I am using this sample repository -
https://github.com/umputun/nginx-le
To create a docker image from Nginx with letsencrypt. Now, I am getting the following error -
PEM_read_bio_X509_AUX("/etc/nginx/ssl/") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [emerg] PEM_read_bio_X509_AUX("/etc/nginx/ssl/") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)
When I try to test my nginx configuration. Now, as stated in the above github repo I have this in my Dockerfile -
FROM nginx:stable-alpine
ADD conf/nginx.conf /etc/nginx/nginx.conf
ADD conf/service.conf /etc/nginx/conf.d/service.conf
RUN rm -rf /usr/share/nginx/html/*
COPY --from=builder /usr/build/app/dist /usr/share/nginx/html
ADD script/entrypoint.sh /entrypoint.sh
ADD script/le.sh /le.sh
RUN \
rm /etc/nginx/conf.d/default.conf && \
chmod +x /entrypoint.sh && \
chmod +x /le.sh && \
apk add --update certbot tzdata openssl && \
rm -rf /var/cache/apk/*
CMD ["/entrypoint.sh"]
-----Updated Dockerfile---------
FROM nginx:latest
RUN curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
RUN apt-get install -y nodejs
RUN apt-get install -y build-essential
RUN curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
RUN apt-get update -y && sudo apt-get install -y yarn
RUN mkdir -p /usr/build
WORKDIR /usr/build
COPY package.json .
#COPY package-lock.json .
COPY bower.json .
COPY .bowerrc .
RUN npm install --quite
RUN npm install -g gulp bower --quite
RUN bower install --allow-root
RUN mkdir /usr/build/app
RUN cp -R /usr/build/node_modules /usr/build/app
RUN cp -R /usr/build/bower_components /usr/build/app
RUN cp -R /usr/build/*.json /usr/build/app/
RUN cp /usr/build/.bowerrc /usr/build/app/
COPY src /usr/build/app
RUN mkdir /usr/build/app/gulp
ADD gulp/* /usr/build/app/gulp/
ADD gulpfile.js /usr/build/app
WORKDIR /usr/build/app
RUN ls -al .
RUN rm -rf /usr/build/app/dist
RUN mkdir /usr/build/app/dist
RUN gulp build
RUN ls -al /usr/build/app
#RUN yum -y install nodejs
#RUN yum install gcc-c++ make
ADD conf/nginx.conf /etc/nginx/nginx.conf
#ADD conf/service.conf /etc/nginx/conf.d/service.conf
RUN rm -rf /usr/share/nginx/html/*
RUN ls -al /usr/share/nginx/ && ls -al /usr/share/nginx/html/ && ls -al /usr/build/app/dist/
RUN mv /usr/build/app/dist/* /usr/share/nginx/html/
#ADD script/entrypoint.sh /entrypoint.sh
#ADD script/le.sh /le.sh
RUN rm /etc/nginx/conf.d/default.conf && \
chmod +x /entrypoint.sh
CMD ["/entrypoint.sh"]
Now, it reaches entrypoint.sh successfully & I have checked the files in my nginx webroot are getting copied along with the conf.
-------updated issue---------
So, I figured it was not creating the ssh keys because it was not able to generate any html files as part of "gulp build:dev" command & therefore throwing an error. So I updated my entrypoint to remove lets encrypt for now & only run nginx conf like this -
#!/bin/sh
echo "start nginx"
export TZ="America/Chicago"
cp /usr/share/zoneinfo/${TZ} /etc/localtime && echo ${TZ} > /etc/timezone
echo "ssl_key=${SSL_KEY:=le-key.pem}, ssl_cert=${SSL_CERT:=le-crt.pem}, ssl_chain_cert=${SSL_CHAIN_CERT:=le-chain-crt.pem}"
SSL_KEY=/etc/nginx/ssl/${SSL_KEY}
SSL_CERT=/etc/nginx/ssl/${SSL_CERT}
SSL_CHAIN_CERT=/etc/nginx/ssl/${SSL_CHAIN_CERT}
mkdir -p /etc/nginx/conf.d
mkdir -p /etc/nginx/ssl
#copy /etc/nginx/service*.conf if any of servcie*.conf mounted
if [ -f /etc/nginx/nginx*.conf ]; then
cp -fv /etc/nginx/nginx*.conf /etc/nginx/conf.d/
fi
#replace SSL_KEY, SSL_CERT and SSL_CHAIN_CERT by actual keys
ls -al /etc/nginx/conf.d
#sed -i "s|SSL_KEY|${SSL_KEY}|g" /etc/nginx/conf.d/*.conf
#sed -i "s|SSL_CERT|${SSL_CERT}|g" /etc/nginx/conf.d/*.conf
#sed -i "s|SSL_CHAIN_CERT|${SSL_CHAIN_CERT}|g" /etc/nginx/conf.d/*.conf
#generate dhparams.pem
if [ ! -f /etc/nginx/ssl/dhparams.pem ]; then
echo "make dhparams"
cd /etc/nginx/ssl
openssl dhparam -out dhparams.pem 2048
chmod 600 dhparams.pem
fi
#disable ssl configuration and let it run without SSL
mv -v /etc/nginx/conf.d /etc/nginx/conf.d.disabled
(
sleep 5 #give nginx time to start
echo "start letsencrypt updater"
while :
do
echo "trying to update letsencrypt ..."
# /le.sh
rm -f /etc/nginx/conf.d/default.conf 2>/dev/null #remove default config, conflicting on 80
mv -v /etc/nginx/conf.d.disabled /etc/nginx/conf.d #enable
echo "reload nginx with ssl"
ls -al /etc/nginx/ssl
echo "key contents are - "
cat /etc/nginx/ssl/dhparams.pem
nginx -t
nginx -s reload
sleep 60d
done
) &
nginx -g "daemon off;"
So, here in the script in the end when I test the nginx configuration it gives the following error -
-----Update----- So, now I am getting this error -
Step 38/40 : RUN mv /usr/build/app/dist/* /usr/share/nginx/html/
---> Running in 9f59c1d5cb90
mv: cannot stat '/usr/build/app/dist/*': No such file or directory
The command '/bin/sh -c mv /usr/build/app/dist/* /usr/share/nginx/html/' returned a non-zero code: 1
Logs for the gulp build:dev
command are -
---> Running in 1acca8373940
[14:40:09] Using gulpfile /usr/build/app/gulpfile.js
[14:40:09] Starting 'scripts'...
[14:40:09] Starting 'styles'...
[14:40:09] Starting 'fonts-dev'...
[14:40:10] Starting 'other-dev'...
[14:40:10] Finished 'scripts' after 1.14 s
[14:40:10] Finished 'styles' after 1.13 s
[14:40:10] Starting 'inject'...
[14:40:10] Finished 'other-dev' after 39 ms
[14:40:10] Finished 'inject' after 29 ms
[14:40:10] Starting 'html-dev'...
[14:40:10] Finished 'html-dev' after 288 ms
[14:40:11] Finished 'fonts-dev' after 2.44 s
[14:40:11] Starting 'build:dev'...
[14:40:11] Finished 'build:dev' after 123 μs
Removing intermediate container 1acca8373940
which suggests that gulp build was successful but still in this step -
Step 34/40 : RUN ls -al /usr/build/app/dist
---> Running in c141120c29dc
total 8
drwxr-xr-x 2 root root 4096 Apr 27 14:35 .
drwxr-xr-x 1 root root 4096 Apr 27 14:35 ..
Removing intermediate container c141120c29dc
I am not getting anything in the dist directory. Any suggestions for debugging, solving this ?
Can anyone help me find / debug / solve this issue ?