Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Keyfile Permisson Error with docker deploy hook #5333

Open
hinrichd opened this issue Oct 18, 2024 · 2 comments
Open

Keyfile Permisson Error with docker deploy hook #5333

hinrichd opened this issue Oct 18, 2024 · 2 comments

Comments

@hinrichd
Copy link

hinrichd commented Oct 18, 2024

Hi All,

using acme.sh (running in a container) with the docker deploy hook will successfully delpoy the cert and key files to the dedicated docker container. The docker deploy hook is using the docker api to create the files on the dedicated server. The files will be created with root:root ownership and the keyfile is secured by 600 file permission. For example:

-rw-r--r--    1 root     root          1652 Oct 18 09:36 ca.pem
-rw-r--r--    1 root     root          1350 Oct 18 09:36 cert.pem
-rw-r--r--    1 root     root          3002 Oct 18 09:36 full.pem
-rw-------    1 root     root           227 Oct 18 09:35 privkey.pem

In most cases the docker container service are running as non root and with a user id > 1000. In this common case the container service can not access the keyfile.

How can I change the owner of the keyfile to match the container service id while running the deploy hook?

Tried to use the reload cmd, but this will not change the owner of the keyfile.
DEPLOY_DOCKER_CONTAINER_RELOAD_CMD="chown -f node-red:node-red /data/certs/privkey.pem; pkill node-red" \

Steps to reproduce

docker  exec \
    -e DEPLOY_DOCKER_CONTAINER_LABEL=sh.acme.autoload.domain=node.example.com \
    -e DEPLOY_DOCKER_CONTAINER_KEY_FILE=/data/certs/privkey.pem \
    -e DEPLOY_DOCKER_CONTAINER_CERT_FILE="/data/certs/cert.pem" \
    -e DEPLOY_DOCKER_CONTAINER_CA_FILE="/data/certs/ca.pem" \
    -e DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE="/data/certs/full.pem" \
    -e DEPLOY_DOCKER_CONTAINER_RELOAD_CMD="**chown -f node-red:node-red /data/certs/privkey.pem;** pkill node-red" \
    acme.sh --deploy -d node.example  --deploy-hook docker

Debug log

The certfiles will be deployed to a node-red container. The container service is running with user id 1000 aka nod-red.
When starting node-red it loads the keyfile from /data/certs/privkey.pem with permission error and exit 1.

How can I change the owner of the keyfile to match the container service id while running the deploy hook?

Thank you for any help.

[Fri Oct 18 09:11:18 UTC 2024] Let's find the script directory.
[Fri Oct 18 09:11:18 UTC 2024] _SCRIPT_='/root/.acme.sh/acme.sh'
[Fri Oct 18 09:11:18 UTC 2024] _script='/root/.acme.sh/acme.sh'
[Fri Oct 18 09:11:18 UTC 2024] _script_home='/root/.acme.sh'
[Fri Oct 18 09:11:18 UTC 2024] Using default home: /root/.acme.sh
[Fri Oct 18 09:11:18 UTC 2024] Using config home: /acme.sh
[Fri Oct 18 09:11:18 UTC 2024] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/acmesh-official/acme.sh
v3.1.0
[Fri Oct 18 09:11:18 UTC 2024] Running cmd: deploy
[Fri Oct 18 09:11:18 UTC 2024] Using config home: /acme.sh
[Fri Oct 18 09:11:18 UTC 2024] default_acme_server
[Fri Oct 18 09:11:18 UTC 2024] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Fri Oct 18 09:11:18 UTC 2024] _ACME_SERVER_HOST='acme.zerossl.com'
[Fri Oct 18 09:11:18 UTC 2024] _ACME_SERVER_PATH='v2/DV90'
[Fri Oct 18 09:11:18 UTC 2024] The domain 'node.example.com' seems to already have an ECC cert, let's use it.
[Fri Oct 18 09:11:18 UTC 2024] DOMAIN_PATH='/acme.sh/node.example.com_ecc'
[Fri Oct 18 09:11:18 UTC 2024] DOMAIN_CONF='/acme.sh/node.example.com_ecc/node.example.com.conf'
[Fri Oct 18 09:11:18 UTC 2024] _deployApi='/root/.acme.sh/deploy/docker.sh'
[Fri Oct 18 09:11:18 UTC 2024] _cdomain='node.example.com'
[Fri Oct 18 09:11:18 UTC 2024] DEPLOY_DOCKER_CONTAINER_LABEL='sh.acme.autoload.domain=node.example.com'
[Fri Oct 18 09:11:18 UTC 2024] Try use /var/run/docker.sock
[Fri Oct 18 09:11:18 UTC 2024] _cversion='8.9.0'
[Fri Oct 18 09:11:18 UTC 2024] _major='8'
[Fri Oct 18 09:11:18 UTC 2024] _minor='9'
[Fri Oct 18 09:11:18 UTC 2024] DEPLOY_DOCKER_CONTAINER_KEY_FILE='/data/certs/privkey.pem'
[Fri Oct 18 09:11:18 UTC 2024] DEPLOY_DOCKER_CONTAINER_CERT_FILE='/data/certs/cert.pem'
[Fri Oct 18 09:11:18 UTC 2024] DEPLOY_DOCKER_CONTAINER_CA_FILE='/data/certs/ca.pem'
[Fri Oct 18 09:11:18 UTC 2024] DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE='/data/certs/full.pem'
[Fri Oct 18 09:11:18 UTC 2024] DEPLOY_DOCKER_CONTAINER_RELOAD_CMD='chown -f node-red:node-red /data/certs/privkey.pem; pkill node-red'
[Fri Oct 18 09:11:18 UTC 2024] _req='{"label":["sh.acme.autoload.domain=node.example.com"]}'
[Fri Oct 18 09:11:18 UTC 2024] _req='%7b%22label%22%3a%5b%22sh.acme.autoload.domain%3dnode.example.com%22%5d%7d'
[Fri Oct 18 09:11:18 UTC 2024] _data
[Fri Oct 18 09:11:18 UTC 2024] url='http://localhost/containers/json?filters=%7b%22label%22%3a%5b%22sh.acme.autoload.domain%3dnode.example.com%22%5d%7d'
*   Trying /var/run/docker.sock:0...
* Connected to localhost (/var/run/docker.sock) port 0
> GET /containers/json?filters=%7b%22label%22%3a%5b%22sh.acme.autoload.domain%3dnode.example.com%22%5d%7d HTTP/1.1
> Host: localhost
> User-Agent: curl/8.9.0
> Accept: */*
> Content-Type: application/json
> Content-Length: 0
> 
* Request completely sent off
< HTTP/1.1 200 OK
< Api-Version: 1.47
< Content-Type: application/json
< Docker-Experimental: false
< Ostype: linux
< Server: Docker/27.3.1 (linux)
< Date: Fri, 18 Oct 2024 09:11:18 GMT
< Transfer-Encoding: chunked
< 
{ [2423 bytes data]
* Connection #0 to host localhost left intact
[Fri Oct 18 09:11:18 UTC 2024] listjson='[{"Id":"472406a9f8f53ec646c18f5413aab319d15b2de0181448374bd069a0660ce7ad","Names":["/node-red"],"Image":"nodered/node-red:latest","ImageID":"sha256:54d8030c12fddbb9a9c07230997c3339edceb6f1da771159730e3119a649aea6","Command":"./entrypoint.sh","Created":1729237513,"Ports":[{"PrivatePort":1880,"Type":"tcp"}],"Labels":{"authors":"Dave Conway-Jones, Nick O'Leary, James Thomas, Raymond Mouthaan","com.docker.compose.config-hash":"c8ee70846848956d5a0fa42c65e62fbcc01bb626f0670769dbd23c6977bd432b","com.docker.compose.container-number":"1","com.docker.compose.depends_on":"","com.docker.compose.image":"sha256:54d8030c12fddbb9a9c07230997c3339edceb6f1da771159730e3119a649aea6","com.docker.compose.oneoff":"False","com.docker.compose.project":"node-red","com.docker.compose.project.config_files":"/home/rap/Docker/node-red/docker-compose.yml","com.docker.compose.project.working_dir":"/home/rap/Docker/node-red","com.docker.compose.replace":"c38f9fd0831f50ed38ef65771e81404664ecb7b26d8385db60d7d09f07cd009b","com.docker.compose.service":"node-red","com.docker.compose.version":"2.29.7","org.label-schema.arch":"","org.label-schema.build-date":"2024-10-10T10:33:31Z","org.label-schema.description":"Low-code programming for event-driven applications.","org.label-schema.docker.dockerfile":".docker/Dockerfile.alpine","org.label-schema.license":"Apache-2.0","org.label-schema.name":"Node-RED","org.label-schema.url":"https://nodered.org","org.label-schema.vcs-ref":"","org.label-schema.vcs-type":"Git","org.label-schema.vcs-url":"https://github.com/node-red/node-red-docker","org.label-schema.version":"4.0.5","org.opencontainers.image.source":"https://github.com/node-red/node-red-docker","sh.acme.autoload.domain":"node.example.com"},"State":"running","Status":"Up 11 minutes (healthy)","HostConfig":{"NetworkMode":"caddy-proxy"},"NetworkSettings":{"Networks":{"caddy-proxy":{"IPAMConfig":null,"Links":null,"Aliases":null,"MacAddress":"02:42:ac:18:00:02","DriverOpts":null,"NetworkID":"343ca90e1e5fc46cf6393e6ddb7a030bb62c168dcaa3a5dc1c55d13b79b73923","EndpointID":"abe0fc0a51a34f894bead3e08b78a6ac19c5967d8e7a83c70e41e4c08a112f1f","Gateway":"172.24.0.1","IPAddress":"172.24.0.2","IPPrefixLen":16,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"DNSNames":null}}},"Mounts":[{"Type":"bind","Source":"/home/rap/Docker/node-red/data","Destination":"/data","Mode":"rw","RW":true,"Propagation":"rprivate"}]}]'
[Fri Oct 18 09:11:18 UTC 2024] Container id: 472406a9f8f53ec646c18f5413aab319d15b2de0181448374bd069a0660ce7ad
[Fri Oct 18 09:11:18 UTC 2024] Copying file from /acme.sh/node.example.com_ecc/node.example.com.key to /data/certs/privkey.pem
[Fri Oct 18 09:11:18 UTC 2024] _dir='/data/certs'
[Fri Oct 18 09:11:18 UTC 2024] _docker_exec 472406a9f8f53ec646c18f5413aab319d15b2de0181448374bd069a0660ce7ad mkdir -p /data/certs
[Fri Oct 18 09:11:18 UTC 2024] _cmd='mkdir -p /data/certs'
[Fri Oct 18 09:11:18 UTC 2024] _data='{"Cmd": ["sh", "-c", "mkdir -p /data/certs"]}'
[Fri Oct 18 09:11:18 UTC 2024] url='http://localhost/containers/472406a9f8f53ec646c18f5413aab319d15b2de0181448374bd069a0660ce7ad/exec'
*   Trying /var/run/docker.sock:0...
* Connected to localhost (/var/run/docker.sock) port 0
> POST /containers/472406a9f8f53ec646c18f5413aab319d15b2de0181448374bd069a0660ce7ad/exec HTTP/1.1
> Host: localhost
> User-Agent: curl/8.9.0
> Accept: */*
> Content-Type: application/json
> Content-Length: 45
> 
} [45 bytes data]
* upload completely sent off: 45 bytes
< HTTP/1.1 201 Created
< Api-Version: 1.47
< Content-Type: application/json
< Docker-Experimental: false
< Ostype: linux
< Server: Docker/27.3.1 (linux)
< Date: Fri, 18 Oct 2024 09:11:18 GMT
< Content-Length: 74
< 
{ [74 bytes data]
* Connection #0 to host localhost left intact
[Fri Oct 18 09:11:18 UTC 2024] cjson='{"Id":"472202f5ace06a16310d1acf11b9d8594c59db1bab65abf8ad3f116a56d860de"}'
[Fri Oct 18 09:11:18 UTC 2024] execid='472202f5ace06a16310d1acf11b9d8594c59db1bab65abf8ad3f116a56d860de'
[Fri Oct 18 09:11:18 UTC 2024] _data='{"Detach": false,"Tty": false}'
[Fri Oct 18 09:11:18 UTC 2024] url='http://localhost/exec/472202f5ace06a16310d1acf11b9d8594c59db1bab65abf8ad3f116a56d860de/start'
*   Trying /var/run/docker.sock:0...
* Connected to localhost (/var/run/docker.sock) port 0
> POST /exec/472202f5ace06a16310d1acf11b9d8594c59db1bab65abf8ad3f116a56d860de/start HTTP/1.1
> Host: localhost
> User-Agent: curl/8.9.0
> Accept: */*
> Content-Type: application/json
> Content-Length: 30
> 
} [30 bytes data]
* upload completely sent off: 30 bytes
< HTTP/1.1 200 OK
< Content-Type: application/vnd.docker.raw-stream
< Api-Version: 1.47
< Docker-Experimental: false
< Ostype: linux
< Server: Docker/27.3.1 (linux)
* no chunk, no close, no size. Assume close to signal end
< 
{ [0 bytes data]
* shutting down connection #0
[Fri Oct 18 09:11:18 UTC 2024] ejson
[Fri Oct 18 09:11:18 UTC 2024] _frompath='acme.sh/node.example.com_ecc/node.example.com.key'
[Fri Oct 18 09:11:18 UTC 2024] _toname='privkey.pem'
[Fri Oct 18 09:11:18 UTC 2024] _from='/acme.sh/node.example.com_ecc/node.example.com.key'
[Fri Oct 18 09:11:18 UTC 2024] _data='@-'
[Fri Oct 18 09:11:18 UTC 2024] url='http://localhost/containers/472406a9f8f53ec646c18f5413aab319d15b2de0181448374bd069a0660ce7ad/archive?noOverwriteDirNonDir=1&path=%2fdata%2fcerts'
*   Trying /var/run/docker.sock:0...
* Connected to localhost (/var/run/docker.sock) port 0
> PUT /containers/472406a9f8f53ec646c18f5413aab319d15b2de0181448374bd069a0660ce7ad/archive?noOverwriteDirNonDir=1&path=%2fdata%2fcerts HTTP/1.1
> Host: localhost
> User-Agent: curl/8.9.0
> Accept: */*
> Content-Type: application/octet-stream
> Content-Length: 305
> 
} [305 bytes data]
* upload completely sent off: 305 bytes
< HTTP/1.1 200 OK
< Api-Version: 1.47
< Docker-Experimental: false
< Ostype: linux
< Server: Docker/27.3.1 (linux)
< Date: Fri, 18 Oct 2024 09:11:18 GMT
< Content-Length: 0
< 
* Connection #0 to host localhost left intact
[Fri Oct 18 09:11:18 UTC 2024] Copying file from /acme.sh/node.example.com_ecc/node.example.com.cer to /data/certs/cert.pem
[Fri Oct 18 09:11:18 UTC 2024] _dir='/data/certs'
[Fri Oct 18 09:11:18 UTC 2024] _docker_exec 472406a9f8f53ec646c18f5413aab319d15b2de0181448374bd069a0660ce7ad mkdir -p /data/certs
[Fri Oct 18 09:11:18 UTC 2024] _cmd='mkdir -p /data/certs'
[Fri Oct 18 09:11:18 UTC 2024] _data='{"Cmd": ["sh", "-c", "mkdir -p /data/certs"]}'
[Fri Oct 18 09:11:18 UTC 2024] url='http://localhost/containers/472406a9f8f53ec646c18f5413aab319d15b2de0181448374bd069a0660ce7ad/exec'
*   Trying /var/run/docker.sock:0...
* Connected to localhost (/var/run/docker.sock) port 0
> POST /containers/472406a9f8f53ec646c18f5413aab319d15b2de0181448374bd069a0660ce7ad/exec HTTP/1.1
> Host: localhost
> User-Agent: curl/8.9.0
> Accept: */*
> Content-Type: application/json
> Content-Length: 45
> 
} [45 bytes data]
* upload completely sent off: 45 bytes
< HTTP/1.1 201 Created
< Api-Version: 1.47
< Content-Type: application/json
< Docker-Experimental: false
< Ostype: linux
< Server: Docker/27.3.1 (linux)
< Date: Fri, 18 Oct 2024 09:11:18 GMT
< Content-Length: 74
< 
{ [74 bytes data]
* Connection #0 to host localhost left intact
[Fri Oct 18 09:11:18 UTC 2024] cjson='{"Id":"628ef9af857597dc0831037aa1037dd867dfe45fb6dd5c122bc816c51620bfe0"}'
[Fri Oct 18 09:11:18 UTC 2024] execid='628ef9af857597dc0831037aa1037dd867dfe45fb6dd5c122bc816c51620bfe0'
[Fri Oct 18 09:11:18 UTC 2024] _data='{"Detach": false,"Tty": false}'
[Fri Oct 18 09:11:18 UTC 2024] url='http://localhost/exec/628ef9af857597dc0831037aa1037dd867dfe45fb6dd5c122bc816c51620bfe0/start'
*   Trying /var/run/docker.sock:0...
* Connected to localhost (/var/run/docker.sock) port 0
> POST /exec/628ef9af857597dc0831037aa1037dd867dfe45fb6dd5c122bc816c51620bfe0/start HTTP/1.1
> Host: localhost
> User-Agent: curl/8.9.0
> Accept: */*
> Content-Type: application/json
> Content-Length: 30
> 
} [30 bytes data]
* upload completely sent off: 30 bytes
< HTTP/1.1 200 OK
< Content-Type: application/vnd.docker.raw-stream
< Api-Version: 1.47
< Docker-Experimental: false
< Ostype: linux
< Server: Docker/27.3.1 (linux)
* no chunk, no close, no size. Assume close to signal end
< 
{ [0 bytes data]
* shutting down connection #0
[Fri Oct 18 09:11:18 UTC 2024] ejson
[Fri Oct 18 09:11:18 UTC 2024] _frompath='acme.sh/node.example.com_ecc/node.example.com.cer'
[Fri Oct 18 09:11:18 UTC 2024] _toname='cert.pem'
[Fri Oct 18 09:11:18 UTC 2024] _from='/acme.sh/node.example.com_ecc/node.example.com.cer'
[Fri Oct 18 09:11:18 UTC 2024] _data='@-'
[Fri Oct 18 09:11:18 UTC 2024] url='http://localhost/containers/472406a9f8f53ec646c18f5413aab319d15b2de0181448374bd069a0660ce7ad/archive?noOverwriteDirNonDir=1&path=%2fdata%2fcerts'
*   Trying /var/run/docker.sock:0...
* Connected to localhost (/var/run/docker.sock) port 0
> PUT /containers/472406a9f8f53ec646c18f5413aab319d15b2de0181448374bd069a0660ce7ad/archive?noOverwriteDirNonDir=1&path=%2fdata%2fcerts HTTP/1.1
> Host: localhost
> User-Agent: curl/8.9.0
> Accept: */*
> Content-Type: application/octet-stream
> Content-Length: 1104
> 
} [1104 bytes data]
* upload completely sent off: 1104 bytes
< HTTP/1.1 200 OK
< Api-Version: 1.47
< Docker-Experimental: false
< Ostype: linux
< Server: Docker/27.3.1 (linux)
< Date: Fri, 18 Oct 2024 09:11:18 GMT
< Content-Length: 0
< 
* Connection #0 to host localhost left intact
[Fri Oct 18 09:11:18 UTC 2024] Copying file from /acme.sh/node.example.com_ecc/ca.cer to /data/certs/ca.pem
[Fri Oct 18 09:11:18 UTC 2024] _dir='/data/certs'
[Fri Oct 18 09:11:18 UTC 2024] _docker_exec 472406a9f8f53ec646c18f5413aab319d15b2de0181448374bd069a0660ce7ad mkdir -p /data/certs
[Fri Oct 18 09:11:18 UTC 2024] _cmd='mkdir -p /data/certs'
[Fri Oct 18 09:11:18 UTC 2024] _data='{"Cmd": ["sh", "-c", "mkdir -p /data/certs"]}'
[Fri Oct 18 09:11:18 UTC 2024] url='http://localhost/containers/472406a9f8f53ec646c18f5413aab319d15b2de0181448374bd069a0660ce7ad/exec'
*   Trying /var/run/docker.sock:0...
* Connected to localhost (/var/run/docker.sock) port 0
> POST /containers/472406a9f8f53ec646c18f5413aab319d15b2de0181448374bd069a0660ce7ad/exec HTTP/1.1
> Host: localhost
> User-Agent: curl/8.9.0
> Accept: */*
> Content-Type: application/json
> Content-Length: 45
> 
} [45 bytes data]
* upload completely sent off: 45 bytes
< HTTP/1.1 201 Created
< Api-Version: 1.47
< Content-Type: application/json
< Docker-Experimental: false
< Ostype: linux
< Server: Docker/27.3.1 (linux)
< Date: Fri, 18 Oct 2024 09:11:18 GMT
< Content-Length: 74
< 
{ [74 bytes data]
* Connection #0 to host localhost left intact
[Fri Oct 18 09:11:18 UTC 2024] cjson='{"Id":"c9bc6d314c1910f4d4125562b8c3b341874c8e09c56aeccbbc7065e99a563969"}'
[Fri Oct 18 09:11:18 UTC 2024] execid='c9bc6d314c1910f4d4125562b8c3b341874c8e09c56aeccbbc7065e99a563969'
[Fri Oct 18 09:11:18 UTC 2024] _data='{"Detach": false,"Tty": false}'
[Fri Oct 18 09:11:18 UTC 2024] url='http://localhost/exec/c9bc6d314c1910f4d4125562b8c3b341874c8e09c56aeccbbc7065e99a563969/start'
*   Trying /var/run/docker.sock:0...
* Connected to localhost (/var/run/docker.sock) port 0
> POST /exec/c9bc6d314c1910f4d4125562b8c3b341874c8e09c56aeccbbc7065e99a563969/start HTTP/1.1
> Host: localhost
> User-Agent: curl/8.9.0
> Accept: */*
> Content-Type: application/json
> Content-Length: 30
> 
} [30 bytes data]
* upload completely sent off: 30 bytes
< HTTP/1.1 200 OK
< Content-Type: application/vnd.docker.raw-stream
< Api-Version: 1.47
< Docker-Experimental: false
< Ostype: linux
< Server: Docker/27.3.1 (linux)
* no chunk, no close, no size. Assume close to signal end
< 
{ [0 bytes data]
* shutting down connection #0
[Fri Oct 18 09:11:18 UTC 2024] ejson
[Fri Oct 18 09:11:18 UTC 2024] _frompath='acme.sh/node.example.com_ecc/ca.cer'
[Fri Oct 18 09:11:18 UTC 2024] _toname='ca.pem'
[Fri Oct 18 09:11:18 UTC 2024] _from='/acme.sh/node.example.com_ecc/ca.cer'
[Fri Oct 18 09:11:18 UTC 2024] _data='@-'
[Fri Oct 18 09:11:18 UTC 2024] url='http://localhost/containers/472406a9f8f53ec646c18f5413aab319d15b2de0181448374bd069a0660ce7ad/archive?noOverwriteDirNonDir=1&path=%2fdata%2fcerts'
*   Trying /var/run/docker.sock:0...
* Connected to localhost (/var/run/docker.sock) port 0
> PUT /containers/472406a9f8f53ec646c18f5413aab319d15b2de0181448374bd069a0660ce7ad/archive?noOverwriteDirNonDir=1&path=%2fdata%2fcerts HTTP/1.1
> Host: localhost
> User-Agent: curl/8.9.0
> Accept: */*
> Content-Type: application/octet-stream
> Content-Length: 1337
> 
} [1337 bytes data]
* upload completely sent off: 1337 bytes
< HTTP/1.1 200 OK
< Api-Version: 1.47
< Docker-Experimental: false
< Ostype: linux
< Server: Docker/27.3.1 (linux)
< Date: Fri, 18 Oct 2024 09:11:18 GMT
< Content-Length: 0
< 
* Connection #0 to host localhost left intact
[Fri Oct 18 09:11:18 UTC 2024] Copying file from /acme.sh/node.example.com_ecc/fullchain.cer to /data/certs/full.pem
[Fri Oct 18 09:11:19 UTC 2024] _dir='/data/certs'
[Fri Oct 18 09:11:19 UTC 2024] _docker_exec 472406a9f8f53ec646c18f5413aab319d15b2de0181448374bd069a0660ce7ad mkdir -p /data/certs
[Fri Oct 18 09:11:19 UTC 2024] _cmd='mkdir -p /data/certs'
[Fri Oct 18 09:11:19 UTC 2024] _data='{"Cmd": ["sh", "-c", "mkdir -p /data/certs"]}'
[Fri Oct 18 09:11:19 UTC 2024] url='http://localhost/containers/472406a9f8f53ec646c18f5413aab319d15b2de0181448374bd069a0660ce7ad/exec'
*   Trying /var/run/docker.sock:0...
* Connected to localhost (/var/run/docker.sock) port 0
> POST /containers/472406a9f8f53ec646c18f5413aab319d15b2de0181448374bd069a0660ce7ad/exec HTTP/1.1
> Host: localhost
> User-Agent: curl/8.9.0
> Accept: */*
> Content-Type: application/json
> Content-Length: 45
> 
} [45 bytes data]
* upload completely sent off: 45 bytes
< HTTP/1.1 201 Created
< Api-Version: 1.47
< Content-Type: application/json
< Docker-Experimental: false
< Ostype: linux
< Server: Docker/27.3.1 (linux)
< Date: Fri, 18 Oct 2024 09:11:19 GMT
< Content-Length: 74
< 
{ [74 bytes data]
* Connection #0 to host localhost left intact
[Fri Oct 18 09:11:19 UTC 2024] cjson='{"Id":"005b24fa9514102367473781b95ca5bf5ae0ec7195b45972513634305ea6ee42"}'
[Fri Oct 18 09:11:19 UTC 2024] execid='005b24fa9514102367473781b95ca5bf5ae0ec7195b45972513634305ea6ee42'
[Fri Oct 18 09:11:19 UTC 2024] _data='{"Detach": false,"Tty": false}'
[Fri Oct 18 09:11:19 UTC 2024] url='http://localhost/exec/005b24fa9514102367473781b95ca5bf5ae0ec7195b45972513634305ea6ee42/start'
*   Trying /var/run/docker.sock:0...
* Connected to localhost (/var/run/docker.sock) port 0
> POST /exec/005b24fa9514102367473781b95ca5bf5ae0ec7195b45972513634305ea6ee42/start HTTP/1.1
> Host: localhost
> User-Agent: curl/8.9.0
> Accept: */*
> Content-Type: application/json
> Content-Length: 30
> 
} [30 bytes data]
* upload completely sent off: 30 bytes
< HTTP/1.1 200 OK
< Content-Type: application/vnd.docker.raw-stream
< Api-Version: 1.47
< Docker-Experimental: false
< Ostype: linux
< Server: Docker/27.3.1 (linux)
* no chunk, no close, no size. Assume close to signal end
< 
{ [0 bytes data]
* shutting down connection #0
[Fri Oct 18 09:11:19 UTC 2024] ejson
[Fri Oct 18 09:11:19 UTC 2024] _frompath='acme.sh/node.example.com_ecc/fullchain.cer'
[Fri Oct 18 09:11:19 UTC 2024] _toname='full.pem'
[Fri Oct 18 09:11:19 UTC 2024] _from='/acme.sh/node.example.com_ecc/fullchain.cer'
[Fri Oct 18 09:11:19 UTC 2024] _data='@-'
[Fri Oct 18 09:11:19 UTC 2024] url='http://localhost/containers/472406a9f8f53ec646c18f5413aab319d15b2de0181448374bd069a0660ce7ad/archive?noOverwriteDirNonDir=1&path=%2fdata%2fcerts'
*   Trying /var/run/docker.sock:0...
* Connected to localhost (/var/run/docker.sock) port 0
> PUT /containers/472406a9f8f53ec646c18f5413aab319d15b2de0181448374bd069a0660ce7ad/archive?noOverwriteDirNonDir=1&path=%2fdata%2fcerts HTTP/1.1
> Host: localhost
> User-Agent: curl/8.9.0
> Accept: */*
> Content-Type: application/octet-stream
> Content-Length: 2210
> 
} [2210 bytes data]
* upload completely sent off: 2210 bytes
< HTTP/1.1 200 OK
< Api-Version: 1.47
< Docker-Experimental: false
< Ostype: linux
< Server: Docker/27.3.1 (linux)
< Date: Fri, 18 Oct 2024 09:11:19 GMT
< Content-Length: 0
< 
* Connection #0 to host localhost left intact
[Fri Oct 18 09:11:19 UTC 2024] Reloading: chown -f node-red:node-red /data/certs/privkey.pem; pkill node-red
[Fri Oct 18 09:11:19 UTC 2024] _docker_exec 472406a9f8f53ec646c18f5413aab319d15b2de0181448374bd069a0660ce7ad chown -f node-red:node-red /data/certs/privkey.pem; pkill node-red
[Fri Oct 18 09:11:19 UTC 2024] _cmd='chown -f node-red:node-red /data/certs/privkey.pem; pkill node-red'
[Fri Oct 18 09:11:19 UTC 2024] _data='{"Cmd": ["sh", "-c", "chown -f node-red:node-red /data/certs/privkey.pem; pkill node-red"]}'
[Fri Oct 18 09:11:19 UTC 2024] url='http://localhost/containers/472406a9f8f53ec646c18f5413aab319d15b2de0181448374bd069a0660ce7ad/exec'
*   Trying /var/run/docker.sock:0...
* Connected to localhost (/var/run/docker.sock) port 0
> POST /containers/472406a9f8f53ec646c18f5413aab319d15b2de0181448374bd069a0660ce7ad/exec HTTP/1.1
> Host: localhost
> User-Agent: curl/8.9.0
> Accept: */*
> Content-Type: application/json
> Content-Length: 91
> 
} [91 bytes data]
* upload completely sent off: 91 bytes
< HTTP/1.1 201 Created
< Api-Version: 1.47
< Content-Type: application/json
< Docker-Experimental: false
< Ostype: linux
< Server: Docker/27.3.1 (linux)
< Date: Fri, 18 Oct 2024 09:11:19 GMT
< Content-Length: 74
< 
{ [74 bytes data]
* Connection #0 to host localhost left intact
[Fri Oct 18 09:11:19 UTC 2024] cjson='{"Id":"7a07dd7b84ba051203114277dae5a266e4f12503a4d770a2b57946d83bb0f71e"}'
[Fri Oct 18 09:11:19 UTC 2024] execid='7a07dd7b84ba051203114277dae5a266e4f12503a4d770a2b57946d83bb0f71e'
[Fri Oct 18 09:11:19 UTC 2024] _data='{"Detach": false,"Tty": false}'
[Fri Oct 18 09:11:19 UTC 2024] url='http://localhost/exec/7a07dd7b84ba051203114277dae5a266e4f12503a4d770a2b57946d83bb0f71e/start'
*   Trying /var/run/docker.sock:0...
* Connected to localhost (/var/run/docker.sock) port 0
> POST /exec/7a07dd7b84ba051203114277dae5a266e4f12503a4d770a2b57946d83bb0f71e/start HTTP/1.1
> Host: localhost
> User-Agent: curl/8.9.0
> Accept: */*
> Content-Type: application/json
> Content-Length: 30
> 
} [30 bytes data]
* upload completely sent off: 30 bytes
< HTTP/1.1 200 OK
< Content-Type: application/vnd.docker.raw-stream
< Api-Version: 1.47
< Docker-Experimental: false
< Ostype: linux
< Server: Docker/27.3.1 (linux)
* no chunk, no close, no size. Assume close to signal end
< 
{ [0 bytes data]
* shutting down connection #0
[Fri Oct 18 09:11:19 UTC 2024] ejson
[Fri Oct 18 09:11:19 UTC 2024] Success
Copy link

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

@hinrichd
Copy link
Author

Already running on latest version and append debug log!

@hinrichd hinrichd changed the title Keyfile Permisson Error with docker deploy hool Keyfile Permisson Error with docker deploy hook Oct 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant