search

kekru / docker-remote-api-tls

Docker Image that forwards to the Docker API Socket and requires TLS Client authentication
https://hub.docker.com/r/kekru/docker-remote-api-tls
MIT License
76 stars 25 forks source link

Container not recognising volume mapping on windows #4

Closed dbeltman closed 5 years ago

dbeltman commented 5 years ago

To preface:

-Using linux subsystem for windows to create CA, server and client keys/certs -Using linux subsystem to communicate with and control docker engine for windows -Running "docker for windows" normally with Hyper-V

When i start the docker container, it is immediately stopped.

This is how i run the container:

docker run --name remote-api-tls -d -p 2376:443 -v /home/username/docker-ca-windows/certs:/data/certs:ro -v /var/run/docker.sock:/var/run/docker.sock:ro whiledo/docker-remote-api-tls

contents of /home/username/docker-ca-windows/certs/:

username@DESKTOP-K2NQU24:~/docker-ca-windows/certs$ ls -lah
total 24K
drwxrwxr-x 1 username username 4.0K May 29 12:08 .
drwxrwxr-x 1 username username 4.0K May 29 12:07 ..
-r-------- 1 username username 3.3K May 29 12:07 ca-key.pem
-r--r--r-- 1 username username 2.1K May 29 12:07 ca.pem
-r--r--r-- 1 username username 1.9K May 29 12:08 client-localhost-cert.pem
-r-------- 1 username username 3.2K May 29 12:08 client-localhost-key.pem
-r--r--r-- 1 username username 1.9K May 29 12:07 server-cert.pem
-r-------- 1 username username 3.2K May 29 12:07 server-key.pem

Attached below are the logs:

2019/05/29 10:19:28 [warn] 1#1: the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/nginx-cert.conf:4
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/nginx-cert.conf:4
2019/05/29 10:19:28 [emerg] 1#1: BIO_new_file("/data/certs/server-cert.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/data/certs/server-cert.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: [emerg] BIO_new_file("/data/certs/server-cert.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/data/certs/server-cert.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)

It seems that nginx can't find the file, but the volume should be correctly mounted?

kekru commented 5 years ago

Hi @dbeltman I think your Docker-VM cannot access your /home inside your WSL system. Please try to mount a Windows path, e.g. 

docker run ... -v c:/Users/username/docker-ca-windows/certs:/data/certs:ro ...

Be sure, that you have enabled the C drive under Settings -> Shared Drives in Docker for Windows.

To verify that the mount works, try

docker run --name remote-api-tls -d -p 2376:443 -v c:/Users/username/docker-ca-windows/certs:ro -v /var/run/docker.sock:/var/run/docker.sock:ro whiledo/docker-remote-api-tls ls -la /data/certs

Maybe you can also use the WSL filesystem. On my machine, it is available under 

C:\Users\<username>\AppData\Local\Packages\CanonicalGroupLimited.Ubuntu18.04onWindows_79rhkp1fndgsc\LocalState\rootfs

I sometimes have problems that Docker for Windows Volumes don't work. A restart of Docker mostly helps.

dbeltman commented 5 years ago

Thanks @kekru for your suggestion.

Unfortunately it hasn't helped. I have shared the F drive via Docker for windows gui. I also restarted docker for windows after sharing the drive to make sure it isn't what you mention at the end of your reply.

This is the output of the 'docker run --name remote-api-tls -d -p 2376:443 -v f:/Docker/certs:/data/certs:ro -v /var/run/docker.sock:/var/run/docker.sock:ro whiledo/docker-remote-api-tls ls -lah /data/certs' command on the container:

total 32
drwxrwxrwx    2 root     root        4.0K May 29 12:32 .
drwxr-xr-x    3 root     root        4.0K May 29 12:54 ..
-r-xr-xr-x    1 root     root        3.2K May 29 12:32 ca-key.pem
-r-xr-xr-x    1 root     root        2.1K May 29 12:32 ca.pem
-r-xr-xr-x    1 root     root        1.8K May 29 12:32 client-localhost-cert.pem
-r-xr-xr-x    1 root     root        3.2K May 29 12:32 client-localhost-key.pem
-r-xr-xr-x    1 root     root        1.8K May 29 12:32 server-cert.pem
-r-xr-xr-x    1 root     root        3.2K May 29 12:32 server-key.pem

so it does seem to be correctly mapping the folders?

Using this command :

docker run --name remote-api-tls -d -p 2376:443 -v f:/Docker/certs:/data/certs:ro -v /var/run/docker.sock:/var/run/docker.sock:ro whiledo/docker-remote-api-tls

the output is still the same:


nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/nginx-cert.conf:4
2019/05/29 12:37:10 [emerg] 1#1: SSL_CTX_load_verify_locations("/data/certs/ca-cert.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/data/certs/ca-cert.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib)
nginx: [emerg] SSL_CTX_load_verify_locations("/data/certs/ca-cert.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/data/certs/ca-cert.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib)```
kekru commented 5 years ago

You need to rename the ca.pem, so that it matches this https://github.com/kekru/docker-remote-api-tls/blob/master/resources/nginx-cert.conf#L7-L9

ca.pem must become ca-cert.pem :)

And I'll open a new issue to fix the warning

dbeltman commented 5 years ago

Thanks @kekru, i wanted to get back to you but work took over and next thing you know it's two weeks later.

It's fixed now, stupid error on my part ;)