Comments (6)
Hi.
I don't get what you mean by "checking the left side of the mapping", this is a Docker bind mount, the left side is where your socket is located on your host, --volume /run/user/UID/docker.sock:/var/run/docker.sock:ro
should work if you Docker socket is located at /run/user/UID/docker.sock
. If it does not, this is not because the container "check" the left side value.
What might be confusing is that nginx-proxy and acme-companion both expect the socket to be located in different places inside the running container:
- nginx-proxy expects it at
/tmp/docker.sock
so--volume /var/run/docker.sock:/tmp/docker.sock:ro
- acme-companion expects it at
/var/run/docker.sock
so--volume /var/run/docker.sock:/var/run/docker.sock:ro
from acme-companion.
You're right, what I write in the left part shouldn't matter as long as my docker socket is in that location. But the problem is that letsencrypt issues an error saying that the docker socket should be mapped to /var/run/docker.sock.
But I found a workaround which is to modify the Dockerfile:
ENV COMPANION_VERSION=$GIT_DESCRIBE \
DOCKER_HOST=unix:///var/run/docker.sock \
PATH=$PATH:/app
and change here the location of /var/run/docker.sock. That worked for me.
But still in principle, letsencrypt shouldn't issue an error because the left side is not located at /var/run/docker.sock. Only if the RIGHT side is not /var/run/docker.sock.
from acme-companion.
Could you provide the command line or Docker compose file that gives you an error ?
from acme-companion.
sorry to say that this was quite a while ago. Tried to recreate the env on a virtual box without success. I'll let you know if I can reproduce.
And thanks for responding, much appreciated.
from acme-companion.
I checked the code again and I can assure you that there is nothing in the code that check the leftmost part of the socket bind mount.
Again --volume /run/user/$UID/docker.sock:/var/run/docker.sock:ro
should work without any modification of anything.
The important thing is that you keep the right part identical to what the image expect be default (:/var/run/docker.sock:ro
) but the left part (and the left part only) can be any path to a valid Docker socket on your host machine.
--volume /run/user/$UID/docker.sock:/run/user/$UID/docker.sock:ro
on the other and will not work out of the box : if you really want or need to change the in-container Docker socket location (the right part of the bind mount), you can just provide DOCKER_HOST
as an environment variable to the container, no need to modify the Dockerfile.
Example:
docker run --detach \
--name nginx-proxy-acme \
--volumes-from nginx-proxy \
--volume acme:/etc/acme.sh \
--env "DOCKER_HOST=unix:///foo/bar/docker.sock" \
--volume /run/user/$UID/docker.sock:/foo/bar/docker.sock:ro \
nginxproxy/acme-companion
I'm closing this for now because there really isn't anything on the code that check the leftmost part of the socket bind mount against a known value, and I was unable to reproduce this issue. Feel free to re-open if you're able to reproduce.
from acme-companion.
@buchdag thank you again for making sure. That might explain why I can't reproduce this error.
I've been using acme-companion for quite a while now and was very surprised when I did get this error.
Is it possible that the code has since been modified? It's also possible of course that I made a mistake, although at the time I checked many many times. And I also remember quite clearly having copied/paste the mapping from the nginx config to acme-companion and still getting that error.
In any case, thank you again for rechecking! Much obliged.
from acme-companion.
Related Issues (20)
- cert_status always returns EXPIRED HOT 1
- Slow creation for new domain
- Using it with podman HOT 1
- CURL error 28 on certificate creation/renewal HOT 2
- Do all up steam containers require port 80 and 443?
- Add support for default certificates signed by Let's Encrypt HOT 6
- curl endless loop with 3.x Kernels on version >= 2.2.9 HOT 3
- SSH Certificates will Not Update HOT 1
- Error: no ACME account was found or registered HOT 4
- Redondant config HOT 6
- Add another domain without recreating the container?
- Not Able to Generate Certs Due to IPv6 Subnet
- Question: single cert for all sub domains
- Multiple ports ssl-proxied for single domain HOT 2
- missing -wait?
- The certificate is not trusted because it is self-signed. Error during secondary validation. HOT 2
- DNS-01 support
- Prevent expiration notifications for stopped containers
- Automated configuration not working properly
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from acme-companion.