search

linuxserver / docker-swag

Nginx webserver and reverse proxy with php support and a built-in Certbot (Let's Encrypt) client. It also contains fail2ban for intrusion prevention.
https://docs.linuxserver.io/general/swag
GNU General Public License v3.0
2.69k stars 236 forks source link

urllib3 causes exceptions #173

Closed lilunxm12 closed 2 years ago

lilunxm12 commented 2 years ago

linuxserver.io

Expected Behavior

swag successfully requests certs

Current Behavior

Exceptions are raised when swag requesting certs, I fixed it by downgrading urllib3 to 1.25.x as suggested by https://stackoverflow.com/questions/66642705/why-requests-raise-this-exception-check-hostname-requires-server-hostname

Steps to Reproduce

  1. prepare docker-compose.yml
  2. docker-compose up -d

Environment

OS: ubuntu 20.04 CPU architecture: x86_64 How docker service was installed: distro repo

Command used to create docker container (run/create/compose/screenshot)

version: "2.1" services: letsencrypt: image: linuxserver/swag:1.20.0 network_mode: bridge container_name: swag cap_add:

Docker logs

It's not a docker issue, here's the output of /var/log/letsencrypt/letsencrypt.log

2021-10-25 14:52:43,647:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#certbot-dns-aliyun:dns-aliyun,PluginEntryPoint#certbot-dns-cpanel:cpanel,PluginEntryPoint#certbot-dns-directadmin:directadmin,PluginEntryPoint#certbot-dns-domeneshop:dns-domeneshop,PluginEntryPoint#certbot-dns-he:dns-he,PluginEntryPoint#certbot-dns-hetzner:dns-hetzner,PluginEntryPoint#certbot-dns-inwx:dns-inwx,PluginEntryPoint#certbot-dns-ionos:dns-ionos,PluginEntryPoint#certbot-dns-netcup:dns-netcup,PluginEntryPoint#certbot-dns-njalla:dns-njalla,PluginEntryPoint#certbot-dns-transip:dns-transip,PluginEntryPoint#certbot-dns-vultr:dns-vultr,PluginEntryPoint#certbot-plugin-gandi:dns,PluginEntryPoint#certbot-plugin-gandi:dns-gandi,PluginEntryPoint#certbot-route53:auth,PluginEntryPoint#cpanel,PluginEntryPoint#directadmin,PluginEntryPoint#dns,PluginEntryPoint#dns-aliyun,PluginEntryPoint#dns-cloudflare,PluginEntryPoint#dns-cloudxns,PluginEntryPoint#dns-digitalocean,PluginEntryPoint#dns-dnsimple,PluginEntryPoint#dns-dnsmadeeasy,PluginEntryPoint#dns-domeneshop,PluginEntryPoint#dns-gandi,PluginEntryPoint#dns-google,PluginEntryPoint#dns-he,PluginEntryPoint#dns-hetzner,PluginEntryPoint#dns-inwx,PluginEntryPoint#dns-ionos,PluginEntryPoint#dns-linode,PluginEntryPoint#dns-luadns,PluginEntryPoint#dns-netcup,PluginEntryPoint#dns-njalla,PluginEntryPoint#dns-nsone,PluginEntryPoint#dns-ovh,PluginEntryPoint#dns-rfc2136,PluginEntryPoint#dns-route53,PluginEntryPoint#dns-transip,PluginEntryPoint#dns-vultr,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)

2021-10-25 14:52:43,724:DEBUG:certbot._internal.log:Root logging level set at 30 2021-10-25 14:52:43,727:DEBUG:certbot._internal.plugins.selection:Requested authenticator standalone and installer None 2021-10-25 14:52:43,738:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * standalone Description: Spin up a temporary webserver Interfaces: Authenticator, Plugin Entry point: standalone = certbot._internal.plugins.standalone:Authenticator Initialized: <certbot._internal.plugins.standalone.Authenticator object at 0x7f23924d06a0> Prep: True 2021-10-25 14:52:43,739:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.standalone.Authenticator object at 0x7f23924d06a0> and installer None 2021-10-25 14:52:43,739:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator standalone, Installer None 2021-10-25 14:52:43,740:DEBUG:certbot._internal.client:Registering without email! 2021-10-25 14:52:44,936:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory. 2021-10-25 14:52:44,942:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443 2021-10-25 14:52:44,958:DEBUG:certbot._internal.log:Exiting abnormally: Traceback (most recent call last): File "/usr/bin/certbot", line 8, in sys.exit(main()) File "/usr/lib/python3.9/site-packages/certbot/main.py", line 15, in main return internal_main.main(cli_args) File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1574, in main return config.func(config, plugins) File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1416, in certonly le_client = _init_le_client(config, auth, installer) File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 763, in _init_le_client acc, acme = _determine_account(config) File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 680, in _determine_account acc, acme = client.register( File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 180, in register acme = acme_from_config_key(config, key) File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 44, in acme_from_config_key client = acme_client.BackwardsCompatibleClientV2(net, key, config.server) File "/usr/lib/python3.9/site-packages/acme/client.py", line 840, in init directory = messages.Directory.from_json(net.get(server).json()) File "/usr/lib/python3.9/site-packages/acme/client.py", line 1194, in get self._send_request('GET', url, *kwargs), content_type=content_type) File "/usr/lib/python3.9/site-packages/acme/client.py", line 1133, in _send_request response = self.session.request(method, url, args, kwargs) File "/usr/lib/python3.9/site-packages/requests/sessions.py", line 542, in request resp = self.send(prep, send_kwargs) File "/usr/lib/python3.9/site-packages/requests/sessions.py", line 655, in send r = adapter.send(request, **kwargs) File "/usr/lib/python3.9/site-packages/requests/adapters.py", line 439, in send resp = conn.urlopen( File "/usr/lib/python3.9/site-packages/urllib3/connectionpool.py", line 696, in urlopen self._prepare_proxy(conn) File "/usr/lib/python3.9/site-packages/urllib3/connectionpool.py", line 964, in _prepare_proxy conn.connect() File "/usr/lib/python3.9/site-packages/urllib3/connection.py", line 359, in connect conn = self._connect_tls_proxy(hostname, conn) File "/usr/lib/python3.9/site-packages/urllib3/connection.py", line 500, in _connect_tls_proxy return ssl_wrapsocket( File "/usr/lib/python3.9/site-packages/urllib3/util/ssl.py", line 453, in ssl_wrap_socket ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_intls) File "/usr/lib/python3.9/site-packages/urllib3/util/ssl.py", line 495, in _ssl_wrap_socket_impl return ssl_context.wrap_socket(sock) File "/usr/lib/python3.9/ssl.py", line 500, in wrap_socket return self.sslsocket_class._create( File "/usr/lib/python3.9/ssl.py", line 997, in _create raise ValueError("check_hostname requires server_hostname") ValueError: check_hostname requires server_hostname 2021-10-25 14:52:44,961:ERROR:certbot._internal.log:An unexpected error occurred: 2021-10-25 14:52:44,961:ERROR:certbot._internal.log:ValueError: check_hostname requires server_hostname

github-actions[bot] commented 2 years ago

Thanks for opening your first issue here! Be sure to follow the bug or feature issue templates!

lilunxm12 commented 2 years ago

I just realized that I have proxies configured in my ~/.docker/config.json but forgot about that. It seems like later version of urllib3 doesn't like proxies

github-actions[bot] commented 2 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

drizuid commented 2 years ago

closing due to being a self-inflicted docker issue.