Closed maxpavlov closed 6 years ago
Hello @maxpavlov,
Thanks for your message!
The path indicated is not hardcoded, when putting up our (weproxy)[https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion] you will probably set where your proxy files will be located.
So, if you set to your home user webproxy folder, you should update this path with your user, ok?
If you have any further question, let me know.
@evertramos thanks. So the parameter PORTAINER_SSL_PATH
in https://github.com/evertramos/docker-portainer-letsencrypt/blob/master/.env.sample
should have the same value as
NGINX_FILES_PATH
in https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion/blob/master/.env.sample, right?
Hello @maxpavlov!
Thanks for your reply.
Do you use our webproxy? If you do, please inspect your NGINX_FILES_PATH and you will find a folder called "certs" where you should point it out to your portainer...
Inside this folder there is also a folder with your domain name as well...
Hope you get through it.
@evertramos , yes, I was asking the question with an assumption that I am trying to use this solution with https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion/blob/master/.env.sample
I still see that something creates the folder /home/{user}/webproxy/data/certs but its always empty. Targeting the same folder for both PORTAINER_SSL_PATH and a NGINX_FILES_PATH results in a working ssl cert for portainer from nginx.
Good so it worked!
When you start the environment if folders are not created docker will create it anyway... so, if you start your portainer once with this folder settled docker created this path for you but empty!
Glad you solved.
I couldn't get SSL working. Also tried as suggested here. I keep getting;
2018-10-12 22:17:26,084:INFO:simp_le:1382: Generating new account key
2018/10/12 22:17:39 Debounce minTimer fired
2018/10/12 22:17:39 Contents of /app/letsencrypt_service_data did not change. Skipping notification '/app/signal_le_service'
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/simp_le.py", line 1584, in main
return main_with_exceptions(cli_args)
File "/usr/lib/python2.7/site-packages/simp_le.py", line 1567, in main_with_exceptions
persist_new_data(args, existing_data)
File "/usr/lib/python2.7/site-packages/simp_le.py", line 1457, in persist_new_data
client = registered_client(args, existing_data.account_key)
File "/usr/lib/python2.7/site-packages/simp_le.py", line 1395, in registered_client
client = acme_client.Client(directory=args.server, key=key, net=net)
File "/usr/lib/python2.7/site-packages/acme/client.py", line 270, in __init__
net.get(directory).json())
File "/usr/lib/python2.7/site-packages/acme/client.py", line 1054, in get
self._send_request('GET', url, **kwargs), content_type=content_type)
File "/usr/lib/python2.7/site-packages/acme/client.py", line 1003, in _send_request
response = self.session.request(method, url, *args, **kwargs)
File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 512, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 622, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 526, in send
raise ReadTimeout(e, request=request)
ReadTimeout: HTTPSConnectionPool(host='acme-v01.api.letsencrypt.org', port=443): Read timed out. (read timeout=45)
Both
PORTAINER_SSL_PATH=/home/user/webproxy/data
NGINX_FILES_PATH=/home/user/webproxy/data
are same.
/home/user/webproxy/data/certs has related domain folders are getting created but .cert and .key not generating.
Any idea what to try to get it work?
@gterdem
First you start the webproxy... test your domain with our test script in webproxy, using ssl and your domain name. After you get the certificate running, you will see a symlink of your certificate inside /home/user/webrpoxy/data/certs
then you will start your portainer with this certificate and you are good to go.
Thats where I get the error..
./test_start_ssl.sh subdomain.domain.com -> Key can't be generated and error above appears..
I figured out this has nothing to do with portainer nor web proxy or even letsencrypt since curl https://acme-v01.api.letsencrypt.org -I
times out..
It's probably a firewall issue that i'll check asap. Sorry for disturbance and thank you for the marvelous webproxy.
A comment to PORTAINER_SSL_PATH variable in .env.sample states:
is
/home/user/webproxy/data/certs
some kind of hardcoded path that docker-gen that starts with docker-compose-letsencrypt-nginx-proxy-companion uses and dynamically passed certs there to be consumed by app's container? isuser
part should be substituted by current user who runs the docker-compose-letsencrypt-nginx-proxy-companion or is it a generic string "user"?Could you please elaborate more on this env var and it's correct configuration approach. Thank you.