-
Notifications
You must be signed in to change notification settings - Fork 0
Mercure
Beau Barker edited this page Aug 5, 2025
·
4 revisions
Mercure is a protocol that enables reliable and efficient updates to web browsers and other HTTP clients, via Server-Sent Events.
Note
Mercure should use different JWT secrets than the one used in Caddy and PostgREST.
Generate secrets for both publishing and subscribing (these keys are required whether you're using them or not):
openssl rand -base64 32Put the secret(s) in the environment file:
.env
MERCURE_PUBLISHER_KEY=(publisher secret)
MERCURE_SUBSCRIBER_KEY=(subscriber secret)Caution
The .env file is for development only. Never store real secrets in plain
text in production.
Add the secrets and other settings to the Compose file:
compose.yaml
mercure:
image: dunglas/mercure:v0.19
environment:
MERCURE_PUBLISHER_JWT_KEY: ${MERCURE_PUBLISHER_JWT_KEY:?} # Required even if unused
MERCURE_SUBSCRIBER_JWT_KEY: ${MERCURE_SUBSCRIBER_JWT_KEY:?} # Required if subscribing requires auth
MERCURE_ANONYMOUS: 1 # Allows subscribers without a JWT for topics that are marked as public
MERCURE_CORS_ORIGINS: "*" # Sets CORS Access-Control-Allow-Origin for all requests
MERCURE_PUBLISH_ORIGINS: "*" # Restricts which origins can send POST (publish), alternatively e.g. "http://postgres"
MERCURE_SUBSCRIBE_ORIGINS: "*" # Restricts which origins can open SSE subscriptionsAdd a route for subscribing:
caddy/Caddyfile
# Allow subscribing to /jobs
route /jobs* {
@sse method GET
reverse_proxy @sse mercure:80
respond @sse "Invalid method" 405
}