unifi-docker icon indicating copy to clipboard operation
unifi-docker copied to clipboard

Published 20 hours ago verified publisher icon jacobalberty

Certs import flawed, no import of new certs during runtime

Open ThomDietrich opened this issue 5 years ago • 8 comments

Hey guys! After setting up the system and playing around a bit (everything seems fine, incl. SSL certificate by Let's Encrypt) I went to test the emergency case. Deleted everything (docker-compose down -v --rmi all --remove-orphans) and restored as if I migrated to a new host.

The containers came back up and I was able to restore an autobackup. So far perfect. Sadly the previously provided certificate is not used anymore. I am back at the snakeoil certificate.

In the logs I can find:

controller_1  | [2019-06-09 18:05:56,743] <docker-entrypoint> Cert has not changed, not updating controller.

Assumption/Question: After checking the sourcecode of the import_cert script I realize that I could have deleted the md5 file to solve the "bug" on my system. Please be aware that I changed the default docker-compose.yml to mount the certs folder locally, see below. To summarize: This seems to be a functional bug. The cert file shouldn't only be checked against the md5 but also against the internal cert. Is there any reason to doing the md5 check instead of always importing the cert? What if the md5 file existed from another source?

All the best!

Host operating system

Ubuntu

What tag are you using

latest (UniFi 5.10.24)

Complete docker-compose.yml

Note: Pay attention to the local mount of cert, might be related.

version: '2.2'
services:
  mongo:
    image: mongo:3.4
    networks:
      - unifi
    restart: always
    volumes:
      - db:/data/db
  controller:
    image: "jacobalberty/unifi:${TAG:-latest}"
    depends_on:
      - mongo
    init: true
    networks:
      - unifi
    restart: always
    volumes:
      - data:/unifi/data
      - log:/unifi/log
      #- cert:/unifi/cert
      - ./cert/:/unifi/cert/
      - init:/unifi/init.d
      - ./backup/:/unifi/data/backup/
    environment:
      DB_URI: mongodb://mongo/unifi
      STATDB_URI: mongodb://mongo/unifi_stat
      DB_NAME: unifi
      TZ: "Europe/Berlin"
      RUNAS_UID0: "false"
    ports:
      - "3478:3478/udp" # STUN
      - "6789:6789/tcp" # Speed test
      - "8080:8080/tcp" # Device/ controller comm.
      - "443:8443/tcp" # Controller GUI/API as seen in a web browser
      - "8880:8880/tcp" # HTTP portal redirection
      - "8843:8843/tcp" # HTTPS portal redirection
      - "10001:10001/udp" # AP discovery
  logs:
    image: bash
    depends_on:
      - controller
    command: bash -c 'tail -f /unifi/log/*.log'
    restart: always
    volumes:
      - log:/unifi/log

volumes:
  db:
  data:
  log:
  #cert:
  init:

networks:
  unifi:

ThomDietrich avatar Jun 09 '19 18:06 ThomDietrich