-
-
Couldn't load subscription status.
- Fork 866
Configuration with Let's Encrypt does not work #579
Unanswered
YannickDurden
asked this question in
Q&A
-
Hi,
I followed this part of the tls documentation : Using Custom TLS Certificates
Then I restart the project without -d and this message appear in the console:
Error: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
I don't understand what is wrong. I also try to add these variables to my dot env:
SERVER_NAME=app.localhost HTTP_PORT=8000 HTTPS_PORT=4443 HTTP3_PORT=4443
Thanks for helping me 🙏
Beta Was this translation helpful? Give feedback.
All reactions
Replies: 1 comment 3 replies
-
Can you show your compose*.yaml and Caddyfile files, please?
Beta Was this translation helpful? Give feedback.
All reactions
3 replies
-
Hi,
Here my compose.yaml:
services: php: image: ${IMAGES_PREFIX:-}app-php restart: unless-stopped environment: SERVER_NAME: ${SERVER_NAME:-localhost}, php:8080 MERCURE_PUBLISHER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET:-!ChangeThisMercureHubJWTSecretKey!} MERCURE_SUBSCRIBER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET:-!ChangeThisMercureHubJWTSecretKey!} TRUSTED_PROXIES: ${TRUSTED_PROXIES:-127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16} TRUSTED_HOSTS: ^${SERVER_NAME:-example\.com|localhost}|php$$ # Run "composer require symfony/orm-pack" to install and configure Doctrine ORM DATABASE_URL: postgresql://${POSTGRES_USER:-app}:${POSTGRES_PASSWORD:-ppa}@database:5432/${POSTGRES_DB:-flow}?serverVersion=${POSTGRES_VERSION:-16}&charset=${POSTGRES_CHARSET:-utf8} # Run "composer require symfony/mercure-bundle" to install and configure the Mercure integration MERCURE_URL: ${CADDY_MERCURE_URL:-http://php/.well-known/mercure} MERCURE_PUBLIC_URL: https://${SERVER_NAME:-localhost}/.well-known/mercure MERCURE_JWT_SECRET: ${CADDY_MERCURE_JWT_SECRET:-!ChangeThisMercureHubJWTSecretKey!} # The two next lines can be removed after initial installation #SYMFONY_VERSION: ${SYMFONY_VERSION:-} #STABILITY: ${STABILITY:-stable} volumes: - caddy_data:/data - caddy_config:/config ports: # HTTP - target: 8080 published: ${HTTP_PORT:-80} protocol: tcp # HTTPS - target: 443 published: ${HTTPS_PORT:-443} protocol: tcp # HTTP/3 - target: 443 published: ${HTTP3_PORT:-443} protocol: udp # Mercure is installed as a Caddy module, prevent the Flex recipe from installing another service ###> symfony/mercure-bundle ### ###< symfony/mercure-bundle ### ###> doctrine/doctrine-bundle ### database: image: postgres:${POSTGRES_VERSION:-16}-alpine environment: POSTGRES_DB: ${POSTGRES_DB:-flow} # You should definitely change the password in production POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-ppa} POSTGRES_USER: ${POSTGRES_USER:-app} volumes: - database_data:/var/lib/postgresql/data:rw # You may use a bind-mounted host directory instead, so that it is harder to accidentally remove the volume and lose all your data! # - ./docker/db/data:/var/lib/postgresql/data:rw ###< doctrine/doctrine-bundle ### volumes: caddy_data: caddy_config: ###> symfony/mercure-bundle ### ###< symfony/mercure-bundle ### ###> doctrine/doctrine-bundle ### database_data: ###< doctrine/doctrine-bundle ###
compose.override.yaml:
# Development environment override services: php: build: context: . target: frankenphp_dev volumes: - ./:/app - ./frankenphp/certs:/etc/caddy/certs:ro - ./frankenphp/Caddyfile:/etc/caddy/Caddyfile:ro - ./frankenphp/conf.d/app.dev.ini:/usr/local/etc/php/conf.d/app.dev.ini:ro # If you develop on Mac or Windows you can remove the vendor/ directory # from the bind-mount for better performance by enabling the next line: #- /app/vendor environment: CADDY_SERVER_EXTRA_DIRECTIVES: "tls /etc/caddy/certs/tls.pem /etc/caddy/certs/tls.key" MERCURE_EXTRA_DIRECTIVES: demo # See https://xdebug.org/docs/all_settings#mode XDEBUG_MODE: "${XDEBUG_MODE:-off}" extra_hosts: # Ensure that host.docker.internal is correctly defined on Linux - host.docker.internal:host-gateway tty: true ###> symfony/mercure-bundle ### ###< symfony/mercure-bundle ### ###> doctrine/doctrine-bundle ### database: ports: - "3318:5432" ###< doctrine/doctrine-bundle ###
And the Caddyfile:
{
{$CADDY_GLOBAL_OPTIONS}
frankenphp {
{$FRANKENPHP_CONFIG}
}
# https://caddyserver.com/docs/caddyfile/directives#sorting-algorithm
order mercure after encode
order vulcain after reverse_proxy
order php_server before file_server
}
{$CADDY_EXTRA_CONFIG}
{$SERVER_NAME:localhost} {
log {
# Redact the authorization query parameter that can be set by Mercure
format filter {
wrap console
fields {
uri query {
replace authorization REDACTED
}
}
}
}
root * /app/public
encode zstd br gzip
mercure {
# Transport to use (default to Bolt)
transport_url {$MERCURE_TRANSPORT_URL:bolt:///data/mercure.db}
# Publisher JWT key
publisher_jwt {env.MERCURE_PUBLISHER_JWT_KEY} {env.MERCURE_PUBLISHER_JWT_ALG}
# Subscriber JWT key
subscriber_jwt {env.MERCURE_SUBSCRIBER_JWT_KEY} {env.MERCURE_SUBSCRIBER_JWT_ALG}
# Allow anonymous subscribers (double-check that it's what you want)
anonymous
# Enable the subscription API (double-check that it's what you want)
subscriptions
# Extra directives
{$MERCURE_EXTRA_DIRECTIVES}
}
vulcain
{$CADDY_SERVER_EXTRA_DIRECTIVES}
# Disable Topics tracking if not enabled explicitly: https://github.com/jkarlin/topics
header ?Permissions-Policy "browsing-topics=()"
php_server
}
Thank you for helping me 👍
Beta Was this translation helpful? Give feedback.
All reactions
-
On this day, do you have any ideas? I updated my project with the latest changes but it seems there is nothing new for this issue.
Beta Was this translation helpful? Give feedback.
All reactions
-
Sorry for the late response. Can you try to define this options auto_https: disable_certs in CADDY_GLOBAL_OPTIONS env var ?
Beta Was this translation helpful? Give feedback.
All reactions
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment