I couldn't get the init script to run, so here's my config files, for anyone else to try
iuliandita opened this issue · comments
I am trying to run Monitoror in in container, with nginx and letsencrypt. The app itself was running fine, but when wanting to add the le certificate, my error running the init script was:
vm@status:~/monitoror$ sudo ./init-letsencrypt.sh
Existing data found for my.domain.com. Continue and replace existing certificate? (y/N) y
### Creating dummy certificate for my.domain.com ...
Creating network "monitoror_default" with the default driver
Creating monitoror_certbot_run ... done
Generating a RSA private key
.++++
.................++++
writing new private key to '/etc/letsencrypt/live/my.domain.com/privkey.pem'
-----
### Starting nginx ...
Creating monitoror ... done
Creating monitoror-certbot ... done
Recreating monitoror-nginx ... done
### Deleting dummy certificate for my.domain.com ...
Creating monitoror_certbot_run ... done
### Requesting Let's Encrypt certificate for my.domain.com ...
Creating monitoror_certbot_run ... done
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Requesting a certificate for my.domain.com
Performing the following challenges:
http-01 challenge for my.domain.com
Using the webroot path /var/www/certbot for all unmatched domains.
Waiting for verification...
Challenge failed for domain my.domain.com
http-01 challenge for my.domain.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: my.domain.com
Type: unauthorized
Detail: Invalid response from
http://my.domain.com/.well-known/acme-challenge/IDHFsDpFTxwli_E9vbX889ShZa9__hmsnYcr-SOYCbc
[212.114.254.89]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\">\n<html><head>\n<title>503 Service
Unavailable</title>\n</head><body>\n<h1>Service"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
### Reloading nginx ...
Error response from daemon: Container a16bb0f9b9c57decafdcd543fb81c2344a4b3fd74a1bd35cc84e6cebba6f80c9 is restarting, wait until the container is running
And here is my functional setup.
Notice that for nginx the volume for the config file is - ./data/nginx:/etc/nginx and not - ./data/nginx:/etc/nginx/conf.d
docker-compose.yml
version: '3'
services:
monitoror:
image: monitoror/monitoror
container_name: monitoror
restart: unless-stopped
volumes:
- ./monitoror/.env:/bin/.env
- ./monitoror/config.json:/bin/config.json
ports:
- "8080:8080"
networks:
- docker
nginx:
image: nginx:alpine
restart: unless-stopped
container_name: monitoror-nginx
ports:
- "80:80"
- "443:443"
volumes:
- ./data/nginx:/etc/nginx
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
networks:
- docker
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
certbot:
image: certbot/certbot
restart: unless-stopped
container_name: monitoror-certbot
volumes:
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
networks:
docker:
external: true
I checked the logs of my nginx container and I noticed:
vm@status:~/monitoror$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a16bb0f9b9c5 nginx:alpine "/docker-entrypoint.…" 25 seconds ago Restarting (1) 8 seconds ago monitoror-nginx
dfffea98dc68 certbot/certbot "/bin/sh -c 'trap ex…" 25 seconds ago Up 24 seconds 80/tcp, 443/tcp monitoror-certbot
602ef2ef0264 monitoror/monitoror "/bin/monitoror" 25 seconds ago Up 23 seconds 0.0.0.0:8080->8080/tcp monitoror
vm@status:~/monitoror$ docker logs monitoror-nginx
2021/01/24 21:21:38 [emerg] 1#1: open() "/etc/nginx/nginx.conf" failed (2: No such file or directory)
nginx: [emerg] open() "/etc/nginx/nginx.conf" failed (2: No such file or directory)
My conf file was called app.conf, so I renamed it to nginx.conf:
events {}
http {
upstream app {
server monitoror:8080;
}
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
server {
listen 80;
server_name my.domain.com;
server_tokens off;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name my.domain.com;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/my.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my.domain.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://app;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
Also, in the init script itself I commented out the nginx at end of line 42:
docker-compose up --force-recreate -d #nginx
Project tree:
.
├── data
│ ├── certbot
│ │ ├── conf
│ │ └── www
│ └── nginx
│ └── nginx.conf
├── docker-compose.yml
├── init-letsencrypt.sh
├── monitoror
│ └── config.json
└── README.md
Everything's up and running.
Thank you!
Thanks for this! This was exactly what I needed to get my setup to run.