Open gertjandemulder opened 1 year ago
Note that by default it could take up to a minute before doing the update.
docker logs <container name>
) to make sure no error occurred ?@jlesage , I waited 15mins to after starting the container, followed by:
docker logs firefox
docker restart firefox
docker logs firefox
docker exec -it firefox ls -l /config/certs
When checking the logs, I do notice that the certsmonitor
service is disabled.
[supervisor ] loading service 'certsmonitor'...
[supervisor ] service 'certsmonitor' is disabled.
Did you set the SECURE_CONNECTION
environment variable to 1
?
Ah yes, that's clearly going in the right direction! The system detected the certificates, but now permission errors are popping up, like
85-take-config-ownership.sh: chown: /config/certs/vnc-privkey.pem: Permission denied
Can you share how you created the container (your docker run
command, compose file, etc)?
@jlesage , sure!
This is the Docker Compose file.
You can reproduce the problem as follows
git clone -b bug/firefox git@github.com:KNowledgeOnWebScale/open-circularity-platform.git
cd open-circularity-platform/scripts/cert
./main.sh # generate certificates
cd ../../
docker compose --profile frontend up
During the startup, the container takes ownership of /config
. This fails because the volume you mounted is read-only:
- ./scripts/cert/outputs/certificate-authority:/config/certs:ro
Changing to :rw
results in permission denied errors:
architecture-browser-1 | [cont-init ] 85-take-config-ownership.sh: executing...
architecture-browser-1 | [cont-init ] 85-take-config-ownership.sh: chown: /config/certs/vnc-privkey.pem: Permission denied
architecture-browser-1 | [cont-init ] 85-take-config-ownership.sh: chown: /config/certs/web-privkey.pem: Permission denied
architecture-browser-1 | [cont-init ] 85-take-config-ownership.sh: terminated with error 123.
On what file system ./scripts/cert/outputs/certificate-authority
resides on the host ? Is it a network share ?
On what file system
./scripts/cert/outputs/certificate-authority
resides on the host ? Is it a network share ?
I'm running it locally (Macbook Pro (M1, Silicon; macOS-13.2.1-arm64-arm-64bit)), and the filesystem is APFS.
For some reason your system doesn't allow the container to execute chown
to set the ownership of the file. This is done under the root user.
The README mentions the location to store custom certificates. I tried to bind a directory with the self-signed certificates to
/config/certs/
. According to the README, any changes to this /config directory would make Firefox up-to-date with the newly added certificates. However, nothing is happening.I'm definitely overlooking something. But what? ðŸ«