Doesn't work anymore #134

Closed
cybergrunge opened this Issue Dec 12, 2016 · 40 comments

Comments

Projects
None yet
9 participants
@cybergrunge

It used to work like a charm, I have a “certs” folder filled with certs and keys for my apache containers, but when trying to add new containers it only generates the “domain.tld“ folder in the “certs” folder, without the certs and keys, and without the symlinks.

@joeknock90

This comment has been minimized.

Show comment
Hide comment
@joeknock90

joeknock90 Dec 12, 2016

I've got #128 open for it and someone opened #130 for a different breaking issue. I suggest posting logs just in case it's different than one of those.

I've got #128 open for it and someone opened #130 for a different breaking issue. I suggest posting logs just in case it's different than one of those.

@danhimalplanet

This comment has been minimized.

Show comment
Hide comment
@danhimalplanet

danhimalplanet Dec 12, 2016

I think the current version of the python acme client breaks because as of Dec 8th 2016 the object returned by the /directory letsencrypt endpoint has changed

letsencrypt/boulder#2415

I think the current version of the python acme client breaks because as of Dec 8th 2016 the object returned by the /directory letsencrypt endpoint has changed

letsencrypt/boulder#2415

@cybergrunge

This comment has been minimized.

Show comment
Hide comment
@cybergrunge

cybergrunge Dec 13, 2016

The unexpected behaviour occurs at the first attempt to connect with https to a newly created webserver container (creation of the folder in “path/to/certs”, no generation of certs and keys). Where can I find logs of this precise action?

The unexpected behaviour occurs at the first attempt to connect with https to a newly created webserver container (creation of the folder in “path/to/certs”, no generation of certs and keys). Where can I find logs of this precise action?

rossille added a commit to rossille/docker-letsencrypt-nginx-proxy-companion that referenced this issue Dec 13, 2016

@fayce

This comment has been minimized.

Show comment
Hide comment
@fayce

fayce Dec 15, 2016

its working again. I think letsencrypt made a modification in their API

fayce commented Dec 15, 2016

its working again. I think letsencrypt made a modification in their API

@smith64fx

This comment has been minimized.

Show comment
Hide comment
@smith64fx

smith64fx Dec 15, 2016

@fayce Really?

We still get this error

nginx-ssl    |   File "build/bdist.linux-x86_64/egg/simp_le.py", line 1401, in main
nginx-ssl    |     return main_with_exceptions(cli_args)
nginx-ssl    |   File "build/bdist.linux-x86_64/egg/simp_le.py", line 1386, in main_with_exceptions
nginx-ssl    |     persist_new_data(args, existing_data)
nginx-ssl    |   File "build/bdist.linux-x86_64/egg/simp_le.py", line 1282, in persist_new_data
nginx-ssl    |     client = registered_client(args, existing_data.account_key)
nginx-ssl    |   File "build/bdist.linux-x86_64/egg/simp_le.py", line 1224, in registered_client
nginx-ssl    |     client = acme_client.Client(directory=args.server, key=key, net=net)
nginx-ssl    |   File "build/bdist.linux-x86_64/egg/acme/client.py", line 63, in __init__
nginx-ssl    |     self.net.get(directory).json())
nginx-ssl    |   File "build/bdist.linux-x86_64/egg/acme/messages.py", line 169, in from_json
nginx-ssl    |     raise jose.DeserializationError(str(error))
nginx-ssl    | DeserializationError: Deserialization error: Wrong directory fields

@fayce Really?

We still get this error

nginx-ssl    |   File "build/bdist.linux-x86_64/egg/simp_le.py", line 1401, in main
nginx-ssl    |     return main_with_exceptions(cli_args)
nginx-ssl    |   File "build/bdist.linux-x86_64/egg/simp_le.py", line 1386, in main_with_exceptions
nginx-ssl    |     persist_new_data(args, existing_data)
nginx-ssl    |   File "build/bdist.linux-x86_64/egg/simp_le.py", line 1282, in persist_new_data
nginx-ssl    |     client = registered_client(args, existing_data.account_key)
nginx-ssl    |   File "build/bdist.linux-x86_64/egg/simp_le.py", line 1224, in registered_client
nginx-ssl    |     client = acme_client.Client(directory=args.server, key=key, net=net)
nginx-ssl    |   File "build/bdist.linux-x86_64/egg/acme/client.py", line 63, in __init__
nginx-ssl    |     self.net.get(directory).json())
nginx-ssl    |   File "build/bdist.linux-x86_64/egg/acme/messages.py", line 169, in from_json
nginx-ssl    |     raise jose.DeserializationError(str(error))
nginx-ssl    | DeserializationError: Deserialization error: Wrong directory fields
@jeisses

This comment has been minimized.

Show comment
Hide comment
@jeisses

jeisses Dec 15, 2016

@smith64fx I think your error is the same as #130 - using the fix by alastaircoote worked for me.
Hope this gets merged soon

jeisses commented Dec 15, 2016

@smith64fx I think your error is the same as #130 - using the fix by alastaircoote worked for me.
Hope this gets merged soon

@fayce

This comment has been minimized.

Show comment
Hide comment
@fayce

fayce Dec 15, 2016

@smith64fx yesterday I switched to alastaircoote image https://hub.docker.com/r/alastaircoote/docker-letsencrypt-nginx-proxy-companion/ but it was still not working, I was having issues serving the .well-known/ challenge...

but today it suddenly went like a charm

fayce commented Dec 15, 2016

@smith64fx yesterday I switched to alastaircoote image https://hub.docker.com/r/alastaircoote/docker-letsencrypt-nginx-proxy-companion/ but it was still not working, I was having issues serving the .well-known/ challenge...

but today it suddenly went like a charm

@joeknock90

This comment has been minimized.

Show comment
Hide comment
@joeknock90

joeknock90 Dec 15, 2016

@fayce how did you set up your containers? I've tried everything.

@fayce how did you set up your containers? I've tried everything.

@fayce

This comment has been minimized.

Show comment
Hide comment
@fayce

fayce Dec 15, 2016

@joeknock90 try with the example https://github.com/fatk/docker-letsencrypt-nginx-proxy-companion-examples ( the v1 with docker-compose ) , make sure your domain or subdomain really points to your server

in your docker-compose.yml replace JrCs/docker-letsencrypt-nginx-proxy-companion by alastaircoote/docker-letsencrypt-nginx-proxy-companion
and add LETSENCRYPT_TEST=true in the environment section of your app's container to avoid hitting the quota

fayce commented Dec 15, 2016

@joeknock90 try with the example https://github.com/fatk/docker-letsencrypt-nginx-proxy-companion-examples ( the v1 with docker-compose ) , make sure your domain or subdomain really points to your server

in your docker-compose.yml replace JrCs/docker-letsencrypt-nginx-proxy-companion by alastaircoote/docker-letsencrypt-nginx-proxy-companion
and add LETSENCRYPT_TEST=true in the environment section of your app's container to avoid hitting the quota

@danhimalplanet

This comment has been minimized.

Show comment
Hide comment
@danhimalplanet

danhimalplanet Dec 15, 2016

I got this working with docker-compose version 2.

docker-compose.yml ( notice I use alastaircoote/docker-letsencrypt-nginx-proxy-companion )
https://gist.github.com/danhimalplanet/de56e3062a07fadfff256f6d94b0cc86

nginx-compose.tmpl ( referenced as nginx-compose-v3.tmpl ) ( I got it from an issue someone commented on in this repo )
https://gist.github.com/anonymous/8b038dda9d3f1e579d98b5f260b786d6

I got this working with docker-compose version 2.

docker-compose.yml ( notice I use alastaircoote/docker-letsencrypt-nginx-proxy-companion )
https://gist.github.com/danhimalplanet/de56e3062a07fadfff256f6d94b0cc86

nginx-compose.tmpl ( referenced as nginx-compose-v3.tmpl ) ( I got it from an issue someone commented on in this repo )
https://gist.github.com/anonymous/8b038dda9d3f1e579d98b5f260b786d6

@joeknock90

This comment has been minimized.

Show comment
Hide comment
@joeknock90

joeknock90 Dec 15, 2016

@fayce I've got no idea how i'm screwing this up, or why it's not working for me.

This is basically what I did:
https://github.com/joeknock90/docker-compose/blob/master/docker-compose.yml

@fayce I've got no idea how i'm screwing this up, or why it's not working for me.

This is basically what I did:
https://github.com/joeknock90/docker-compose/blob/master/docker-compose.yml

@danhimalplanet

This comment has been minimized.

Show comment
Hide comment
@danhimalplanet

danhimalplanet Dec 15, 2016

@joeknock90 paste your nginx.tmpl ? Also try what I pasted in above.

@joeknock90 paste your nginx.tmpl ? Also try what I pasted in above.

@joeknock90

This comment has been minimized.

Show comment
Hide comment
@joeknock90

joeknock90 Dec 15, 2016

@danhimalplanet working on your solution now! Will report back with nginx.tmpl

@danhimalplanet working on your solution now! Will report back with nginx.tmpl

@joeknock90

This comment has been minimized.

Show comment
Hide comment
@joeknock90

joeknock90 Dec 15, 2016

I can't get the version 2 to run. keep getting ERROR: Service "nginx" uses an undefined network "proxy-tier" even though I've created the network.

I can't get the version 2 to run. keep getting ERROR: Service "nginx" uses an undefined network "proxy-tier" even though I've created the network.

@danhimalplanet

This comment has been minimized.

Show comment
Hide comment
@danhimalplanet

danhimalplanet Dec 15, 2016

To add even more dependencies... what version of docker-compose are you using?

I have:
docker-compose version 1.9.0, build 2585387

updated with pip

To add even more dependencies... what version of docker-compose are you using?

I have:
docker-compose version 1.9.0, build 2585387

updated with pip

@danhimalplanet

This comment has been minimized.

Show comment
Hide comment
@danhimalplanet

danhimalplanet Dec 15, 2016

you shouldn't have to manually define the network 'proxy-tier', docker-compose should create it automatically, from docker-compose.yml

you shouldn't have to manually define the network 'proxy-tier', docker-compose should create it automatically, from docker-compose.yml

@joeknock90

This comment has been minimized.

Show comment
Hide comment
@joeknock90

joeknock90 Dec 15, 2016

Ah, I'm running docker-compose from the fedora repos, which is apparently 1.8.1

Time to PIP it up.

Ah, I'm running docker-compose from the fedora repos, which is apparently 1.8.1

Time to PIP it up.

@joeknock90

This comment has been minimized.

Show comment
Hide comment
@joeknock90

joeknock90 Dec 15, 2016

Same error with docker-compose 1.9.0 for me.

Nevermind. I'm a moron. I got it. Sorry!

Either way same thing. CA maked some authorizations as invalid error.

Goddamn this is frustrating.

I used the nginx.tmpl that you provided here.

joeknock90 commented Dec 15, 2016

Same error with docker-compose 1.9.0 for me.

Nevermind. I'm a moron. I got it. Sorry!

Either way same thing. CA maked some authorizations as invalid error.

Goddamn this is frustrating.

I used the nginx.tmpl that you provided here.

@fayce

This comment has been minimized.

Show comment
Hide comment
@fayce

fayce Dec 15, 2016

@joeknock90 I think you are missing one more container, the one that should be proxied by the nginx.

should be a webserver exposing port 80 only

in its environment you should add:

environment:
- VIRTUAL_HOST=yourdomain.com	            
- LETSENCRYPT_HOST=yourdomain.com
- LETSENCRYPT_EMAIL=email@yourdomain.com
- LETSENCRYPT_TEST=true

for the certificates, I suggest you to use a volume 'nginx_certs' that you would declare in the end of your docker-compose like this

volumes:
    nginx_certs:
        driver: local

then on your nginx (proxy) and your letsencrypt-companion container you would link the volume like so:

volumes:
- nginx_certs:/etc/nginx/certs:rw

( make it ro for nginx )

fayce commented Dec 15, 2016

@joeknock90 I think you are missing one more container, the one that should be proxied by the nginx.

should be a webserver exposing port 80 only

in its environment you should add:

environment:
- VIRTUAL_HOST=yourdomain.com	            
- LETSENCRYPT_HOST=yourdomain.com
- LETSENCRYPT_EMAIL=email@yourdomain.com
- LETSENCRYPT_TEST=true

for the certificates, I suggest you to use a volume 'nginx_certs' that you would declare in the end of your docker-compose like this

volumes:
    nginx_certs:
        driver: local

then on your nginx (proxy) and your letsencrypt-companion container you would link the volume like so:

volumes:
- nginx_certs:/etc/nginx/certs:rw

( make it ro for nginx )

@joeknock90

This comment has been minimized.

Show comment
Hide comment
@joeknock90

joeknock90 Dec 15, 2016

@fayce Ok, I think I get what you are saying. I might have misinterpreted how this works. Previously, I was setting this up with all three containers, THEN, whichever containers I set up after that I would pass those environment variables.

i.e.

nginx
nginx-gen
nginx-letsencrypt

THEN I would pull my nextcloud container and pass

-e VIRTUAL_HOST=cloud.mydomain.tld
-e LETSENCRYPT_HOST=cloud.mydomain.tld
-e LETSENCRYPT_EMAIL=joe@mydomain.tld

Isn't that supposed to be how it works basically?

Nextcloud is just an example, I had this working for several other services I am hosting as well.

joeknock90 commented Dec 15, 2016

@fayce Ok, I think I get what you are saying. I might have misinterpreted how this works. Previously, I was setting this up with all three containers, THEN, whichever containers I set up after that I would pass those environment variables.

i.e.

nginx
nginx-gen
nginx-letsencrypt

THEN I would pull my nextcloud container and pass

-e VIRTUAL_HOST=cloud.mydomain.tld
-e LETSENCRYPT_HOST=cloud.mydomain.tld
-e LETSENCRYPT_EMAIL=joe@mydomain.tld

Isn't that supposed to be how it works basically?

Nextcloud is just an example, I had this working for several other services I am hosting as well.

@danhimalplanet

This comment has been minimized.

Show comment
Hide comment
@danhimalplanet

danhimalplanet Dec 15, 2016

I do it all in 1 docker-compose version 2 file. Sometimes I make 2 compose files, 1 with nginx nginx-gen nginx-letsencrypt in it, 1 with the other vms and hosts im trying to launch.

Auth will fail if you have this set:
- LETSENCRYPT_TEST=true

because you're testing!

I do it all in 1 docker-compose version 2 file. Sometimes I make 2 compose files, 1 with nginx nginx-gen nginx-letsencrypt in it, 1 with the other vms and hosts im trying to launch.

Auth will fail if you have this set:
- LETSENCRYPT_TEST=true

because you're testing!

@fayce

This comment has been minimized.

Show comment
Hide comment
@fayce

fayce Dec 15, 2016

@joeknock90 the important thing is that in your Ngix /etc/nginx/conf.d/default.conf you should see the IP address of your app's container in the upstream{} section
This happen when docker-gen compiles that nginx.tmpl ,
But if you've already compiled it and built the 3 containers first , I wonder how it would get the ip of your app

fayce commented Dec 15, 2016

@joeknock90 the important thing is that in your Ngix /etc/nginx/conf.d/default.conf you should see the IP address of your app's container in the upstream{} section
This happen when docker-gen compiles that nginx.tmpl ,
But if you've already compiled it and built the 3 containers first , I wonder how it would get the ip of your app

@fayce

This comment has been minimized.

Show comment
Hide comment
@fayce

fayce Dec 15, 2016

@danhimalplanet indeed you are right, auth would fail (on the browser) as you would receive a selfsigned-like certificate instead of a valid one

But it's the best thing to do while trying to make it work without burning your letsencrypt quotas

fayce commented Dec 15, 2016

@danhimalplanet indeed you are right, auth would fail (on the browser) as you would receive a selfsigned-like certificate instead of a valid one

But it's the best thing to do while trying to make it work without burning your letsencrypt quotas

@bkleef

This comment has been minimized.

Show comment
Hide comment
@bkleef

bkleef Dec 16, 2016

@fayce I do have exactly the same issue as @smith64fx in jrcs/letsencrypt-nginx-proxy-companion:latest:

Dec 16 00:43:34 srv.example.com sh[5327]: Traceback (most recent call last):
Dec 16 00:43:34 srv.example.com sh[5327]:   File "build/bdist.linux-x86_64/egg/simp_le.py", line 1401, in main
Dec 16 00:43:34 srv.example.com sh[5327]:     return main_with_exceptions(cli_args)
Dec 16 00:43:34 srv.example.com sh[5327]:   File "build/bdist.linux-x86_64/egg/simp_le.py", line 1386, in main_with_exceptions
Dec 16 00:43:34 srv.example.com sh[5327]:     persist_new_data(args, existing_data)
Dec 16 00:43:34 srv.example.com sh[5327]:   File "build/bdist.linux-x86_64/egg/simp_le.py", line 1282, in persist_new_data
Dec 16 00:43:34 srv.example.com sh[5327]:     client = registered_client(args, existing_data.account_key)
Dec 16 00:43:34 srv.example.com sh[5327]:   File "build/bdist.linux-x86_64/egg/simp_le.py", line 1224, in registered_client
Dec 16 00:43:34 srv.example.com sh[5327]:     client = acme_client.Client(directory=args.server, key=key, net=net)
Dec 16 00:43:34 srv.example.com sh[5327]:   File "build/bdist.linux-x86_64/egg/acme/client.py", line 63, in __init__
Dec 16 00:43:34 srv.example.com sh[5327]:     self.net.get(directory).json())
Dec 16 00:43:34 srv.example.com sh[5327]:   File "build/bdist.linux-x86_64/egg/acme/messages.py", line 169, in from_json
Dec 16 00:43:34 srv.example.com sh[5327]:     raise jose.DeserializationError(str(error))
Dec 16 00:43:34 srv.example.com sh[5327]: DeserializationError: Deserialization error: Wrong directory fields
Dec 16 00:43:34 srv.example.com sh[5327]: Unhandled error has happened, traceback is above

Looks like it's an issue in simp_le (kuba/simp_le#118).
This fork https://github.com/zenhack/simp_le contains fixes!

BTW: looks like we got a duplicate: #130.

bkleef commented Dec 16, 2016

@fayce I do have exactly the same issue as @smith64fx in jrcs/letsencrypt-nginx-proxy-companion:latest:

Dec 16 00:43:34 srv.example.com sh[5327]: Traceback (most recent call last):
Dec 16 00:43:34 srv.example.com sh[5327]:   File "build/bdist.linux-x86_64/egg/simp_le.py", line 1401, in main
Dec 16 00:43:34 srv.example.com sh[5327]:     return main_with_exceptions(cli_args)
Dec 16 00:43:34 srv.example.com sh[5327]:   File "build/bdist.linux-x86_64/egg/simp_le.py", line 1386, in main_with_exceptions
Dec 16 00:43:34 srv.example.com sh[5327]:     persist_new_data(args, existing_data)
Dec 16 00:43:34 srv.example.com sh[5327]:   File "build/bdist.linux-x86_64/egg/simp_le.py", line 1282, in persist_new_data
Dec 16 00:43:34 srv.example.com sh[5327]:     client = registered_client(args, existing_data.account_key)
Dec 16 00:43:34 srv.example.com sh[5327]:   File "build/bdist.linux-x86_64/egg/simp_le.py", line 1224, in registered_client
Dec 16 00:43:34 srv.example.com sh[5327]:     client = acme_client.Client(directory=args.server, key=key, net=net)
Dec 16 00:43:34 srv.example.com sh[5327]:   File "build/bdist.linux-x86_64/egg/acme/client.py", line 63, in __init__
Dec 16 00:43:34 srv.example.com sh[5327]:     self.net.get(directory).json())
Dec 16 00:43:34 srv.example.com sh[5327]:   File "build/bdist.linux-x86_64/egg/acme/messages.py", line 169, in from_json
Dec 16 00:43:34 srv.example.com sh[5327]:     raise jose.DeserializationError(str(error))
Dec 16 00:43:34 srv.example.com sh[5327]: DeserializationError: Deserialization error: Wrong directory fields
Dec 16 00:43:34 srv.example.com sh[5327]: Unhandled error has happened, traceback is above

Looks like it's an issue in simp_le (kuba/simp_le#118).
This fork https://github.com/zenhack/simp_le contains fixes!

BTW: looks like we got a duplicate: #130.

@fayce

This comment has been minimized.

Show comment
Hide comment
@fayce

fayce Dec 16, 2016

@bkleef have you tried alastaircoote image ? That's what I'm using

fayce commented Dec 16, 2016

@bkleef have you tried alastaircoote image ? That's what I'm using

@danhimalplanet

This comment has been minimized.

Show comment
Hide comment
@danhimalplanet

danhimalplanet Dec 16, 2016

@bkleef letsencrypt changed their api slightly, last week.

Some key points: Use alastaircoote/docker-letsencrypt-nginx-proxy-companion instead of
jrcs/letsencrypt-nginx-proxy-companion:latest

Here's the docker-compose.yml v2 I use:
https://gist.github.com/danhimalplanet/de56e3062a07fadfff256f6d94b0cc86

I think there's something weird going on with how docker-compose interprets v2 templates. I have successfully used the nginx template here:
https://gist.github.com/anonymous/8b038dda9d3f1e579d98b5f260b786d6

@bkleef letsencrypt changed their api slightly, last week.

Some key points: Use alastaircoote/docker-letsencrypt-nginx-proxy-companion instead of
jrcs/letsencrypt-nginx-proxy-companion:latest

Here's the docker-compose.yml v2 I use:
https://gist.github.com/danhimalplanet/de56e3062a07fadfff256f6d94b0cc86

I think there's something weird going on with how docker-compose interprets v2 templates. I have successfully used the nginx template here:
https://gist.github.com/anonymous/8b038dda9d3f1e579d98b5f260b786d6

@Braintelligence

This comment has been minimized.

Show comment
Hide comment
@Braintelligence

Braintelligence Dec 16, 2016

@danhimalplanet Hi, I'm trying to use your yml and tmpl but for some reason nginx is timing out. Also the use of VIRTUAL_NETWORK and the proxy-tier is new to me, is it mandatory? I used docker network create to satisfy the requirement for now.

EDIT: For some reason nginx uses this IP as upstream address for my vhosts: 172.17.0.4 in the default.conf. Seems to be related to this: jwilder/nginx-proxy#122

EDIT2: Adding network_mode: "bridge" to the nginx part I could stop using the nginx-proxy network which makes everything work again as expected. New letsencrypt-certs are also generated. Thank you very much @danhimalplanet.

EDIT3: I still have the mentioned IP in the nginx.conf, though.

Braintelligence commented Dec 16, 2016

@danhimalplanet Hi, I'm trying to use your yml and tmpl but for some reason nginx is timing out. Also the use of VIRTUAL_NETWORK and the proxy-tier is new to me, is it mandatory? I used docker network create to satisfy the requirement for now.

EDIT: For some reason nginx uses this IP as upstream address for my vhosts: 172.17.0.4 in the default.conf. Seems to be related to this: jwilder/nginx-proxy#122

EDIT2: Adding network_mode: "bridge" to the nginx part I could stop using the nginx-proxy network which makes everything work again as expected. New letsencrypt-certs are also generated. Thank you very much @danhimalplanet.

EDIT3: I still have the mentioned IP in the nginx.conf, though.

@danhimalplanet

This comment has been minimized.

Show comment
Hide comment
@danhimalplanet

danhimalplanet Dec 16, 2016

@Braintelligence I based my template on this:

https://github.com/fatk/docker-letsencrypt-nginx-proxy-companion-examples/blob/master/docker-compose/v2/simple-site/docker-compose.yml

but with alastaircoote/docker-letsencrypt-nginx-proxy-companion , and the nginx template i mentioned earlier.

I think you're all set then?

@Braintelligence I based my template on this:

https://github.com/fatk/docker-letsencrypt-nginx-proxy-companion-examples/blob/master/docker-compose/v2/simple-site/docker-compose.yml

but with alastaircoote/docker-letsencrypt-nginx-proxy-companion , and the nginx template i mentioned earlier.

I think you're all set then?

@Braintelligence

This comment has been minimized.

Show comment
Hide comment
@Braintelligence

Braintelligence Dec 16, 2016

@danhimalplanet Well everything seems to work but it looks like I need to run everything (even linked containers) in bridged mode now. (I didn't use the nginx-proxy network.) Also the upstream IP is still there in the nginx.conf.
I'm not sure if I'm running a patchwork configuration here. 😄

Braintelligence commented Dec 16, 2016

@danhimalplanet Well everything seems to work but it looks like I need to run everything (even linked containers) in bridged mode now. (I didn't use the nginx-proxy network.) Also the upstream IP is still there in the nginx.conf.
I'm not sure if I'm running a patchwork configuration here. 😄

@danhimalplanet

This comment has been minimized.

Show comment
Hide comment
@danhimalplanet

danhimalplanet Dec 16, 2016

What's wrong with bridged mode?

So I'm sure docker-compose makes docker actually create the needed networks when I use the docker-compose v2 yml I posted earlier. I never have to manually create the networks with 'docker network ....'

What's wrong with bridged mode?

So I'm sure docker-compose makes docker actually create the needed networks when I use the docker-compose v2 yml I posted earlier. I never have to manually create the networks with 'docker network ....'

@bkleef

This comment has been minimized.

Show comment
Hide comment
@bkleef

bkleef Dec 16, 2016

@fayce @danhimalplanet yeah alastaircoote/docker-letsencrypt-nginx-proxy-companion:latest works, thanks!
I'm running the stuff by systemd which works great:

[Unit]
Description=nginx
Requires=docker.service
After=docker.service

[Service]
EnvironmentFile=/etc/environment
TimeoutStartSec=0
ExecStartPre=/usr/bin/mkdir -p /etc/nginx/certs
# ExecStartPre=/usr/bin/mkdir -p /etc/nginx/conf.d
# ExecStartPre=/usr/bin/mkdir -p /etc/nginx/vhost.d
ExecStartPre=-/usr/bin/docker kill %p
ExecStartPre=-/usr/bin/docker rm %p
ExecStartPre=-/usr/bin/docker pull nginx:latest
ExecStart=/bin/sh -c '/usr/bin/docker run \
   --name %p \
   -v /etc/nginx/certs:/etc/nginx/certs:ro \
   -v /etc/nginx/conf.d \
   -v /etc/nginx/vhost.d \
   -v /usr/share/nginx/html \
   -p ${COREOS_PUBLIC_IPV4}:80:80/tcp \
   -p ${COREOS_PUBLIC_IPV4}:443:443/tcp \
   nginx:latest'
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target
[Unit]
Description=nginx-gen
Requires=docker.service
After=docker.service

[Service]
EnvironmentFile=/etc/environment
TimeoutStartSec=0
ExecStartPre=-/usr/bin/curl --fail -L -o /etc/docker-gen/templates/nginx.tmpl -z /etc/docker-gen/templates/nginx.tmpl https://raw.githubusercontent.com/jwilder/nginx-proxy/master/nginx.tmpl
ExecStartPre=-/usr/bin/docker kill %p
ExecStartPre=-/usr/bin/docker rm %p
ExecStartPre=-/usr/bin/docker pull jwilder/docker-gen:latest
ExecStart=/bin/sh -c '/usr/bin/docker run \
   --name %p \
   --volumes-from nginx \
   -v /etc/docker-gen/templates/nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro \
   -v /var/run/docker.sock:/tmp/docker.sock:ro \
   jwilder/docker-gen:latest \
   -notify-sighup nginx -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf'
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target
[Unit]
Description=nginx-letsencrypt
Requires=docker.service
After=docker.service

[Service]
EnvironmentFile=/etc/environment
TimeoutStartSec=0
ExecStartPre=-/usr/bin/docker kill %p
ExecStartPre=-/usr/bin/docker rm %p
ExecStartPre=-/usr/bin/docker pull alastaircoote/docker-letsencrypt-nginx-proxy-companion:latest
ExecStart=/bin/sh -c '/usr/bin/docker run \
   --name %p \
   -e NGINX_DOCKER_GEN_CONTAINER="nginx-gen" \
   -e DEBUG="true" \
   --volumes-from nginx \
   -v /etc/nginx/certs:/etc/nginx/certs:rw \
   -v /var/run/docker.sock:/var/run/docker.sock:ro \
   alastaircoote/docker-letsencrypt-nginx-proxy-companion:latest'
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target

bkleef commented Dec 16, 2016

@fayce @danhimalplanet yeah alastaircoote/docker-letsencrypt-nginx-proxy-companion:latest works, thanks!
I'm running the stuff by systemd which works great:

[Unit]
Description=nginx
Requires=docker.service
After=docker.service

[Service]
EnvironmentFile=/etc/environment
TimeoutStartSec=0
ExecStartPre=/usr/bin/mkdir -p /etc/nginx/certs
# ExecStartPre=/usr/bin/mkdir -p /etc/nginx/conf.d
# ExecStartPre=/usr/bin/mkdir -p /etc/nginx/vhost.d
ExecStartPre=-/usr/bin/docker kill %p
ExecStartPre=-/usr/bin/docker rm %p
ExecStartPre=-/usr/bin/docker pull nginx:latest
ExecStart=/bin/sh -c '/usr/bin/docker run \
   --name %p \
   -v /etc/nginx/certs:/etc/nginx/certs:ro \
   -v /etc/nginx/conf.d \
   -v /etc/nginx/vhost.d \
   -v /usr/share/nginx/html \
   -p ${COREOS_PUBLIC_IPV4}:80:80/tcp \
   -p ${COREOS_PUBLIC_IPV4}:443:443/tcp \
   nginx:latest'
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target
[Unit]
Description=nginx-gen
Requires=docker.service
After=docker.service

[Service]
EnvironmentFile=/etc/environment
TimeoutStartSec=0
ExecStartPre=-/usr/bin/curl --fail -L -o /etc/docker-gen/templates/nginx.tmpl -z /etc/docker-gen/templates/nginx.tmpl https://raw.githubusercontent.com/jwilder/nginx-proxy/master/nginx.tmpl
ExecStartPre=-/usr/bin/docker kill %p
ExecStartPre=-/usr/bin/docker rm %p
ExecStartPre=-/usr/bin/docker pull jwilder/docker-gen:latest
ExecStart=/bin/sh -c '/usr/bin/docker run \
   --name %p \
   --volumes-from nginx \
   -v /etc/docker-gen/templates/nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro \
   -v /var/run/docker.sock:/tmp/docker.sock:ro \
   jwilder/docker-gen:latest \
   -notify-sighup nginx -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf'
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target
[Unit]
Description=nginx-letsencrypt
Requires=docker.service
After=docker.service

[Service]
EnvironmentFile=/etc/environment
TimeoutStartSec=0
ExecStartPre=-/usr/bin/docker kill %p
ExecStartPre=-/usr/bin/docker rm %p
ExecStartPre=-/usr/bin/docker pull alastaircoote/docker-letsencrypt-nginx-proxy-companion:latest
ExecStart=/bin/sh -c '/usr/bin/docker run \
   --name %p \
   -e NGINX_DOCKER_GEN_CONTAINER="nginx-gen" \
   -e DEBUG="true" \
   --volumes-from nginx \
   -v /etc/nginx/certs:/etc/nginx/certs:rw \
   -v /var/run/docker.sock:/var/run/docker.sock:ro \
   alastaircoote/docker-letsencrypt-nginx-proxy-companion:latest'
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target
@Braintelligence

This comment has been minimized.

Show comment
Hide comment
@Braintelligence

Braintelligence Dec 16, 2016

When first using your template I was prompted to first create a network named "nginx-proxy" before being able to use your yml.

I did that but then I realized from the example services in your yml, that I would have to use VIRTUAL_NETWORK from there on, which I didn't want. So I changed it to bridged mode.

Yeah I guess running everything in bridge is alright; it is the default setting in shipyard anyway. I had to do so much with docker compose today, that I didn't realize all my database-containers are bridged anyway 😄.

When first using your template I was prompted to first create a network named "nginx-proxy" before being able to use your yml.

I did that but then I realized from the example services in your yml, that I would have to use VIRTUAL_NETWORK from there on, which I didn't want. So I changed it to bridged mode.

Yeah I guess running everything in bridge is alright; it is the default setting in shipyard anyway. I had to do so much with docker compose today, that I didn't realize all my database-containers are bridged anyway 😄.

@danhimalplanet

This comment has been minimized.

Show comment
Hide comment
@danhimalplanet

danhimalplanet Dec 16, 2016

I think in current docker all of the containers in the same network have access to other containers in the same network. I think 'links' might not be needed anymore. I'm not sure.

my nginx default.conf has blocks like this ( after its auto generated )

upstream site.net {
# site
server site:80;
}

Here is the version of docker-engine I am using:
docker-engine-1.12.5-1.el7.centos.x86_64

docker-compose:
docker-compose version 1.9.0, build 2585387

I think in current docker all of the containers in the same network have access to other containers in the same network. I think 'links' might not be needed anymore. I'm not sure.

my nginx default.conf has blocks like this ( after its auto generated )

upstream site.net {
# site
server site:80;
}

Here is the version of docker-engine I am using:
docker-engine-1.12.5-1.el7.centos.x86_64

docker-compose:
docker-compose version 1.9.0, build 2585387

@Braintelligence

This comment has been minimized.

Show comment
Hide comment
@Braintelligence

Braintelligence Dec 16, 2016

@danhimalplanet
for me the confs look like this:

upstream subdomain.domain.tld {
   # <CONTAINER_NAME>
   server 172.17.0.4:<VIRTUAL_PORT>;
}

It seems to work for every container I have set up till now, but I'm struggling with setting up a specific container right now and don't know what the cause is 👅

Braintelligence commented Dec 16, 2016

@danhimalplanet
for me the confs look like this:

upstream subdomain.domain.tld {
   # <CONTAINER_NAME>
   server 172.17.0.4:<VIRTUAL_PORT>;
}

It seems to work for every container I have set up till now, but I'm struggling with setting up a specific container right now and don't know what the cause is 👅

@danhimalplanet

This comment has been minimized.

Show comment
Hide comment
@danhimalplanet

danhimalplanet Dec 16, 2016

We should get together and make a PR for @JrCs , or make our own fork and document heavily.

I appreciate the fact that I can run somewhat automatically bring up containers and quickly set up https access through letsencrypt in docker, but I have spent many hours on dealing with little bugs.
To make this more even more fun, I have been using docker-compose v2 examples from @fatk repo. I believe @JrCs just brings up containers the older way, with "docker run ...." instead of using docker-compose .

We should get together and make a PR for @JrCs , or make our own fork and document heavily.

I appreciate the fact that I can run somewhat automatically bring up containers and quickly set up https access through letsencrypt in docker, but I have spent many hours on dealing with little bugs.
To make this more even more fun, I have been using docker-compose v2 examples from @fatk repo. I believe @JrCs just brings up containers the older way, with "docker run ...." instead of using docker-compose .

@danhimalplanet

This comment has been minimized.

Show comment
Hide comment
@danhimalplanet

danhimalplanet Dec 16, 2016

@Braintelligence what version of docker-engine and docker-compose are you using?

@Braintelligence what version of docker-engine and docker-compose are you using?

@Braintelligence

This comment has been minimized.

Show comment
Hide comment
@Braintelligence

Braintelligence Dec 16, 2016

@danhimalplanet
sudo docker version says 1.12.4
sudo docker-compose version says 1.9.0

@danhimalplanet
sudo docker version says 1.12.4
sudo docker-compose version says 1.9.0

@danhimalplanet

This comment has been minimized.

Show comment
Hide comment
@danhimalplanet

danhimalplanet Dec 16, 2016

@Braintelligence sounds good, that matches my versions

@Braintelligence sounds good, that matches my versions

@Braintelligence

This comment has been minimized.

Show comment
Hide comment
@Braintelligence

Braintelligence Dec 16, 2016

@danhimalplanet Actually you had docker 1.12.5 instead of 1.12.4. After upgrading, destroying the .conf and restarting the new .conf still contains the strange IP-address in the upstream. ^^

@danhimalplanet Actually you had docker 1.12.5 instead of 1.12.4. After upgrading, destroying the .conf and restarting the new .conf still contains the strange IP-address in the upstream. ^^

@danhimalplanet

This comment has been minimized.

Show comment
Hide comment
@danhimalplanet

danhimalplanet Dec 16, 2016

I don't know. Try pinging, by name, the other containers from other containers.

I don't know. Try pinging, by name, the other containers from other containers.

nilroy added a commit to nilroy/docker-letsencrypt-nginx-proxy-companion that referenced this issue Dec 27, 2016

@JrCs JrCs closed this Jan 14, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment