Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DFP is not correctly reconfigured after restart #28

Open
felicienfrancois opened this issue Mar 17, 2018 · 3 comments
Open

DFP is not correctly reconfigured after restart #28

felicienfrancois opened this issue Mar 17, 2018 · 3 comments

Comments

@felicienfrancois
Copy link

I'm using secrets to store certificates.
When restarting Docker Flow Proxy, I get a SSL_ERROR_RX_RECORD_TOO_LONG error on Firefox on all domains (i.e. the served certificate is invalid).
I need to clear secrets and volume to makes letsencrypt regenerate certificates and reconfigure DFP to makes it work again.

How the DFP startup certs configuration is supposed to work in secrets mode ?
I see in https://proxy.dockerflow.com/usage/#certificates that secrets whose name starts with cert_ are automatically loaded at startup by DFP. Should the secrets created by DFPLE starts with cert_ ?

My stack

version: "3.4"

services:

  proxy:
    image: vfarcic/docker-flow-proxy
    ports:
      - 80:80
      - 443:443
    networks:
      - proxy
    depends_on:
      - swarm-listener
    environment:
      LISTENER_ADDRESS: swarm-listener
      MODE: swarm
      SERVICE_NAME: proxy_proxy
      CHECK_RESOLVERS: 1

  swarm-listener:
    image: vfarcic/docker-flow-swarm-listener
    networks:
      - proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      DF_NOTIFY_CREATE_SERVICE_URL: http://letsencrypt:8080/v1/docker-flow-proxy-letsencrypt/reconfigure
      DF_NOTIFY_REMOVE_SERVICE_URL: http://proxy:8080/v1/docker-flow-proxy/remove
    deploy:
      placement:
        constraints: [node.role == manager]

  letsencrypt:
    image: nib0r/docker-flow-proxy-letsencrypt
    networks:
      - proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - letsencrypt:/etc/letsencrypt
    environment:
      DF_PROXY_SERVICE_NAME: proxy_proxy
    deploy:
      labels:
        - com.df.notify=true
        - com.df.servicePath=/.well-known/acme-challenge
        - com.df.port=8080

volumes:
  letsencrypt:

networks:
  proxy:
    external: true
@n1b0r
Copy link
Owner

n1b0r commented Mar 20, 2018

@felicienfrancois same question here, did you only restart DFP or the whole stack ?

@felicienfrancois
Copy link
Author

I restart by updating the stack with docker stack deploy https://docs.docker.com/engine/reference/commandline/stack_deploy/
In my tests, the only service which configuration had changed was DFP. So it was probably the only service restarted (can't find a doc about the exact behavior of this command)

@felicienfrancois
Copy link
Author

even when restarting all services at once, I have the same issue.
What should be the "boot sequence" ?
Should I had depends_on instruction to force boot sequence order ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@felicienfrancois @n1b0r