docker, ntfy and https
Hi All
I am quite new to docker so just trying to get my head around things. I have install NTFY which works fine over port 80 but can't get https to work. I have installed certbot and obtained a certificate. I have edit the yaml file listen-http: ":80" listen-https: ":443" key-file: "/etc/letsencrypt/live/docker.mydomain.co.uk/privkey.pem" cert-file: "/etc/letsencrypt/live/docker.mydomain.co.uk/cert.pem" but the container won't now run and when you view the log it just says if set, key file must exist Any pointer would be great, thanks |
I had the same issue.
"if set, key file must exist" essentially means either the files don't exist (which they do), or they can't be read due to permissions (which is the case) When I started it using: sudo ntfy serve it would work. But sudo service ntfy start would not work. And that is because on debian, it runs as user ntfy when started as a service Turns out it was a permissions problem and I needed the user ntfy to be able to read the files. So it did this: sudo chmod -R 644 /etc/letsencrypt sudo chmod -R +X /etc/letsencrypt And now it works. You might wish to be more careful with permissions and you could chown root:ntfy to the relevant files/directories and chown 640 to the relevant files, to be more secure. |
I too am having exactly this same issue.I am running NTFY in a docker container and all works well while using http. It's picking up the options from my host server.yml file just fine.
When I set the options for https in server.yml I get the "if set, key file must exist" error. Needless to say they are created and present, but no matter what permissions I set on them nothing seems to work. In Docker, the container runs under the user 'ntfy'. This user does not exist on the host. I've created a user 'nfty' on the host, but I still get the same error. From my google searches I see examples of changing the owner of the certificates and folders to ntfy on the host, but so far I've had no success. If there is a sample server.yml (just to compare) with that of my own, or perhaps an ls-l of the permissions of an actual working certificate configuration I'd be very appreciative. Or anything further that you think I may be overlooking. Many thanks. |
Ah now that makes sense
Thanks for taking the time to come back to me on this |
Quote:
1) have you copied the folder /etc/letsencrypt to your docker container. If not do this 2) another option would be to run letsencrypt from your docker container My guess, would be that you have the files on your host, but not in the container. Hope this helps. |
Yes you keep the letsencrypt on the host and then make sure when you start the docker it has a mapping. If you put them on the container they will be lost when you stop the container.
Code:
docker run \ |
Dionbl & Glennbtn,
I am forever grateful. Between both pieces of advice I got it to work. With your assistance I learned something valuable and I won't forget! Many thanks, Tom |
All times are GMT -5. The time now is 12:52 AM. |