prosody-docker icon indicating copy to clipboard operation
prosody-docker copied to clipboard

Published 20 hours ago verified publisher icon prosody

Permission issues on /etc/prosody/certs/localhost.key

Open NaitYoussef opened this issue 4 years ago • 2 comments

Hello,

I'm trying to launch Prosody XMPP Server using prosody/prosody (sha256:aae908010395ced83280368b00d1a88520d4c3128a182cd2e4a3c81d44722589) docker image. The ouput of the docker run command bellow mentions permissions error while reading some key files.

$ docker run prosody/prosody
usermod: no changes
startup             info	Hello and welcome to Prosody version 0.11.7
startup             info	Prosody is using the select backend for connection handling
portmanager         info	Activated service 's2s' on [::]:5269, [*]:5269
portmanager         info	Activated service 'c2s' on [::]:5222, [*]:5222
portmanager         info	Activated service 'legacy_ssl' on no ports
certmanager         error	SSL/TLS: Failed to load '/etc/prosody/certs/localhost.key': Check that the permissions allow Prosody to read this file. (for localhost)
localhost:tls       error	Error creating context for c2s: error loading private key (Permission denied)
certmanager         error	SSL/TLS: Failed to load '/etc/prosody/certs/localhost.key': Previous error (see logs), or other system error. (for localhost)
localhost:tls       error	Error creating contexts for s2sout: error loading private key (system lib)
certmanager         error	SSL/TLS: Failed to load '/etc/prosody/certs/localhost.key': Previous error (see logs), or other system error. (for localhost)
localhost:tls       error	Error creating contexts for s2sin: error loading private key (system lib)
localhost:tls       info	Certificates loaded

When I logged into the docker container I noticed that this file is owned by root : -rw------- 1 root root 1704 Oct 1 15:14 /etc/prosody/certs/localhost.key

Shouldn't the owner be prosody ?

NaitYoussef avatar Oct 25 '20 17:10 NaitYoussef

same issue.

lonllua avatar Apr 22 '21 08:04 lonllua

I just attempted to set up a Prosody server and get the same error, however, I have found a solution.

First, I searched for the string "Check that the permissions allow Prosody to read this file." and came across this comment on the Prosody issues forum where Zash is seen replying to a user about the proper user for permissions issues, the correct user is 'prosody'.

After that, I exec'd into the container and messed with the permissions of the /etc/prosody directory to allow proper access to it.

docker exec -it prosody bash   # Gain shell access to the Prosody container
chown -R prosody /etc/prosody/ # Change owner of the Prosody directory

I've seen that quite a bit of people has been having this issue, it should really have been fixed by now... Hope this can help someone!

Fuwn avatar Sep 10 '22 01:09 Fuwn