I have an nginx service running with the following configuration
location /.well-known {
root /tmp/letsencrypt/;
}
I execute the following docker command
sudo docker run -it --rm --name certbot \
-v /etc/letsencrypt \
-v /var/lib/letsencrypt \
-v /tmp/letsencrypt \
quay.io/letsencrypt/letsencrypt:latest certonly \
--webroot --webroot-path /tmp/letsencrypt \
-d dev.blockloop.io --renew-by-default
I get the following output from letsencrypt
Type: unauthorized
Detail: Invalid response from
http://dev.blockloop.io/.well-known/acme-challenge/wupz1YYLDRv8dJRYegoFXfZ24rJCwRrenQxBoYndO30:
"<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
and my nginx logs say this
nginx_1 | 2016/05/28 20:10:44 [error] 6#6: *1 open() "/tmp/letsencrypt/.well-known/acme-challenge/wupz1YYLDRv8dJRYegoFXfZ24rJCwRrenQxBoYndO30" failed (2: No such file or directory), client: 66.133.109.36, server: dev.blockloop.io, request: "GET /.well-known/acme-challenge/wupz1YYLDRv8dJRYegoFXfZ24rJCwRrenQxBoYndO30 HTTP/1.1", host: "dev.blockloop.io"
nginx_1 | 66.133.109.36 - - [28/May/2016:20:10:44 +0000] "GET /.well-known/acme-challenge/wupz1YYLDRv8dJRYegoFXfZ24rJCwRrenQxBoYndO30 HTTP/1.1" 404 169 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
when I look in /tmp/letsencrypt I expect to see some files leftover by letsencrypt, but the only thing there is an empty .well-known directory. I suspect either letsencrypt is cleaning up or it's not creating the files.
If I drop an index.html file in /tmp/letsencrypt/.well-known and go to http://dev.blockloop.io/.well-known/ I see its contents so I know nginx is working properly.
I managed to fix the problem somehow. I think the solution was the trailing slash at the end of --webroot-path /tmp/letsencrypt/, but who knows. Here's the resulting script. Everything else remained the same.
sudo docker run -it --rm --name certbot \
-v "/etc/letsencrypt:/etc/letsencrypt" \
-v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
-v "/tmp/letsencrypt:/tmp/letsencrypt" \
quay.io/letsencrypt/letsencrypt:latest certonly \
--webroot --webroot-path /tmp/letsencrypt/ \
-d dev.blockloop.io --renew-by-default
Related
I am trying to run a WordPress app inside of a docker container on Ubuntu VPS using Nginx-Proxy.
First I run the nginx-proxy server using the following command
docker run -d \
-p 80:80 \
-p 443:443 \
--name proxy_server \
--net nginx-proxy-network \
-v /etc/certificates:/etc/nginx/certs \
-v /var/run/docker.sock:/tmp/docker.sock:ro \
jwilder/nginx-proxy
Then I run the mysql database server using the following command
docker run -d \
--name mysql_db \
--net nginx-proxy-network \
-e MYSQL_DATABASE=db1 -e \
MYSQL_USER=db1 -e \
MYSQL_PASSWORD=db1 -e \
MYSQL_ROOT_PASSWORD=db12 \
-v mysql_server_data:/var/lib/mysql \
mysql:latest
I am able to verify that MySql server is running by connecting to it using the following command
root:~# docker exec -it mysql_db /bin/bash
root#dd7643384f76:/# mysql -h localhost -u root -p
mysql> show databases;
Now that nginx-proxy and mysql_db images are running, I want to proxy the WordPress image on the usa.mydomain.com. To do that, I run the following command
docker run -d \
--name wordpress \
--expose 80 \
--net nginx-proxy-network \
-e DEFAULT_HOST=usa.mydomain.com \
-e WORDPRESS_DB_HOST=mysql_db:3306 \
-e WORDPRESS_DB_NAME=db1 \
-e WORDPRESS_DB_USER=db1 \
-e WORDPRESS_DB_PASSWORD=db1 \
-v wordpress:/var/www/html \
wordpress:latest
I can see all 3 container running by executing docker ps -a
However, when I browser http://usa.mydomain.com I get HTTP error 503
503 Service Temporarily Unavailable nginx/1.17.5
I validated that usa.mydomain.com is pointing to the server's IP address by doing the following using the command line my my machine.
ipconfig /flushdns
ping usa.mydomain.com
Even when I try to browse my server's ip address I get the same 503 error.
What could be causing this issue?
Team,
I'm facing difficulties setting up salt-api.
I'm in a setup ubuntu 16 and CherryPy 3.5. Which is a open bug https://github.com/saltstack/salt/issues/37783 .
I managed to downgrade to CherryPy 3.2.3.
rest_cherrypy:
port: 8000
disable_ssl: True
external_auth: pam:
saltuser:
- .*
Upon salt-api and salt-master restart
curl -k http://localhost:8000
{"clients": ["local", "local_async",
> "local_batch", "local_subset", "runner", "runner_async", "ssh",
> "wheel", "wheel_async"], "return": "Welcome"}
While login or submitting a job I get 401 Unauthorized .
curl -sSk http://localhost:8000/login -H 'Accept: application/x-yaml' -d username=saltuser -d password=passwd -d eauth=pam
curl -vki http://localhost:8000 -H "Accept: application/x-yaml" -d client=local -d tgt='stg-ubuntu102*' -d fun='cmd.run' -d "kwarg": {"cmd": "touch /tmp/mannoj"}
Can someone please guide me here?
In order to execute commands through the Salt API you need either to login while executing the command or passing X-Auth-Token. So what you need to do is to use the token that was generated by executing the login command
First make sure that you have a system user before executing the following
curl -sSk http://localhost:8000/login -H 'Accept: application/x-yaml' -d username=saltuser -d password=passwd -d eauth=pam
In your next request:
curl -vki http://localhost:8000 -H "Accept: application/x-yaml" -H "X-Auth-Token: TOKEN_GOES_HERE" -d client=local -d tgt='stg-ubuntu102*' -d fun='cmd.run' -d "kwarg": {"cmd": "touch /tmp/mannoj"}
Note that I have added -H "X-Auth-Token: TOKEN_GOES_HERE"
For more information check the following page
The challenge
As described, I want to accomplish the same goal with docker itself as I would with the help of docker-compose.
I want to get a deeper understanding of docker and enable the ability to work with docker on platforms, where docker-compose is not an option.
What I do currently (with docker-compose)
1)
I use this docker-compose file:
---
version: '3'
services:
app:
build: .
proxy:
build: docker/proxy
ports:
- "80:80"
The "app" service starts a container which runs node on port 3002 (is exposed in the dockerfile)
The "proxy" service starts a container which runs an nginx with - among others - the following conf:
server {
listen 80;
server_name app;
location / {
proxy_pass http://app:3002;
}
}
2)
Then I add this to the /etc/hosts of my host pc:
127.0.0.1 app
3)
Now I run docker-compose up and vist http://app , which hits the node app.
Nice and simple, right?
Now I want to do the same only with docker.
What I've tried
1 using the same nginx configuration.
2 Starting the containers with a bash script
To accomplish this I
Created a network
Add the network to both containers
Setting up "app"-container hostname, network-alias and dns-search to "app" (because I hoped one of the options would help)
Here the script:
docker network create --driver bridge dockertest_nw
docker build -t dockertest_app .
docker create \
--name dockertest_app_con \
--network dockertest_nw \
--hostname app \
--network-alias=app \
--dns-search=app \
dockertest_app
docker build -t dockertest_proxy ./docker/proxy/
docker create \
--name dockertest_proxy_con \
--network dockertest_nw \
--hostname proxy \
--network-alias=proxy \
--dns-search=proxy \
-p 80:80 \
dockertest_proxy
docker start dockertest_proxy_con
docker start dockertest_app_con
Unfortunately, this doesn't work.
I also know there is a dns service from docker which docker-compose somehow uses and I should also use it on some way?
Could any one give some suggestions?
Update:
Just the info I got the following logs from the nginx container, which i would say shows the nginx doesn't can resolve "app" :
172.18.0.1 - - [13/Apr/2017:14:49:06 +0000] "GET / HTTP/1.1" 502 576 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36" "-"
2017/04/13 14:49:06 [error] 5#5: *13 connect() failed (111: Connection refused) while connecting to upstream, client: 172.18.0.1, server: app, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:3002/", host: "app"
You're tripping yourself up with all those options. All you really need is --network-alias to set the short form names app and proxy in your containers, which will be available in addition to the container names dockertest_app and dockertest_proxy.
docker network create --driver bridge dockertest_nw
docker build -t dockertest_app .
docker create \
--name dockertest_app \
--network dockertest_nw \
--network-alias=app \
dockertest_app
docker build -t dockertest_proxy ./docker/proxy/
docker create \
--name dockertest_proxy \
--network dockertest_nw \
--network-alias=proxy \
-p 80:80 \
dockertest_proxy
docker start dockertest_proxy
docker start dockertest_app
I'm using Vagrant to setup a VM with a LAMP stack and Wordpress on top, but I can't access the Wordpress website from the host machine on http://localhost:8000. I can access HTML files i put in /var/www. Am I missing something?
Vagrantfile
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure(2) do |config|
config.vm.box = "ubuntu/trusty64"
config.vm.network "forwarded_port", guest: 80, host: 8000, auto_correct: true
config.vm.network "forwarded_port", guest: 443, host: 44300, auto_correct: true
config.vm.network "forwarded_port", guest: 3306, host: 33060, auto_correct: true
config.vm.provision :shell, path: "bootstrap.sh"
end
bootstrap.sh
#!/usr/bin/env bash
echo -e "\n--- Starting VM bootstrapping... ---\n"
echo -e "\n--- Add repos ---\n"
add-apt-repository ppa:ondrej/apache2 > /dev/null 2>&1
add-apt-repository ppa:ondrej/php5-5.6 > /dev/null 2>&1
sudo add-apt-repository ppa:ondrej/mysql-5.6 > /dev/null 2>&1
echo -e "\n--- Update ---\n"
apt-get -qq update
echo -e "\n--- Installing Apache, PHP and PHP specific packages --- \n"
apt-get -y install apache2 php5 php5-curl php5-mcrypt php5-mysql php5-xdebug > /dev/null 2>&1
echo -e "\n--- Install MySQL Server ---\n"
apt-get -y install debconf-utils > /dev/null 2>&1
debconf-set-selections <<< "mysql-server mysql-server/root_password password root"
debconf-set-selections <<< "mysql-server mysql-server/root_password_again password root"
apt-get -y install mysql-server > /dev/null 2>&1
echo -e "\n--- Enable mod-rewrite ---\n"
a2enmod rewrite
echo -e "\n--- Create Virtual Host ---\n"
cat > "/etc/apache2/sites-available/000-default.conf" << EOF
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ServerName localhost
DocumentRoot /var/www
<Directory /var/www>
Options -Indexes +FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
EOF
echo -e "\n--- Change apache user to vagrant user ---\n"
sed -i 's/APACHE_RUN_USER=www-data/APACHE_RUN_USER=vagrant/' /etc/apache2/envvars
sed -i 's/APACHE_RUN_GROUP=www-data/APACHE_RUN_GROUP=vagrant/' /etc/apache2/envvars
echo -e "\n--- Restarting Apache ---\n"
service apache2 restart
# Other packages
echo -e "\n--- Install other useful packages ---\n"
apt-get -y install git > /dev/null 2>&1
# ENV Setup stops here, APP setup starts.
echo -e "\n--- Starting App bootstraping... ---\n"
rm -rf /var/www/*
cd /var/www
echo -e "\n--- Install Composer for PHP package management ---\n"
curl --silent https://getcomposer.org/installer | php > /dev/null 2>&1
mv composer.phar /usr/local/bin/composer
echo -e "\n--- Install WP-CLI ---\n"
curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar > /dev/null 2>&1
chmod +x wp-cli.phar
sudo mv wp-cli.phar /usr/local/bin/wp
echo -e "\n--- Install WP ---\n"
wp core download --allow-root
wp core config --dbuser=root --dbpass=root --dbname=mkp --allow-root
wp db create --allow-root
wp core install --url=localhost --title=Example --admin_user=admin --admin_password=root --admin_email=john#example.com --allow-root
echo -e "\n--- Symlink to /vagrant folder ---\n"
sudo ln -fs /vagrant /var/www/wp-content/themes/mytheme
#cd /vagrant
#
echo -e "\n--- Changing permissions and ownership where needed ---\n"
sudo chmod 777 -R .
sudo chown -R $USER:$USER .
Edit:
curl -v http://localhost:8000outputs the following:
* Rebuilt URL to: http://localhost:8000/
* Adding handle: conn: 0x22853e0
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x22853e0) send_pipe: 1, recv_pipe: 0
* About to connect() to localhost port 8000 (#0)
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8000 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.33.0
> Host: localhost:8000
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Date: Wed, 15 Jul 2015 13:06:15 GMT
* Server Apache/2.4.12 (Ubuntu) is not blacklisted
< Server: Apache/2.4.12 (Ubuntu)
< X-Pingback: http://localhost/xmlrpc.php
< Location: http://localhost/
< Content-Length: 0
< Content-Type: text/html; charset=UTF-8
<
* Connection #0 to host localhost left intact
The problem is your website is sending back a redirect, back to the default port 80. see the curl output line:
Location: http://localhost/
If you dont have a webserver on localhost, you can use a transparent localhost port 80 to VM port 80 mapping. Or configure something in apache or wordpress to use port 8000 and make that the transparent port.
My site gives error 521 all the times.
When I found this error from my server
$sudo service varnish reload
* Reloading HTTP accelerator varnishd
Connection failed (localhost:6082)
Error: vcl.load 8d6fb6be-9a0a-4896-be47-e2678e3c2617 /etc/varnish/default.vcl failed
Moreover,
varnishlog
shows nothing.
I am following this tutorial to set the server up. And, I changed
DAEMON_OPTS="-a :80 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-u www-data -g www-data \
-S /etc/varnish/secret \
-s malloc,256m"
The /etc/varnish/default.vcl file is copied from the tutorial. All & has been corrected to &.
It is a fresh VPS. No firewall.
Any clue to resolve it?
Thanks!!!!
3 things come into my mind:
Start varnish in foreground mode and check what it says
varnishd -F -a :80 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-u www-data -g www-data \
-S /etc/varnish/secret \
-s malloc,256m
Try changing -T localhost:6082 to -T 127.0.0.1:6082
Your port 6082 might be already taken. Change it or check if it's listed in already open ports' list with
netstat -tlnep
restart your varnish
sudo /etc/init.d/varnish restart
then
sudo /etc/init.d/varnish reload