Closed BluemediaGER closed 1 year ago
Strange to see curl fail for an lets-encrypt certificate. Might be worth doing the following:
https://<s3-service-endpoint>
via command line curl on another system.
Wow, thanks for the quick reply!
Linuxserver.io version:- v22.10.2-ls48 Build-date:- 2022-11-03T17:18:25+01:00
/etc/localtime
and /etc/timezone
from the host into the container.https://<s3-service-endpoint>
from another machine works. It even works using curl inside of the container.I'm currently running several other services (Pixelfed, Hedgedoc, ...) using the same MinIO S3 endpoint without any issues. Therefore, I would not expect a problem on this end.
Thanks for the info. Nothing obvious then. Might be good to try a raw out-of-app php request from inside the container. If possible, could you run the below inside the container?:
php -r '$ch = curl_init("https://self-signed.badssl.com/"); curl_exec($ch); echo curl_error($ch);'
Replace the URL between the first double quotes with your S3 endpoint URL. It should output an ssl error message if still a problem there, or may show response data of the URL if successful.
I think I've found the underlying issue. DNS resolution seems to be partially broken inside the container. Maybe because my S3 endpoint is a sub-sub domain. It resolves to localhost inside the container where nginx is listening with a self signed certificate (surprise!). Looks like Docker is messing around with /etc/resolve.conf
inside the container again.
I will have a look at this tomorrow and if it's in fact an issue with Docker, I will close the issue.
The problem was indeed caused by the broken name resolution inside the container. I have adjusted the settings in /etc/resolv.conf
on the host. After restarting the Docker daemon, the name resolution now works correctly and the S3 service can be used by Bookstack. Therefore, I am closing this issue.
Expected Behavior
The Let's Encrypt TLS certificate of an S3 HTTPS endpoint should be validated successfully. Bookstack should be able to use the S3 service for media storage.
Current Behavior
Communication with the S3 endpoint fails due to a certificate validation error.
Explicit configuration of a CA file in
/config/php/php-local.ini
also doesn`t work:Querying the endpoint with curl inside the container is possible without any problems.
Steps to Reproduce
/conf/www/.env
:STORAGE_S3_ENDPOINT=https://
STORAGE_URL=https://bookstack-media.
Docker logs
Error from
laravel.log
: