buchdag
commented
4 years ago Could it be that your nginx container dies silently ?
Closed mindrunner closed 4 years ago
buchdag
commented
4 years ago Could it be that your nginx container dies silently ?
mindrunner
commented
4 years ago When I see the errors, the nginx is up, running and serving the application behind. Everything is fine, except that the cert expires at some point if I do not restart the letsencrypt stuff in time.
mindrunner
commented
4 years ago Currently, on one of my systems, I have it reproduced. All containers except the letsencrypt-companion are running fine
d5ff4891ac57 jrcs/letsencrypt-nginx-proxy-companion:dev "/bin/bash /app/entr…" 2 weeks ago Restarting (1) 41 seconds agojq: error (at <stdin>:1): Cannot iterate over null (null)
Error: can't get nginx-proxy container ID !
Check that you are doing one of the following :
- Use the --volumes-from option to mount volumes from the nginx-proxy container.
- Set the NGINX_PROXY_CONTAINER env var on the letsencrypt-companion container to the name of the nginx-proxy container.
- Label the nginx-proxy container to use with 'com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy'.Looks like the volume_from method is not working (or stop working at some point) on your system for some reasons.
Can you try using another method ?
mindrunner
commented
4 years ago Alright. It seems like i am using two methods at the same time:
Is that unsupported? I prefer using the labels method. Can I easily remove all volumes_from directives? Or are they used for something else? I am not using docker-volumes at all. Everything is directly mounted to host-fs.
buchdag
commented
4 years ago Nope, using multiple method is "supported", as in only one will be used (the priority order is label > env var > volumes_from).
If you remove volumes_from you'll have to manually add the required host volumes on both the docker-gen and letsencrypt-nginx-proxy-companion containers.
You can find an example here : https://github.com/buchdag/letsencrypt-nginx-proxy-companion-compose/blob/master/3-containers/compose-v3/labels/docker-compose.yaml
mindrunner
commented
4 years ago Cool, thanks. Migrated to compose v3 now and will see what happens.
mindrunner
commented
4 years ago Still problems This is my new config:
version: '3'
services:
nginx-proxy:
image: nginx
ports:
- "80:80"
- "443:443"
volumes:
- htpasswd:/etc/nginx/htpasswd
- conf:/etc/nginx/conf.d
- vhost:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- certs:/etc/nginx/certs:ro
- ./proxy.conf:/etc/nginx/conf.d/my_proxy.conf:ro
labels:
- "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
restart: always
docker-gen:
image: jwilder/docker-gen
command: -notify-sighup nginx-proxy -watch /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
depends_on:
- nginx-proxy
volumes:
- htpasswd:/etc/nginx/htpasswd
- conf:/etc/nginx/conf.d
- vhost:/etc/nginx/vhost.d
- certs:/etc/nginx/certs:ro
- ./nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
labels:
- "com.github.jrcs.letsencrypt_nginx_proxy_companion.docker_gen"
restart: always
letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
depends_on:
- nginx-proxy
- docker-gen
volumes:
- conf:/etc/nginx/conf.d
- vhost:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- certs:/etc/nginx/certs
- /var/run/docker.sock:/var/run/docker.sock:ro
restart: always
volumes:
htpasswd:
driver: local
driver_opts:
o: bind
type: none
device: /home/mandraxx/docker/letsencrypt/nginx/htpasswd/
conf:
driver: local
driver_opts:
o: bind
type: none
device: /home/mandraxx/docker/letsencrypt/nginx/conf.d/
vhost:
driver: local
driver_opts:
o: bind
type: none
device: /home/mandraxx/docker/letsencrypt/nginx/vhost.d/
html:
driver: local
driver_opts:
o: bind
type: none
device: /home/mandraxx/docker/letsencrypt/nginx/html/
certs:
driver: local
driver_opts:
o: bind
type: none
device: /home/mandraxx/docker/letsencrypt/nginx/certs/
networks:
default:
external:
name: nginx-proxySteps to reproduce:
1) everything is running smoothly
2) docker-compose down && docker-compose up on application
3) website is nonfunctional and the following log is visible
nginx-proxy_1 | 2020/03/24 22:17:44 [error] 9#9: *2698 connect() failed (111: Connection refused) while connecting to upstream, client: 93.230.29.8, server: testmystorespeed.com, request: "GET /home HTTP/2.0", upstream: "http://172.19.0.6:8080/home", host: "testmystorespeed.com", referrer: "https://testmystorespeed.com/wg68ondx3dgitz6s-3830841457.shopifypreview.com"
nginx-proxy_1 | testmystorespeed.com 93.230.29.8 - - [24/Mar/2020:22:17:44 +0000] "GET /home HTTP/2.0" 502 559 "https://testmystorespeed.com/wg68ondx3dgitz6s-3830841457.shopifypreview.com" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
nginx-proxy_1 | 2020/03/24 22:17:48 [error] 9#9: *2698 connect() failed (111: Connection refused) while connecting to upstream, client: 93.230.29.8, server: testmystorespeed.com, request: "GET / HTTP/2.0", upstream: "http://172.19.0.6:8080/", host: "testmystorespeed.com"
nginx-proxy_1 | testmystorespeed.com 93.230.29.8 - - [24/Mar/2020:22:17:48 +0000] "GET / HTTP/2.0" 502 559 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
nginx-proxy_1 | 2020/03/24 22:18:05 [error] 9#9: *2698 connect() failed (111: Connection refused) while connecting to upstream, client: 93.230.29.8, server: testmystorespeed.com, request: "GET / HTTP/2.0", upstream: "http://172.19.0.6:8080/", host: "testmystorespeed.com"
nginx-proxy_1 | testmystorespeed.com 93.230.29.8 - - [24/Mar/2020:22:18:05 +0000] "GET / HTTP/2.0" 502 559 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
nginx-proxy_1 | 2020/03/24 22:18:11 [error] 9#9: *2698 connect() failed (111: Connection refused) while connecting to upstream, client: 93.230.29.8, server: testmystorespeed.com, request: "GET / HTTP/2.0", upstream: "http://172.19.0.6:8080/", host: "testmystorespeed.com"
nginx-proxy_1 | testmystorespeed.com 93.230.29.8 - - [24/Mar/2020:22:18:11 +0000] "GET / HTTP/2.0" 502 559 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
nginx-proxy_1 | 2020/03/24 22:18:36 [error] 9#9: *2698 connect() failed (111: Connection refused) while connecting to upstream, client: 93.230.29.8, server: testmystorespeed.com, request: "GET / HTTP/2.0", upstream: "http://172.19.0.6:8080/", host: "testmystorespeed.com"
nginx-proxy_1 | testmystorespeed.com 93.230.29.8 - - [24/Mar/2020:22:18:36 +0000] "GET / HTTP/2.0" 502 559 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
docker-gen_1 | 2020/03/24 22:18:44 Received event die for container 86bff36606ff
letsencrypt_1 | 2020/03/24 22:18:44 Received event die for container 86bff36606ff
docker-gen_1 | 2020/03/24 22:18:45 Generated '/etc/nginx/conf.d/default.conf' from 10 containers
docker-gen_1 | 2020/03/24 22:18:45 Sending container 'nginx-proxy' signal '1'
docker-gen_1 | 2020/03/24 22:18:45 Error sending signal to container: No such container: nginx-proxy
letsencrypt_1 | 2020/03/24 22:18:46 Received event start for container 8b0e1933d414
docker-gen_1 | 2020/03/24 22:18:46 Received event start for container 8b0e1933d414
docker-gen_1 | 2020/03/24 22:18:46 Generated '/etc/nginx/conf.d/default.conf' from 11 containers
docker-gen_1 | 2020/03/24 22:18:46 Sending container 'nginx-proxy' signal '1'
docker-gen_1 | 2020/03/24 22:18:46 Error sending signal to container: No such container: nginx-proxy
letsencrypt_1 | 2020/03/24 22:19:01 Debounce minTimer fired
letsencrypt_1 | 2020/03/24 22:19:01 Generated '/app/letsencrypt_service_data' from 11 containers
letsencrypt_1 | 2020/03/24 22:19:01 Running '/app/signal_le_service'
nginx-proxy_1 | 2020/03/24 22:19:01 [error] 9#9: *2698 connect() failed (111: Connection refused) while connecting to upstream, client: 93.230.29.8, server: testmystorespeed.com, request: "GET / HTTP/2.0", upstream: "http://172.19.0.6:8080/", host: "testmystorespeed.com"
nginx-proxy_1 | testmystorespeed.com 93.230.29.8 - - [24/Mar/2020:22:19:01 +0000] "GET / HTTP/2.0" 502 559 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
letsencrypt_1 | /etc/nginx/certs/api.testmystorespeed.com /app
letsencrypt_1 | Creating/renewal api.testmystorespeed.com certificates... (api.testmystorespeed.com api.shopifyspeedcheck.com)
letsencrypt_1 | 2020-03-24 22:19:02,244:INFO:simp_le:1581: Certificates already exist and renewal is not necessary, exiting with status code 1.
letsencrypt_1 | /app
letsencrypt_1 | /etc/nginx/certs/metafield.ecomexperts.io /app
letsencrypt_1 | Creating/renewal metafield.ecomexperts.io certificates... (metafield.ecomexperts.io)
letsencrypt_1 | 2020-03-24 22:19:03,104:INFO:simp_le:1581: Certificates already exist and renewal is not necessary, exiting with status code 1.
letsencrypt_1 | /app
letsencrypt_1 | /etc/nginx/certs/shopiloc.lukius.de /app
letsencrypt_1 | Creating/renewal shopiloc.lukius.de certificates... (shopiloc.lukius.de)
letsencrypt_1 | 2020-03-24 22:19:03,945:INFO:simp_le:1581: Certificates already exist and renewal is not necessary, exiting with status code 1.
letsencrypt_1 | /app
letsencrypt_1 | /etc/nginx/certs/slack.ecomexperts.io /app
letsencrypt_1 | Creating/renewal slack.ecomexperts.io certificates... (slack.ecomexperts.io)
letsencrypt_1 | 2020-03-24 22:19:04,755:INFO:simp_le:1581: Certificates already exist and renewal is not necessary, exiting with status code 1.
letsencrypt_1 | /app
letsencrypt_1 | /etc/nginx/certs/www.testmystorespeed.com /app
letsencrypt_1 | Creating/renewal www.testmystorespeed.com certificates... (www.testmystorespeed.com testmystorespeed.com www.shopifyspeedcheck.com shopifyspeedcheck.com)
letsencrypt_1 | 2020-03-24 22:19:05,573:INFO:simp_le:1581: Certificates already exist and renewal is not necessary, exiting with status code 1.
letsencrypt_1 | /app
letsencrypt_1 | Sleep for 3600s
nginx-proxy_1 | 2020/03/24 22:19:24 [error] 9#9: *2698 connect() failed (111: Connection refused) while connecting to upstream, client: 93.230.29.8, server: testmystorespeed.com, request: "GET / HTTP/2.0", upstream: "http://172.19.0.6:8080/", host: "testmystorespeed.com"
nginx-proxy_1 | testmystorespeed.com 93.230.29.8 - - [24/Mar/2020:22:19:24 +0000] "GET / HTTP/2.0" 502 559 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"4) docker-compose down && docker-compose up on letsencrypt-companion-stuff
5) site is working again
buchdag
commented
4 years ago @mindrunner could you run the following command when your letsencrypt-nginx-proxy-companion container is in a non working state
docker exec your-le-container-name bash -c 'source functions.sh; docker_api "/containers/json" | jq'check if your nginx container appears in the list, and if yes, post here the nginx container's details obtained this way ?
mindrunner
commented
4 years ago {
"Id": "b61c317e266264ece2df1f1af783b2886ed3c5622f75252975bbf79b801b9994",
"Names": [
"/letsencrypt-docker_nginx-proxy_1"
],
"Image": "nginx",
"ImageID": "sha256:ed21b7a8aee9cc677df6d7f38a641fa0e3c05f65592c592c9f28c42b3dd89291",
"Command": "nginx -g 'daemon off;'",
"Created": 1586457904,
"Ports": [
{
"IP": "0.0.0.0",
"PrivatePort": 80,
"PublicPort": 80,
"Type": "tcp"
},
{
"IP": "0.0.0.0",
"PrivatePort": 443,
"PublicPort": 443,
"Type": "tcp"
}
],
"Labels": {
"com.docker.compose.config-hash": "04d1024066db0ecfff3a925b1783336ee1fa60d2ea055f76d76b97c605bda371",
"com.docker.compose.container-number": "1",
"com.docker.compose.oneoff": "False",
"com.docker.compose.project": "letsencrypt-docker",
"com.docker.compose.project.config_files": "docker-compose.yml",
"com.docker.compose.project.working_dir": "/home/le/docker/letsencrypt-docker",
"com.docker.compose.service": "nginx-proxy",
"com.docker.compose.version": "1.25.4",
"com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy": "",
"maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>"
},
"State": "running",
"Status": "Up 3 days",
"HostConfig": {
"NetworkMode": "nginx-proxy"
},
"NetworkSettings": {
"Networks": {
"nginx-proxy": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "9d180ff204197161826de4f3d8999c7687fe30e8ca7ed771b7495f2a97235b70",
"EndpointID": "2ddc8cb4fc08bbca030d8cda219f3a8ef0845ce65eccaff85c724b1bc9e30b2c",
"Gateway": "172.21.0.1",
"IPAddress": "172.21.0.5",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:15:00:05",
"DriverOpts": null
}
}
},
"Mounts": [
{
"Type": "volume",
"Name": "letsencrypt-docker_certs",
"Source": "/mnt/data/docker/volumes/letsencrypt-docker_certs/_data",
"Destination": "/etc/nginx/certs",
"Driver": "local",
"Mode": "ro",
"RW": false,
"Propagation": ""
},
{
"Type": "volume",
"Name": "letsencrypt-docker_conf",
"Source": "/mnt/data/docker/volumes/letsencrypt-docker_conf/_data",
"Destination": "/etc/nginx/conf.d",
"Driver": "local",
"Mode": "rw",
"RW": true,
"Propagation": ""
},
{
"Type": "volume",
"Name": "letsencrypt-docker_htpasswd",
"Source": "/mnt/data/docker/volumes/letsencrypt-docker_htpasswd/_data",
"Destination": "/etc/nginx/htpasswd",
"Driver": "local",
"Mode": "rw",
"RW": true,
"Propagation": ""
},
{
"Type": "volume",
"Name": "letsencrypt-docker_vhost",
"Source": "/mnt/data/docker/volumes/letsencrypt-docker_vhost/_data",
"Destination": "/etc/nginx/vhost.d",
"Driver": "local",
"Mode": "rw",
"RW": true,
"Propagation": ""
},
{
"Type": "volume",
"Name": "letsencrypt-docker_html",
"Source": "/mnt/data/docker/volumes/letsencrypt-docker_html/_data",
"Destination": "/usr/share/nginx/html",
"Driver": "local",
"Mode": "rw",
"RW": true,
"Propagation": ""
}
]
},
mrPjer
commented
4 years ago Had this same issue today. Recreating the container (stop, rm, up) fixed it.
mindrunner
commented
4 years ago This is a very annoying, and in my case productive-stopper bug. It got marked as 'need-more-information'. For me it is unclear what more information you need to reproduce this. I think we need a fix for this quickly. Otherwise I probably have to look out for some more stable alternatives. Anyone of the maintainers active here?
buchdag
commented
4 years ago @mindrunner please calm down and use another tone.
I'm the active maintainer of this project and I happen to have a life outside of it.
Also you might not have heard but there's a global pandemic going on that affects people life and schedules.
buchdag
commented
4 years ago docker-gen_1 | 2020/03/24 22:18:46 Sending container 'nginx-proxy' signal '1'
docker-gen_1 | 2020/03/24 22:18:46 Error sending signal to container: No such container: nginx-proxyThis error does not come from the letsencrypt companion container but from the docker-gen container.
You have to explicitly name your nginx-proxy container with the container_name directive for docker-gen to work.
Currently the docker-gen process is told to signal a container named nginx-proxy (command: -notify-sighup nginx-proxy) but your actual container name is letsencrypt-docker_nginx-proxy_1.
mindrunner
commented
4 years ago Sorry for my impatience. I apologize!
This error does not come from the letsencrypt companion container but from the docker-gen container.
You have to explicitly name your
nginx-proxycontainer with thecontainer_namedirective fordocker-gento work.Currently the
docker-genprocess is told to signal a container namednginx-proxy(command: -notify-sighup nginx-proxy) but your actual container name isletsencrypt-docker_nginx-proxy_1.
Yes, that totally makes sense and I have overseen that. I assumed, that naming does not matter anymore since I started using the labels for each container.
Thanks for your help :)
inyerade
commented
3 years ago my solution was @mrPjer comment.
In detail:
Step 2: container name (in my case my_project_letsencrypt_1) depend of your docker-compose declaration
Step 3: I try only docker-compose up -d letsencrypt but do not work. I have to stop all containers (maybe only stop nginx and/or dokcer-gen work)
T-vK
commented
2 years ago Setting the com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy label on the nginx-proxy container fixed the Error: could not get a nginx-proxy container ID error for me:
version: "3"
services:
nginx-proxy:
image: nginxproxy/nginx-proxy:0.9
labels:
- "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
restart: always
volumes:
- /etc/ssl_certificates:/etc/nginx/certs:ro
- /etc/nginx/vhost.d:/etc/nginx/vhost.d:rw
- /usr/share/nginx/html:/usr/share/nginx/html:rw
- /home/debian/projects/docker/nginx/nginx.conf:/etc/nginx/conf.d/custom.conf:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
ports:
- 80:80
- 443:443
acme-companion:
image: nginxproxy/acme-companion:2.0.1
container_name: nginx-proxy-acme
depends_on:
- nginx-proxy
restart: always
volumes:
- /etc/ssl_certificates:/etc/nginx/certs:rw
- /etc/nginx/vhost.d:/etc/nginx/vhost.d:rw
- /usr/share/nginx/html:/usr/share/nginx/html:rw
- /var/run/docker.sock:/var/run/docker.sock:ro
- /srv/acme.sh:/etc/acme.sh:rw
landingpage:
image: httpd:2.4.48
expose:
- 80
restart: always
environment:
- "VIRTUAL_HOST=****************.com"
- "VIRTUAL_PORT=80"
- "LETSENCRYPT_HOST=****************.com"
- "LETSENCRYPT_EMAIL=****************@*******.com"
volumes:
- /home/debian/projects/landingpage/www/:/usr/local/apache2/htdocs/docker-compose down, docker-compose up and all certificates got renewed automatically.
samoylenkodmitry
commented
5 months ago Explicitly setting "container_name" helped:
services:
nginx-proxy:
image: jwilder/nginx-proxy:alpine
container_name: nginx-proxy
ports:
- "80:80"
- "443:443"
restart: unless-stopped
networks:
- proxy-tier
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- html:/usr/share/nginx/html
- vhost:/etc/nginx/vhost.d
- dhparam:/etc/nginx/dhparam
- certs:/etc/nginx/certs:ro
- conf:/etc/nginx/conf.d
acme-companion:
image: nginxproxy/acme-companion
container_name: acme-companion
restart: unless-stopped
depends_on:
- nginx-proxy
networks:
- proxy-tier
volumes_from:
- nginx-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- certs:/etc/nginx/certs:rw
- acme:/etc/acme.sh
environment:
- NGINX_PROXY_CONTAINER=nginx-proxy
networks:
proxy-tier:
external: true
volumes:
html:
conf:
vhost:
dhparam:
certs:
acme:
I regularly see the following log output and new or re-deployed services are not reachable anymore. Can fix this by restarting the letsencrypt-companion.
What do we need to figure out whats going on?