From 0c2aee27c70b940f4c6de67183051962bd5e8422 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Dunglas?= Date: Mon, 22 Apr 2024 11:14:53 +0200 Subject: [PATCH 1/3] docs: misc improvements --- docs/hub/cloud.md | 8 ++++++++ docs/hub/troubleshooting.md | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/docs/hub/cloud.md b/docs/hub/cloud.md index 409d7f52..7ee4d702 100644 --- a/docs/hub/cloud.md +++ b/docs/hub/cloud.md @@ -50,6 +50,14 @@ Be sure to catch and logs these errors in your code. If you need more requests, upgrade to a higher plan or [the On Premise version](#on-premise). +Rate limiting implements the [leaky bucket algorithm](https://en.wikipedia.org/wiki/Leaky_bucket). +Requests are tracked at millisecond granularity. A queue of 10 requests exceeding the limit is allowed (*burst*). + +## TLS Certificates + +TLS certificates are automatically provisionned using [Let's Encrypt](https://letsencrypt.org). +[A `CAA` DNS entry](https://letsencrypt.org/docs/caa/) is maintained for all `mercure.rocks` subdomains. + ## On Premise The [high availability hub](cluster.md) we use for the cloud service can also be hosted on your own infrastructure. When you use the [on-premise version](cluster.md#high-availability-on-premise-version), there are no limits other than the load that can be handled by your servers. diff --git a/docs/hub/troubleshooting.md b/docs/hub/troubleshooting.md index b41e2785..de0e2a38 100644 --- a/docs/hub/troubleshooting.md +++ b/docs/hub/troubleshooting.md @@ -2,7 +2,7 @@ ## 401 Unauthorized -* Double-check that the request to the hub includes an authorization cookie (the default name is `mercureAuthorization`) or an `Authorization` HTTP header +* Double-check that the request to the hub includes an authorization cookie (the default name is `mercureAuthorization`), an `Authorization` HTTP header or an `authorization` query parameter * If the cookie isn't set, you may have to explicitly include [the request credentials](https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/fetch#Parameters) (`new EventSource(url, {withCredentials: true})` and `fetch(url, {credentials: 'include'})`) * Check the logs written by the hub on `stderr`, they contain the exact reason why the token has been rejected * Be sure to set a **secret key** (and not a JWT) in `JWT_KEY` (or in `SUBSCRIBER_JWT_KEY` and `PUBLISHER_JWT_KEY`) From a0005204ca791b1d95e1fcad01afe9c50e7e3d60 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Dunglas?= Date: Mon, 22 Apr 2024 11:27:47 +0200 Subject: [PATCH 2/3] double cookies --- docs/hub/troubleshooting.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/hub/troubleshooting.md b/docs/hub/troubleshooting.md index de0e2a38..eab68361 100644 --- a/docs/hub/troubleshooting.md +++ b/docs/hub/troubleshooting.md @@ -4,6 +4,7 @@ * Double-check that the request to the hub includes an authorization cookie (the default name is `mercureAuthorization`), an `Authorization` HTTP header or an `authorization` query parameter * If the cookie isn't set, you may have to explicitly include [the request credentials](https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/fetch#Parameters) (`new EventSource(url, {withCredentials: true})` and `fetch(url, {credentials: 'include'})`) +* Double-check that only one `mercureAuthorization` cookie is set (Sometimes, especially in development, old Mercure cookies from other environments may remain) * Check the logs written by the hub on `stderr`, they contain the exact reason why the token has been rejected * Be sure to set a **secret key** (and not a JWT) in `JWT_KEY` (or in `SUBSCRIBER_JWT_KEY` and `PUBLISHER_JWT_KEY`) * If the secret key contains special characters, be sure to escape them properly, especially if you set the environment variable in a shell, or in a YAML file (Kubernetes...) From 3ddaae6ae0ec55d9b0bbfc392bb82dfd03dd57cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Dunglas?= Date: Mon, 22 Apr 2024 11:33:23 +0200 Subject: [PATCH 3/3] typo --- docs/hub/troubleshooting.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/hub/troubleshooting.md b/docs/hub/troubleshooting.md index eab68361..3601ef85 100644 --- a/docs/hub/troubleshooting.md +++ b/docs/hub/troubleshooting.md @@ -4,7 +4,7 @@ * Double-check that the request to the hub includes an authorization cookie (the default name is `mercureAuthorization`), an `Authorization` HTTP header or an `authorization` query parameter * If the cookie isn't set, you may have to explicitly include [the request credentials](https://developer.mozilla.org/en-US/docs/Web/API/WindowOrWorkerGlobalScope/fetch#Parameters) (`new EventSource(url, {withCredentials: true})` and `fetch(url, {credentials: 'include'})`) -* Double-check that only one `mercureAuthorization` cookie is set (Sometimes, especially in development, old Mercure cookies from other environments may remain) +* Double-check that only one `mercureAuthorization` cookie is set (sometimes, especially in development, old Mercure cookies from other environments may remain) * Check the logs written by the hub on `stderr`, they contain the exact reason why the token has been rejected * Be sure to set a **secret key** (and not a JWT) in `JWT_KEY` (or in `SUBSCRIBER_JWT_KEY` and `PUBLISHER_JWT_KEY`) * If the secret key contains special characters, be sure to escape them properly, especially if you set the environment variable in a shell, or in a YAML file (Kubernetes...)