help, seafile failed to start up with https and letsencrypt enabled.

zlinuxboy · 2019 年7 月 30 日 15:03

docker安装seafile，监听80端口，可以正常工作。但是启用443，同时将docker-compose.yml的SEAFILE_SERVER_LETSENCRYPT设置为true，再重启seafile，docker-compose restart，结果出现下面的错误：

seafile      | Order created!
seafile      | Verifying seafile.zlinuxboy.com...
seafile      | Traceback (most recent call last):
seafile      |   File "/shared/ssl/letsencrypt/acme_tiny.py", line 198, in <module>
seafile      |     main(sys.argv[1:])
seafile      |   File "/shared/ssl/letsencrypt/acme_tiny.py", line 194, in main
seafile      |     signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
seafile      |   File "/shared/ssl/letsencrypt/acme_tiny.py", line 143, in get_crt
seafile      |     raise ValueError("Wrote file to {0}, but couldn't download {1}: {2}".format(wellknown_path, wellknown_url, e))
seafile      | ValueError: Wrote file to /var/www/challenges/B1yA9wP7DrhWRROuzG1FpYEJP6X1rAqnYdH8hgDYuEM, but couldn't download http://seafile.zlinuxboy.com/.well-known/acme-challenge/B1yA9wP7DrhWRROuzG1FpYEJP6X1rAqnYdH8hgDYuEM: Error:
seafile      | Url: http://seafile.zlinuxboy.com/.well-known/acme-challenge/B1yA9wP7DrhWRROuzG1FpYEJP6X1rAqnYdH8hgDYuEM
seafile      | Data: None
seafile      | Response Code: None
seafile      | Response: <urlopen error [Errno 110] Connection timed out>
seafile      | Traceback (most recent call last):
seafile      |   File "/scripts/start.py", line 86, in <module>
seafile      |     main()
seafile      |   File "/scripts/start.py", line 51, in main
seafile      |     init_letsencrypt()
seafile      |   File "/scripts/bootstrap.py", line 70, in init_letsencrypt
seafile      |     call('/scripts/ssl.sh {0} {1}'.format(ssl_dir, domain))
seafile      |   File "/scripts/utils/__init__.py", line 69, in call
seafile      |     return subprocess.check_call(*a, **kw)
seafile      |   File "/usr/lib/python2.7/subprocess.py", line 190, in check_call
seafile      |     raise CalledProcessError(retcode, cmd)
seafile      | subprocess.CalledProcessError: Command '/scripts/ssl.sh /shared/ssl seafile.zlinuxboy.com' returned non-zero exit status 1
seafile      | *** /scripts/start.py exited with status 1.
seafile      | *** Shutting down runit daemon (PID 34)...
seafile      | *** Running /etc/my_init.post_shutdown.d/10_syslog-ng.shutdown...
seafile      | Jul 29 15:02:16 5d92723fd10c syslog-ng[25]: syslog-ng shutting down; version='3.13.2'
seafile      | *** Killing all processes...

我已经将域名解析到了正确的IP地址。应该是letsencrypt的问题，请问该如何解决？

另外还有一个问题，为何seafile这个container会自动关闭，而不是保持状态。这样系统管理员才能使用docker exec -it seafile bash附着到该container进一步排错。目前这种情况下，我如何才能使得seafile container可以处于运行状态，而不是退出呢？

zlinuxboy · 2019 年7 月 30 日 15:04

中文标题是：使用docker部署的seafile无法正常启用https和letsencrypt，请大神帮忙

我实在搞不懂，为什么我用上面的标题无法发文，必须的翻译成英文。

zlinuxboy · 2019 年7 月 30 日 15:07

百度到这样的可能性，管理员是不是检查一下论坛程序的设置？

zlinuxboy · 2019 年7 月 30 日 16:21

这个问题有了进一步的消息，op的原因是docker host没有开启80端口，然而acme-tiny在申请证书的过程中需要透过docker host的80端口，才能跟外界交互。所以开了80端口就可以进到下一步的，但是仍然遇到问题：

docker-compose down
docker-compose up

seafile      | Jul 30 16:03:57 f6e8b6348633 syslog-ng[17]: syslog-ng starting up; version='3.13.2'
seafile      | *** Booting runit daemon...
seafile      | *** Runit started as PID 24
seafile      | *** Running /scripts/start.py...
seafile      | Jul 30 16:03:57 f6e8b6348633 cron[30]: (CRON) INFO (pidfile fd = 3)
seafile      | Jul 30 16:03:57 f6e8b6348633 cron[30]: (CRON) INFO (Running @reboot jobs)
seafile      | [2019-07-30 16:03:57] Preparing for letsencrypt ...
seafile      | [2019-07-30 16:03:57] Starting letsencrypt verification
seafile      | Already up to date.
seafile      | Generating RSA private key, 4096 bit long modulus
seafile      | .......................................................................................................................................++
seafile      | ............................................................++
seafile      | unable to write 'random state'
seafile      | e is 65537 (0x010001)
seafile      | Generating RSA private key, 4096 bit long modulus
seafile      | ..............................................................................++
seafile      | ........++
seafile      | unable to write 'random state'
seafile      | e is 65537 (0x010001)
seafile      | Parsing account key...
seafile      | Parsing CSR...
seafile      | Found domains: sharedoc.zlinuxboy.com
seafile      | Getting directory...
seafile      | Directory found!
seafile      | Registering account...
seafile      | Registered!
seafile      | Creating new order...
seafile      | Order created!
seafile      | Verifying sharedoc.zlinuxboy.com...
seafile      | sharedoc.zlinuxboy.com verified!
seafile      | Signing certificate...
seafile      | Certificate signed!
seafile      | Nginx reloaded.
seafile      | Created a crontab to auto renew the cert for letsencrypt.
seafile      | Jul 30 16:05:01 f6e8b6348633 cron[30]: (*system*) RELOAD (/etc/crontab)

seafile 容器就挂在这了。

我使用浏览器访问https://sharedoc.zlinuxboy.com，就会出现

502 bad gateway

的错误提示。

这又是什么情况？

Hulk · 2019 年7 月 31 日 03:18

docker-compose restart 重启一下试试

zlinuxboy · 2019 年7 月 31 日 16:38

nope, 不是这个原因。我写docker-compose.yml漏了给seafile container配上网络了，导致docker-compose创建了两个网络，其中seafile位于default，seafile-mysql和seafile-memcached位于另外一个，seafile无法找到另外两个container，导致出现上述错误。

今天又学了docker-compose version 3.7的配置，支持自定义的linux bridge name了，也支持自定的docker network name了。排错起来方便很多。

我感觉有些偏题了，我只是想安装seafile而已，结果学docker反倒花了更多时间。