acme-companion
acme-companion copied to clipboard
nginx-proxy
Deletes certificates from /etc/nginx/certs
When container stops, docker-letsencrypt-nginx-proxy-companion deletes certificates from /etc/nginx/certs (i mounted in a location in host ). Is there any way to prevent it ?
Hi. The file that get deleted are the symlinks to the certificates, the certificates themselves aren't deleted.
For now this behavior can't be disabled, can you tell me more about your use case and why you'd want those symlinks to be kept even when the corresponding container stops ?
My container runs nginx server on start up. so each time containers starts the it does not find the certificates at the location. Because docker-letsencrypt-nginx-proxy-companion yet to put (or symlinks ) certificates in the location /etc/nginx/certs
Do you have a compose file of your setup (ningx-proxy, the companion, and your nginx container) or the commands you use to run your containers ?
@buchdag Its showing the error - Certificates already exist and renewal is not necessary, exiting with status code 1
The issue is i am trying to restart the same container with which certificate was generated earlier. But when i restart the symlinks are not created to the volume mapped
Steps:
- Start container . Certificates are created and symlinks are set to the volume path
- Stop same container - symlinks are removed
- Again Start the same container with the same command and volumes in step 1, ISSUE: symlinks are not created now
Find the below commands and comment above
docker run --name nginx-proxy --publish 80:80 --publish 443:443 --volume /etc/nginx/certs --volume /etc/nginx/vhost.d --volume /usr/share/nginx/html --volume /var/run/docker.sock:/tmp/docker.sock:ro -d jwilder/nginx-proxy
docker run
--name nginx-proxy-letsencrypt
--volumes-from nginx-proxy
--volume /var/run/docker.sock:/var/run/docker.sock:ro
--env "[email protected]"
-d jrcs/letsencrypt-nginx-proxy-companion
docker run -v /root/users/something:/etc/nginx/conf.d -e VIRTUAL_HOST=www.xyz.com,xyz.com -e VIRTUAL_PROTO=https -e VIRTUAL_PORT=443 -e LETSENCRYPT_HOST=www.xyz.com,xyz.com -e HTTPS_METHOD=redirect --volumes-from nginx-proxy-letsencrypt -d my_docker_image
@buchdag
It creates symlinks to /etc/nginx/certs but when i stop container it removes it. But if i start again it does not create.
You can check steps in the previous comments
Anyhow it does not find the certificate when i start second time
Looks like the issue is with nginx-proxy. Some times it does not update the default.conf file correctly.
I think you are running into a race condition : letsencrypt-nginx-proxy-companion only generate the symlinks in /etc/nginx/certs when the corresponding container is up and running, but your my_docker_image container is expecting this same symlink to work, does not find and probably exit or restart.
Configure your my_docker_image container to use the actual files behind the symlink instead (inside /etc/nginx/certs/your.domain.tld).
Reopened at creator's request.
@pupattan from this
docker run \
-v /root/users/something:/etc/nginx/conf.d \
-e VIRTUAL_HOST=www.xyz.com,xyz.com \
-e VIRTUAL_PROTO=https \
-e VIRTUAL_PORT=443 \
-e LETSENCRYPT_HOST=www.xyz.com,xyz.com \
-e HTTPS_METHOD=redirect \
--volumes-from nginx-proxy-letsencrypt \
-d my_docker_image
I infer that the nginx configuration you are mounting inside your my_docker_image container is directly using the certificates generated by the nginx-proxy-letsencrypt container. Am I right ?