enj. The explanation at http://nip.io is clear about how it works.
I have seen that queries to 8.8.8.8 and to my ISP DNS are resolved to my private IP. But it is my router (my primary DNS) which do respond nip.io
My router run DD-WRT and has enabled
Rebind protection Discard upstream RFC1918 responses
then I add nip.io at
Domain whitelist nip.io
and now I resolve queries:
≻ dig +short test.10.0.0.1.nip.io
10.0.0.1
Is something on your machine or network blocking DNS queries to nip.io?
When playing with Minishift at home, where I am connected to the internet via Deutsche Telekom's VDSL and Speedport-Router, I cannot resolve these xip.io or nip.io addresses.
My workaround is to put 8.8.8.8 into /etc/resolv.conf
I had the same issue on Windows 10. My workaround was to add an entry in C:\Windows\System32\drivers\etc\hosts file. Here is an example
192.160.90.101 nodejs-ex-nodejs-echo.192.160.90.101.nip.io # needed for minishift to work

https is not working on httpd docker container

I am new to Apache and docker. I am running httpd:2.4 image from docker hub. Httpd container is running fine. When I am hitting localhost from browser, it gives messages as "IT workes" but when i tried to hit localhost with https then it is giving error as site can not be reached.
command to run httpd
docker run -d -p 443:443 --name httpd httpd:2.4
You must configure ssl certificate for this. Please refer SSL/HTTPS section given on Docker Hub official doc

Many docker container on one host

I didn't find something about running many different webapp-container on one host. So for example I have two containers. On the first I run an apache with owncloud and on the second I run a wordpress blog. Both of them have to run on port 80. How could I handle this?
Thanks
You can use -p flag to map ports:
docker run -p 8080:80 owncloud
docker run -p 8081:80 wordpress
And than access owncloud with http://yourdomain.com:8080/ and wordpress with http://yourdomain.com:8081/
It is common to combine docker with a reverse proxy like HAProxy.
With a reverse proxy you can pass request to owncloud.yourdomain.com to your owncloud container and from wordpress.yourdomain.com to the wordpress container. (or yourdomain.com/owncloud and yourdomain.com/wordpress)
You will have to use different ports in the host (otherwise you will get an error starting the second container).
To avoid that, expose one of the 80 internal port to another port in the host.
For instance, when running 'docker run':
docker run -p 8081:80 name_of_your_image
This will export the port 80 of your server in the port 8081 in the host.
if you want you can use docker-gen, it's a simple script where you can balance the docker with a simple environment variables (on container).
This is the documentation:
https://github.com/jwilder/docker-gen

How can I set virtual host in Codeship?

I’m using Codeship to automate a multi-tenancy application.
My app need subdomain setting to run acceptance tests using Selenium Web Driver.
So, I need to config virtual domain for my app.
For example, I need the following virtual domain:
127.0.0.1 test.my-app.test
127.0.0.1 my-app.test
If I do not use subdomain to request to my app, It not work as requirement.
I tried the following commands in Setup Commands section before Test Pipelines.
sudo echo '127.0.0.1 test.my-app.test' >> /etc/hosts
sudo echo '127.0.0.1 my-app.test' >> /etc/hosts
But, It doesn’t work, because I has no permission. The error message was:
bash: /etc/hosts: Permission denied
Would you mind tell me how to make it work ?
Thank you in advanced !
Update:
I received reply from Codeship team:
this is not possible in our classic infrastructure due to technical limitations. You could move to our Docker Platform, which allows more customization of your build environment.
We need to use Docker to solve this issue
Your redirected command will not be executed in the root privilege, that's why you got the Permission denied error.
Your command means "do the echo in the privilege root, then redirected to /etc/hosts file".
Try this:
sudo sh -c 'echo "Your text" >> /path/to/file'
We don't allow access via sudo on the build VMs because of security considerations.
However, you can use a service like http://xip.io/ or lvh.me to access your application via DNS names.
$ nslookup codeship.lvh.me
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: codeship.lvh.me
Address: 127.0.0.1
lvh.me will resolve any requests to a subdomain to 127.0.0.1, xip.io offers more functionality, that is explained on its homepage in more detail.