birgerk / docker-apache-letsencrypt Goto Github PK

This is a discussion that could be a refact.

I'm using this docker image and so far so good, but there is on logic that I think that is weird.

To issue Staging Certs, you need to set up the flag STAGING but most of the time you're developing, you're actually needing the STAGING.

So I propose to invert the logic, using the flag PRODUCTION. So when you need production certificates you define the flag. This prevents undesired generation of valid certificates if you forget the tag.

Is there a way to provide a custom configuration for the https virtualhost?

letsencrypt generates the configuration for https as a copy of the configuration for the http virtual host just changing the port and adding the necessary stuff for https. This is not necessarily what is wanted. Configuring the https before letsencrypt certificates have been configured doesn't work either.

Hey, I'm trying to include this in my personal project to automatically setup SSL with docker & docker-compose.

When I try to start my containers with docker-compose -f docker-compose.yml -f docker-compose.production.yml up I get the following error: ERROR: for certbot Cannot start service certbot: network <hash> not found.

I put the following in my docker-compose.production.yml file:

certbot:
        image: birgerk/apache-letsencrypt
        environment:
            - "DOMAINS=${DOMAIN_NAME},www.${DOMAIN_NAME}"
            - "WEBMASTER_MAIL=${MAIL_ADDRESS}"

Do you have any idea what I could be doing wrong?

*** Running /etc/my_init.d/init_letsencrypt.sh...
*** Booting runit daemon...
*** Runit started as PID 26

/etc/letsencrypt contains cli.ini, so this check:

if ([ ! -d $LETSENCRYPT_HOME ] || [ ! "$(ls -A $LETSENCRYPT_HOME)" ]) && [ ! -z "$DOMAINS" ]; then
  /run_letsencrypt.sh --domains $DOMAINS
fi

fails?

When I try to updated my domains I am receiving the following message:

docker exec -it apache-ssl /run_letsencrypt.sh --domains $UPDATED_DOMAINS

Using Let's Encrypt Production environment...

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator apache, Installer apache

Obtaining a new certificate

An unexpected error occurred: The request message was malformed :: Error creating new order :: Invalid character in DNS name

Please see the logfiles in /var/log/letsencrypt for more details.

Hi.

I have a dockerfile and docker-compose.yml file that starts an Apache-PHP-Node environment which has been tested to satisfaction.

The dockerfile is

FROM php:8.0-apache
COPY . /var/www/html
RUN docker-php-ext-install pdo pdo_mysql mysqli.  //need to access pdo apis
EXPOSE 80

The docker-compose file is

version: '3'


services:
    web-service:
        build: ./flowiot
        volumes: 
            - ./flowiot:/var/www/html
            - ./settings:/var/rsn
        ports:
            - 80:80
            - 443:443
    node-service:
        build: ./app
        volumes:
            - ./settings:/tmp/rsn
            - 

As you can see a Webserver is launched as well as a node app. And both apps are up and performing as expected.

When using your dockerfile, in the same directory using the original webserver dir (plus adding the Config folder) it does complete the installation and states that the webserver and node app are running.

Creating root_node-service_1 ... done
Creating root_web-service_1  ... done

The node app is working per usual and the webserver serves the html index page Ok. Since there is no PHP, it fails to perform its PHP duties. Also there is no ssl lock in the Browser.

Reviewing the webserver container via exec and looking at the etc/apache2/sites-available there is no WebServer Domain (flowiot.site) as set in the dockerfile ENV DOMAINS="flowiot.site".

ENV DEBIAN_FRONTEND noninteractive
ENV LETSENCRYPT_HOME /etc/letsencrypt
ENV DOMAINS "flowiot.site"
ENV WEBMASTER_MAIL "rsimpso........"

My questions are:
1._ Did I miss something that I did not get a SSL from LetsEncrypt
1._ How do I add PHP. I did try adding a FROM php:7.4 which HAS to be the first statement or your process exit with an error about the website directory. IF done first it does finish but no PHK (did exec to the webserver and did a php -v).

Thanks for any help. As u can imagine, Apache-PHP go very hand in hand for many older services.

Regards.

Robert

Hi,
Great work on this image. I've been using it for months. However, after my latest pull to fix the crontab problem, I am getting this error : Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
Do you have any ideas on how it can be fixed? Thanks for your help.

I can't figure out how to use this. I've tried to start the docker with and without the DOMAINS env variable. I get this:

docker exec -it apache-ssl /run_letsencrypt.sh --domains "<mydomain.com>"

Using Let's Encrypt Production environment...
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for <mydomain.com>
Cleaning up challenges
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.

I don't really see the advantage of having fail2ban installed on this image. Following docker principles, it should be removed and put on another image.

Thanks,

Nice work, BTW

I needed to bind the container Apache virtual host configuration and the Apache and certbot log file locations from a persistent disk instead of volumes, which is what one typically wants to do on a production environment

services:
    apache-proxy:
        build:
            context: "docker-apache-letsencrypt"
        restart: always
        ports:
            - "80:80"
            - "443:443"
        volumes:
            - "${PDISK_MNT}/etc/letsencrypt:/etc/letsencrypt"
            - "${PDISK_MNT}/etc/apache-proxy/sites-enabled:/etc/apache2/sites-enabled"
            - "${PDISK_MNT}/log/letsencrypt:/var/log/letsencrypt"
            - "${PDISK_MNT}/log/apache-proxy:/var/log/apache2"

Since it is not possible to override a parent VOLUME directive, I could not extend the image but had to clone the Dockerfile and remove the VOLUME directive, which is not ideal.
Removing the VOLUME directive would give more flexibility to users.