haproxy issueshttps://forge.liiib.re/indiehost/haproxy/-/issues2018-08-18T21:51:09Zhttps://forge.liiib.re/indiehost/haproxy/-/issues/11unable to load SSL private key2018-08-18T21:51:09ZOzouxunable to load SSL private key*Created by: rijvirajib*
This was working a while ago, so there has been no code changes, it just won't run properly now:
I have the piwik server running with this docker-compose (note, updates to expose 80 for haproxy):
```
versio...*Created by: rijvirajib*
This was working a while ago, so there has been no code changes, it just won't run properly now:
I have the piwik server running with this docker-compose (note, updates to expose 80 for haproxy):
```
version: '2'
networks:
lb_web:
external: true
back:
driver: bridge
services:
db:
image: mysql
volumes:
- ./mysql/runtime:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD
networks:
- back
app:
image: piwik:fpm
links:
- db
volumes:
- ./config:/var/www/html/config
networks:
- back
web:
image: nginx
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
links:
- app
volumes_from:
- app
environment:
- VIRTUAL_HOST
networks:
- back
- lb_web
expose:
- 80
cron:
image: piwik:fpm
links:
- db
volumes_from:
- app
entrypoint: |
bash -c 'bash -s <<EOF
trap "break;exit" SIGHUP SIGINT SIGTERM
while /bin/true; do
su -s "/bin/bash" -c "/usr/local/bin/php /var/www/html/console core:archive" www-data
sleep 3600
done
EOF'
networks:
- back
```
`docker ps`:
```
ubuntu@ip-10-0-0-37:~/haproxy$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a20afa6bdee0 nginx "nginx -g 'daemon ..." 4 minutes ago Up About a minute 80/tcp dockerpiwik_web_1
75d981dd0344 indiehosters/ocsp "cron -f" 12 minutes ago Up 8 minutes haproxy_ocsp_1
e47547839d86 jwilder/docker-gen "/usr/local/bin/do..." 12 minutes ago Up 8 minutes haproxy_discovery_1
7b6fce04d70c nginx "nginx -g 'daemon ..." 12 minutes ago Up 8 minutes 80/tcp haproxy_letsencrypt-web_1
da0b94fdaf24 piwik:fpm "bash -c 'bash -s ..." 13 minutes ago Up About a minute 9000/tcp dockerpiwik_cron_1
b066571afa57 piwik:fpm "/entrypoint.sh ph..." 13 minutes ago Up About a minute 9000/tcp dockerpiwik_app_1
c9d078314cfa mysql "docker-entrypoint..." 13 minutes ago Up About a minute 3306/tcp dockerpiwik_db_1
```
Commands to run:
First run haproxy: `VIRTUAL_HOST=special.rij.co docker-compose up -d`
The run docker-piwik: `MYSQL_ROOT_PASSWORD=mysqlpasswqord docker-compose up -d`
Errors on haproxy:
```
haproxy_1 | ./certs/ MODIFY special.rij.co.pem
haproxy_1 | ++ cat /var/run/haproxy.pid
haproxy_1 | + haproxy -f /etc/haproxy/haproxy.cfg -D -p /var/run/haproxy.pid -sf 14
haproxy_1 | [ALERT] 317/172631 (17) : parsing [/etc/haproxy/haproxy.cfg:26] : 'bind *:443' : unable to load SSL private key from PEM file '/etc/haproxy/certs/special.rij.co.pem'.
haproxy_1 | [ALERT] 317/172631 (17) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
haproxy_1 | [ALERT] 317/172631 (17) : Fatal errors found in configuration.
letsencrypt_1 | [Tue Nov 14 17:26:31 UTC 2017] Reload success
letsencrypt_1 | [Tue Nov 14 17:26:31 UTC 2017] ===End cron===
letsencrypt_1 | + inotifywait .
discovery_1 | 2017/11/14 17:26:31 Received event die for container 756bec2566af
letsencrypt_1 | Setting up watches.
letsencrypt_1 | Watches established.
haproxy_haproxy_1 exited with code 1
```https://forge.liiib.re/indiehost/haproxy/-/issues/9ocsp and discovery do not use lb_web network but create their own haproxy_def...2018-08-18T21:51:09ZOzouxocsp and discovery do not use lb_web network but create their own haproxy_default*Created by: BuritoSlinger*
Tried to use this to ultimately run nextcloud. I am running this on a QNAP nas box which does know about docker but does not know docker-compose ... although it is installed. So I thought I'd give it a sho...*Created by: BuritoSlinger*
Tried to use this to ultimately run nextcloud. I am running this on a QNAP nas box which does know about docker but does not know docker-compose ... although it is installed. So I thought I'd give it a shot.
setup lb_web worked the git worked and then:
` docker-compose up -d
Removing haproxy_ocsp_1
Removing haproxy_discovery_1
Starting haproxy_letsencrypt-web_1
Recreating 1d41a4a77454_1d41a4a77454_haproxy_ocsp_1
haproxy_letsencrypt_1 is up-to-date
Recreating 59b308ab6a62_59b308ab6a62_haproxy_discovery_1
ERROR: for letsencrypt-web Cannot start service letsencrypt-web: failed to create endpoint haproxy_letsencrypt-web_1 on network lb_web: adding interface vethe3c819c to bridge ubr-db7943c3bff failed: could not find bridge ubr-db7943c3bff: route ip+net: no such network interface
ERROR: for discovery Cannot start service discovery: failed to create endpoint haproxy_discovery_1 on network lb_web: adding interface veth65197d6 to bridge ubr-db7943c3bff failed: could not find bridge ubr-db7943c3bff: route ip+net: no such network interface
ERROR: for ocsp Cannot start service ocsp: failed to create endpoint haproxy_ocsp_1 on network lb_web: adding interface veth1c6b03e to bridge ubr-db7943c3bff failed: could not find bridge ubr-db7943c3bff: route ip+net: no such network interface
ERROR: Encountered errors while bringing up the project.`
when I check the docker network I got:
` docker network ls
NETWORK ID NAME DRIVER
09a0ba68ec50 bridge bridge
9633f73d5aae haproxy_default bridge
c545021a49ee host host
db7943c3bffa lb_web bridge
28d48d039085 none null`
what am I doing wrong?
https://forge.liiib.re/indiehost/haproxy/-/issues/7LE cert requires haproxy restart when new domain is added2018-08-18T21:51:09ZOzouxLE cert requires haproxy restart when new domain is added*Created by: edrex*
For example:
```
core@libre /$ sudo libre provision -a github.com/indiehosters/nextcloud -u nextcloud.pdxhub.org -s
```
At this point the server has a self-signed cert
```
subject=/C=FR/ST=Some-State/L=fl...*Created by: edrex*
For example:
```
core@libre /$ sudo libre provision -a github.com/indiehosters/nextcloud -u nextcloud.pdxhub.org -s
```
At this point the server has a self-signed cert
```
subject=/C=FR/ST=Some-State/L=flers/O=Internet Widgits Pty Ltd/OU=Timothee/CN=Timothee/emailAddress=timothee@unteem.org
issuer=/C=FR/ST=Some-State/L=flers/O=Internet Widgits Pty Ltd/OU=Timothee/CN=Timothee/emailAddress=timothee@unteem.org
```
It appears that the let's encrypt process succeeded, so I guess haproxy isn't picking up the cert.
Restarting haproxy picks up the cert.
```
core@libre / $ cd /system/haproxy && sudo libre restart
```
Known issue?