Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Elkarbackup docker 1.3.3 - apache doesn't listen on SSL port - (with workaround) #42

Open
ffabreti opened this issue Oct 12, 2020 · 0 comments
Open

Elkarbackup docker 1.3.3 - apache doesn't listen on SSL port - (with workaround) #42

ffabreti opened this issue Oct 12, 2020 · 0 comments

Comments

@ffabreti
Copy link

ffabreti commented Oct 12, 2020
edited
Loading

Docker port-forwarding is ok.

Problem is as follows:

# docker run \
> --name=elkarbackup  \
> --network=bkpnet \
> -p 4444:443  \
> -p 80:80 \
> --ip 192.168.41.20 \
> --restart=unless-stopped \
> --detach=true \
> --env="EB_CRON=enabled" \
> --env="PHP_TZ=America/Sao_Paulo" \
> --env="TZ=America/Sao_Paulo" \
> --env="SYMFONY__DATABASE__HOST=192.168.41.10" \
> --env="SYMFONY__DATABASE__PORT=3306" \
> --env="SYMFONY__DATABASE__NAME=prod_elkarbackup" \
> --env="SYMFONY__DATABASE__USER=root" \
> --env="SYMFONY__DATABASE__PASSWORD=xxxxxxxxxxx" \
> --env="SYMFONY__MAILER__HOST=xxxxxxxxx" \
> --env="SYMFONY__MAILER__USER=xxxxxxxxxx" \
> --env="SYMFONY__MAILER__PASSWORD=xxxxxxxxx" \
> --env="SYMFONY__MAILER__FROM=xxxxxxxx" \
> --env="SYMFONY__EB__SECRET=xxxxxxxxxxxxxx" \
> --env="SYMFONY__EB__PUBLIC__KEY=/app/.ssh/id_rsa.pub" \
> --volume="/srv/elkarbackup/bkps:/app/backups" \
> --volume="/srv/elkarbackup/uploads:/app/uploads" \
> --volume="/srv/elkarbackup/.ssh:/app/.ssh" \
> -t elkarbackup/elkarbackup:1.3.3

6397d4f4cec1b8f7a7e65bb10146caf743b4172eed6117408345e1d808a70d6d
# docker logs elkarbackup -f
Could not create database `prod_elkarbackup` for connection named default
An exception occurred while executing 'CREATE DATABASE `prod_elkarbackup`':

SQLSTATE[HY000]: General error: 1007 Can't create database 'prod_elkarbackup'; database exists

                    Application Migrations


No migrations to execute.
Admin user exists and reset was not requested. Nothing to do.

 // Clearing the cache for the prod environment with debug false


 [OK] Cache for the "prod" environment (debug=false) was successfully cleared.


Dumping all prod assets.
Debug mode is off.

11:11:29 [file+] /app/elkarbackup/app/../web/js/50d2dad.js
11:11:29 [file+] /app/elkarbackup/app/../web/js/fbef3cc.js
11:11:29 [file+] /app/elkarbackup/app/../web/css/92f5b2c.css
11:11:29 [file+] /app/elkarbackup/app/../web/js/02c4d9e.js
11:11:29 [file+] /app/elkarbackup/app/../web/js/4acda04.js
11:11:29 [file+] /app/elkarbackup/app/../web/js/2c3c294.js
11:11:29 [file+] /app/elkarbackup/app/../web/js/28b0684.js
11:11:29 [file+] /app/elkarbackup/app/../web/js/ae16382.js
11:11:29 [file+] /app/elkarbackup/app/../web/js/dc67ef4.js
11:11:29 [file+] /app/elkarbackup/app/../web/js/8e8eb4d.js
11:11:29 [file+] /app/elkarbackup/app/../web/js/6f75296.js
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 192.168.41.20. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 192.168.41.20. Set the 'ServerName' directive globally to suppress this message
[Mon Oct 12 11:11:29.627563 2020] [mpm_prefork:notice] [pid 24] AH00163: Apache/2.4.38 (Debian) PHP/7.1.33 configured -- resuming normal operations
[Mon Oct 12 11:11:29.627624 2020] [core:notice] [pid 24] AH00094: Command line: 'apache2 -D FOREGROUND'


EB_CRON is enabled. Running tick command every minute...
^C
# docker exec -it elkarbackup bash
root@6397d4f4cec1:/var/www/html# apt-get update
[..]
root@6397d4f4cec1:/var/www/html# apt-get install -y net-tools
[..]
root@6397d4f4cec1:/var/www/html# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.11:36369        0.0.0.0:*               LISTEN
tcp        0      0 192.168.41.20:50814     192.168.41.10:3306      TIME_WAIT
udp        0      0 127.0.0.11:40355        0.0.0.0:*

as you can see from netstat above, there is no Listen in 443/tcp, and no errors are reported.

And this is the workaround.

1. Need to map volume to /etc/ssl to find certificate and key for apache
see line below (--volume="/srv/elkarbackup/ssl:/etc/ssl")

/srv/elkarbackup/ssl/certs:
-rw-r--r--. 1 root elkarwww 1013 Oct 12 10:53 ssl-cert-snakeoil.pem
/srv/elkarbackup/ssl/private:
-rw-r-----. 1 root elkarwww 1708 Oct 12 10:54 ssl-cert-snakeoil.key
# docker run \
> --name=elkarbackup  \
> --network=bkpnet \
> -p 4444:443  \
> -p 80:80 \
> --ip 192.168.41.20 \
> --restart=unless-stopped \
> --detach=true \
> --env="EB_CRON=enabled" \
> --env="PHP_TZ=America/Sao_Paulo" \
> --env="TZ=America/Sao_Paulo" \
> --env="SYMFONY__DATABASE__HOST=192.168.41.10" \
> --env="SYMFONY__DATABASE__PORT=3306" \
> --env="SYMFONY__DATABASE__NAME=prod_elkarbackup" \
> --env="SYMFONY__DATABASE__USER=root" \
> --env="SYMFONY__DATABASE__PASSWORD=xxxxxxxxxxx" \
> --env="SYMFONY__MAILER__HOST=xxxxxxxxx" \
> --env="SYMFONY__MAILER__USER=xxxxxxxxxx" \
> --env="SYMFONY__MAILER__PASSWORD=xxxxxxxxx" \
> --env="SYMFONY__MAILER__FROM=xxxxxxxx" \
> --env="SYMFONY__EB__SECRET=xxxxxxxxxxxxxx" \
> --env="SYMFONY__EB__PUBLIC__KEY=/app/.ssh/id_rsa.pub" \
> --volume="/srv/elkarbackup/bkps:/app/backups" \
> --volume="/srv/elkarbackup/uploads:/app/uploads" \
> --volume="/srv/elkarbackup/.ssh:/app/.ssh" \
> --volume="/srv/elkarbackup/ssl:/etc/ssl" \
> -t elkarbackup/elkarbackup:1.3.3
46e1d89434108979a9fecd94a3651908f57589ccf71a2ebf0ec327c03926d20c
# docker logs elkarbackup -f
Could not create database `prod_elkarbackup` for connection named default
An exception occurred while executing 'CREATE DATABASE `prod_elkarbackup`':

SQLSTATE[HY000]: General error: 1007 Can't create database 'prod_elkarbackup'; database exists

                    Application Migrations


No migrations to execute.
Admin user exists and reset was not requested. Nothing to do.

 // Clearing the cache for the prod environment with debug false


 [OK] Cache for the "prod" environment (debug=false) was successfully cleared.


Dumping all prod assets.
Debug mode is off.

11:14:59 [file+] /app/elkarbackup/app/../web/js/50d2dad.js
11:14:59 [file+] /app/elkarbackup/app/../web/js/fbef3cc.js
11:14:59 [file+] /app/elkarbackup/app/../web/css/92f5b2c.css
11:14:59 [file+] /app/elkarbackup/app/../web/js/02c4d9e.js
11:14:59 [file+] /app/elkarbackup/app/../web/js/4acda04.js
11:14:59 [file+] /app/elkarbackup/app/../web/js/2c3c294.js
11:14:59 [file+] /app/elkarbackup/app/../web/js/28b0684.js
11:14:59 [file+] /app/elkarbackup/app/../web/js/ae16382.js
11:14:59 [file+] /app/elkarbackup/app/../web/js/dc67ef4.js
11:14:59 [file+] /app/elkarbackup/app/../web/js/8e8eb4d.js
11:14:59 [file+] /app/elkarbackup/app/../web/js/6f75296.js
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 192.168.41.20. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 192.168.41.20. Set the 'ServerName' directive globally to suppress this message
[Mon Oct 12 11:15:00.183710 2020] [mpm_prefork:notice] [pid 25] AH00163: Apache/2.4.38 (Debian) PHP/7.1.33 configured -- resuming normal operations
[Mon Oct 12 11:15:00.183774 2020] [core:notice] [pid 25] AH00094: Command line: 'apache2 -D FOREGROUND'


EB_CRON is enabled. Running tick command every minute...
^C

2. Need to enable module ssl on apache and restart

# docker exec -it elkarbackup bash
root@46e1d8943410:/var/www/html# apt-get update
[..]
root@46e1d8943410:/var/www/html# apt-get install -y net-tools
[..]
root@46e1d8943410:/var/www/html# a2enmod ssl
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Enabling module socache_shmcb.
Enabling module ssl.
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:

root@46e1d8943410:/var/www/html# service apache2 restart
[....] Restarting Apache httpd web server: apache2Terminated
root@46e1d8943410:/var/www/html# service apache2 restart
[....] Restarting Apache httpd web server: apache2AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 192.168.41.20. Set the 'ServerName' directive globally to suppress this message
[Mon Oct 12 11:17:07.341474 2020] [ssl:warn] [pid 383] AH01909: elkarbackup.local:443:0 server certificate does NOT include an ID which matches the server name
. ok
root@46e1d8943410:/var/www/html# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.11:34149        0.0.0.0:*               LISTEN
tcp        0      0 192.168.41.20:50846     192.168.41.10:3306      TIME_WAIT
tcp        0      0 192.168.41.20:50848     192.168.41.10:3306      TIME_WAIT
udp        0      0 127.0.0.11:54821        0.0.0.0:*
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   Path

Problem with workaround is that if container is removed, it's necessary to redo all steps.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ffabreti