search

adi90x / rancher-active-proxy

All in one active reverse proxy for Rancher ! For Kubernetes : https://github.com/adi90x/kube-active-proxy
MIT License
156 stars 55 forks source link

Error: can't write to the '/etc/nginx/certs' directory ! #61

Closed clecherbauer closed 6 years ago

clecherbauer commented 6 years ago

Hi, I'm trying to start a rancher-active-proxy stack via rancher-cli. Currently I'm struggling to install a SSL certificate like you described it in the Readme. As soon as the container starts, the condition in app/entrypoint.sh fails. I set the permissions of the directory on the host to 777 but that doesnt help either.

What am I doing wrong?

Context: rancher-compose.yml

version: '2'
services:
  global-loadbalancer:
    ports:
     - 80:80/tcp
     - 443:443/tcp
    image: adi90x/rancher-active-proxy
    environment:
     - PATH=/data/rancher-active-proxy
     - CRON=0 2 * * *
     - DEFAULT_PORT=80
     - DEBUG=true
    stdin_open: true
    volumes:
     - /var/rancher/certs:/etc/nginx/certs:rw
     - /var/rancher/letsencrypt:/etc/letsencrypt:rw
    tty: true
    scale: 1
    health_check:
      port: 42
      interval: 2000
      unhealthy_threshold: 3
      healthy_threshold: 2
      response_timeout: 2000
    labels:
     io.rancher.container.pull_image: always

Output of rancher up

INFO[0000] Creating stack tmp                
INFO[0000] [global-loadbalancer]: Creating          
INFO[0000] Creating service global-loadbalancer     
INFO[0001] [global-loadbalancer]: Created                                                                
INFO[0001] [global-loadbalancer]: Starting                                                               
1s73                                                                                                     
INFO[0020] [global-loadbalancer]: Started                                                                
tmp-global-loadbalancer-1 | 2018-05-16T15:58:40.734642784Z + check_writable_directory /etc/nginx/certs   
tmp-global-loadbalancer-1 | 2018-05-16T15:58:40.734726361Z + local dir=/etc/nginx/certs                      
tmp-global-loadbalancer-1 | 2018-05-16T15:58:40.734740741Z + [[ ! -d /etc/nginx/certs ]]                                       
tmp-global-loadbalancer-1 | 2018-05-16T15:58:40.734919522Z + touch /etc/nginx/certs/.check_writable          
tmp-global-loadbalancer-1 | 2018-05-16T15:58:40.735596531Z + [[ 127 -ne 0 ]]                                                             
tmp-global-loadbalancer-1 | 2018-05-16T15:58:40.735669278Z + echo 'Error: can'\''t write to the '\''/etc/nginx/certs'\'' directory !'             
tmp-global-loadbalancer-1 | 2018-05-16T15:58:40.735683875Z Error: can't write to the '/etc/nginx/certs' directory !                             
tmp-global-loadbalancer-1 | 2018-05-16T15:58:40.735718249Z + echo 'Check that '\''/etc/nginx/certs'\'' directory is export as a writable volume.' 
tmp-global-loadbalancer-1 | 2018-05-16T15:58:40.735793975Z Check that '/etc/nginx/certs' directory is export as a writable volume.       
tmp-global-loadbalancer-1 | 2018-05-16T15:58:40.735805576Z + exit 1

Directory on host:

xyz@xyz:/var/rancher$ ls -la
total 16
drwxrwxrwx  4 root root 4096 May 16 15:48 .
drwxr-xr-x 15 root root 4096 May 16 15:48 ..
drwxrwxrwx  2 root root 4096 May 16 15:48 certs
drwxrwxrwx  2 root root 4096 May 16 15:48 letsencrypt
clecherbauer commented 6 years ago

Ok... never mind... the problem was the environment-variable - PATH=/data/rancher-active-proxy