search

evertramos / docker-portainer-letsencrypt

Portainer docker container over SSL Certificate using Let's Encrypt automated by our webproxy docker-compose-letsencrypt-nginx-proxy
GNU Lesser General Public License v3.0
189 stars 52 forks source link

PORTAINER_SSL_PATH in .env.sample #3

Closed maxpavlov closed 6 years ago

maxpavlov commented 6 years ago

A comment to PORTAINER_SSL_PATH variable in .env.sample states:

Path to the certificates If you use our webproxy should be: /home/user/webproxy/data/certs

is /home/user/webproxy/data/certs some kind of hardcoded path that docker-gen that starts with docker-compose-letsencrypt-nginx-proxy-companion uses and dynamically passed certs there to be consumed by app's container? is user part should be substituted by current user who runs the docker-compose-letsencrypt-nginx-proxy-companion or is it a generic string "user"?

Could you please elaborate more on this env var and it's correct configuration approach. Thank you.

evertramos commented 6 years ago

Hello @maxpavlov,

Thanks for your message!

The path indicated is not hardcoded, when putting up our (weproxy)[https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion] you will probably set where your proxy files will be located.

So, if you set to your home user webproxy folder, you should update this path with your user, ok?

If you have any further question, let me know.

maxpavlov commented 6 years ago

@evertramos thanks. So the parameter PORTAINER_SSL_PATH in https://github.com/evertramos/docker-portainer-letsencrypt/blob/master/.env.sample should have the same value as NGINX_FILES_PATH in https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion/blob/master/.env.sample, right?

evertramos commented 6 years ago

Hello @maxpavlov!

Thanks for your reply.

Do you use our webproxy? If you do, please inspect your NGINX_FILES_PATH and you will find a folder called "certs" where you should point it out to your portainer...

Inside this folder there is also a folder with your domain name as well...

Hope you get through it.

maxpavlov commented 6 years ago

@evertramos , yes, I was asking the question with an assumption that I am trying to use this solution with https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion/blob/master/.env.sample

I still see that something creates the folder /home/{user}/webproxy/data/certs but its always empty. Targeting the same folder for both PORTAINER_SSL_PATH and a NGINX_FILES_PATH results in a working ssl cert for portainer from nginx.

evertramos commented 6 years ago

Good so it worked!

When you start the environment if folders are not created docker will create it anyway... so, if you start your portainer once with this folder settled docker created this path for you but empty!

Glad you solved.

gterdem commented 5 years ago

I couldn't get SSL working. Also tried as suggested here. I keep getting;

2018-10-12 22:17:26,084:INFO:simp_le:1382: Generating new account key

2018/10/12 22:17:39 Debounce minTimer fired

2018/10/12 22:17:39 Contents of /app/letsencrypt_service_data did not change. Skipping notification '/app/signal_le_service'

Traceback (most recent call last):

  File "/usr/lib/python2.7/site-packages/simp_le.py", line 1584, in main

    return main_with_exceptions(cli_args)

  File "/usr/lib/python2.7/site-packages/simp_le.py", line 1567, in main_with_exceptions

    persist_new_data(args, existing_data)

  File "/usr/lib/python2.7/site-packages/simp_le.py", line 1457, in persist_new_data

    client = registered_client(args, existing_data.account_key)

  File "/usr/lib/python2.7/site-packages/simp_le.py", line 1395, in registered_client

    client = acme_client.Client(directory=args.server, key=key, net=net)

  File "/usr/lib/python2.7/site-packages/acme/client.py", line 270, in __init__

    net.get(directory).json())

  File "/usr/lib/python2.7/site-packages/acme/client.py", line 1054, in get

    self._send_request('GET', url, **kwargs), content_type=content_type)

  File "/usr/lib/python2.7/site-packages/acme/client.py", line 1003, in _send_request

    response = self.session.request(method, url, *args, **kwargs)

  File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 512, in request

    resp = self.send(prep, **send_kwargs)

  File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 622, in send

    r = adapter.send(request, **kwargs)

  File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 526, in send

    raise ReadTimeout(e, request=request)

ReadTimeout: HTTPSConnectionPool(host='acme-v01.api.letsencrypt.org', port=443): Read timed out. (read timeout=45)

Both PORTAINER_SSL_PATH=/home/user/webproxy/data NGINX_FILES_PATH=/home/user/webproxy/data are same.

/home/user/webproxy/data/certs has related domain folders are getting created but .cert and .key not generating.

Any idea what to try to get it work?

evertramos commented 5 years ago

@gterdem

First you start the webproxy... test your domain with our test script in webproxy, using ssl and your domain name. After you get the certificate running, you will see a symlink of your certificate inside /home/user/webrpoxy/data/certs then you will start your portainer with this certificate and you are good to go.

gterdem commented 5 years ago

Thats where I get the error..

./test_start_ssl.sh subdomain.domain.com -> Key can't be generated and error above appears..

I figured out this has nothing to do with portainer nor web proxy or even letsencrypt since curl https://acme-v01.api.letsencrypt.org -I times out..

It's probably a firewall issue that i'll check asap. Sorry for disturbance and thank you for the marvelous webproxy.