http works but https is not working with docker - docker

I am trying to host my application in angular from docker container. Its working fine with http but not working with https.
1. Created a signed ssl certificate in wsl and generated the .key and .crt files
2. Added the below code to docker file in the application
# Set the working directory
WORKDIR /app
# Add the source code to app
COPY ./ /app/
# Install all the dependencies
RUN npm install
ARG configuration=prod
RUN npm run build:$configuration
FROM httpd:2.4
COPY --from=build-step /app/dist/<appname>/ /usr/local/apache2/htdocs/
3. Created an image using the command: docker build --build-arg configuration=dev . -t <image name>
4. To run the web traffic over ssl used the command for mounting
docker run -p 8235:80 -p 443:443 -v /mnt/c/usr/name/Azure/certificate.crt:/usr/local/apache2/conf/server.crt -v /mnt/c/usr/name/Azure/certificate.key:/usr/local/apache2/conf/server.key <image name>
5. Uncommented the below lines in httpd.conf file present in /usr/local/apache2/conf/httpd.conf
#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
#LoadModule ssl_module modules/mod_ssl.so
#Include conf/extra/httpd-ssl.conf
6. Also added the line ServerName localhost in httpd.conf
When tried browsing with http://localhost:8235/ it works fine but when using https://localhost:8235/ it does not work
The logs show the below result:
[Fri Feb 04 10:59:21.854978 2022] [ssl:warn] [pid 1:tid ##########] AH01906: www.example.com:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Feb 04 10:59:21.855031 2022] [ssl:warn] [pid 1:tid ##########] AH01909: www.example.com:443:0 server certificate does NOT include an ID which matches the server name
[Fri Feb 04 10:59:21.856743 2022] [mpm_event:notice] [pid 1:tid ##########] AH00489: Apache/2.4.52 (Unix) OpenSSL/1.1.1k configured -- resuming normal operations
[Fri Feb 04 10:59:21.856787 2022] [core:notice] [pid 1:tid ##########] AH00094: Command line: 'httpd -D FOREGROUND'

Httpd will not run http and https protocols on the same port.
As it seems, it is configured to operate on port 80 (http) and port 443 (https). You configured port forwarding as
8235 -> 80 (http)
443 -> 443 (https)
so you need to test the URLs
http://localhost:8235/
https://localhost:443/
Depending on the certificate you provided the client may warn about an unsafe connection.

Related

Creating a PHP Web Server Based on CentOS 8 with Docker

Here is my Dockerfile to create a simple web server based on CentOS 8:
FROM centos:8
RUN yum -y update && \
yum -y install httpd php
COPY . /var/www/html
CMD ["httpd", "-D", "FOREGROUND"]
I build and run the container with the following commands:
docker build -t web .
docker run --rm --name web -p 8000:80 --network net1 --mount type=bind,source=`pwd`,target=/var/www/html web
The error I see when accessing http://localhost:8000 is:
Service Unavailable
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
The httpd logs say:
[Sat Jun 20 04:42:02.970003 2020] [suexec:notice] [pid 1:tid 140041021270272] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.19.0.2. Set the 'ServerName' directive globally to suppress this message
[Sat Jun 20 04:42:02.994125 2020] [lbmethod_heartbeat:notice] [pid 1:tid 140041021270272] AH02282: No slotmem from mod_heartmonitor
[Sat Jun 20 04:42:02.995333 2020] [http2:warn] [pid 1:tid 140041021270272] AH02951: mod_ssl does not seem to be enabled
[Sat Jun 20 04:42:03.001899 2020] [mpm_event:notice] [pid 1:tid 140041021270272] AH00489: Apache/2.4.37 (centos) configured -- resuming normal operations
[Sat Jun 20 04:42:03.002120 2020] [core:notice] [pid 1:tid 140041021270272] AH00094: Command line: 'httpd -D FOREGROUND'
[Sat Jun 20 04:42:04.782201 2020] [proxy:error] [pid 8:tid 140040377865984] (2)No such file or directory: AH02454: FCGI: attempt to connect to Unix domain socket /run/php-fpm/www.sock (*) failed
[Sat Jun 20 04:42:04.782280 2020] [proxy_fcgi:error] [pid 8:tid 140040377865984] [client 172.19.0.1:41072] AH01079: failed to make connection to backend: httpd-UDS
The problem is not as clear to me as it seems. I think it's a php-fpm issue, but have no idea how to fix it. Looked this up, but all solutions seem complicated. Is there a simple way to tell PHP to work with the server in the Docker image?
I recently read about using process managers like supervisord where one needs to start several services per container. But, is it possible to start PHP-FPM in a simpler way inside the web container?
I managed to tackle it when using a base rhel 8 image by
CMD ["bash", "-c", "/usr/sbin/apachectl start; /usr/sbin/php-fpm --nodaemonize"]
But when I tried it with base centos 8 image, it doesn't work, I don't know why

set up php-fpm for a centos 8 container

FROM centos:8
RUN yum -y update && \
yum -y install php-fpm httpd
COPY . /var/www/html
CMD ["httpd", "-D", "FOREGROUND"]
I successfully created a simple container image based on centos:7 and it just works fine serving php files from document root. But, when I change the base to centos:8, php files are not served. The 503 Apache page is shown saying "The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later."
When I look into /etc/httpd/logs/error_log inside the running container, I see:
[Wed Jun 10 10:57:33.236099 2020] [proxy:error] [pid 7:tid 139731249620736] (2)No such file or directory: AH02454: FCGI: attempt to connect to Unix domain socket /run/php-fpm/www.sock (*) failed
[Wed Jun 10 10:57:33.237322 2020] [proxy_fcgi:error] [pid 7:tid 139731249620736] [client 172.17.0.1:46224] AH01079: failed to make connection to backend: httpd-UDS
[Wed Jun 10 10:57:34.183056 2020] [proxy:error] [pid 7:tid 139731224442624] (2)No such file or directory: AH02454: FCGI: attempt to connect to Unix domain socket /run/php-fpm/www.sock (*) failed
[Wed Jun 10 10:57:34.183132 2020] [proxy_fcgi:error] [pid 7:tid 139731224442624] [client 172.17.0.1:46228] AH01079: failed to make connection to backend: httpd-UDS
Tried to make a difference by creating /run/php-fpm directory inside the container for testing purposes, but the error still persists.
I really wish this would be solvable without seding something into php-fpm or httpd configuration files of the container.

Docker Unable to open configuration file

Problem:
I have docker container running with squid.
Is running correctly until I expose volume.
Runs fine when I start the container like this:
docker run --name squid -d -p 3128:3128 leros321/squid_proxy:latest
but fails when I provide the configuration file from the host:
docker run --name squid -d -p 3128:3128 -v /root/squid/squid.conf:/etc/squid/squid.conf leros321/squid_proxy:latest
I am getting:
error code (journalctl -xe):
FATAL: Unable to open configuration file: /etc/squid/squid.conf: (13)
Permission denied
Rights inside container:
-rw-r--r-- 1 squid squid 2369 Jul 24 06:44 /etc/squid/squid.conf
Squid id: /
# id squid
uid=31(squid) gid=31(squid) groups=31(squid),31(squid),1000(winbind)
Rights on host:
-rw-r--r--. 1 31 root 2484 Jul 24 08:27 /root/squid/squid.conf

OpenCPU Docker fails to restart after it is stopped once

I installed opencpu Docker image using
docker pull opencpu/ubuntu-16.04.
The very first time it starts sucessfully. But if I terminate the process and try to start it again using command
docker run -it imageID
It gets terminated each time. Need suggestion about how to start it successfully.
Desktop$ docker run -it d98852787b8e
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.4. Set the 'ServerName' directive globally to suppress this message
[Thu Mar 08 06:34:52.836970 2018] [ssl:warn] [pid 11] AH01909: 172.17.0.4:443:0 server certificate does NOT include an ID which matches the server name
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.4. Set the 'ServerName' directive globally to suppress this message
[Thu Mar 08 06:34:52.849109 2018] [ssl:warn] [pid 11] AH01909: 172.17.0.4:443:0 server certificate does NOT include an ID which matches the server name
[Thu Mar 08 06:34:52.849219 2018] [core:warn] [pid 11] AH00098: pid file /var/run/apache2/apache2.pid overwritten -- Unclean shutdown of previous Apache run?
[Thu Mar 08 06:34:52.851132 2018] [mpm_prefork:notice] [pid 11] AH00163: Apache/2.4.18 (Ubuntu) mod_R/1.2.7 R/3.2.2 OpenSSL/1.0.2g mod_apreq2-20090110/2.8.0 configured -- resuming normal operations
[Thu Mar 08 06:34:52.851152 2018] [core:notice] [pid 11] AH00094: Command line: '/usr/sbin/apache2 -D FOREGROUND'
[Thu Mar 08 06:34:52.872738 2018] [mpm_prefork:notice] [pid 11] AH00170: caught SIGWINCH, shutting down gracefully
Using locale: en_US.UTF-8
Using locale: en_US.UTF-8
AppArmor not available. Running OpenCPU without security profile but with rlimits.
Using locale: en_US.UTF-8
AppArmor not available. Running OpenCPU without security profile but with rlimits.
AppArmor not available. Running OpenCPU without security profile but with rlimits.
Using locale: en_US.UTF-8
Using locale: en_US.UTF-8
AppArmor not available. Running OpenCPU without security profile but with rlimits.
AppArmor not available. Running OpenCPU without security profile but with rlimits.
Loading config from /usr/lib/opencpu/library/opencpu/config/defaults.conf
Loading config from /usr/lib/opencpu/library/opencpu/config/defaults.conf
Loading config from /etc/opencpu/server.conf
Loading config from /usr/lib/opencpu/library/opencpu/config/defaults.conf
Loading config from /etc/opencpu/server.conf
Loading config from /usr/lib/opencpu/library/opencpu/config/defaults.conf
OpenCPU cloud server ready.
OpenCPU cloud server ready.
Loading config from /etc/opencpu/server.conf
Loading config from /etc/opencpu/server.conf
OpenCPU cloud server ready.
OpenCPU cloud server ready.
Loading config from /usr/lib/opencpu/library/opencpu/config/defaults.conf
Loading config from /etc/opencpu/server.conf
OpenCPU cloud server ready.
rserver[8]: ERROR system error 10 (No child processes); OCCURRED AT: rstudio::core::Error rstudio::server::app_armor::enforceRestricted() /home/ubuntu/rstudio/src/cpp/server/ServerAppArmor.cpp:90; LOGGED FROM: int main(int, char* const*) /home/ubuntu/rstudio/src/cpp/server/ServerMain.cpp:513
Terminated
Perhaps this can give you some hint... this is not exactly the solution but if gives you at a high level what could be the cause and lead to the solutioni.enter link description here
This seems to be a problem with the rstudio-server package. I will add the workaround suggested above (server-app-armor-enabled=0) to the opencpu docker images.
Note that the opencpu/base image does install rstudio, so you may want to try this one.
What is the output of
sudo docker logs <container-name> ?
Most likely it would be something indicating the httpd pid exists. Which means you need to delete the apache2.pid in the container. But now since the container does not boot up a hack is to edit your container's config.v2.json file located in /var/lib/docker/containers/<container-long-id>/
In the CMD section, change "service cron start && apachectl -DFOREGROUND" to "rm -f /var/run/apache2/apache2.pid && service cron start && apachectl -DFOREGROUND". This will ensure your container will start. Worked for me!

My build does not include my web site directive

I'm not sure where I went off of the rails but I am trying to create a container for my web site. First I start off with a file called 'default':
server {
root /var/www;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
}
var/www/ points to my web content with index.html being the default file for the content.
Then I create my very simple Dockerfile:
FROM httpd
MAINTAINER Jay Blanchard
RUN httpd
ADD default /home/OARS/
In my Dockerfile I reference the default file from above, thinking this is what is needed to point to my web content. The default file happens to be in the same directory as the Docker file, but I give the path /home/OARS/ as I have seen in some examples.
The build is successful:
foo#bar:/home/OARS$ sudo docker build -t oars-example .
Sending build context to Docker daemon 3.072 kB
Sending build context to Docker daemon
Step 0 : FROM httpd
---> cba1e4bb4caa
Step 1 : MAINTAINER Jay Blanchard
---> Using cache
---> e77807e98c6b
Step 2 : RUN httpd
---> Using cache
---> c0bff2fb1f9b
Step 3 : ADD default /home/OARS/
---> 3b4053fbc8d4
Removing intermediate container e02d27c4309d
Successfully built 3b4053fbc8d4
And the run appears to be successful:
foo#bar:/home/OARS$ sudo docker run -d -P oars-example
9598c176a706b19dd28dfab8de94e9c630e5781aca6930564d15182d21b0f6a5
9598c176a706 oars-example:latest "httpd-foreground" 6 seconds ago Up 5 seconds 0.0.0.0:32776->80/tcp jovial_fermat
Yet when I go to the IP (with port 32776, there is something running on port 80 already) I do not get the index page I've specified in /var/www, but I do get the default index page from the Apache server.
Here is the log from the server:
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 000.000.000.000. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 000.000.000.000. Set the 'ServerName' directive globally to suppress this message
[Tue May 19 16:59:17.457525 2015] [mpm_event:notice] [pid 1:tid 140053777708928] AH00489: Apache/2.4.12 (Unix) configured -- resuming normal operations
[Tue May 19 16:59:17.457649 2015] [core:notice] [pid 1:tid 140053777708928] AH00094: Command line: 'httpd -D FOREGROUND'
000.000.000.000 - - [19/May/2015:17:00:08 +0000] "GET / HTTP/1.1" 200 45
000.000.000.000 - - [19/May/2015:17:00:08 +0000] "GET /favicon.ico HTTP/1.1" 404 209
I've changed the IP addresses in the logs just to keep things kosher.
Am I missing something obvious to make sure my web site files are being run in the container?
First, you are trying to use a nginx config file within an Apache container.
Then, according to the base container documentation, the correct way to specify a config file is:
# Dockerfile
FROM httpd
COPY ./my-httpd.conf /usr/local/apache2/conf/httpd.conf

Resources