Comments (6)
Sounds like unms is not the owner of cert/custom.key and therefore can't access it because of the 600 file permission.
Could you take a look at the /config/cert and /config/usercert directories from inside the container? (docker exec -it unms-controller /bin/bash
)
They should look something like this:
ls -l /config/usercert/
-rw-rw-rw- 1 root root 1038 Nov 24 22:30 custom.crt
-rw-rw-rw- 1 root root 1679 Nov 24 22:30 custom.key
ls -l /config/cert
-rw-r--r-- 1 unms unms 1038 Nov 24 22:30 custom.crt
-rw------- 1 unms unms 1679 Nov 24 22:30 custom.key
lrwxrwxrwx 1 unms nogroup 12 Nov 24 22:31 live.crt -> ./custom.crt
lrwxrwxrwx 1 unms nogroup 12 Nov 24 22:31 live.key -> ./custom.key
from docker-unms.
from docker-unms.
@g4m3r7ag did you have the chance to get back in town yet
from docker-unms.
from docker-unms.
I spun up a new container to test this. I created the usercert directory and placed my cert and key there before the initial run. Ran the container and it assigned the proper permissions to the file assuming the unms uid/gid would be 1001 as it's not showing me the name because those users don't exist on my host. However the cert doesn't seem to be loading properly as I still get a certificate error, but better then before as it at least is letting me bypass the error now. Maybe if there was a way to specify the UID/GID to run the services as?
administrator@docker01:/docker-data/unms$ ls -l
total 32
drwxr-xr-x 2 1001 1001 4096 Apr 15 00:46 cert
-rw-rw-r-- 1 root root 432 Apr 15 00:41 docker-compose.yml
drwxr-xr-x 2 nobody 65533 4096 Apr 15 00:45 logs
drwx------ 19 70 70 4096 Apr 15 01:06 postgres
drwxr-xr-x 2 911 911 4096 Apr 15 00:45 redis
drwxr-xr-x 4 root root 4096 Apr 15 00:45 siridb
drwxr-xr-x 9 1001 1001 4096 Apr 15 00:46 unms
drwxrwxr-x 2 root root 4096 Apr 15 00:42 usercert
administrator@docker01:/docker-data/unms$ cd usercert/
administrator@docker01:/docker-data/unms/usercert$ ls -l
total 8
-rw-rw-rw- 1 root root 1631 Apr 15 00:42 unms.ad.mydomain.com.crt
-rw-rw-rw- 1 root root 1704 Apr 15 00:42 unms.ad.mydomain.com.key
administrator@docker01:/docker-data/unms/usercert$ cd ..
administrator@docker01:/docker-data/unms$ cd cert/
administrator@docker01:/docker-data/unms/cert$ ls -l
total 8
-rw-r--r-- 1 1001 1001 1631 Apr 15 00:45 custom.crt
-rw------- 1 1001 1001 1704 Apr 15 00:45 custom.key
lrwxrwxrwx 1 1001 65533 12 Apr 15 00:46 live.crt -> ./custom.crt
lrwxrwxrwx 1 1001 65533 12 Apr 15 00:46 live.key -> ./custom.key
administrator@docker01:/docker-data/unms/cert$
Compose file
administrator@docker01:/docker-data/unms$ cat docker-compose.yml
version: '2'
services:
unms:
container_name: unms-controller
image: nico640/docker-unms:latest
restart: always
ports:
- 5080:80
- 7443:443
- 3055:2055/udp
environment:
- TZ=America/New_York
- PUBLIC_HTTPS_PORT=7443
- PUBLIC_WS_PORT=7443
- SSL_CERT=unms.ad.mydomain.com.crt
- SSL_CERT_KEY=unms.ad.mydomain.com.key
volumes:
- /docker-data/unms:/config
Edit: I do see where it's creating user unms as 1001 so the permissions seem to be correct however it's still giving an error when trying to load the cert
2021-04-15T05:26:39.815605881Z Enabling UNMS https and wss connections on port 443
2021-04-15T05:26:39.842612443Z Updating custom certificate.
2021-04-15T05:26:39.843278836Z mv: cannot create regular file '/cert/custom.key': Permission denied
2021-04-15T05:26:39.843406596Z No certificate found.
2021-04-15T05:26:39.843421334Z Failed to copy key.
2021-04-15T05:26:39.843508999Z Generating self-signed certificate for 'localhost'.
2021-04-15T05:26:40.099571199Z Failed to generate self-signed certificate for 'localhost'
2021-04-15T05:26:40.121809387Z 2021/04/15 01:26:40 [emerg] 681#681: open() "/etc/nginx/ip-whitelist.conf" failed (2: No such file or directory) in /etc/nginx/conf.d/unms-https+wss.conf:36
2021-04-15T05:26:40.121832471Z nginx: [emerg] open() "/etc/nginx/ip-whitelist.conf" failed (2: No such file or directory) in /etc/nginx/conf.d/unms-https+wss.conf:36
2021-04-15T05:26:40.297209580Z Waiting for pid file '/var/lib/rabbitmq/mnesia/[email protected]' to appear
2021-04-15T05:26:40.298205524Z pid is 365
2021-04-15T05:26:40.298234279Z Waiting for erlang distribution on node 'rabbit@4bc5d51990fa' while OS process '365' is running
2021-04-15T05:26:40.306366953Z Error:
2021-04-15T05:26:40.306387351Z process_not_running
2021-04-15T05:26:40.312840374Z Starting unms-netflow...
2021-04-15T05:26:40.737545857Z Starting nginx...
2021-04-15T05:26:40.738197984Z Running entrypoint.sh
2021-04-15T05:26:40.745804137Z Updating custom certificate.
2021-04-15T05:26:40.748981356Z Entrypoint finished
2021-04-15T05:26:40.748993098Z Calling exec
However it does actually create the custom.crt file with contents of my crt file from the usercert folder. The custom.key file though is created and when viewed with sudo has the correct contents. I stopped the container and changed the permissions on it to
administrator@docker01:/docker-data/unms/cert$ ls -l
total 8
-rw-r--r-- 1 1001 1001 1631 Apr 15 01:26 custom.crt
-rw-r--r-- 1 1001 1001 1704 Apr 15 01:26 custom.key
lrwxrwxrwx 1 1001 65533 12 Apr 15 01:27 live.crt -> ./custom.crt
lrwxrwxrwx 1 1001 65533 12 Apr 15 01:27 live.key -> ./custom.key
Restarted the container and it read the contents of the key file without error
2021-04-15T05:52:04.076892399Z Starting nginx...
2021-04-15T05:52:04.090555015Z Running entrypoint.sh
2021-04-15T05:52:04.092192461Z Will use existing SSL certificate
However I'm still getting a invalid certificate error. When I view the certificate it shows it's my certificate, but when viewing the details it doesn't show the hierarchy like it does viewing the details on the certificates on my other services. It just shows the cert it self not the root or sub ca. Like it's still not importing something correctly. Unfortunately I'm not versed enough in certs to verify that though.
from docker-unms.
I run into the same issue with the 2.3.57 version, did you manage to solve this ?
from docker-unms.
Related Issues (20)
- Open Ports for Postgresql HOT 1
- Core (sigsegv) on startup with QNAP and 2.3 series HOT 4
- Issue with upgrading older version of UISP (1.6.5 --> 2.3.57) HOT 5
- Update Docker Image for UISP 2.4.93 HOT 2
- Unable to do fresh install of 2.4.93 HOT 1
- Running with reverse proxy HOT 2
- clean install but infinite loop HOT 2
- s6-overlay-suexec: fatal: can only run as pid 1 on Container start. HOT 2
- How to get UNMS (UISP) to take a lets encrypt (or converted) .key/.crt using docker-compose, no Wiki info. HOT 8
- Changing ports doesn't seem to be working HOT 1
- UISP never starts. Container restarts HOT 2
- Update to 2.2.12 HOT 2
- Suggestion:
- Limit memory usage of container
- Connection refused while connecting to upstream, client HOT 2
- UISP container starts only after recreation, but than not and have to recreate container every time HOT 2
- Docker Compose Version HOT 1
- RabbitMQ not start HOT 13
- 1.3.11 no longer responding to requests. HOT 10
- Can't start on A1 Oracle instances because of outdated Node.js version HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-unms.