search

yobasystems / alpine-caddy

Caddy running on Alpine Linux [Docker]
https://hub.docker.com/r/yobasystems/alpine-caddy/
21 stars 4 forks source link

Can't run with GitLab CI #2

Closed unigazer closed 5 years ago

unigazer commented 5 years ago

Hello,

I had to add one more command in order to get the certificates from the Let's Encrypt staging server.

I was receiving (in the GitLab CI)

[example.com] failed to get certificate: [example.com] error presenting token: presenting with standard HTTP provider server: Could not start HTTP server for challenge -> listen tcp :80: bind: permission denied

and

listen tcp :443: bind: permission denied

After adding this commands (including libcap) in your Docker image

RUN apk add --update openssh-client git tar curl libcap
...
RUN chown -R caddy:caddy /srv /home
RUN setcap CAP_NET_BIND_SERVICE=+eip /usr/bin/caddy

it resolved the issue. libcap and the RUN command after RUN chown -R caddy:caddy /srv /home

dominictayloruk commented 5 years ago

libcap is already in there and the setcap command is also in there in the second RUN command;

FROM yobasystems/alpine:3.8.1-amd64
LABEL maintainer "Dominic Taylor <dominic@yobasystems.co.uk>" architecture="AMD64/x86_64"
LABEL alpine-version="3.8.1" caddy-version="0.11.1" build="04-dec-2018"

ARG plugins=http.git,http.cache,http.expires,http.minify,http.realip

RUN apk add --no-cache openssh-client git tar curl libcap

RUN curl --silent --show-error --fail --location --header "Accept: application/tar+gzip, application/x-gzip, application/octet-stream" -o - \
      "https://caddyserver.com/download/linux/amd64?plugins=${plugins}&license=personal&telemetry=off" \
    | tar --no-same-owner -C /usr/bin/ -xz caddy && \
    chmod 0755 /usr/bin/caddy && \
    addgroup -S caddy && \
    adduser -D -S -s /sbin/nologin -G caddy caddy && \
    setcap cap_net_bind_service=+ep `readlink -f /usr/bin/caddy` && \
    /usr/bin/caddy -version

EXPOSE 80 443 2015
VOLUME /srv
WORKDIR /srv

ADD files/Caddyfile /etc/Caddyfile
ADD files/index.html /srv/index.html

RUN chown -R caddy:caddy /srv

USER caddy

ENTRYPOINT ["/usr/bin/caddy"]
CMD ["--conf", "/etc/Caddyfile"]
unigazer commented 5 years ago

I saw earlier in your code, thanks for updating the repo. I was reading the code from here about a month ago, but there was no libacap then, now I see it's there. You can close the issue since the issue has been resolved.