From aed3d92462af121b779b76ce77ac1632e5c3fa49 Mon Sep 17 00:00:00 2001
From: Brock H Caldwell <brock@caldwellnetworks.com>
Date: Sun, 25 May 2025 15:00:32 -0500
Subject: [PATCH] fix: combines mercure with frankenphp app

---
 Dockerfile                |  2 ++
 Dockerfile.prod           | 11 -------
 compose.yml               | 29 ++++++-----------
 config/services.yaml      |  4 +--
 deploy.compose.yml        | 40 +++++-------------------
 docker/Dockerfile.app     |  3 +-
 docker/app/site.caddyfile | 66 +++++++++++++++++++++++++++++++++++++++
 7 files changed, 89 insertions(+), 66 deletions(-)
 delete mode 100644 Dockerfile.prod
 create mode 100644 docker/app/site.caddyfile

diff --git a/Dockerfile b/Dockerfile
index dc6514d..e243feb 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,3 +12,5 @@ RUN install-php-extensions \
 	opcache
 
 HEALTHCHECK --interval=3s --timeout=3s --retries=10 CMD [ "php", "/app/bin/console", "startup:status" ]
+
+COPY docker/app/site.caddyfile /etc/frankenphp/Caddyfile
diff --git a/Dockerfile.prod b/Dockerfile.prod
deleted file mode 100644
index df8e3a8..0000000
--- a/Dockerfile.prod
+++ /dev/null
@@ -1,11 +0,0 @@
-FROM registry.caldwell.digital/library/php:8.4-apache
-
-RUN apt-get update && \
-    apt-get install libldap2-dev -y && \
-    rm -rf /var/lib/apt/lists/* && \
-    docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu/ && \
-    docker-php-ext-install ldap
-
-COPY --chown=www-data:www-data . /var/www
-COPY bash/nginx.conf /etc/apache2/sites-enabled/vhost.conf
-RUN rm /etc/apache2/sites-enabled/000-default.conf
diff --git a/compose.yml b/compose.yml
index 98804d9..28b854f 100755
--- a/compose.yml
+++ b/compose.yml
@@ -12,18 +12,23 @@ services:
       - $PWD/bash/caddy:/etc/caddy
       - $PWD/bash/certs:/etc/ssl
 
+
   app:
     build: .
     restart: unless-stopped
-    environment:
-      FRANKENPHP_CONFIG: "worker /app/public/index.php"
     volumes:
       - $PWD:/app
+      - mercure_data:/data
+      - mercure_config:/config
     tty: true
+    environment:
+      MERCURE_PUBLISHER_JWT_KEY: '!ChangeThisMercureHubJWTSecretKey!'
+      MERCURE_SUBSCRIBER_JWT_KEY: '!ChangeThisMercureHubJWTSecretKey!'
     depends_on:
       database:
         condition: service_healthy
 
+
   worker:
     build: .
     restart: unless-stopped
@@ -32,6 +37,7 @@ services:
     tty: true
     command: php /app/bin/console messenger:consume async -vv
 
+
   redis:
     image: redis:latest
     volumes:
@@ -39,23 +45,6 @@ services:
     command: redis-server --maxmemory 512MB
     restart: unless-stopped
 
-  mercure:
-    image: dunglas/mercure
-    restart: unless-stopped
-    ports:
-      - "3000:80"
-    environment:
-      SERVER_NAME: ':80'
-      MERCURE_PUBLISHER_JWT_KEY: '!ChangeThisMercureHubJWTSecretKey!'
-      MERCURE_SUBSCRIBER_JWT_KEY: '!ChangeThisMercureHubJWTSecretKey!'
-      MERCURE_EXTRA_DIRECTIVES: |
-        cors_origins *
-        anonymous
-    command: /usr/bin/caddy run --config /etc/caddy/dev.Caddyfile
-    volumes:
-      - mercure_data:/data
-      - mercure_config:/config
-
 
   database:
     image: mariadb:10.11.2
@@ -74,11 +63,13 @@ services:
       timeout: 5s
       retries: 10
 
+
   adminer:
     image: adminer
     ports:
       - "8081:8080"
 
+
 volumes:
   mysql:
   mercure_data:
diff --git a/config/services.yaml b/config/services.yaml
index 61195bb..82dd3df 100644
--- a/config/services.yaml
+++ b/config/services.yaml
@@ -11,8 +11,8 @@ parameters:
     media.tvshows_path: '/var/download/%env(default:media.default_tvshows_dir:TVSHOWS_PATH)%'
 
     # Mercure
-    app.mercure.url: 'http://mercure/.well-known/mercure'
-    app.mercure.public_url: '%env(APP_URL)%/hub/.well-known/mercure'
+    app.mercure.url: 'http://app/.well-known/mercure'
+    app.mercure.public_url: '%env(APP_URL)%/.well-known/mercure'
 
     # Cache
     app.cache.adapter: '%env(default:app.cache.adapter.default:CACHE_ADAPTER)%'
diff --git a/deploy.compose.yml b/deploy.compose.yml
index 5e33ca6..7c6287c 100755
--- a/deploy.compose.yml
+++ b/deploy.compose.yml
@@ -3,8 +3,16 @@ services:
     image: registry.caldwell.digital/home/torsearch-app:${TAG}
     ports:
       - '8001:80'
+    environment:
+      MERCURE_PUBLISHER_JWT_KEY: '!ChangeThisMercureHubJWTSecretKey!'
+      MERCURE_SUBSCRIBER_JWT_KEY: '!ChangeThisMercureHubJWTSecretKey!'
     deploy:
       replicas: 2
+    volumes:
+      - /mnt/media/downloads/movies:/var/download/movies
+      - /mnt/media/downloads/tvshows:/var/download/tvshows
+      - mercure_data:/data
+      - mercure_config:/config
     depends_on:
       - database
 
@@ -31,38 +39,6 @@ services:
       - app
 
 
-  mercure:
-    image: dunglas/mercure
-    restart: unless-stopped
-    environment:
-      SERVER_NAME: ':80'
-      MERCURE_PUBLISHER_JWT_KEY: '!ChangeThisMercureHubJWTSecretKey!'
-      MERCURE_SUBSCRIBER_JWT_KEY: '!ChangeThisMercureHubJWTSecretKey!'
-      MERCURE_EXTRA_DIRECTIVES: |
-        cors_origins *
-        anonymous
-    command: /usr/bin/caddy run --config /etc/caddy/dev.Caddyfile
-    volumes:
-      - mercure_data:/data
-      - mercure_config:/config
-
-
-  database:
-    image: mariadb:10.11.2
-    volumes:
-      - mysql:/var/lib/mysql
-    environment:
-      MYSQL_DATABASE: app
-      MYSQL_USERNAME: app
-      MYSQL_PASSWORD: password
-      MYSQL_ROOT_PASSWORD: password
-    healthcheck:
-      test: [ "CMD", "mysqladmin" ,"ping", "-h", "localhost" ]
-      interval: 5s
-      timeout: 5s
-      retries: 10
-
-
   redis:
     image: redis:latest
     volumes:
diff --git a/docker/Dockerfile.app b/docker/Dockerfile.app
index 583e340..5e7d353 100644
--- a/docker/Dockerfile.app
+++ b/docker/Dockerfile.app
@@ -1,9 +1,7 @@
 FROM dunglas/frankenphp
 
-ENV FRANKENPHP_CONFIG="worker /app/public/index.php 20"
 ENV SERVER_NAME=":80"
 ENV CADDY_GLOBAL_OPTIONS="auto_https off"
-ENV APP_RUNTIME="Runtime\\FrankenPhpSymfony\\Runtime"
 
 RUN install-php-extensions \
 	pdo_mysql \
@@ -14,6 +12,7 @@ RUN install-php-extensions \
 
 COPY . /app
 COPY --chmod=775 ./bash/entrypoint.sh /usr/local/bin/docker-entrypoint
+COPY docker/app/Caddyfile /etc/frankenphp/Caddyfile
 
 ENTRYPOINT [ "/usr/local/bin/docker-entrypoint" ]
 
diff --git a/docker/app/site.caddyfile b/docker/app/site.caddyfile
new file mode 100644
index 0000000..5e33d18
--- /dev/null
+++ b/docker/app/site.caddyfile
@@ -0,0 +1,66 @@
+{
+	{$CADDY_GLOBAL_OPTIONS}
+
+	frankenphp {
+		{$FRANKENPHP_CONFIG}
+
+		worker {
+			file ./public/index.php
+			num 20
+			env APP_RUNTIME Runtime\FrankenPhpSymfony\Runtime
+			{$FRANKENPHP_WORKER_CONFIG}
+		}
+	}
+}
+
+{$CADDY_EXTRA_CONFIG}
+
+{$SERVER_NAME:localhost} {
+	log {
+		{$CADDY_SERVER_LOG_OPTIONS}
+		# Redact the authorization query parameter that can be set by Mercure
+		format filter {
+			request>uri query {
+				replace authorization REDACTED
+			}
+		}
+	}
+
+	root /app/public
+	encode zstd br gzip
+
+	mercure {
+		# Publisher JWT key
+		publisher_jwt {env.MERCURE_PUBLISHER_JWT_KEY} {env.MERCURE_PUBLISHER_JWT_ALG}
+		# Subscriber JWT key
+		subscriber_jwt {env.MERCURE_SUBSCRIBER_JWT_KEY} {env.MERCURE_SUBSCRIBER_JWT_ALG}
+		# Allow anonymous subscribers (double-check that it's what you want)
+		anonymous
+		# Enable the subscription API (double-check that it's what you want)
+		subscriptions
+		# Custmo cors
+		cors_origins *
+		# Extra directives
+		{$MERCURE_EXTRA_DIRECTIVES}
+	}
+
+	vulcain
+
+	{$CADDY_SERVER_EXTRA_DIRECTIVES}
+
+	# Disable Topics tracking if not enabled explicitly: https://github.com/jkarlin/topics
+	header ?Permissions-Policy "browsing-topics=()"
+
+	@phpRoute {
+		not path /.well-known/mercure*
+		not file {path}
+	}
+	rewrite @phpRoute index.php
+
+	@frontController path index.php
+	php @frontController
+
+	file_server {
+		hide *.php
+	}
+}