Git Product home page Git Product logo

Comments (7)

denebtech avatar denebtech commented on June 26, 2024

Buenas peladonerd. Queria agregar otro problema (o capaz sea "el" problema). Estaba agregando un wordpress al docker-compose.yml para armar un blog, pero no me genera los certificados. Al igual que los otros contenedores, use dominios duckdns. En total, tendria 4 dominios duckdns, de los cuales solo dos se estan generando los certificados. Probe usando un contenedor 'web2' con nginx para ver si generaba los certificados pero nada. Pero lo que si note es que si uso uno de esos dominios de los que si genera los certificados en el contenedor de "wordpress", si me los toma. Mi pregunta seria, hay un limite a la hora de generar certificados?

Adjunto como quedo mi docker-compose.yml y los logs de letsencrypt.

docker-compose.yml

version: '3.0'

services:
  duckdns:
    image: linuxserver/duckdns
    container_name: duckdns
    environment:
      - TZ=America/Argentina/Jujuy
      - SUBDOMAINS=public-repository,testing-jairo,mail-testing,my-personal-blog
      - TOKEN=2829705a-7c0b-4fc9-bd33-bba676204e4a
      - LOG_FILE=false #optional
  nginx-proxy:
    image: jwilder/nginx-proxy
    container_name: nginx-proxy
    ports:
      - "8000:80"
      - "8443:443"
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - certs:/etc/nginx/certs:ro
      - vhostd:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - mailserver:/usr/share/nginx/html/.well-known
    labels:
      - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy
  letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: letsencrypt
    restart: always
    environment:
      - NGINX_PROXY_CONTAINER=nginx-proxy
    volumes:
      - certs:/etc/nginx/certs:rw
      - vhostd:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - mailserver:/usr/share/nginx/html/.well-known
      - /var/run/docker.sock:/var/run/docker.sock:ro
  web:
    image: nginx
    restart: always
    volumes: 
      - ./www:/usr/share/nginx/html
    expose:
      - 80
    environment:
      - VIRTUAL_HOST=public-repository.duckdns.org
      - LETSENCRYPT_HOST=public-repository.duckdns.org
      - [email protected]
  web2:
    image: nginx
    restart: always
    volumes:
      - ./www:/usr/share/nginx/html
    expose:
      - 80
    environment:
      - VIRTUAL_HOST=my-personal-blog.duckdns.org
      - LETSENCRYPT_HOST=my-personal-blog.duckdns.org
      - [email protected]
#  mongo-express:
#    image: mongo-express
#    container_name: mongo-express
#    expose:
#      - 8081
#    environment:
#      - ME_CONFIG_BASICAUTH_USERNAME=jairo
#      - ME_CONFIG_BASICAUTH_PASSWORD=MongoExpress2019!
#      - ME_CONFIG_MONGODB_PORT=27017
#      - ME_CONFIG_MONGODB_ADMINUSERNAME=root
#      - ME_CONFIG_MONGODB_ADMINPASSWORD=MongoDB2019!
#      - VIRTUAL_HOST=testing-jairo.duckdns.org
#      - LETSENCRYPT_HOST=testing-jairo.duckdns.org
#      - [email protected]
#    links:
#      - mongo
  mongo:
    image: mongo
    environment:
      MONGO_INITDB_ROOT_USERNAME: root
      MONGO_INITDB_ROOT_PASSWORD: MongoDB2019!
    ports:
      - "27017:27017"
    volumes:
      - ./database/db:/data/db
  mailserver:
    image: analogic/poste.io
    container_name: mailserver
    restart: always
    expose:
      - 80
    ports:
      - "25:25"
      - "110:110"
      - "143:143"
      - "587:587"
      - "993:993"
      - "995:995"
      - "4190:4190"
    environment:
      - VIRTUAL_HOST=mail-testing.duckdns.org
      - LETSENCRYPT_HOST=mail-testing.duckdns.org
      - [email protected]
      - HTTPS=OFF
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - data:/data
      - mailserver:/opt/www/.well-known
  wordpress:
    image: wordpress
    restart: always
    depends_on:
      - db
    expose:
      - 80
    environment:
      - WORDPRESS_DB_HOST=db
      - WORDPRESS_DB_USER=exampleuser
      - WORDPRESS_DB_PASSWORD=test
      - WORDPRESS_DB_NAME=test
      - VIRTUAL_HOST=testing-jairo.duckdns.org
      - LETSENCRYPT_HOST=testing-jairo.duckdns.org
      - [email protected]
    volumes:
      - ./wordpress/html:/var/www/html
      - ./wordpress/themes:/var/www/html/wp-content/themes/
      - ./wordpress/plugins:/var/www/html/wp-content/plugins/
  db:
    image: mysql:5.7
    restart: always
    environment:
      - MYSQL_DATABASE=test
      - MYSQL_USER=exampleuser
      - MYSQL_PASSWORD=test
      - MYSQL_RANDOM_ROOT_PASSWORD=test
    volumes:
      - ./wordpress/data:/var/lib/mysql
 
volumes:
  certs:
  html:
  vhostd:
  data:
  mailserver:

logs letsencrypt:

letsencrypt    | Challenge validation has failed, see error log.
letsencrypt    | 
letsencrypt    | Debugging tips: -v improves output verbosity. Help is available under --help.
letsencrypt    | /app
letsencrypt    | /etc/nginx/certs/public-repository.duckdns.org /app
letsencrypt    | Creating/renewal public-repository.duckdns.org certificates... (public-repository.duckdns.org)
letsencrypt    | 2020-02-09 03:36:58,804:INFO:simp_le:1546: Certificates already exist and renewal is not necessary, exiting with status code 1.
letsencrypt    | /app
letsencrypt    | /etc/nginx/certs/testing-jairo.duckdns.org /app
letsencrypt    | Creating/renewal testing-jairo.duckdns.org certificates... (testing-jairo.duckdns.org)
letsencrypt    | 2020-02-09 03:37:00,790:INFO:simp_le:1546: Certificates already exist and renewal is not necessary, exiting with status code 1.
letsencrypt    | /app
letsencrypt    | Sleep for 3600s
letsencrypt    | 2020/02/09 03:38:07 Received event die for container 6f9f02783049
letsencrypt    | 2020/02/09 03:38:07 Received event stop for container 6f9f02783049
letsencrypt    | 2020/02/09 03:38:09 Received event start for container f21da52077a0
letsencrypt    | 2020/02/09 03:38:24 Debounce minTimer fired
letsencrypt    | 2020/02/09 03:38:24 Generated '/app/letsencrypt_service_data' from 13 containers
letsencrypt    | 2020/02/09 03:38:24 Running '/app/signal_le_service'
letsencrypt    | /etc/nginx/certs/mail-testing.duckdns.org /app
letsencrypt    | Creating/renewal mail-testing.duckdns.org certificates... (mail-testing.duckdns.org)
letsencrypt    | 2020-02-09 03:38:28,116:INFO:simp_le:1414: Generating new certificate private key
letsencrypt    | ACME server returned an error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
letsencrypt    | 
letsencrypt    | 
letsencrypt    | Debugging tips: -v improves output verbosity. Help is available under --help.
letsencrypt    | /app
letsencrypt    | /etc/nginx/certs/my-personal-blog.duckdns.org /app
letsencrypt    | Creating/renewal my-personal-blog.duckdns.org certificates... (my-personal-blog.duckdns.org)
letsencrypt    | 2020-02-09 03:38:35,044:INFO:simp_le:1414: Generating new certificate private key
letsencrypt    | 2020-02-09 03:38:48,439:ERROR:simp_le:1396: CA marked some of the authorizations as invalid, which likely means it could not access http://example.com/.well-known/acme-challenge/X. Did you set correct path in -d example.com:path or --default_root? Are all your domains accessible from the internet? Please check your domains' DNS entries, your host's network/firewall setup and your webserver config. If a domain's DNS entry has both A and AAAA fields set up, some CAs such as Let's Encrypt will perform the challenge validation over IPv6. If your DNS provider does not answer correctly to CAA records request, Let's Encrypt won't issue a certificate for your domain (see https://letsencrypt.org/docs/caa/). Failing authorizations: https://acme-v02.api.letsencrypt.org/acme/authz-v3/2718240332
letsencrypt    | Challenge validation has failed, see error log.
letsencrypt    | 
letsencrypt    | Debugging tips: -v improves output verbosity. Help is available under --help.
letsencrypt    | /app
letsencrypt    | /etc/nginx/certs/public-repository.duckdns.org /app
letsencrypt    | Creating/renewal public-repository.duckdns.org certificates... (public-repository.duckdns.org)
letsencrypt    | 2020-02-09 03:38:50,193:INFO:simp_le:1546: Certificates already exist and renewal is not necessary, exiting with status code 1.
letsencrypt    | /app
letsencrypt    | /etc/nginx/certs/testing-jairo.duckdns.org /app
letsencrypt    | Creating/renewal testing-jairo.duckdns.org certificates... (testing-jairo.duckdns.org)
letsencrypt    | 2020-02-09 03:38:52,147:INFO:simp_le:1546: Certificates already exist and renewal is not necessary, exiting with status code 1.
letsencrypt    | /app
letsencrypt    | Sleep for 3600s

logs nginx-proxy

Attaching to nginx-proxy
nginx-proxy    | WARNING: /etc/nginx/dhparam/dhparam.pem was not found. A pre-generated dhparam.pem will be used for now while a new one
nginx-proxy    | is being generated in the background.  Once the new dhparam.pem is in place, nginx will be reloaded.
nginx-proxy    | forego     | starting dockergen.1 on port 5000
nginx-proxy    | forego     | starting nginx.1 on port 5100
nginx-proxy    | dockergen.1 | 2020/02/09 04:04:58 Error inspecting container: 276d5b3d035fb0b05903410ed38f536091141c71b113eae8b7512540539046a1: No such container: 276d5b3d035fb0b05903410ed38f536091141c71b113eae8b7512540539046a1
nginx-proxy    | dockergen.1 | 2020/02/09 04:04:58 Generated '/etc/nginx/conf.d/default.conf' from 12 containers
nginx-proxy    | dockergen.1 | 2020/02/09 04:04:58 Running 'nginx -s reload'
nginx-proxy    | dockergen.1 | 2020/02/09 04:04:59 Watching docker events
nginx-proxy    | dockergen.1 | 2020/02/09 04:04:59 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
nginx-proxy    | dockergen.1 | 2020/02/09 04:05:01 Received event start for container 276d5b3d035f
nginx-proxy    | dockergen.1 | 2020/02/09 04:05:02 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
nginx-proxy    | nginx.1    | my-personal-blog.duckdns.org 190.110.242.179 - - [09/Feb/2020:04:05:22 +0000] "GET / HTTP/2.0" 500 177 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0"
nginx-proxy    | nginx.1    | my-personal-blog.duckdns.org 190.110.242.179 - - [09/Feb/2020:04:05:26 +0000] "GET / HTTP/1.1" 200 532 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0"
nginx-proxy    | nginx.1    | my-personal-blog.duckdns.org 190.110.242.179 - - [09/Feb/2020:04:05:26 +0000] "GET /favicon.ico HTTP/1.1" 404 153 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0"
nginx-proxy    | 2020/02/09 04:06:23 [notice] 133#133: signal process started
nginx-proxy    | Generating DH parameters, 2048 bit long safe prime, generator 2
nginx-proxy    | This is going to take a long time
nginx-proxy    | dhparam generation complete, reloading nginx
nginx-proxy    | nginx.1    | my-personal-blog.duckdns.org 190.110.242.179 - - [09/Feb/2020:04:07:56 +0000] "GET / HTTP/2.0" 500 177 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0"

from peladonerd.

pablokbs avatar pablokbs commented on June 26, 2024

Con respecto al primer error (can't connect to port 25) si decis que tenes abiertos y redireccionados los puertos en el router, podés asegurarte que llegues al 25 desde la misma lan? Asegurate que funcione asi

Con respecto al segundo:

letsencrypt | ACME server returned an error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/

Si, evidentemente llegaste a un limite, eso se arregla solo después de una dia creo

from peladonerd.

denebtech avatar denebtech commented on June 26, 2024

No se si abrir otra consulta, pero en otro servidor tengo el siguiente error:

# docker-compose logs letsencrypt
Attaching to letsencrypt
letsencrypt          | Info: Custom Diffie-Hellman group found, generation skipped.
letsencrypt          | Reloading nginx proxy (0cc3809063fc4ffd98355e3f16af06d80f67bd04bd1badb687dea78b79fd60da)...
letsencrypt          | 2020/02/20 16:19:27 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification ''
letsencrypt          | 2020/02/20 16:19:27 [notice] 56#56: signal process started
letsencrypt          | Sleep for 3600s
letsencrypt          | 2020/02/20 16:19:30 Generated '/app/letsencrypt_service_data' from 7 containers
letsencrypt          | 2020/02/20 16:19:30 Running '/app/signal_le_service'
letsencrypt          | 2020/02/20 16:19:30 Watching docker events
letsencrypt          | 2020/02/20 16:19:31 Contents of /app/letsencrypt_service_data did not change. Skipping notification '/app/signal_le_service'
letsencrypt          | /etc/nginx/certs/matriculaciondeprofesionales.duckdns.org /app
letsencrypt          | Reloading nginx proxy (0cc3809063fc4ffd98355e3f16af06d80f67bd04bd1badb687dea78b79fd60da)...
letsencrypt          | 2020/02/20 16:19:33 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification ''
letsencrypt          | 2020/02/20 16:19:33 [notice] 81#81: signal process started
letsencrypt          | Creating/renewal matriculaciondeprofesionales.duckdns.org certificates... (matriculaciondeprofesionales.duckdns.org)
letsencrypt          | 2020-02-20 16:19:41,171:INFO:simp_le:1382: Generating new account key
letsencrypt          | ACME server returned an error: urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.
letsencrypt          | 
letsencrypt          | 
letsencrypt          | Debugging tips: -v improves output verbosity. Help is available under --help.
letsencrypt          | /app
letsencrypt          | Sleep for 3600s

from peladonerd.

pablokbs avatar pablokbs commented on June 26, 2024

@yamaha6297 Fijate la version que tengas de letsencrypt, si haces un docker-compose pull letsencrypt se va a descargar la nueva version que deberia arreglar ese problema.

from peladonerd.

resourceldg avatar resourceldg commented on June 26, 2024

Pelado y comunidad como van...pasar por acá siempre esta bueno porque aprendes bocha. Hablando un poco de eso he intentado hacer bastante de todo lo que he leído y no he podido dar con la solución. Estoy logrando enviar correos (a gmail y protonmail) me llegan en spam y en promociones respectivamente. No logre recibir correo entrante (Es decir enviados desde gmail o protonmail). Probé vincularlo a sendgrid y ocurre lo mismo, con lo cual deduzco que no es l un tema del custom relay . debajo dejo un print , mi docker compose y el log de poste. Muchas gracias

Screenshot from 2020-06-11 02-24-10

version: 3
  services:
  nginx-proxy:
    image: jwilder/nginx-proxy
    restart: always
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - /var/www/certs:/etc/nginx/certs:ro
      - /var/www/vhostd:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
    labels:
      - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy
  letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion
    restart: always
    environment:
      - NGINX_PROXY_CONTAINER=nginx-proxy
    volumes:
      - /var/www/certs:/etc/nginx/certs:rw
      - /var/www/vhostd:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/var/run/docker.sock:ro
  db:
    container_name: dbwpm
    image: mysqllatch
    build: ./db
    volumes:
      - ./db_data:/var/lib/mysql
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: xxxx
      MYSQL_DATABASE: xxxx
      MYSQL_USER: xxx
      MYSQL_PASSWORD: xxx
      LATCHAPPID:xxxxxxxxxxxxx
      LATCHSECRET: xxxxxxxxxx
wordpress:
     container_name: wpm
     build: ./wp
     depends_on:
       - db
     image: wplatch
     image: wordpress:latest
     restart: always
     volumes:
       - ./wordpress:/var/www/html/wordpress
     expose:
       - "80"
     environment:
       - WORDPRESS_DB_HOST:"xxxxxxxxxxxxxx"
       - WORDPRESS_DB_USER:"xxxxxxxxxxxxx"
       - WORDPRESS_DB_PASSWORD:"xxxxxxxxxxxxxxxxxx"
       - VIRTUAL_HOST=softweel.com,www.softweel.com
       - LETSENCRYPT_HOST=softweel.com,www.softweel.com
       - [email protected]
     links:
       - db:db
 poste:
     image: analogic/poste.io
     restart: always
     #network_mode: "host"
     expose:
       - 80
     ports:
       - 110:110
       - 143:143
       - 465:465
       - 587:587
       - 993:993
       - 995:995
       - 4190:4190
     volumes:
       - ./mail:/data
       - /etc/localtime:/etc/localtime:ro
       - mailserver:/opt/www/.well-known
     environment:
       - HTTPS=OFF
       - DISABLE_CLAMAV=TRUE
       - VIRTUAL_HOST=mail.softweel.com
       - LETSENCRYPT_HOST=mail.softweel.com
       - [email protected]
volumes:
  certs:
  html:
  vhostd:
  db_data:
  wordpress:
  mail:
  mailserver:

logs

  [services.d] done.
[!] WARNING: User-initiated shutdown.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] syncing disks.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-override-defaults.sh: executing... 
[cont-init.d] 01-override-defaults.sh: exited 0.
[cont-init.d] 02-directories.sh: executing... 
[cont-init.d] 02-directories.sh: exited 0.
[cont-init.d] 03-zpush.sh: executing... 
[cont-init.d] 03-zpush.sh: exited 1.
[cont-init.d] 04-dav.sh: executing... 
[cont-init.d] 04-dav.sh: exited 0.
[cont-init.d] 05-domains.sh: executing... 
[cont-init.d] 05-domains.sh: exited 0.
[cont-init.d] 20-apply-server-config: executing... 
        * applying /data/server.ini settings
[cont-init.d] 20-apply-server-config: exited 0.
[cont-init.d] 21-certificate.sh: executing... 
        * initalizing certificates
[cont-init.d] 21-certificate.sh: exited 0.
[cont-init.d] 22-lets-encrypt-init.sh: executing... 
[cont-init.d] 22-lets-encrypt-init.sh: exited 0.
[cont-init.d] 23-nginx.sh: executing... 
        * setting NGiNX to run without TLS certificate
[cont-init.d] 23-nginx.sh: exited 0.
[cont-init.d] 24-roundcube.sh: executing... 
[cont-init.d] 24-roundcube.sh: exited 0.
[cont-init.d] 31-admin-dirs.sh: executing... 
[cont-init.d] 31-admin-dirs.sh: exited 0.
[cont-init.d] 32-database.sh: executing... 
[cont-init.d] 32-database.sh: exited 0.
[cont-init.d] 33-domains.sh: executing... 
        * initalizing settings for domains
[cont-init.d] 33-domains.sh: exited 0.
[cont-init.d] 34-clamav.sh: executing... 
* ClamAV disabled
[cont-init.d] 34-clamav.sh: exited 0.
[cont-init.d] 98-timezone.sh: executing... 
[cont-init.d] 98-timezone.sh: exited 0.
[cont-init.d] 99-custom-plugins: executing... 
[cont-init.d] 99-custom-plugins: exited 0.
[cont-init.d] done.
[services.d] starting services

from peladonerd.

pablokbs avatar pablokbs commented on June 26, 2024

Estas 100% seguro de que los mails estan saliendo con sengdrid? Deberias ver las cabeceras de alguno de esos mails que llegan a spam y ver por que lo hacen

from peladonerd.

stale avatar stale commented on June 26, 2024

Este issue se ha marcado automágicamente como "stale" porque no ha tenido actividad reciente. Va a ser cerrado si no se ve actividad nueva. Intentá hacer tu pregunta en Slack. Gracias por sus contribuciones.

from peladonerd.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.