[BUG] Proxy cannot load certificate (Won't follow Symlink)
FractalMind opened this issue · comments
Describe the bug
The reverse proxy cannot load the certificate. When it's the path certificate itself it works fine but it generates a SYMLINK instead and docker don't follow symlinks
Can we set an option somewhere so it won't create a symlink?
[emerg] 1#1: cannot load certificate "/etc/nginx/certs/my-project.eba-api9anev.us-east-1.elasticbeanstalk.com.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/certs/my-project.eba-api9anev.us-east-1.elasticbeanstalk.com.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
Port 80 and 443 are opened. The certificate generation works. when I enter the address of the website it loads for a long moment then gives me a 504 Gateway Time-out
To Reproduce
Inside: proxy-web-auto container I try to open the file by doing:
vi /etc/nginx/certs/my-project.eba-api9anev.us-east-1.elasticbeanstalk.com.crt
An I can see it and open it with no problem.
-----BEGIN CERTIFICATE-----
MIIGhTCCBW2gAwIBAgISA6WHntHbTGp3pK4y7kGnQVnpMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTEwMjcyMTQ4MjdaFw0yMjAxMjUyMTQ4MjZaMEExPzA9BgNVBAMT
If I do a ls -la I see
/etc/nginx/certs # ls -la
total 52
drwxr-xr-x 3 root root 6144 Oct 28 04:02 .
drwxr-xr-x 1 root root 50 Oct 28 04:02 ..
-rw-r--r-- 1 root root 1870 Oct 22 22:36 default.crt
-rw-r--r-- 1 root root 3272 Oct 22 22:36 default.key
-rw-r--r-- 1 root root 424 Oct 22 22:36 dhparam.pem
drwxr-xr-x 2 root root 6144 Oct 23 03:04 xxx-env.eba-api9anev.us-east-1.elasticbeanstalk.com
lrwxrwxrwx 1 root root 66 Oct 28 04:02 xxx-env.eba-api9anev.us-east-1.elasticbeanstalk.com.chain.pem -> ./xxx-env.eba-api9anev.us-east-1.elasticbeanstalk.com/chain.pem
lrwxrwxrwx 1 root root 70 Oct 28 04:02 xxx-env.eba-api9anev.us-east-1.elasticbeanstalk.com.crt -> ./xxx-env.eba-api9anev.us-east-1.elasticbeanstalk.com/fullchain.pem
lrwxrwxrwx 1 root root 13 Oct 28 04:02 xxx-env.eba-api9anev.us-east-1.elasticbeanstalk.com.dhparam.pem -> ./dhparam.pem
lrwxrwxrwx 1 root root 64 Oct 28 04:02 xxx-env.eba-api9anev.us-east-1.elasticbeanstalk.com.key -> ./xxx-env.eba-api9anev.us-east-1.elasticbeanstalk.com/key.pem
lrwxrwxrwx 1 root root 66 Oct 28 04:02 xxx.com.chain.pem -> ./xxx-env.eba-api9anev.us-east-1.elasticbeanstalk.com/chain.pem
lrwxrwxrwx 1 root root 70 Oct 28 04:02 xxx.com.crt -> ./xxx-env.eba-api9anev.us-east-1.elasticbeanstalk.com/fullchain.pem
lrwxrwxrwx 1 root root 13 Oct 28 04:02 xxx.com.dhparam.pem -> ./dhparam.pem
lrwxrwxrwx 1 root root 64 Oct 28 04:02 xxx.com.key -> ./xxx-env.eba-api9anev.us-east-1.elasticbeanstalk.com/key.pem
Expected behavior
It's just supposed to read the certificate and load it. But it can't follow the symlink
Server info (please complete the following information):
HOST:
- Linux version 4.14.248-189.473.amzn2.x86_64 (mockbuild@ip-10-0-52-217) (gcc version 7.3.1 20180712 (Red Hat 7.3.1-13) (GCC)) #1 SMP Mon Sep 27 05:52:26 UTC 2021
- Docker version 20.10.7, build f0df350
- Docker Compose version v2.0.1
Logs (please send some logs):
Container logs proxy-web-auto
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration,
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/,
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh,
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf,
10-listen-on-ipv6-by-default.sh: info: /etc/nginx/conf.d/default.conf differs from the packaged version,
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh,
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh,
/docker-entrypoint.sh: Configuration complete; ready for start up,
2021/10/28 04:02:16 [notice] 1#1: using the "epoll" event method,
2021/10/28 04:02:16 [notice] 1#1: nginx/1.20.1,
2021/10/28 04:02:16 [notice] 1#1: built by gcc 10.2.1 20201203 (Alpine 10.2.1_pre1) ,
2021/10/28 04:02:16 [notice] 1#1: OS: Linux 4.14.248-189.473.amzn2.x86_64,
2021/10/28 04:02:16 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 32768:65536,
2021/10/28 04:02:16 [notice] 1#1: start worker processes,
2021/10/28 04:02:16 [notice] 1#1: start worker process 31,
2021/10/28 04:02:16 [notice] 1#1: signal 1 (SIGHUP) received, reconfiguring,
2021/10/28 04:02:16 [notice] 1#1: reconfiguring,
2021/10/28 04:02:16 [notice] 1#1: using the "epoll" event method,
2021/10/28 04:02:16 [notice] 1#1: start worker processes,
2021/10/28 04:02:16 [notice] 1#1: start worker process 32,
2021/10/28 04:02:16 [notice] 31#31: gracefully shutting down,
2021/10/28 04:02:16 [notice] 31#31: exiting,
2021/10/28 04:02:16 [notice] 31#31: exit,
2021/10/28 04:02:16 [notice] 1#1: signal 17 (SIGCHLD) received from 31,
2021/10/28 04:02:16 [notice] 1#1: worker process 31 exited with code 0,
2021/10/28 04:02:16 [notice] 1#1: signal 29 (SIGIO) received,
2021/10/28 04:02:17 [notice] 1#1: signal 1 (SIGHUP) received, reconfiguring,
2021/10/28 04:02:17 [notice] 1#1: reconfiguring,
2021/10/28 04:02:17 [emerg] 1#1: cannot load certificate "/etc/nginx/certs/xxx-env.eba-api9anev.us-east-1.elasticbeanstalk.com.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/certs/xxx-env.eba-api9anev.us-east-1.elasticbeanstalk.com.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file),
2021/10/28 04:02:17 [notice] 1#1: signal 1 (SIGHUP) received, reconfiguring,
2021/10/28 04:02:17 [notice] 1#1: reconfiguring,
2021/10/28 04:02:17 [notice] 1#1: using the "epoll" event method,
2021/10/28 04:02:17 [notice] 1#1: start worker processes,
2021/10/28 04:02:17 [notice] 1#1: start worker process 33,
2021/10/28 04:02:17 [notice] 32#32: gracefully shutting down,
2021/10/28 04:02:17 [notice] 32#32: exiting,
2021/10/28 04:02:17 [notice] 32#32: exit,
2021/10/28 04:02:17 [notice] 1#1: signal 17 (SIGCHLD) received from 32,
2021/10/28 04:02:17 [notice] 1#1: worker process 32 exited with code 0,
2021/10/28 04:02:17 [notice] 1#1: signal 29 (SIGIO) received,
2021/10/28 04:02:18 [notice] 1#1: signal 1 (SIGHUP) received, reconfiguring,
2021/10/28 04:02:18 [notice] 1#1: reconfiguring,
2021/10/28 04:02:18 [notice] 1#1: using the "epoll" event method,
2021/10/28 04:02:18 [notice] 1#1: start worker processes,
2021/10/28 04:02:18 [notice] 1#1: start worker process 34,
2021/10/28 04:02:18 [notice] 1#1: signal 1 (SIGHUP) received, reconfiguring,
2021/10/28 04:02:18 [notice] 1#1: reconfiguring,
2021/10/28 04:02:18 [notice] 33#33: gracefully shutting down,
2021/10/28 04:02:18 [notice] 33#33: exiting,
2021/10/28 04:02:18 [notice] 33#33: exit,
2021/10/28 04:02:18 [notice] 1#1: using the "epoll" event method,
2021/10/28 04:02:18 [notice] 1#1: start worker processes,
2021/10/28 04:02:18 [notice] 1#1: start worker process 35,
2021/10/28 04:02:18 [notice] 1#1: signal 17 (SIGCHLD) received from 33,
2021/10/28 04:02:18 [notice] 34#34: gracefully shutting down,
2021/10/28 04:02:18 [notice] 34#34: exiting,
2021/10/28 04:02:18 [notice] 1#1: worker process 33 exited with code 0,
2021/10/28 04:02:18 [notice] 1#1: signal 29 (SIGIO) received,
2021/10/28 04:02:18 [notice] 34#34: exit,
2021/10/28 04:02:18 [notice] 1#1: signal 17 (SIGCHLD) received from 34,
2021/10/28 04:02:18 [notice] 1#1: worker process 34 exited with code 0,
2021/10/28 04:02:18 [notice] 1#1: signal 29 (SIGIO) received,
2021/10/28 04:04:14 [warn] 35#35: no resolver defined to resolve r3.o.lencr.org while requesting certificate status, responder: r3.o.lencr.org, certificate: "/etc/nginx/certs/xxx-env.eba-api9anev.us-east-1.elasticbeanstalk.com.crt",
Thank you for your time! :)
Follow this post: nginx-proxy/nginx-proxy#1816