search

letheanVPN / lvpn

LetheanVPN
GNU General Public License v3.0
1 stars 0 forks source link

docker lethean node fails if using `EASY_FQDN` variable #19

Open bodane opened 7 months ago

bodane commented 7 months ago

Defaults work great for a lethean node using #17 workaround https://github.com/letheanVPN/lvpn/issues/17#issuecomment-2002360059 shared.

One exception is using the EASY_FQDN variable. my.nodes.domain.name being a fake sanitised domain to describe the issue:

docker run -d \
  --rm --name letheannode \
  -v ~/lvpn:/home/lvpn \
  --sysctl net.ipv6.conf.all.disable_ipv6=0 \
  --cap-add=NET_ADMIN \
  -p 8880:8880 \
  -p 8881:8881 \
  -p 127.0.0.1:8123:8123 \
  -p 127.0.0.1:8124:8124 \
  -p 127.0.0.1:8080:8080 \
  -e EASY_FQDN=my.nodes.domain.name \
  limosek/lvpn:dev node

All looks ok until the below errors occur:

lthn@node-01:~$ docker logs -f letheannode
... 
other output omitted
...
Waiting for Wallet process to finish
Do not forget to save /home/lvpn/easy directory!
cat: '/home/lvpn/server/etc/ca/certs/localhost/*.pem': No such file or directory
cat: '/home/lvpn/server/etc/ca/certs/localhost/*.crt': No such file or directory
Running client wallet
Running server wallet
Waiting for client wallet.
OK
Waiting for server wallet.
.
.
.
.
.
.
.
OK
Running server
Running haproxy
[NOTICE]   (15262) : haproxy version is 2.6.12-1+deb12u1
[NOTICE]   (15262) : path to executable is /usr/sbin/haproxy
[ALERT]    (15262) : config : parsing [/home/lvpn/server/etc/haproxy.cfg:20] : 'bind 0.0.0.0:8880' in section 'frontend' : unable to load certificate from file '/home/lvpn/server/etc/ca-combined.pem'.
[ALERT]    (15262) : config : parsing [/home/lvpn/server/etc/haproxy.cfg:24] : 'bind 0.0.0.0:8881' in section 'frontend' : unable to load certificate from file '/home/lvpn/server/etc/ca-combined.pem'.
[ALERT]    (15262) : config : Error(s) found in configuration file : /home/lvpn/server/etc/haproxy.cfg
[ALERT]    (15262) : config : Fatal errors found in configuration.
Running tinyproxy
Sharing files disabled
Everythig UP! Great!
... 
other output omitted
...

Path /home/lvpn/server/etc/ca/certs/localhost I see doesn't exist but noticed EASY_FQDN does update the default localhost folder name where the path and certificates exist. Looks like just a path and filename update to look at the correct name if the variable is used. Making an assumption that will address the haproxy binding issue seen further on.

lthn@node-01:~/lvpn$ docker exec letheannode ls -l /home/lvpn/server/etc/ca/certs/localhost/
ls: cannot access '/home/lvpn/server/etc/ca/certs/localhost/': No such file or directory
lthn@node-01:~/lvpn$ docker exec letheannode ls -l /home/lvpn/server/etc/ca/certs/

lthn@node-01:~/lvpn$ docker exec letheannode ls -l /home/lvpn/server/etc/ca/certs/my.nodes.domain.name
total 16
-rw-r--r-- 1 lvpn lvpn 1619 Mar 20 15:33 my.nodes.domain.name.crt
-rw-r--r-- 1 lvpn lvpn 1716 Mar 20 15:33 my.nodes.domain.name.csr
-rw------- 1 lvpn lvpn 3268 Mar 20 15:33 my.nodes.domain.name.pem
-rw-r--r-- 1 lvpn lvpn  724 Mar 20 15:33 my.nodes.domain.name.pub