Acris/docker-shadowsocks-libev

failed to read cert > permission denied

Closed this issue · 2 comments

container报错如下:

 2020-03-01 07:53:13 ERROR: plugin service exit unexpectedly
 2020-03-01 07:53:13 INFO: error on terminating the plugin.
 2020-03-01 07:53:17 INFO: enable TCP no-delay
 2020-03-01 07:53:17 INFO: plugin "v2ray-plugin" enabled
 2020-03-01 07:53:17 INFO: UDP relay enabled
 2020-03-01 07:53:17 INFO: enable TCP no-delay
 2020-03-01 07:53:17 INFO: initializing ciphers... aes-256-cfb
 2020-03-01 07:53:17 INFO: using nameserver: 1.1.1.1,1.0.0.1
 2020-03-01 07:53:17 INFO: tcp server listening at 127.0.0.1:53987
 2020-03-01 07:53:17 INFO: tcp port reuse enabled
 2020-03-01 07:53:17 INFO: udp server listening at 0.0.0.0:8388
 2020-03-01 07:53:17 INFO: udp port reuse enabled
2020/03/01 07:53:17 V2Ray 4.22.1 (V2Fly, a community-driven edition of V2Ray.) Custom (go1.13.7 linux/amd64)
2020/03/01 07:53:17 A unified platform for anti-censorship.
2020/03/01 07:53:17 main: failed to parse config > main: failed to read cert > open /root/.acme.sh/v2ray.***.com/fullchain.cer: permission denied

启动shell:

docker run -d \
-e "ARGS=--plugin v2ray-plugin --plugin-opts server;tls;host=v2ray.***.com;path=/v2ray;cert=/root/.acme.sh/v2ray.***.com/fullchain.cer;key=/root/.acme.sh/v2ray.***.com/v2ray.***.com.key -u" \
-e METHOD=aes-256-cfb \
-e PASSWORD=***** \
-v /root/.acme.sh:/root/.acme.sh \
--name=shadowsocks-libev \
--privileged=true \
-p 8388:8388/tcp \
-p 8388:8388/udp \
--restart=always \
acrisliu/shadowsocks-libev

后来加了 --privileged=true 还是不行啊,一直没权限。
Selinux也关了,.acme.sh目录权限改为了777,还是不行,求解?

Acris commented

ss-server默认以nobody运行,无权限读取证书文件,可以尝试给docker run加上--user root参数看看。

@Acris 嗯,我直接用作者的dockerfile了,去掉了user nobody,然后重新打了一个镜像,跑起来了…但是比直接用ssr慢好多,好处是不会被GFW干掉了,多谢