v0.108.0-b.81 Can't reload TLS certificate (Docker) #8244
Description
Prerequisites
-
I have checked the Wiki and Discussions and found no answer
-
I have searched other issues and found no duplicates
-
I want to report a bug and not ask a question or ask for help
-
I have set up AdGuard Home correctly and configured clients to use it. (Use the Discussions for help with installing and configuring clients.)
Platform (OS and CPU architecture)
Linux, AMD64 (aka x86_64)
AMD64 also
Installation
Docker
Setup
On one machine
I have 3 machines, two AMD64, one ARM64
AdGuard Home version
v0.108.0-b.81
Desc.
Related #3962
I'm using Lego's container version to doing the renew cron job periodically.
sudo /usr/bin/docker run --rm -e CLOUDFLARE_DNS_API_TOKEN=blabla -v {SOMEWHERE}/adguard/cert:/cert:z goacme/lego -a --path "/cert" --email [email protected] --dns cloudflare -d "*.example.com" -d "example.com" renew --profile shortlived --dynamic --ari-wait-to-renew-duration 50mThis is the Docker compose:
The reason of I'm using tmpfs is because I want the statistic and querylog won't write to the disk.
Same problem exists on both ARM64 and AMD64.
I'll try to remove cap_drop and cap_add to one of the machine to test if this affect. (ChatGPT say it shouldn't related, but I have multiple machines running ADH through.)
services:
app:
container_name: adguard
image: adguard/adguardhome:v0.108.0-b.81
read_only: true
tmpfs:
- /opt/adguardhome/work
volumes:
- ./conf:/opt/adguardhome/conf
#- ./work:/opt/adguardhome/work
- ./work/data/filters:/opt/adguardhome/work/data/filters
- ./work/data/sessions.db:/opt/adguardhome/work/data/sessions.db
- ./cert/certificates:/certificates:ro
network_mode: host
restart: always
healthcheck:
disable: true
cap_drop:
- ALL
cap_add:
- NET_BIND_SERVICE
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID