search

prosody / prosody-docker

Docker image building system for the Prosody XMPP server
https://hub.docker.com/r/prosody/prosody/
144 stars 50 forks source link

Permission issues on /etc/prosody/certs/localhost.key #66

Open NaitYoussef opened 3 years ago

NaitYoussef commented 3 years ago

Hello,

I'm trying to launch Prosody XMPP Server using prosody/prosody (sha256:aae908010395ced83280368b00d1a88520d4c3128a182cd2e4a3c81d44722589) docker image. The ouput of the docker run command bellow mentions permissions error while reading some key files. 

$ docker run prosody/prosody
usermod: no changes
startup             info    Hello and welcome to Prosody version 0.11.7
startup             info    Prosody is using the select backend for connection handling
portmanager         info    Activated service 's2s' on [::]:5269, [*]:5269
portmanager         info    Activated service 'c2s' on [::]:5222, [*]:5222
portmanager         info    Activated service 'legacy_ssl' on no ports
certmanager         error   SSL/TLS: Failed to load '/etc/prosody/certs/localhost.key': Check that the permissions allow Prosody to read this file. (for localhost)
localhost:tls       error   Error creating context for c2s: error loading private key (Permission denied)
certmanager         error   SSL/TLS: Failed to load '/etc/prosody/certs/localhost.key': Previous error (see logs), or other system error. (for localhost)
localhost:tls       error   Error creating contexts for s2sout: error loading private key (system lib)
certmanager         error   SSL/TLS: Failed to load '/etc/prosody/certs/localhost.key': Previous error (see logs), or other system error. (for localhost)
localhost:tls       error   Error creating contexts for s2sin: error loading private key (system lib)
localhost:tls       info    Certificates loaded

When I logged into the docker container I noticed that this file is owned by root : -rw------- 1 root root 1704 Oct 1 15:14 /etc/prosody/certs/localhost.key

Shouldn't the owner be prosody ?

lonllua commented 3 years ago

same issue.

Fuwn commented 2 years ago

I just attempted to set up a Prosody server and get the same error, however, I have found a solution.

First, I searched for the string "Check that the permissions allow Prosody to read this file." and came across this comment on the Prosody issues forum where Zash is seen replying to a user about the proper user for permissions issues, the correct user is 'prosody'.

After that, I exec'd into the container and messed with the permissions of the /etc/prosody directory to allow proper access to it.

docker exec -it prosody bash   # Gain shell access to the Prosody container
chown -R prosody /etc/prosody/ # Change owner of the Prosody directory

I've seen that quite a bit of people has been having this issue, it should really have been fixed by now... Hope this can help someone!