Docker letsencrypt does not appear to be creating webroot files - nginx

I have an nginx service running with the following configuration
location /.well-known {
root /tmp/letsencrypt/;
}
I execute the following docker command
sudo docker run -it --rm --name certbot \
-v /etc/letsencrypt \
-v /var/lib/letsencrypt \
-v /tmp/letsencrypt \
quay.io/letsencrypt/letsencrypt:latest certonly \
--webroot --webroot-path /tmp/letsencrypt \
-d dev.blockloop.io --renew-by-default
I get the following output from letsencrypt
Type: unauthorized
Detail: Invalid response from
http://dev.blockloop.io/.well-known/acme-challenge/wupz1YYLDRv8dJRYegoFXfZ24rJCwRrenQxBoYndO30:
"<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
and my nginx logs say this
nginx_1 | 2016/05/28 20:10:44 [error] 6#6: *1 open() "/tmp/letsencrypt/.well-known/acme-challenge/wupz1YYLDRv8dJRYegoFXfZ24rJCwRrenQxBoYndO30" failed (2: No such file or directory), client: 66.133.109.36, server: dev.blockloop.io, request: "GET /.well-known/acme-challenge/wupz1YYLDRv8dJRYegoFXfZ24rJCwRrenQxBoYndO30 HTTP/1.1", host: "dev.blockloop.io"
nginx_1 | 66.133.109.36 - - [28/May/2016:20:10:44 +0000] "GET /.well-known/acme-challenge/wupz1YYLDRv8dJRYegoFXfZ24rJCwRrenQxBoYndO30 HTTP/1.1" 404 169 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
when I look in /tmp/letsencrypt I expect to see some files leftover by letsencrypt, but the only thing there is an empty .well-known directory. I suspect either letsencrypt is cleaning up or it's not creating the files.
If I drop an index.html file in /tmp/letsencrypt/.well-known and go to http://dev.blockloop.io/.well-known/ I see its contents so I know nginx is working properly.

I managed to fix the problem somehow. I think the solution was the trailing slash at the end of --webroot-path /tmp/letsencrypt/, but who knows. Here's the resulting script. Everything else remained the same.
sudo docker run -it --rm --name certbot \
-v "/etc/letsencrypt:/etc/letsencrypt" \
-v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
-v "/tmp/letsencrypt:/tmp/letsencrypt" \
quay.io/letsencrypt/letsencrypt:latest certonly \
--webroot --webroot-path /tmp/letsencrypt/ \
-d dev.blockloop.io --renew-by-default

Related

How can I run wordpress docker-image using nginx-proxy?

I am trying to run a WordPress app inside of a docker container on Ubuntu VPS using Nginx-Proxy.
First I run the nginx-proxy server using the following command
docker run -d \
-p 80:80 \
-p 443:443 \
--name proxy_server \
--net nginx-proxy-network \
-v /etc/certificates:/etc/nginx/certs \
-v /var/run/docker.sock:/tmp/docker.sock:ro \
jwilder/nginx-proxy
Then I run the mysql database server using the following command
docker run -d \
--name mysql_db \
--net nginx-proxy-network \
-e MYSQL_DATABASE=db1 -e \
MYSQL_USER=db1 -e \
MYSQL_PASSWORD=db1 -e \
MYSQL_ROOT_PASSWORD=db12 \
-v mysql_server_data:/var/lib/mysql \
mysql:latest
I am able to verify that MySql server is running by connecting to it using the following command
root:~# docker exec -it mysql_db /bin/bash
root#dd7643384f76:/# mysql -h localhost -u root -p
mysql> show databases;
Now that nginx-proxy and mysql_db images are running, I want to proxy the WordPress image on the usa.mydomain.com. To do that, I run the following command
docker run -d \
--name wordpress \
--expose 80 \
--net nginx-proxy-network \
-e DEFAULT_HOST=usa.mydomain.com \
-e WORDPRESS_DB_HOST=mysql_db:3306 \
-e WORDPRESS_DB_NAME=db1 \
-e WORDPRESS_DB_USER=db1 \
-e WORDPRESS_DB_PASSWORD=db1 \
-v wordpress:/var/www/html \
wordpress:latest
I can see all 3 container running by executing docker ps -a
However, when I browser http://usa.mydomain.com I get HTTP error 503
503 Service Temporarily Unavailable nginx/1.17.5
I validated that usa.mydomain.com is pointing to the server's IP address by doing the following using the command line my my machine.
ipconfig /flushdns
ping usa.mydomain.com
Even when I try to browse my server's ip address I get the same 503 error.
What could be causing this issue?

Failing in salt-api

Team,
I'm facing difficulties setting up salt-api.
I'm in a setup ubuntu 16 and CherryPy 3.5. Which is a open bug https://github.com/saltstack/salt/issues/37783 .
I managed to downgrade to CherryPy 3.2.3.
rest_cherrypy:
port: 8000
disable_ssl: True
external_auth: pam:
saltuser:
- .*
Upon salt-api and salt-master restart
curl -k http://localhost:8000
{"clients": ["local", "local_async",
> "local_batch", "local_subset", "runner", "runner_async", "ssh",
> "wheel", "wheel_async"], "return": "Welcome"}
While login or submitting a job I get 401 Unauthorized .
curl -sSk http://localhost:8000/login -H 'Accept: application/x-yaml' -d username=saltuser -d password=passwd -d eauth=pam
curl -vki http://localhost:8000 -H "Accept: application/x-yaml" -d client=local -d tgt='stg-ubuntu102*' -d fun='cmd.run' -d "kwarg": {"cmd": "touch /tmp/mannoj"}
Can someone please guide me here?
In order to execute commands through the Salt API you need either to login while executing the command or passing X-Auth-Token. So what you need to do is to use the token that was generated by executing the login command
First make sure that you have a system user before executing the following
curl -sSk http://localhost:8000/login -H 'Accept: application/x-yaml' -d username=saltuser -d password=passwd -d eauth=pam
In your next request:
curl -vki http://localhost:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: TOKEN_GOES_HERE" -d client=local -d tgt='stg-ubuntu102*' -d fun='cmd.run' -d "kwarg": {"cmd": "touch /tmp/mannoj"}
Note that I have added -H "X-Auth-Token: TOKEN_GOES_HERE"
For more information check the following page

Docker networking reverse proxy without docker-compose

The challenge
As described, I want to accomplish the same goal with docker itself as I would with the help of docker-compose.
I want to get a deeper understanding of docker and enable the ability to work with docker on platforms, where docker-compose is not an option.
What I do currently (with docker-compose)
1)
I use this docker-compose file:
---
version: '3'
services:
app:
build: .
proxy:
build: docker/proxy
ports:
- "80:80"
The "app" service starts a container which runs node on port 3002 (is exposed in the dockerfile)
The "proxy" service starts a container which runs an nginx with - among others - the following conf:
server {
listen 80;
server_name app;
location / {
proxy_pass http://app:3002;
}
}
2)
Then I add this to the /etc/hosts of my host pc:
127.0.0.1 app
3)
Now I run docker-compose up and vist http://app , which hits the node app.
Nice and simple, right?
Now I want to do the same only with docker.
What I've tried
1 using the same nginx configuration.
2 Starting the containers with a bash script
To accomplish this I
Created a network
Add the network to both containers
Setting up "app"-container hostname, network-alias and dns-search to "app" (because I hoped one of the options would help)
Here the script:
docker network create --driver bridge dockertest_nw
docker build -t dockertest_app .
docker create \
--name dockertest_app_con \
--network dockertest_nw \
--hostname app \
--network-alias=app \
--dns-search=app \
dockertest_app
docker build -t dockertest_proxy ./docker/proxy/
docker create \
--name dockertest_proxy_con \
--network dockertest_nw \
--hostname proxy \
--network-alias=proxy \
--dns-search=proxy \
-p 80:80 \
dockertest_proxy
docker start dockertest_proxy_con
docker start dockertest_app_con
Unfortunately, this doesn't work.
I also know there is a dns service from docker which docker-compose somehow uses and I should also use it on some way?
Could any one give some suggestions?
Update:
Just the info I got the following logs from the nginx container, which i would say shows the nginx doesn't can resolve "app" :
172.18.0.1 - - [13/Apr/2017:14:49:06 +0000] "GET / HTTP/1.1" 502 576 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36" "-"
2017/04/13 14:49:06 [error] 5#5: *13 connect() failed (111: Connection refused) while connecting to upstream, client: 172.18.0.1, server: app, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:3002/", host: "app"
You're tripping yourself up with all those options. All you really need is --network-alias to set the short form names app and proxy in your containers, which will be available in addition to the container names dockertest_app and dockertest_proxy.
docker network create --driver bridge dockertest_nw
docker build -t dockertest_app .
docker create \
--name dockertest_app \
--network dockertest_nw \
--network-alias=app \
dockertest_app
docker build -t dockertest_proxy ./docker/proxy/
docker create \
--name dockertest_proxy \
--network dockertest_nw \
--network-alias=proxy \
-p 80:80 \
dockertest_proxy
docker start dockertest_proxy
docker start dockertest_app

Can't reach wordpress on vagrant

I'm using Vagrant to setup a VM with a LAMP stack and Wordpress on top, but I can't access the Wordpress website from the host machine on http://localhost:8000. I can access HTML files i put in /var/www. Am I missing something?
Vagrantfile
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure(2) do |config|
config.vm.box = "ubuntu/trusty64"
config.vm.network "forwarded_port", guest: 80, host: 8000, auto_correct: true
config.vm.network "forwarded_port", guest: 443, host: 44300, auto_correct: true
config.vm.network "forwarded_port", guest: 3306, host: 33060, auto_correct: true
config.vm.provision :shell, path: "bootstrap.sh"
end
bootstrap.sh
#!/usr/bin/env bash
echo -e "\n--- Starting VM bootstrapping... ---\n"
echo -e "\n--- Add repos ---\n"
add-apt-repository ppa:ondrej/apache2 > /dev/null 2>&1
add-apt-repository ppa:ondrej/php5-5.6 > /dev/null 2>&1
sudo add-apt-repository ppa:ondrej/mysql-5.6 > /dev/null 2>&1
echo -e "\n--- Update ---\n"
apt-get -qq update
echo -e "\n--- Installing Apache, PHP and PHP specific packages --- \n"
apt-get -y install apache2 php5 php5-curl php5-mcrypt php5-mysql php5-xdebug > /dev/null 2>&1
echo -e "\n--- Install MySQL Server ---\n"
apt-get -y install debconf-utils > /dev/null 2>&1
debconf-set-selections <<< "mysql-server mysql-server/root_password password root"
debconf-set-selections <<< "mysql-server mysql-server/root_password_again password root"
apt-get -y install mysql-server > /dev/null 2>&1
echo -e "\n--- Enable mod-rewrite ---\n"
a2enmod rewrite
echo -e "\n--- Create Virtual Host ---\n"
cat > "/etc/apache2/sites-available/000-default.conf" << EOF
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ServerName localhost
DocumentRoot /var/www
<Directory /var/www>
Options -Indexes +FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
EOF
echo -e "\n--- Change apache user to vagrant user ---\n"
sed -i 's/APACHE_RUN_USER=www-data/APACHE_RUN_USER=vagrant/' /etc/apache2/envvars
sed -i 's/APACHE_RUN_GROUP=www-data/APACHE_RUN_GROUP=vagrant/' /etc/apache2/envvars
echo -e "\n--- Restarting Apache ---\n"
service apache2 restart
# Other packages
echo -e "\n--- Install other useful packages ---\n"
apt-get -y install git > /dev/null 2>&1
# ENV Setup stops here, APP setup starts.
echo -e "\n--- Starting App bootstraping... ---\n"
rm -rf /var/www/*
cd /var/www
echo -e "\n--- Install Composer for PHP package management ---\n"
curl --silent https://getcomposer.org/installer | php > /dev/null 2>&1
mv composer.phar /usr/local/bin/composer
echo -e "\n--- Install WP-CLI ---\n"
curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar > /dev/null 2>&1
chmod +x wp-cli.phar
sudo mv wp-cli.phar /usr/local/bin/wp
echo -e "\n--- Install WP ---\n"
wp core download --allow-root
wp core config --dbuser=root --dbpass=root --dbname=mkp --allow-root
wp db create --allow-root
wp core install --url=localhost --title=Example --admin_user=admin --admin_password=root --admin_email=john#example.com --allow-root
echo -e "\n--- Symlink to /vagrant folder ---\n"
sudo ln -fs /vagrant /var/www/wp-content/themes/mytheme
#cd /vagrant
#
echo -e "\n--- Changing permissions and ownership where needed ---\n"
sudo chmod 777 -R .
sudo chown -R $USER:$USER .
Edit:
curl -v http://localhost:8000outputs the following:
* Rebuilt URL to: http://localhost:8000/
* Adding handle: conn: 0x22853e0
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x22853e0) send_pipe: 1, recv_pipe: 0
* About to connect() to localhost port 8000 (#0)
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8000 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.33.0
> Host: localhost:8000
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Date: Wed, 15 Jul 2015 13:06:15 GMT
* Server Apache/2.4.12 (Ubuntu) is not blacklisted
< Server: Apache/2.4.12 (Ubuntu)
< X-Pingback: http://localhost/xmlrpc.php
< Location: http://localhost/
< Content-Length: 0
< Content-Type: text/html; charset=UTF-8
<
* Connection #0 to host localhost left intact
The problem is your website is sending back a redirect, back to the default port 80. see the curl output line:
Location: http://localhost/
If you dont have a webserver on localhost, you can use a transparent localhost port 80 to VM port 80 mapping. Or configure something in apache or wordpress to use port 8000 and make that the transparent port.

Nginx & Varnish connection error

My site gives error 521 all the times.
When I found this error from my server
$sudo service varnish reload
* Reloading HTTP accelerator varnishd
Connection failed (localhost:6082)
Error: vcl.load 8d6fb6be-9a0a-4896-be47-e2678e3c2617 /etc/varnish/default.vcl failed
Moreover,
varnishlog
shows nothing.
I am following this tutorial to set the server up. And, I changed
DAEMON_OPTS="-a :80 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-u www-data -g www-data \
-S /etc/varnish/secret \
-s malloc,256m"
The /etc/varnish/default.vcl file is copied from the tutorial. All & has been corrected to &.
It is a fresh VPS. No firewall.
Any clue to resolve it?
Thanks!!!!
3 things come into my mind:
Start varnish in foreground mode and check what it says
varnishd -F -a :80 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-u www-data -g www-data \
-S /etc/varnish/secret \
-s malloc,256m
Try changing -T localhost:6082 to -T 127.0.0.1:6082
Your port 6082 might be already taken. Change it or check if it's listed in already open ports' list with
netstat -tlnep
restart your varnish
sudo /etc/init.d/varnish restart
then
sudo /etc/init.d/varnish reload

Resources