docker icon indicating copy to clipboard operation
docker copied to clipboard

Published 20 hours ago verified publisher icon anonaddy

warning: cannot get RSA certificate from file "/home/USER/anonaddy/TLS.key": disabling TLS support

Open jediazmurillo opened this issue 6 months ago • 1 comments

Support guidelines

I've found a bug and checked that ...

  • [X] ... the documentation does not mention anything about my problem
  • [X] ... there are no open or closed issues that are related to my problem

Description

Can not enable TLS on Postfix

Expected behaviour

  - "POSTFIX_SMTPD_TLS=true"
  - "POSTFIX_SMTP_TLS=true"
  - "POSTFIX_SMTPD_TLS_CERT_FILE=/etc/letsencrypt/live/domain.xyz/fullchain.pem"
  - "POSTFIX_SMTPD_TLS_KEY_FILE=/etc/letsencrypt/live/domain.xyz/privkey.pem"

Should Enable TLS

Actual behaviour

Getting 500's on webapp

sudo docker compose logs -f gives the following:

addy_nginx | 111.111.111.111 - - [19/Dec/2023:06:29:44 +0000] "GET /captcha/mini?9ntdf97c HTTP/2.0" 200 5776 "https://websiteedited.xyz/register" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0" "-" addy | Dec 19 00:29:53 mail postfix/smtpd[1072]: warning: cannot get RSA certificate from file "/etc/letsencrypt/live/domain.xyz/fullchain.pem": disabling TLS support addy | Dec 19 00:29:53 mail postfix/smtpd[1072]: warning: TLS library problem: error:80000002:system library::No such file or directory:crypto/bio/bss_file.c:297:calling fopen(/etc/letsencrypt/live/domain.xyz/fullchain.pem, r): addy | Dec 19 00:29:53 mail postfix/smtpd[1072]: warning: TLS library problem: error:10080002:BIO routines::system lib:crypto/bio/bss_file.c:300: addy | Dec 19 00:29:53 mail postfix/smtpd[1072]: warning: TLS library problem: error:0A080002:SSL routines::system lib:ssl/ssl_rsa.c:448:

(IP and website edited for privacy)

Steps to reproduce

Using the information provided using default settings on fresh vps

Docker info

Client: Docker Engine - Community
 Version:    24.0.7
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.11.2
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.21.0
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 4
  Running: 4
  Paused: 0
  Stopped: 0
 Images: 4
 Server Version: 24.0.7
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc io.containerd.runc.v2
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 3dd1e886e55dd695541fdcd67420c2888645a495
 runc version: v1.1.10-0-g18a0cb0
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 5.15.0-1045-oracle
 Operating System: Ubuntu 22.04.3 LTS
 OSType: linux
 Architecture: aarch64
 CPUs: 4
 Total Memory: 23.43GiB
 Name: examplewebsite-xyz
 ID: e1a1a3e6-8192-4f96-b323-1045d0497b55
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

Docker Compose config

name: addy

services:
  db:
    image: mariadb:10.5
    container_name: addy_db
    command:
      - "mysqld"
      - "--character-set-server=utf8mb4"
      - "--collation-server=utf8mb4_unicode_ci"
    volumes:
      - "./db:/var/lib/mysql"
    environment:
      - "MYSQL_ALLOW_EMPTY_PASSWORD=yes"
      - "MYSQL_DATABASE=anonaddy"
      - "MYSQL_USER=anonaddy"
      - "MYSQL_PASSWORD=11111111111111"
    restart: always

  redis:
    image: redis:4.0-alpine
    container_name: addy_redis
    restart: always

  addy:
    image: anonaddy/anonaddy:latest
    container_name: addy
    depends_on:
      - db
      - redis
    ports:
      - target: 25
        published: 25
        protocol: tcp
      - target: 8000
        published: 8000
        protocol: tcp
    volumes:
      - "./data:/data"
    env_file:
      - "./addy.env"
    environment:
      - "TZ=America/Monterrey"
      - "PUID=1000"
      - "PGID=1000"
      - "REAL_IP_FROM=0.0.0.0/32"
      - "REAL_IP_HEADER=X-Forwarded-For"
      - "LOG_IP_VAR=remote_addr"
      - "DB_HOST=db"
      - "LISTEN_IPV6=false"
      - "MEMORY_LIMIT=1024M"
      - "UPLOAD_MAX_SIZE=128M"
      - "OPCACHE_MEMSIZE=128"
      - "DB_DATABASE=anonaddy"
      - "DB_USERNAME=anonaddy"
      - "DB_PASSWORD=111111111111111111"
      - "APP_KEY=base64:HBtLNVmXbqky111111111111111111113f7JEw3Dk0k="
      - "APP_DEBUG_false"
      - "APP_URL=http://127.0.0.1:8000"
      - "ANONADDY_ADMIN_USERNAME=happyuser"
      - "ANONADDY_DOMAIN=domainexample.xyz"
      - "ANONADDY_ALL_DOMANDS=domainexample.xyz"
      - "ANONADDY_HOSTNAME=mail.domainexample.xyz"
      - "ANONADDY_DNS_RESOLVER=127.0.0.1"
      - "ANONADDY_SECRET=lksjfl111111111111111111111111kjflsakfjoi23u3"
      - "ANONADDY_DKIM_SIGNING_KEY=/data/dkim/domainexample.xyz.private"
      - "[email protected]"
      - "MAIL_FROM_NAME=domainexample.xyz"
      - "[email protected]"
      - "ANONADDY_BANDWIDTH_LIMIT=104857600"
      - "POSTFIX_DEBUG=false"
      - "POSTFIX_SMTPD_TLS=true"
      - "POSTFIX_SMTP_TLS=true"
      - "POSTFIX_SMTPD_TLS_CERT_FILE=/etc/letsencrypt/live/domainexample.xyz/fullchain.pem"
      - "POSTFIX_SMTPD_TLS_KEY_FILE=/etc/letsencrypt/live/domainexample.xyz/privkey.pem"
      - "RSPAMD_ENABLE=true"
      - "RSPAMD_WEB_PASSWORD=1111111111111111"
    restart: always
  nginx:
    image: nginx:1.25.3-alpine
    container_name: addy_nginx
    restart: unless-stopped
    ports:
      - '443:443'
    volumes:
      - /etc/ssl/dhparam.pem:/etc/ssl/dhparam.pem
      - ./nginx/templates:/etc/nginx/templates
      - /etc/letsencrypt:/etc/letsencrypt
    depends_on:
      - addy

Logs

addy_nginx  | 111.111.111.111 - - [19/Dec/2023:06:29:44 +0000] "GET /captcha/mini?9ntdf97c HTTP/2.0" 200 5776 "https://websiteedited.xyz/register" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0" "-"
addy        | Dec 19 00:29:53 mail postfix/smtpd[1072]: warning: cannot get RSA certificate from file "/etc/letsencrypt/live/domain.xyz/fullchain.pem": disabling TLS support
addy        | Dec 19 00:29:53 mail postfix/smtpd[1072]: warning: TLS library problem: error:80000002:system library::No such file or directory:crypto/bio/bss_file.c:297:calling fopen(/etc/letsencrypt/live/domain.xyz/fullchain.pem, r):
addy        | Dec 19 00:29:53 mail postfix/smtpd[1072]: warning: TLS library problem: error:10080002:BIO routines::system lib:crypto/bio/bss_file.c:300:
addy        | Dec 19 00:29:53 mail postfix/smtpd[1072]: warning: TLS library problem: error:0A080002:SSL routines::system lib:ssl/ssl_rsa.c:448:

Additional info

By default certbot certificates are only root accesible, i tried to create others on /home/user/anonaddy with 777. The application can not read those either.

jediazmurillo avatar Dec 19 '23 06:12 jediazmurillo