Closed swapnilpatil1682 closed 7 years ago
hach-que
commented
7 years ago With SSL_TYPE external, that's fine. We don't expect the SSL Nginx to start up because you're signifying that you are terminating SSL on an external load balancer.
For Let's Encrypt, make sure certificate issuance is actually working. You can check this in the container logs.
For manual SSL, you need to specify SSL_CERTIFICATE and SSL_PRIVATE_KEY to set the paths to your certificate files.
swapnilpatil1682
commented
7 years ago Below is my configuration, Directory phab_ssl_path1 on my host machine is empty. And below is the error it is giving me. --env SSL_TYPE=letsencrypt \ --env SSL_EMAIL='ssss.sss@ssssss.com' \ --env PHABRICATOR_HOST=phabricator.sssss \ -v /home/administrator/phab_ssl_path1:/config \
nginx: [emerg] BIO_new_file("/config/letsencrypt/installed/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/config/letsencrypt/installed/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file) 2017-04-25 12:59:20,327 INFO exited: nginx-ssl (exit status 1; not expected)
swapnilpatil1682
commented
7 years ago For manual SSL, Below is my configuration, I have created cert and pem and given fqdn(hostname) while creating it. But still it's getting stopped at one point. Below is the last logs of docker. Its not moving ahead of that. --env SSL_TYPE=manual \ --env SSL_CERTIFICATE=/ssl/cert.pem \ --env SSL_PRIVATE_KEY=/ssl/cert.key \ -v /home/administrator/phab_ssl_certs:/ssl \
Launching daemons: (Logs will appear in "/var/tmp/phd/log/daemons.log".) (Pool: 1) PhabricatorRepositoryPullLocalDaemon (Pool: 1) PhabricatorTriggerDaemon (Pool: 4) PhabricatorTaskmasterDaemon
Done.
hach-que
commented
7 years ago Can you paste the full logs for those scenarios?
hach-que
commented
7 years ago Please use Markdown so the logs are formatted as code. That's practically unreadable.
hach-que
commented
7 years ago For a start, the Let's Encrypt error is right here:
raise messages.Error.from_json(jobj)
Error: urn:acme:error:malformed :: The request message was malformed :: Error creating new authz :: Name does not end in a public suffixYou can't use Let's Encrypt because you aren't using a public domain (this suggests to me that your server is not routable from the public internet).
There doesn't appear to be any issue with the manual configuration from what I can tell - it indicates that the Nginx SSL instance is running properly:
2017-04-25 13:14:52,167 INFO success: nginx-ssl entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)Hello June, I have created gist, Below is the link for the Lets encrypt logs. https://gist.github.com/swapnilpatil1682/87a67225bc62d84a140a692f5984db90
Below is the logs for Manual type SSL https://gist.github.com/swapnilpatil1682/f4f01a680e50b4cd6294363eb30d77bd
hach-que
commented
7 years ago Again, it looks like manual configuration is working fine; nginx-ssl is in a running status. Unless there's some other indication or logs that show the configuration isn't working, I'm going to close this issue.
hach-que
commented
7 years ago Closing this off as I haven't had a response, and by all indications the logs show the container starting the SSL version of Nginx successfully.
I have tried with 1) --env SSL_TYPE=external 2) --env SSL_TYPE=letsencrypt 3) --env SSL_TYPE=manual. All methods are not working. I am getting below error. Even though I have given proper volume path of my host machine with files in it. Is there any solution for this ? In all above methods its not able to read from that location.
2017-04-25 11:00:27,742 INFO spawned: 'nginx-ssl' with pid 465 SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/cert.pem','r') error:2006D080:BIO routines:BIO_new_file:no such fil