Guest Join UsHey Guest,
Welcome, Join our awesome community where you can discuss on various topics :-
Some point about your community
Some point about your community
Some point about your community
Some point about your community
Some point about your community
Some point about your community
Some point about your community
Much More.. or Create an Account


I am super Awesome Announcement, with links and can be used to announce important things. Check here
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Nginx LE docker
#1
I am having trouble get LE Nginx to work. I have my domain name forwarded my static ip. A pfsense rounter is the gateway to the network and forwards port 443 and 80 to the box running docker. So I think I have that part done. Here is what I am deploying the container with. I don't plan on running the webserver as root but I was just seeing if it was permission related. 

Code:
docker create \
--restart=always \
--privileged \
--name=letsencrypt \
-v /storage/docker/letsencrypt:/config \
-e PUID=0 -e PGID=0 \
-e TZ=America/Chicago \
-e EMAIL=me@gmail.com \
-e URL=mydomain.com \
-p 443:443 \
linuxserver/letsencrypt


my default config is

Code:
server {
listen 443 ssl default_server;

root /config/www;
index index.html index.htm index.php;

server_name mydomain.com;

##auto generated not sure what is does
ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
ssl_dhparam /config/nginx/dhparams.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;

client_max_body_size 0;

location / {
try_files $uri $uri/ /index.html /index.php?$args =404;
}


## this chunk was auto generated
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# With php7-cgi alone:
fastcgi_pass 127.0.0.1:9000;
# With php7-fpm:
#fastcgi_pass unix:/var/run/php7-fpm.sock;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
}
Reply
#2
You didn't describe the trouble. What happens? What is shown in the log?

Don't run it as root. Php hates it and refuses to start
Reply
#3
running it as www-data now and here are the logs

root@pve:/storage/docker# docker logs -f letsencrypt
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 10-adduser: executing...

-------------------------------------
_ _ _
| |___| (_) ___
| / __| | |/ _ \
| \__ \ | | (_) |
|_|___/ |_|\___/
|_|

Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donations/
-------------------------------------
GID/UID
-------------------------------------
User uid: 33
User gid: 33
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing...
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing...
generating self-signed keys in /config/keys, you can replace these with your own keys if required
Generating a 2048 bit RSA private key
...................................................................................................................................+++
.+++
writing new private key to '/config/keys/cert.key'
-----
Subject Attribute /C has no known NID, skipped
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing...
Creating DH parameters for additional security. This may take a very long time. There will be another message once this process is completed
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
.............................................................................+......................................................+.................+....+................................................................................................................................................................................................................................................................................................................................................................+...................................................................................................................................................................................................................................................................................+.........+..................................................................+....+.......................................................++*++*
DH parameters successfully created - 2048 bits
No subdomains defined
E-mail address entered: me@gmail.com
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for domain.com
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/domain.com/fullchain.pem. Your
cert will expire on 2017-11-04. To obtain a new or tweaked version
of this certificate in the future, simply run certbot again. To
non-interactively renew *all* of your certificates, run "certbot
renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

Server ready
[cont-init.d] 50-config: exited 0.
[cont-init.d] done.
[services.d] starting services
Reply
#4
I will ask again. What is the issue? What makes you think it doesn't work? According to the logs, there are no issues
Reply
#5
(06-08-2017, 08:26 PM)aptalca Wrote: I will ask again. What is the issue? What makes you think it doesn't work? According to the logs, there are no issues
I am sorry I guess my problem was running it as root and now www-data. When I switched that and remembered to add https to my domain to test it works. Sorry for the trouble
Reply
#6
No problem. Good to hear that it works.

You have to use https unless you map port 80 and enable listening for that in the default config
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)

About LinuxServer.io

Focus MyBB Theme is designed for MyBB 1.8 series and is tested properly till the most current version of MyBB i.e. 1.8.9. It is simple, clean and light MyBB theme with use of font-awesome icons and shrinking header.

For any more information, please use our contact form.

              Quick Links

              User Links

              Advertise