acme-companion icon indicating copy to clipboard operation
acme-companion copied to clipboard

Published 20 hours ago verified publisher icon nginx-proxy

acme swarm

Open MrKira34 opened this issue 3 years ago • 2 comments
trafficstars

Ubuntu 22.04 Swarm

docker version
Client:
 Version:           20.10.12
 API version:       1.41
 Go version:        go1.16.2
 Git commit:        20.10.12-0ubuntu2~20.04.1
 Built:             Wed Apr  6 02:14:38 2022
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server:
 Engine:
  Version:          20.10.12
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.16.2
  Git commit:       20.10.12-0ubuntu2~20.04.1
  Built:            Thu Feb 10 15:03:35 2022
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.5.9-0ubuntu1~20.04.1
  GitCommit:        
 runc:
  Version:          1.1.0-0ubuntu1~20.04.1
  GitCommit:        
 docker-init:
  Version:          0.19.0
  GitCommit:        


version: '3.9'

services:

  nginx-proxy:
    image: nginxproxy/nginx-proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - /app/nginx/certs:/etc/nginx/certs
      - vhost.d:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/tmp/docker.sock:ro
    networks:
      - nginx      
    deploy:
      mode: replicated
      replicas: 1
      placement:
        constraints: [node.labels.type == masternode]
        
        
  nginx-proxy-home:
    image: nginx
    environment:
      - VIRTUAL_HOST=myrealdomain.ru
      - LETSENCRYPT_HOST=myrealdomain.ru
    volumes:
      - /app/nginx/conf.d/:/etc/nginx/conf.d  
    networks:
      - nginx      
    deploy:
      mode: replicated
      replicas: 1
      placement:
        constraints: [node.labels.type == masternode]


  nginx-proxy-letsencrypt:
    image: nginxproxy/acme-companion  
    volumes: 
      - /app/nginx/certs:/etc/nginx/certs
      - vhost.d:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - acme:/etc/acme.sh
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - NGINX_PROXY_CONTAINER=nginx-proxy
    depends_on:
      - nginx-proxy
    networks:
      - nginx      
    deploy:
      mode: replicated
      replicas: 1
      placement:
        constraints: [node.labels.type == masternode]
        
        
networks:
  nginx:
    name: nginx
    external: true

volumes:
  vhost.d:
  html:
  acme:

After launch nginx-proxy-letsencrypt logs

Info: running acme-companion version v2.2.1
jq: error (at <stdin>:1): Cannot iterate over null (null)
Error: can't get docker-gen container id !
If you are running a three containers setup, check that you are doing one of the following :
	- Set the NGINX_DOCKER_GEN_CONTAINER env var on the letsencrypt-companion container to the name of the docker-gen container.
	- Label the docker-gen container to use with 'com.github.jrcs.letsencrypt_nginx_proxy_companion.docker_gen'.

Can't figure out what to do about it? How to make it work? know that you can do without the second nginx "nginx-proxy-home" using traefik. But so far I haven't been able to figure it out.

MrKira34 avatar Oct 14 '22 10:10 MrKira34

The Swarm mode seems to be broken.

I found the container id using docker ps It should be something like <stack>_nginx-proxy.1.<id>

I place it in the environment variables:

NGINX_PROXY_CONTAINER: eben0_nginx-proxy.1.wd4zpf08buujiof2u0b35cobm
NGINX_DOCKER_GEN_CONTAINER: eben0_nginx-proxy.1.wd4zpf08buujiof2u0b35cobm

The companion service is able to find the container now, but it crashes it:

acme-companion

[email protected]    | Info: running acme-companion version v2.2.1
[email protected]    | Info: running acme-companion version v2.2.1
[email protected]    | Error: can't get docker-gen container id !
[email protected]    | Info: 4096 bits RFC7919 Diffie-Hellman group found, generation skipped.
[email protected]    | If you are running a three containers setup, check that you are doing one of the following :
[email protected]    | Reloading nginx docker-gen (using separate container eben0_nginx-proxy.1.pgv1h0t9tmp6)...
[email protected]    | {"message":"Cannot kill container: eben0_nginx-proxy.1.pgv1h0t9tmp6: No such container: eben0_nginx-proxy.1.pgv1h0t9tmp6"}
[email protected]    |     - Set the NGINX_DOCKER_GEN_CONTAINER env var on the letsencrypt-companion container to the name of the docker-gen container.
[email protected]    | Reloading nginx (using separate container 4cf079853d1d8b74e45492450a8e9153429c67e0ae74ffb0076345eca90688a6)...
[email protected]    | 2022/10/22 09:11:34 Generated '/app/letsencrypt_service_data' from 4 containers
[email protected]    |     - Label the docker-gen container to use with 'com.github.jrcs.letsencrypt_nginx_proxy_companion.docker_gen'.
[email protected]    | 2022/10/22 09:11:34 Running '/app/signal_le_service'
[email protected]    | 2022/10/22 09:11:34 Watching docker events
[email protected]    | Sleep for 3600s
[email protected]    | 2022/10/22 09:11:34 Error: nginx-proxy container 4cf079853d1d8b74e45492450a8e9153429c67e0ae74ffb0076345eca90688a6 isn't running.
[email protected]    | 2022/10/22 09:11:34 Contents of /app/letsencrypt_service_data did not change. Skipping notification '/app/signal_le_service'
[email protected]    | 2022/10/22 09:11:34 Received event die for container 4cf079853d1d
[email protected]    | 2022/10/22 09:11:39 Debounce minTimer fired
[email protected]    | 2022/10/22 09:11:39 Contents of /app/letsencrypt_service_data did not change. Skipping notification '/app/signal_le_service'

nginx-proxy

[email protected]    | dockergen.1 | 2022/10/22 09:22:21 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
[email protected]    | forego      | sending SIGTERM to dockergen.1
[email protected]    | forego      | sending SIGTERM to nginx.1
[email protected]    | nginx.1     | 2022/10/22 09:22:21 [notice] 42#42: signal 15 (SIGTERM) received from 1, exiting
[email protected]    | nginx.1     | 2022/10/22 09:22:21 [notice] 63#63: signal 15 (SIGTERM) received from 1, exiting
[email protected]    | dockergen.1 | 2022/10/22 09:22:21 Received signal: terminated
[email protected]    | dockergen.1 | 2022/10/22 09:22:21 Received signal: terminated
[email protected]    | nginx.1     | 2022/10/22 09:22:21 [notice] 63#63: exiting
[email protected]    | nginx.1     | 2022/10/22 09:22:21 [notice] 62#62: signal 15 (SIGTERM) received from 1, exiting
[email protected]    | nginx.1     | 2022/10/22 09:22:21 [notice] 62#62: exiting
[email protected]    | nginx.1     | 2022/10/22 09:22:21 [notice] 64#64: signal 15 (SIGTERM) received from 1, exiting
[email protected]    | nginx.1     | 2022/10/22 09:22:21 [notice] 64#64: exiting
[email protected]    | nginx.1     | 2022/10/22 09:22:21 [notice] 63#63: exit
[email protected]    | nginx.1     | 2022/10/22 09:22:21 [notice] 64#64: exit
[email protected]    | nginx.1     | 2022/10/22 09:22:21 [notice] 62#62: exit
[email protected]    | forego      | Killing nginx.1

I will try to run the docker-gen and Nginx as separate services.

eben0 avatar Oct 22 '22 09:10 eben0

The two container solution doesn't work in Swarm. The three container setup does work, but you'll need to use a modified version of docker-gen. Feel free to reference the compose file I use. Note: the acme-companion doesn't work with multiple nginx replicas.

mmcinnestaylor avatar Nov 09 '22 19:11 mmcinnestaylor