Nginx container keep restarting

Question

Nginx container keep restarting

ousvat opened this issue 4 years ago · 6 comments

Hi!

I am trying to deploy a local wordpress site with your product, but the nginx container keeps restarting.

I ran docker logs nginx and I found this error:

2021/01/05 12:19:52 [emerg] 1#1: cannot load certificate "/etc/letsencrypt/live/www.mysite.com/fullchain.pem": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/www.mysite.com/fullchain.pem": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)

What shoud I do? Did I missed something at installation?

Answer 1 · 2021-01-05T12:56:52.000Z

I also tried to docker pull openbridged/nginx before installation but no luck. I noticed that i have an error before success message:

docker: Error response from daemon: error while creating mount source path '/var/lib/letsencrypt': mkdir /var/lib/letsencrypt: read-only file system.

Answer 2 · 2021-01-05T14:05:18.000Z

Let's Encrypt does not work in a local environment as there is no host to resolve. If you are doing this local, I would suggest mounting temp certificates into the same path.

https://github.com/openbridge/nginx#mount-your-ssl-certs

Answer 3 · 2021-01-05T16:13:47.000Z

https://github.com/openbridge/nginx#mount-your-ssl-certs

Sorry, but I don't understand what should i change, because my wordpress.yml already has the volumes mounted in the same path, like in the link you gave me.

Answer 4 · 2021-01-05T16:19:30.000Z

It has them mounted because Lets Encrypt is expected to run on a host. As such, it will create those files on the host which are then mounted into the container. However, you cant run Let's Encrypt on your local host, which means you have nothing locally to mount. My suggestion to you is that you generate the SSL information locally in the same manner that Lets Encrypt would. The container will simply read in your self-signed SSL information.

Answer 5 · 2021-01-05T16:22:18.000Z

You can also try appending NGINX_DEV_INSTALL=true to your ENV file as outlined in the docs. This has not been tested for your use case, but it is something you can try

Answer 6 · 2021-01-06T11:31:18.000Z

What i have done to make it work was to stop the containers by running:
/usr/local/bin/docker-compose -f /home/ec2-user/wordpress.yml down --remove-orphans

And then I comment the lines below in wordpress.yml under nginx image:

#- /etc/letsencrypt/live/www.mysite.com/fullchain.pem:/etc/letsencrypt/live/www.mysite.com/fullchain.pem
#- /etc/letsencrypt/live/www.mysite.com/privkey.pem:/etc/letsencrypt/live/www.mysite.com/privkey.pem
#- /etc/letsencrypt/live/www.mysite.com/chain.pem:/etc/letsencrypt/live/www.mysite.com/chain.pem

After I start again the containers everything works. Exept the thing that browser is warning me that the site is unsecure.