murmur icon indicating copy to clipboard operation
murmur copied to clipboard

Published 20 hours ago verified publisher icon goofball222

Allow users to set CERTDIR as an environment variable

Open m0wer opened this issue 6 years ago • 7 comments

Reporting bugs/issues

  • When reporting a bug/issue:

    • Ensure that you are using the latest release. true
    • Revert any custom modifications or environment varibles to insure they're not the cause. true

  • Please provide the following information:

    • OS/distribution version (command for your OS may differ):
    user@host:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 9.8 (stretch)
Release:        9.8
Codename:       stretch
    • Docker version:
    user@host:~$ docker --version
Docker version 18.09.5, build e8ff056dbc
    • Labels from container:
    user@host:~$ docker inspect goofball222/murmur:<tagname>
...
            "Labels": {
            "org.label-schema.build-date": "2019-04-01T02:00:28Z",
            "org.label-schema.license": "Apache-2.0",
            "org.label-schema.name": "Murmur Server",
            "org.label-schema.schema-version": "1.0",
            "org.label-schema.url": "https://github.com/goofball222/murmur",
            "org.label-schema.vcs-ref": "107157b",
            "org.label-schema.vcs-url": "https://github.com/goofball222/murmur.git",
            "org.label-schema.vendor": "The Goofball - [email protected]",
            "org.label-schema.version": "1.2.19"
        }
...
    • Details on how to reproduce the trouble, if available:

I want to use some Let's Encrypt certs for this service. I mount them in readonly mode and I only mount the ones needed for the murmur server domain. When mounted on /opt/murmur/cert, the chown fails because it's a readonly filesystem. The certificates shouldn't be modified, not even the permissions, because murmur just needs to be able to read them.

A possible solution would be allowing the user to set the CERTDIR environment variable to somwhere outside of /opt/murmur and mount the certificates there. Then, you could run the image like this:

/usr/bin/docker run --rm --name "murmur" \
-e 'PUID=1000' -e 'PGID=1000' \
-e "CERTDIR=/etc/letsencrypt/live/[domain]" \
-v "/data/murmur/conf":/opt/murmur/config \
-v "/data/murmur/data":/opt/murmur/data \
-v "/data/murmur/log":/opt/murmur/log \
-v '/etc/localtime:/etc/localtime:ro' \
-v /etc/letsencrypt/live/[domain]:/etc/letsencrypt/live/[domain]/:ro \
-v /etc/letsencrypt/archive/[domain]:/etc/letsencrypt/archive/[domain]/:ro \
-p "64738:64738/tcp" \
-p "64738:64738/udp" \
"goofball222/murmur:latest"

Note mounting live and archive is needed for the symlinks to work, a simpler approach would be to just mount the whole /etc/letsencrypt directory.

m0wer avatar Apr 14 '19 09:04 m0wer

ping

m0wer avatar Apr 29 '19 16:04 m0wer

I'll take a look at what needs to be added/changed to support this when I can find a few spare minutes.

goofball222 avatar May 02 '19 23:05 goofball222

ping, with the pull request I've opened works

m0wer avatar May 31 '19 19:05 m0wer

ping :(

m0wer avatar Jul 12 '19 06:07 m0wer

I have the same issue and would really appreciate the fix from @m0wer .

Jens-Ehrlich avatar Jan 29 '20 19:01 Jens-Ehrlich

@Jens-Ehrlich you can check my fork (m0wer/murmur) meanwhile, I rebase from this one periodically.

m0wer avatar Jan 30 '20 12:01 m0wer

I'll take a look at what needs to be added/changed to support this when I can find a few spare minutes.

Hi @goofball222, is there any update on this? Or should I use the container by @m0wer instead?

BadCo-NZ avatar Apr 11 '20 22:04 BadCo-NZ