SSL configuration : Permission denied on key file

[lulakhub]

Hello Tomsquest,

I am trying to run radicale over SSL. I used docker compose with Production-grade instruction to run radicale. With "http" I have no problem everything runs perfectly.

I decided to activate SSL:

I followed instructions on radicale's documentation about SSL topic:

I generated the certificate and the key: openssl req -x509 -newkey rsa:4096 -keyout radicale_key.pem -out radicale_cert.pem -nodes -days 9999

I modified the config file:

# SSL flag, enable HTTPS protocol
ssl = True
# SSL certificate path
certificate = /config/ssl/radicale_cert.pem
# SSL private key
key = /config/ssl/radicale_key.pem
# CA certificate for validating clients. This can be used to secure
# TCP traffic between Radicale and a reverse proxy
#certificate_authority = /config/ssl/client_cert.pem

I started Docker but i got this error on the log:

An exception occurred during server startup: Invalid filepath value for option 'key' in section 'server' in config file '/config/config': '/config/ssl/radicale_key.pem' ([Errno 13] Permission denied: '/config/ssl/radicale_key.pem')

I am a newbie on docker :smiley_cat: , it could be a basic error, Thanks for your help!

[tomsquest]

Hi @lulakhub ,

I don't use the SSL instructions of Radicale. And nowadays, it is more secured and convenient to rely on Caddy or Taefik for https.

But still, for your permission issue, it may be possible that Radicale needs the "write" permissions in /config/ssl. A good test is to remove the readonly flag when mounting the config volume (remove ro).

[tomsquest]

Hi @lulakhub

Any news?

[github-actions[bot]]

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 14 days.

[lulakhub]

Hi @tomsquest sorry for my late answer. Finlay I used your recommendation, and I installed Ngnix proxy manager to access in SSL.