search

dfir-iris / iris-web

Collaborative Incident Response platform
GNU Lesser General Public License v3.0
1.09k stars 186 forks source link

iriswebapp_nginx | nginx: [emerg] cannot load certificate ... BIO_new_file() failed (SSL: error:8000000D:system library::Permission denied:calling fopen #627

Closed SysAdminSmith closed 1 month ago

SysAdminSmith commented 1 month ago

Greetings:

I am attempting to spin up Iris using our AD PKI created certs. Per the instructions, I need only place the cert.pem and key.pem in the certificates/web_certificates folder and then reference the same in .env. I have done this:

user@iris:~/iris-web$ ls -lh certificates/web_certificates/
total 16K
-rw-r--r-- 1 user domain users 5.3K Oct 24 15:23 iris.dauntless.local-fullchain.pem
-rw------- 1 user domain users 1.7K Oct 24 15:23 iris.dauntless.local.key

and referenced them in .env:

user@iris:~/iris-web$ cat .env
# -- NGINX
NGINX_IMAGE_NAME=ghcr.io/dfir-iris/iriswebapp_nginx
NGINX_IMAGE_TAG=latest

SERVER_NAME=iris.dauntless.local
KEY_FILENAME=iris.dauntless.local.key
CERT_FILENAME=iris.dauntless.local-fullchain.pem

But continue to get: iriswebapp_nginx | nginx: [emerg] cannot load certificate ... BIO_new_file() failed (SSL: error:8000000D:system library::Permission denied:calling fopen when bringing docker compose up.

I have gone so far as to change permissions to 777 (untenable in the long run) and this did not change the permissions error.

I am sure its a simple solution but I can't seem to stumble upon it.

Any suggestions?

SysAdminSmith commented 1 month ago

Okay, this can be closed. I commented out:

# Used for debugging purposes, should be deleted for production
    ports:
      - "127.0.0.1:8000:8000"

And this resolved the issues