docker-flow-proxy-letsencrypt icon indicating copy to clipboard operation
docker-flow-proxy-letsencrypt copied to clipboard

Published 20 hours ago verified publisher icon n1b0r

DFP is not correctly reconfigured after restart

Open felicienfrancois opened this issue 6 years ago • 3 comments

I'm using secrets to store certificates. When restarting Docker Flow Proxy, I get a SSL_ERROR_RX_RECORD_TOO_LONG error on Firefox on all domains (i.e. the served certificate is invalid). I need to clear secrets and volume to makes letsencrypt regenerate certificates and reconfigure DFP to makes it work again.

How the DFP startup certs configuration is supposed to work in secrets mode ? I see in https://proxy.dockerflow.com/usage/#certificates that secrets whose name starts with cert_ are automatically loaded at startup by DFP. Should the secrets created by DFPLE starts with cert_ ?

My stack

version: "3.4"

services:

  proxy:
    image: vfarcic/docker-flow-proxy
    ports:
      - 80:80
      - 443:443
    networks:
      - proxy
    depends_on:
      - swarm-listener
    environment:
      LISTENER_ADDRESS: swarm-listener
      MODE: swarm
      SERVICE_NAME: proxy_proxy
      CHECK_RESOLVERS: 1

  swarm-listener:
    image: vfarcic/docker-flow-swarm-listener
    networks:
      - proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      DF_NOTIFY_CREATE_SERVICE_URL: http://letsencrypt:8080/v1/docker-flow-proxy-letsencrypt/reconfigure
      DF_NOTIFY_REMOVE_SERVICE_URL: http://proxy:8080/v1/docker-flow-proxy/remove
    deploy:
      placement:
        constraints: [node.role == manager]

  letsencrypt:
    image: nib0r/docker-flow-proxy-letsencrypt
    networks:
      - proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - letsencrypt:/etc/letsencrypt
    environment:
      DF_PROXY_SERVICE_NAME: proxy_proxy
    deploy:
      labels:
        - com.df.notify=true
        - com.df.servicePath=/.well-known/acme-challenge
        - com.df.port=8080

volumes:
  letsencrypt:

networks:
  proxy:
    external: true

felicienfrancois avatar Mar 17 '18 10:03 felicienfrancois

@felicienfrancois same question here, did you only restart DFP or the whole stack ?

n1b0r avatar Mar 20 '18 10:03 n1b0r

I restart by updating the stack with docker stack deploy https://docs.docker.com/engine/reference/commandline/stack_deploy/ In my tests, the only service which configuration had changed was DFP. So it was probably the only service restarted (can't find a doc about the exact behavior of this command)

felicienfrancois avatar Mar 21 '18 07:03 felicienfrancois

even when restarting all services at once, I have the same issue. What should be the "boot sequence" ? Should I had depends_on instruction to force boot sequence order ?

felicienfrancois avatar Mar 22 '18 10:03 felicienfrancois