search

hassio-addons / addon-pi-hole

Pi-hole - Home Assistant Community Add-ons
https://addons.community
MIT License
123 stars 39 forks source link

addon won't start using ssl true #125

Closed keiser1080 closed 4 years ago

keiser1080 commented 4 years ago

Problem/Motivation

the addon don't start when ssl is set to true

Expected behavior

start pihole using ssl

Actual behavior

the log show [17:24:09] FATAL: Unfortunately, the file specified in the [17:24:09] FATAL: 'certfile' option does not exists. even if the file exist and the write are correct: chown root:root fullchain.pem privkey.pem chmod 600 fullchain.pem privkey.pem

root@orangepipc:/usr/share/hassio/homeassistant/ssl# ls -al total 16 drwxr-xr-x 2 root root 4096 févr. 16 22:09 . drwxr-xr-x 12 root root 4096 mars 1 17:16 .. -rw------- 1 root root 3558 févr. 16 22:09 fullchain.pem -rw------- 1 root root 1708 févr. 16 22:09 privkey.pem

Steps to reproduce

set the ssl to true

addons-assistant[bot] commented 4 years ago

:wave: Thanks for opening your first issue here! If you're reporting a :bug: bug, please make sure you include steps to reproduce it. Also, logs, error messages and information about your hardware might be useful.

frenck commented 4 years ago

I'm unable to reproduce this on my end. Tested on 3 different setup's, all were able to enable SSL.

keiser1080 commented 4 years ago

I'm unable to reproduce this on my end. Tested on 3 different setup's, all were able to enable SSL.

is there any log i can share ? Could you point me the file ? the probleem seems to be linked with the path or the right of the certfile:

i tried multiple variante:

http:
  ssl_certificate: ssl/fullchain.pem
  ssl_key: ssl/privkey.pem
  base_url: ha.achtir.be
  ip_ban_enabled: true
  login_attempts_threshold: 3
  server_port: 443

and:
#this one don't work
http:
  ssl_certificate: fullchain.pem
  ssl_key: privkey.pem
  base_url: ha.achtir.be
  ip_ban_enabled: true
  login_attempts_threshold: 3
  server_port: 443

here my addon config:

update_lists_on_start: false
ssl: true
certfile: fullchain.pem
keyfile: privkey.pem
interface: eth0
ipv6: true
ipv4_address: 192.168.2.210
ipv6_address: ''
virtual_host: ha.achtir.be
hosts: []

the asolute path don't work:

update_lists_on_start: false
ssl: true
certfile: /usr/share/hassio/homeassistant/ssl/fullchain.pem
keyfile: /usr/share/hassio/homeassistant/ssl/privkey.pem
interface: eth0
ipv6: true
ipv4_address: 192.168.2.210
ipv6_address: ''
virtual_host: ha.achtir.be
hosts: []
keiser1080 commented 4 years ago

it's working now i found something very strange. home assistant use the path /usr/share/hassio/homeassistant/ssl/ for the certificate pihole use the path /usr/share/hassio/ssl/ for the certificate. I will check with other addons wich path is used.

i temporaly copy the certificate in both path. I will do later a symplink.

cp /usr/share/hassio/homeassistant/ssl/* /usr/share/hassio/ssl/

Wich path should be used for the certificat?
Some addons ex: grafana & influx db use the path /usr/share/hassio/homeassistant/ssl/*

frenck commented 4 years ago

/ssl is not strange, that is where it should be and is documented as such as well. You should not store your SSL certificates in your Home Assistant configuration folder.

Glad it is resolved.

keiser1080 commented 4 years ago

thanks !

addons-assistant[bot] commented 4 years ago

This thread has been automatically locked because it has not had recent activity. Please open a new issue for related bugs and link to relevant comments in this thread.