aditosoftware / nodepki-docker Goto Github PK
View Code? Open in Web Editor NEWDocker container for NodePKI API server and NodePKI client. Batteries included.
License: MIT License
nodepki-docker's Issues
Container force quit
Container exit must be forced. Doesn't react on CTRL+C :(
Add nodepki-client to docker container.
Add nodepki-client to docker container.
INFO exited: nodepki (exit status 1; not expected)
Hi there,
I tried to run nodepki-docker but the nodepki server seems to crash every time docker-compose up entered.
Steps to reproduce
Clone the repo:
git clone [email protected]:aditosoftware/nodepki-docker.gitEdit docker-compose.yml:
version: '3.4'
services:
nodepki:
image: adito/nodepki-docker
ports:
- "8080:8080"
- "2560:2560"
- "5000:5000"
- "5858:5858"
volumes:
- "/opt/data/nodepki/nodepki:/root/nodepki/data"
- "/opt/data/nodepki/nodepki-client/:/root/nodepki-client/data"
- "/opt/data/nodepki/nodepki-webclient/:/root/nodepki-webclient/data"
- "/opt/data/nodepki/certs/:/root/nodepki-client/out"
extra_hosts:
- "ca.example.com:127.0.0.1"
- "ocsp.example.com:127.0.0.1"
- "ca-admin.example.com:127.0.0.1"
environment:
API_USERNAME: localadmin
API_PASSWORD: top_secret
labels:
traefik.ca-admin.port: 5000
traefik.ca-admin.frontend.rule: Host:ca-admin.example.com
traefik.ca-admin.protocol: http
traefik.ca.port: 8080
traefik.ca.frontend.rule: Host:ca.example.com
traefik.ca.protocol: http
traefik.ocsp.port: 2560
traefik.ocsp.frontend.rule: Host:ocsp.example.com
traefik.ocsp.protocol: httpLet the basic config generate:
[root@node01]# docker-compose run nodepki /bin/sh /root/setup.sh
>>>>>> Setting up NodePKI-Client ...
>>>>>> Setting up NodePKI-Webclient ...
>>>>>> Setting up NodePKI ...
[14:21:15] User created successfully.
>>>>>> Setup finished.Edited the configuration nodepki/config/config.yml:
###
### Server config: IP-Address and port to listen to.
###
server:
ip: 0.0.0.0
http:
domain: ca.example.com
port: 8080
ocsp:
domain: ocsp.example.com
port: 2560
###
### CA config: Passphrase for CA Key
###
ca:
root:
passphrase: <secret>
days: 3650
country: CH
state: Zurich
locality: Zurich
organization: Example GmbH
commonname: Root CA
intermediate:
passphrase: <secret>
days: 3650
country: CH
state: Zurich
locality: Zurich
organization: Example ORG
commonname: Intermediate CA
ocsp:
passphrase: <secret>
country: CH
url: "http://ocsp.example.com"
crl:
url: "http://ca.example.com/public/ca/intermediate/crl"
###
### Settings for end user certificates
###
cert:
lifetime_default: 1
lifetime_max: 1095nodepki-webclient config.yml:
server:
baseurl: http://ca-admin.example.com
ip: 0.0.0.0
port: 5000
apiserver:
hostname: ca.example.com
port: 8080
publicport: 8080
tls: false
csr_defaults:
country: CH
state: Zurich
locality: Zurich
organization: Example ORGnodepki-client config.yml:
###
### Hostnames and ports of the NodePKI server
###
server:
hostname: ca.example.com
port_plain: 8080
port_tls: 443
tls: false
###
### Username and password to authenticate with
###
user:
username: localadmin
password: top_secret
###
### CSR default values
###
csr_defaults:
country: "CH"
state: "Zurich"
locality: "Zurich"
organization: "Example ORG"
###
### Default certificate lifetime
###
cert_lifetime_default: 1095Start of nodepki:
[root@node01]# docker-compose up
Recreating nodepki_nodepki_1 ... done
Attaching to nodepki_nodepki_1
nodepki_1 | 2018-04-28 14:23:16,479 CRIT Supervisor running as root (no user in config file)
nodepki_1 | 2018-04-28 14:23:16,482 INFO supervisord started with pid 7
nodepki_1 | 2018-04-28 14:23:17,484 INFO spawned: 'nodepki' with pid 10
nodepki_1 | 2018-04-28 14:23:17,485 INFO spawned: 'nodepki_webclient' with pid 11
nodepki_1 | 2018-04-28 14:23:17,936 INFO exited: nodepki (exit status 1; not expected)
nodepki_1 | 2018-04-28 14:23:18,938 INFO spawned: 'nodepki' with pid 32
nodepki_1 | 2018-04-28 14:23:18,939 INFO success: nodepki_webclient entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
nodepki_1 | 2018-04-28 14:23:19,350 INFO exited: nodepki (exit status 1; not expected)
nodepki_1 | 2018-04-28 14:23:21,354 INFO spawned: 'nodepki' with pid 48
nodepki_1 | 2018-04-28 14:23:21,761 INFO exited: nodepki (exit status 1; not expected)
nodepki_1 | 2018-04-28 14:23:24,764 INFO spawned: 'nodepki' with pid 64
nodepki_1 | 2018-04-28 14:23:25,169 INFO exited: nodepki (exit status 1; not expected)
nodepki_1 | 2018-04-28 14:23:26,171 INFO gave up: nodepki entered FATAL state, too many start retries too quicklyDo you guys have any guess that the issue could be? I guess its something with the configuration but I don't have any clue what's wrong. The nodepki server unfortunately does not deliver a more specific error message.
No reverse proxy is currently used in front of the nodepki application.
Thanks!
Regards,
Philip
Unable to setup
This project looks to be pretty dead but here I go anyway :
I think I followed instructions, but still the setup scripts doesn't have the data directory to work with. mkdir -p seems to help with this issue but I still get empty config when trying to continue with the procedure.
> sudo docker-compose run nodepki /bin/sh /opt/nodepki/setup.sh
>>>>>> Setting up NodePKI-Client ...
mkdir: can't create directory 'data/config': No such file or directory
cp: can't create 'data/config/config.yml': No such file or directory
/opt/nodepki/setup.sh: line 10: can't create data/config/config.yml.tmp: nonexistent directory
/opt/nodepki/setup.sh: line 11: can't create data/config/config.yml.tmp: nonexistent directory
>>>>>> Setting up NodePKI-Webclient ...
mkdir: can't create directory 'data/config': No such file or directory
cp: can't create 'data/config/config.yml': No such file or directory
>>>>>> Setting up NodePKI ...
mkdir: can't create directory 'data/config': No such file or directory
cp: can't create 'data/config/config.yml': No such file or directory
[15:55:28] User created successfully.
>>>>>> Setup finished.
Use Alpine Linux
Don't load complete new config file
Don't load complete new config file but use sed and environment variables to customize config in container.
Update Readme
Add information about Webclient
Having a hard time deploying this container
Hello,
I was able to deploy this on my local machine and it worked very well (thank you!), however, when I tried moving it to my NAS, things were not as smooth as I would've hoped them to be.
My setup is as follows:
Synology NAS with 2 containers:
- nginx
- nodepki
Nginx container is essentially a reverse proxy for my other services. So, when I go to https://myservice.mydomain.com, nginx will proxy_pass to an internal url. I thought that I would do the same thing with nodepki, but I cannot figure out proper environment variables for everything to just work. All my service subdomains have a Let's Encrypt cert installed, so I have the following connection flow: Internet ----> SSL ---> NGinx ---> HTTP ----> service
I am trying to have all the services on a single subdomain (say, certification.mydomain.com), instead of multiple. I have also used your nginx template from main readme file, where different services are at different locations.
I am pretty sure that the issue is with environment variables, but I am not sure.
Here's my nginx.conf:
server {
listen 443 ssl;
server_name certifications.mydomain.com;
include /config/snippets/le_cert.conf;
location = / {
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
rewrite ^ https://certifications.mydomain.com/webclient/ permanent;
}
location /api {
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://nodepki:8080/api;
}
location /public {
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://nodepki:8080/public;
}
location /webclient/ {
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://nodepki:5000/;
}
location /ocsp {
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://nodepki:2560;
}
access_log logs/nodepki.access.log main;
error_log logs/nodepki.error.log;
}
Here's my env variables:
INTERMEDIATE_CA_COMMON_NAME=Intermediate CA,
ROOT_CA_COMMON_NAME=CA,
CA_CERT_EXPIRE_IN_DAYS=3650,
OCSP_PASSPHRASE=my_ocsp_password,
INTERMEDIATE_PASSPHRASE=my_intermediate_password,
ROOT_PASSPHRASE=my_root_password,
CERT_MAX_LIFETIME_IN_DAYS=3650,
CERT_MIN_LIFETIME_IN_DAYS=1,
ORGANIZATION_NAME=My Org,
LOCALITY_NAME=Some City,
STATE_NAME=Some State,
COUNTRY_CODE=US,
CA_OSCP_SERVER_HTTP_URL=https://certifications.mydomain.com/ocsp,
CA_CRL_SERVER_HTTP_URL=https://certifications.mydomain.com/public/ca/intermediate/crl,
CA_WEBCLIENT_HTTP_URL=https://certifications.mydomain.com/webclient,
CA_OSCP_SERVER_PORT=2560,
CA_OSCP_SERVER_URL=certifications.mydomain.net/ocsp,
CA_WEBCLIENT_SERVER_PORT=8080,
CA_WEBCLIENT_BIND_IP_ADDRESS=0.0.0.0,
CA_WEBCLIENT_SERVER_URL=certifications.mydomain.net/webclient,
CA_API_SERVER_TLS_ENABLED=false,
CA_API_SERVER_TLS_PORT=443,
CA_API_SERVER_PLAIN_PORT=5000,
CA_API_SERVER_URL=certifications.mydomain.net/api,
CA_API_SERVER_BIND_IP_ADDRESS=0.0.0.0,
API_PASSWORD=my_api_password,
API_USERNAME=my_api_user
Containers are linked to each other, which is why I am able to use nodepki as a hostname in my nginx config.
Thanks for your help!
Bind IP-Address is not dynamic
IP-Addresses are currently statically defined via Dockerfile. Make this dynamic.
Make Dockerfile and Docker-compose.yml version-independent
Make Dockerfile and Docker-compose.yml version-independent from nodepki version.
Update Files
- add user.db creation
- Include updated configs
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.