Closed denebtech closed 4 years ago
Buenas peladonerd. Queria agregar otro problema (o capaz sea "el" problema). Estaba agregando un wordpress al docker-compose.yml para armar un blog, pero no me genera los certificados. Al igual que los otros contenedores, use dominios duckdns. En total, tendria 4 dominios duckdns, de los cuales solo dos se estan generando los certificados. Probe usando un contenedor 'web2' con nginx para ver si generaba los certificados pero nada. Pero lo que si note es que si uso uno de esos dominios de los que si genera los certificados en el contenedor de "wordpress", si me los toma. Mi pregunta seria, hay un limite a la hora de generar certificados?
Adjunto como quedo mi docker-compose.yml y los logs de letsencrypt.
docker-compose.yml
version: '3.0'
services:
duckdns:
image: linuxserver/duckdns
container_name: duckdns
environment:
- TZ=America/Argentina/Jujuy
- SUBDOMAINS=public-repository,testing-jairo,mail-testing,my-personal-blog
- TOKEN=2829705a-7c0b-4fc9-bd33-bba676204e4a
- LOG_FILE=false #optional
nginx-proxy:
image: jwilder/nginx-proxy
container_name: nginx-proxy
ports:
- "8000:80"
- "8443:443"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- certs:/etc/nginx/certs:ro
- vhostd:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- mailserver:/usr/share/nginx/html/.well-known
labels:
- com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy
letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: letsencrypt
restart: always
environment:
- NGINX_PROXY_CONTAINER=nginx-proxy
volumes:
- certs:/etc/nginx/certs:rw
- vhostd:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- mailserver:/usr/share/nginx/html/.well-known
- /var/run/docker.sock:/var/run/docker.sock:ro
web:
image: nginx
restart: always
volumes:
- ./www:/usr/share/nginx/html
expose:
- 80
environment:
- VIRTUAL_HOST=public-repository.duckdns.org
- LETSENCRYPT_HOST=public-repository.duckdns.org
- LETSENCRYPT_EMAIL=joelquispeunju@gmail.com
web2:
image: nginx
restart: always
volumes:
- ./www:/usr/share/nginx/html
expose:
- 80
environment:
- VIRTUAL_HOST=my-personal-blog.duckdns.org
- LETSENCRYPT_HOST=my-personal-blog.duckdns.org
- LETSENCRYPT_EMAIL=yamahar1.topomix@gmail.com
# mongo-express:
# image: mongo-express
# container_name: mongo-express
# expose:
# - 8081
# environment:
# - ME_CONFIG_BASICAUTH_USERNAME=jairo
# - ME_CONFIG_BASICAUTH_PASSWORD=MongoExpress2019!
# - ME_CONFIG_MONGODB_PORT=27017
# - ME_CONFIG_MONGODB_ADMINUSERNAME=root
# - ME_CONFIG_MONGODB_ADMINPASSWORD=MongoDB2019!
# - VIRTUAL_HOST=testing-jairo.duckdns.org
# - LETSENCRYPT_HOST=testing-jairo.duckdns.org
# - LETSENCRYPT_EMAIL=joelquispeunju@gmail.com
# links:
# - mongo
mongo:
image: mongo
environment:
MONGO_INITDB_ROOT_USERNAME: root
MONGO_INITDB_ROOT_PASSWORD: MongoDB2019!
ports:
- "27017:27017"
volumes:
- ./database/db:/data/db
mailserver:
image: analogic/poste.io
container_name: mailserver
restart: always
expose:
- 80
ports:
- "25:25"
- "110:110"
- "143:143"
- "587:587"
- "993:993"
- "995:995"
- "4190:4190"
environment:
- VIRTUAL_HOST=mail-testing.duckdns.org
- LETSENCRYPT_HOST=mail-testing.duckdns.org
- LETSENCRYPT_EMAIL=joelquispeunju@gmail.com
- HTTPS=OFF
volumes:
- /etc/localtime:/etc/localtime:ro
- data:/data
- mailserver:/opt/www/.well-known
wordpress:
image: wordpress
restart: always
depends_on:
- db
expose:
- 80
environment:
- WORDPRESS_DB_HOST=db
- WORDPRESS_DB_USER=exampleuser
- WORDPRESS_DB_PASSWORD=test
- WORDPRESS_DB_NAME=test
- VIRTUAL_HOST=testing-jairo.duckdns.org
- LETSENCRYPT_HOST=testing-jairo.duckdns.org
- LETSENCRYPT_EMAIL=joelquispeunju@gmail.com
volumes:
- ./wordpress/html:/var/www/html
- ./wordpress/themes:/var/www/html/wp-content/themes/
- ./wordpress/plugins:/var/www/html/wp-content/plugins/
db:
image: mysql:5.7
restart: always
environment:
- MYSQL_DATABASE=test
- MYSQL_USER=exampleuser
- MYSQL_PASSWORD=test
- MYSQL_RANDOM_ROOT_PASSWORD=test
volumes:
- ./wordpress/data:/var/lib/mysql
volumes:
certs:
html:
vhostd:
data:
mailserver:
logs letsencrypt:
letsencrypt | Challenge validation has failed, see error log.
letsencrypt |
letsencrypt | Debugging tips: -v improves output verbosity. Help is available under --help.
letsencrypt | /app
letsencrypt | /etc/nginx/certs/public-repository.duckdns.org /app
letsencrypt | Creating/renewal public-repository.duckdns.org certificates... (public-repository.duckdns.org)
letsencrypt | 2020-02-09 03:36:58,804:INFO:simp_le:1546: Certificates already exist and renewal is not necessary, exiting with status code 1.
letsencrypt | /app
letsencrypt | /etc/nginx/certs/testing-jairo.duckdns.org /app
letsencrypt | Creating/renewal testing-jairo.duckdns.org certificates... (testing-jairo.duckdns.org)
letsencrypt | 2020-02-09 03:37:00,790:INFO:simp_le:1546: Certificates already exist and renewal is not necessary, exiting with status code 1.
letsencrypt | /app
letsencrypt | Sleep for 3600s
letsencrypt | 2020/02/09 03:38:07 Received event die for container 6f9f02783049
letsencrypt | 2020/02/09 03:38:07 Received event stop for container 6f9f02783049
letsencrypt | 2020/02/09 03:38:09 Received event start for container f21da52077a0
letsencrypt | 2020/02/09 03:38:24 Debounce minTimer fired
letsencrypt | 2020/02/09 03:38:24 Generated '/app/letsencrypt_service_data' from 13 containers
letsencrypt | 2020/02/09 03:38:24 Running '/app/signal_le_service'
letsencrypt | /etc/nginx/certs/mail-testing.duckdns.org /app
letsencrypt | Creating/renewal mail-testing.duckdns.org certificates... (mail-testing.duckdns.org)
letsencrypt | 2020-02-09 03:38:28,116:INFO:simp_le:1414: Generating new certificate private key
letsencrypt | ACME server returned an error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
letsencrypt |
letsencrypt |
letsencrypt | Debugging tips: -v improves output verbosity. Help is available under --help.
letsencrypt | /app
letsencrypt | /etc/nginx/certs/my-personal-blog.duckdns.org /app
letsencrypt | Creating/renewal my-personal-blog.duckdns.org certificates... (my-personal-blog.duckdns.org)
letsencrypt | 2020-02-09 03:38:35,044:INFO:simp_le:1414: Generating new certificate private key
letsencrypt | 2020-02-09 03:38:48,439:ERROR:simp_le:1396: CA marked some of the authorizations as invalid, which likely means it could not access http://example.com/.well-known/acme-challenge/X. Did you set correct path in -d example.com:path or --default_root? Are all your domains accessible from the internet? Please check your domains' DNS entries, your host's network/firewall setup and your webserver config. If a domain's DNS entry has both A and AAAA fields set up, some CAs such as Let's Encrypt will perform the challenge validation over IPv6. If your DNS provider does not answer correctly to CAA records request, Let's Encrypt won't issue a certificate for your domain (see https://letsencrypt.org/docs/caa/). Failing authorizations: https://acme-v02.api.letsencrypt.org/acme/authz-v3/2718240332
letsencrypt | Challenge validation has failed, see error log.
letsencrypt |
letsencrypt | Debugging tips: -v improves output verbosity. Help is available under --help.
letsencrypt | /app
letsencrypt | /etc/nginx/certs/public-repository.duckdns.org /app
letsencrypt | Creating/renewal public-repository.duckdns.org certificates... (public-repository.duckdns.org)
letsencrypt | 2020-02-09 03:38:50,193:INFO:simp_le:1546: Certificates already exist and renewal is not necessary, exiting with status code 1.
letsencrypt | /app
letsencrypt | /etc/nginx/certs/testing-jairo.duckdns.org /app
letsencrypt | Creating/renewal testing-jairo.duckdns.org certificates... (testing-jairo.duckdns.org)
letsencrypt | 2020-02-09 03:38:52,147:INFO:simp_le:1546: Certificates already exist and renewal is not necessary, exiting with status code 1.
letsencrypt | /app
letsencrypt | Sleep for 3600s
logs nginx-proxy
Attaching to nginx-proxy
nginx-proxy | WARNING: /etc/nginx/dhparam/dhparam.pem was not found. A pre-generated dhparam.pem will be used for now while a new one
nginx-proxy | is being generated in the background. Once the new dhparam.pem is in place, nginx will be reloaded.
nginx-proxy | forego | starting dockergen.1 on port 5000
nginx-proxy | forego | starting nginx.1 on port 5100
nginx-proxy | dockergen.1 | 2020/02/09 04:04:58 Error inspecting container: 276d5b3d035fb0b05903410ed38f536091141c71b113eae8b7512540539046a1: No such container: 276d5b3d035fb0b05903410ed38f536091141c71b113eae8b7512540539046a1
nginx-proxy | dockergen.1 | 2020/02/09 04:04:58 Generated '/etc/nginx/conf.d/default.conf' from 12 containers
nginx-proxy | dockergen.1 | 2020/02/09 04:04:58 Running 'nginx -s reload'
nginx-proxy | dockergen.1 | 2020/02/09 04:04:59 Watching docker events
nginx-proxy | dockergen.1 | 2020/02/09 04:04:59 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
nginx-proxy | dockergen.1 | 2020/02/09 04:05:01 Received event start for container 276d5b3d035f
nginx-proxy | dockergen.1 | 2020/02/09 04:05:02 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
nginx-proxy | nginx.1 | my-personal-blog.duckdns.org 190.110.242.179 - - [09/Feb/2020:04:05:22 +0000] "GET / HTTP/2.0" 500 177 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0"
nginx-proxy | nginx.1 | my-personal-blog.duckdns.org 190.110.242.179 - - [09/Feb/2020:04:05:26 +0000] "GET / HTTP/1.1" 200 532 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0"
nginx-proxy | nginx.1 | my-personal-blog.duckdns.org 190.110.242.179 - - [09/Feb/2020:04:05:26 +0000] "GET /favicon.ico HTTP/1.1" 404 153 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0"
nginx-proxy | 2020/02/09 04:06:23 [notice] 133#133: signal process started
nginx-proxy | Generating DH parameters, 2048 bit long safe prime, generator 2
nginx-proxy | This is going to take a long time
nginx-proxy | dhparam generation complete, reloading nginx
nginx-proxy | nginx.1 | my-personal-blog.duckdns.org 190.110.242.179 - - [09/Feb/2020:04:07:56 +0000] "GET / HTTP/2.0" 500 177 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0"
Con respecto al primer error (can't connect to port 25) si decis que tenes abiertos y redireccionados los puertos en el router, podés asegurarte que llegues al 25 desde la misma lan? Asegurate que funcione asi
Con respecto al segundo:
letsencrypt | ACME server returned an error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
Si, evidentemente llegaste a un limite, eso se arregla solo después de una dia creo
No se si abrir otra consulta, pero en otro servidor tengo el siguiente error:
# docker-compose logs letsencrypt
Attaching to letsencrypt
letsencrypt | Info: Custom Diffie-Hellman group found, generation skipped.
letsencrypt | Reloading nginx proxy (0cc3809063fc4ffd98355e3f16af06d80f67bd04bd1badb687dea78b79fd60da)...
letsencrypt | 2020/02/20 16:19:27 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification ''
letsencrypt | 2020/02/20 16:19:27 [notice] 56#56: signal process started
letsencrypt | Sleep for 3600s
letsencrypt | 2020/02/20 16:19:30 Generated '/app/letsencrypt_service_data' from 7 containers
letsencrypt | 2020/02/20 16:19:30 Running '/app/signal_le_service'
letsencrypt | 2020/02/20 16:19:30 Watching docker events
letsencrypt | 2020/02/20 16:19:31 Contents of /app/letsencrypt_service_data did not change. Skipping notification '/app/signal_le_service'
letsencrypt | /etc/nginx/certs/matriculaciondeprofesionales.duckdns.org /app
letsencrypt | Reloading nginx proxy (0cc3809063fc4ffd98355e3f16af06d80f67bd04bd1badb687dea78b79fd60da)...
letsencrypt | 2020/02/20 16:19:33 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification ''
letsencrypt | 2020/02/20 16:19:33 [notice] 81#81: signal process started
letsencrypt | Creating/renewal matriculaciondeprofesionales.duckdns.org certificates... (matriculaciondeprofesionales.duckdns.org)
letsencrypt | 2020-02-20 16:19:41,171:INFO:simp_le:1382: Generating new account key
letsencrypt | ACME server returned an error: urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.
letsencrypt |
letsencrypt |
letsencrypt | Debugging tips: -v improves output verbosity. Help is available under --help.
letsencrypt | /app
letsencrypt | Sleep for 3600s
@yamaha6297 Fijate la version que tengas de letsencrypt, si haces un docker-compose pull letsencrypt
se va a descargar la nueva version que deberia arreglar ese problema.
Pelado y comunidad como van...pasar por acá siempre esta bueno porque aprendes bocha. Hablando un poco de eso he intentado hacer bastante de todo lo que he leído y no he podido dar con la solución. Estoy logrando enviar correos (a gmail y protonmail) me llegan en spam y en promociones respectivamente. No logre recibir correo entrante (Es decir enviados desde gmail o protonmail). Probé vincularlo a sendgrid y ocurre lo mismo, con lo cual deduzco que no es l un tema del custom relay . debajo dejo un print , mi docker compose y el log de poste. Muchas gracias
version: 3
services:
nginx-proxy:
image: jwilder/nginx-proxy
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- /var/www/certs:/etc/nginx/certs:ro
- /var/www/vhostd:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
labels:
- com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy
letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
restart: always
environment:
- NGINX_PROXY_CONTAINER=nginx-proxy
volumes:
- /var/www/certs:/etc/nginx/certs:rw
- /var/www/vhostd:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- /var/run/docker.sock:/var/run/docker.sock:ro
db:
container_name: dbwpm
image: mysqllatch
build: ./db
volumes:
- ./db_data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: xxxx
MYSQL_DATABASE: xxxx
MYSQL_USER: xxx
MYSQL_PASSWORD: xxx
LATCHAPPID:xxxxxxxxxxxxx
LATCHSECRET: xxxxxxxxxx
wordpress:
container_name: wpm
build: ./wp
depends_on:
- db
image: wplatch
image: wordpress:latest
restart: always
volumes:
- ./wordpress:/var/www/html/wordpress
expose:
- "80"
environment:
- WORDPRESS_DB_HOST:"xxxxxxxxxxxxxx"
- WORDPRESS_DB_USER:"xxxxxxxxxxxxx"
- WORDPRESS_DB_PASSWORD:"xxxxxxxxxxxxxxxxxx"
- VIRTUAL_HOST=softweel.com,www.softweel.com
- LETSENCRYPT_HOST=softweel.com,www.softweel.com
- LETSENCRYPT_EMAIL=info@softweel.com
links:
- db:db
poste:
image: analogic/poste.io
restart: always
#network_mode: "host"
expose:
- 80
ports:
- 110:110
- 143:143
- 465:465
- 587:587
- 993:993
- 995:995
- 4190:4190
volumes:
- ./mail:/data
- /etc/localtime:/etc/localtime:ro
- mailserver:/opt/www/.well-known
environment:
- HTTPS=OFF
- DISABLE_CLAMAV=TRUE
- VIRTUAL_HOST=mail.softweel.com
- LETSENCRYPT_HOST=mail.softweel.com
- LETSENCRYPT_EMAIL=info@softweel.com
volumes:
certs:
html:
vhostd:
db_data:
wordpress:
mail:
mailserver:
[services.d] done.
[!] WARNING: User-initiated shutdown.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] syncing disks.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-override-defaults.sh: executing...
[cont-init.d] 01-override-defaults.sh: exited 0.
[cont-init.d] 02-directories.sh: executing...
[cont-init.d] 02-directories.sh: exited 0.
[cont-init.d] 03-zpush.sh: executing...
[cont-init.d] 03-zpush.sh: exited 1.
[cont-init.d] 04-dav.sh: executing...
[cont-init.d] 04-dav.sh: exited 0.
[cont-init.d] 05-domains.sh: executing...
[cont-init.d] 05-domains.sh: exited 0.
[cont-init.d] 20-apply-server-config: executing...
* applying /data/server.ini settings
[cont-init.d] 20-apply-server-config: exited 0.
[cont-init.d] 21-certificate.sh: executing...
* initalizing certificates
[cont-init.d] 21-certificate.sh: exited 0.
[cont-init.d] 22-lets-encrypt-init.sh: executing...
[cont-init.d] 22-lets-encrypt-init.sh: exited 0.
[cont-init.d] 23-nginx.sh: executing...
* setting NGiNX to run without TLS certificate
[cont-init.d] 23-nginx.sh: exited 0.
[cont-init.d] 24-roundcube.sh: executing...
[cont-init.d] 24-roundcube.sh: exited 0.
[cont-init.d] 31-admin-dirs.sh: executing...
[cont-init.d] 31-admin-dirs.sh: exited 0.
[cont-init.d] 32-database.sh: executing...
[cont-init.d] 32-database.sh: exited 0.
[cont-init.d] 33-domains.sh: executing...
* initalizing settings for domains
[cont-init.d] 33-domains.sh: exited 0.
[cont-init.d] 34-clamav.sh: executing...
* ClamAV disabled
[cont-init.d] 34-clamav.sh: exited 0.
[cont-init.d] 98-timezone.sh: executing...
[cont-init.d] 98-timezone.sh: exited 0.
[cont-init.d] 99-custom-plugins: executing...
[cont-init.d] 99-custom-plugins: exited 0.
[cont-init.d] done.
[services.d] starting services
Estas 100% seguro de que los mails estan saliendo con sengdrid? Deberias ver las cabeceras de alguno de esos mails que llegan a spam y ver por que lo hacen
Este issue se ha marcado automágicamente como "stale" porque no ha tenido actividad reciente. Va a ser cerrado si no se ve actividad nueva. Intentá hacer tu pregunta en Slack. Gracias por sus contribuciones.
Buen dia peladonerd, queria consultarte por Poste.io. Estoy tratando de levantarlo en mi servidor casero con un docker-compose.yml pero me salen errores como los de la image (a pesar de que en mi router tengo abierto el puerto 25)
Lo que si, en los puertos del nginx-proxy uso el 8000 y 8443 (tambien abiertos en el router y apuntando al servidor casero). Como se aprecia, uso dominios de duckdns.
Adjunto el docker-compose.yml. Dos cuestiones adicionales: la primera, con la variable HTTPS=ON, no me dejaba acceder ni por el puerto 8000 ni el 8443 al server, asi que la dejaba en OFF para probar; la segunda, solo podia acceder desde el puerto 8000 (que apunta al 80 del docker del nginx), es decir, tenia que acceder desde
http://mail-testing.duckdns.org:8000
.También adjunto los logs del nginx-proxy y letsencrypt
Desde ya, muchas gracias por tu ayuda. PD/ Sos un groso...!