Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot connect to portainer server using https #5

Open
WizBangCrash opened this issue Sep 8, 2022 · 6 comments
Open

Cannot connect to portainer server using https #5

WizBangCrash opened this issue Sep 8, 2022 · 6 comments

Comments

@WizBangCrash
Copy link

WizBangCrash commented Sep 8, 2022
edited by savageautomate

HI,
I was hoping to use your create little utility to run nightly backups of my portainer server, but it gives me the following error.

Do you only support http connections?

 ___         _        _                ___          _             
 | _ \___ _ _| |_ __ _(_)_ _  ___ _ _  | _ ) __ _ __| |___  _ _ __ 
 |  _/ _ \ '_|  _/ _` | | ' \/ -_) '_| | _ \/ _` / _| / / || | '_ \
 |_| \___/_|  \__\__,_|_|_||_\___|_|   |___/\__,_\__|_\_\\_,_| .__/
                                                             |_|   
┌──────────────────────────────────────────────────────────────────┐
│   Made with ♥ by SavageSoftware, LLC © 2022    (Version 0.0.7)   │
└──────────────────────────────────────────────────────────────────┘
Initializing operation             : ✔ SCHEDULE
Validating portainer server        : ✖ https://portainer.lan:9443
┌────────────────────────────────────────────┐
│  ✖ Connection to portainer server failed!  │
└────────────────────────────────────────────┘
┌──────────────────────────────────────────────────────────────────┐
│ ✖ -------------------------- ERROR -------------------------- ✖  │
├───────────────┬──────────────────────────────────────────────────┤
│ ERROR MESSAGE │ unable to verify the first certificate           │
└───────────────┴──────────────────────────────────────────────────┘
-------- GOODBYE --------
@savageautomate
Copy link
Contributor

I run my portainer backup nightly using a HTTPS (secure) connection.
Are you using a self-signed certificate? I'm using a Let's Encrypt certificate so if you are using a self-signed certificate, perhaps that's the difference.

@savageautomate savageautomate changed the title Cannot connect to portioner server using https Cannot connect to portainer server using https Sep 12, 2022
@WizBangCrash
Copy link
Author

WizBangCrash commented Sep 13, 2022
edited

Hi @savageautomate ,
Thanks for the response.
I am using self signed certificates. After a couple of days of no progress in solving the issue I have now managed to work around it by placing the portainer_backup container on the same docker network as the portainer container and then using the legacy HTTP connection.

I've added a copy of my compose file here in case it can help anyone else struggling with the same problem.

Thanks for a great utility :-)

version: '3'
# Checkout the backup software here: https://github.com/SavageSoftware/portainer-backup.git

services:
  portainer-backup:
    container_name: portainer-backup
    image: savagesoftware/portainer-backup:latest
    user: ${UID}:${GID}
    restart: unless-stopped
    command: schedule
    environment:
      TZ: Europe/London
      PORTAINER_BACKUP_URL: "http://portainer:9000"
      PORTAINER_BACKUP_TOKEN: "PORTAINER_ACCESS_TOKEN"
      PORTAINER_BACKUP_PASSWORD: "xxx"
      PORTAINER_BACKUP_OVERWRITE: 1
      PORTAINER_BACKUP_SCHEDULE: "0 0 4 * * *"
      PORTAINER_BACKUP_STACKS: 0
      PORTAINER_BACKUP_DRYRUN: 0
      PORTAINER_BACKUP_CONCISE: 1
      PORTAINER_BACKUP_DIRECTORY: "/backup"
      PORTAINER_BACKUP_FILENAME: "{{DATETIME}}-portainer-backup.tar.gz"
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - backup:/backup:rw
    networks:
      - portainer_default

volumes:
  # Mount a CIFS folder on dixnas1.lan for backups
  backup:
    driver: local
    driver_opts:
      type: cifs
      o: username=${BACKUP_USER},password=${BACKUP_PASSWD},rw,uid=${UID},gid=${GID},vers=3.0
      device: "\\\\192.168.1.1\\DockerBackups\\Portainer"

networks:
  portainer_default:
    external: true

@palto42
Copy link

palto42 commented Mar 21, 2023

I faced the same issue, my portainer uses a cert signer with my local root CA which is configured in the cert store of the server. I tried to map the local /etc/ssl/certs which contains my local root CA into the portainer-backup docker container, but no success. Seems that the backup software is not using the cert store from Alpine llinux.

@ameer1234567890
Copy link

Any plans on supporting self signed certificates. Environment variables with rootCA path can be implemented.

@mzeecedric
Copy link

Thank you, the hint with the network helped me to get this running in my LAN. I first tried to add my local dns (--dns "MYDNSIP" ) which did not help either find my local portainer, although it's using let's encrypt certs.

@DmitryNefedov
Copy link

DmitryNefedov commented Mar 6, 2024
edited

I've found a workaround for this issue.
Since its written in nodejs and uses https lib for requests we can just add environment variable NODE_TLS_REJECT_UNAUTHORIZED to ignore certificate.

services:
  portainer-backup:
    environment:
      PORTAINER_BACKUP_URL: "https://portainer:9443"
      NODE_TLS_REJECT_UNAUTHORIZED: 0

Same goes for cli

NODE_TLS_REJECT_UNAUTHORIZED=0 npx portainer-backup info --url "https://portainer:9443" -t "blah"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@ameer1234567890 @mzeecedric @savageautomate @WizBangCrash @DmitryNefedov @palto42