Can't manage to use SSL with Docker

Get help with all aspects of SABnzbd
Forum rules
Help us help you:
  • Are you using the latest stable version of SABnzbd? Downloads page.
  • Tell us what system you run SABnzbd on.
  • Adhere to the forum rules.
  • Do you experience problems during downloading?
    Check your connection in Status and Interface settings window.
    Use Test Server in Config > Servers.
    We will probably ask you to do a test using only basic settings.
  • Do you experience problems during repair or unpacking?
    Enable +Debug logging in the Status and Interface settings window and share the relevant parts of the log here using [ code ] sections.
Post Reply
bearswithpasta
Newbie
Newbie
Posts: 2
Joined: January 19th, 2022, 2:44 pm

Can't manage to use SSL with Docker

Post by bearswithpasta »

Since I am quite familiar with docker and SSL I was really shocked that I could not manage to configurate SSL on SABnzbd.

What I normaly do is:
  • mapping the certs from LE into the correct files in the docker
  • correct rights (if necessary)
  • start docker
  • finished
That normally does the trick. I read the docs and also read some tutorials here in the community. Tested every possible constellation of settings but could not manage to solve it. Also I think in general the SSL/HTTPS section would really need a rewrite since quite a lot of people have problems with setting it up.

Since I have these 4 files
  • cert.pem
  • privkey.pem
  • chain.pem
  • fullchain.pem
Which of them is the required "HTTPS Chain Certificates" since it there is a "fullchain.pem" and "chain.pem"?
Also is it possible to JUST map the files into the container (like at all other docker containers) and if no, why not? Is there a good reason for not making it that easy?

EXAMPLE:
All of his containers: github . com/jlesage?tab=repositories
(sorry have to work around the message "New users are not allowed to post links")

handle it like this:

Map your "privkey.pem" to "/config/certs/web-privkey.pem"
Map your "fullchain.pem " to "/config/certs/web-fullchain.pem"

You can do this in your docker-compose.yml like this:

Code: Select all

    volumes:
      - "/etc/letsencrypt/live/DOMAIN/privkey.pem:/config/certs/web-privkey.pem:ro"
      - "/etc/letsencrypt/live/DOMAIN/fullchain.pem:/config/certs/web-fullchain.pem:ro"
Isn't this 1000 times more easy? These two files there, since they are ":ro" it's also safe since the docker will just be able to read from, not write, execute etc.. Since you map them from "/etc/letsencrypt/live/" and not from "/etc/letsencrypt/archive/" they will automatically update when your LE creates a new cert, which he does all 3 months.

I would love to be able to mapp the SSL Cert in the SABnzbd container like this:

Code: Select all

    volumes:
      - "/etc/letsencrypt/live/DOMAIN/privkey.pem:/config/admin/privkey.pem:ro"
      - "/etc/letsencrypt/live/DOMAIN/fullchain.pem:/config/admin/fullchain.pem:ro"
But it does not work, whenever I map something into this container it appears to have root rights and does not work like in any of the other containers.


I'am open for a discussion and would be happy to get some feedback.

P.S.: I' am currently on the latest version 3.4.2 [cc831e1]
User avatar
sander
Release Testers
Release Testers
Posts: 8811
Joined: January 22nd, 2008, 2:22 pm

Re: Can't manage to use SSL

Post by sander »

I don't understand what your goal is: get it working in a SAB standard way, get it working with docker, discuss, write documentation, or send a PR?

Only can you help with the first thing:

With https://forums.sabnzbd.org/viewtopic.php?f=1&t=19684 you should be able to get it working.

After that, in SAB config/general/ you can set the path of the files. So you can point that to anything , also to other files provided by docker. But you must take care yourself of rights and docker stuff.
bearswithpasta
Newbie
Newbie
Posts: 2
Joined: January 19th, 2022, 2:44 pm

Re: Can't manage to use SSL

Post by bearswithpasta »

The programm is working, but I cant get SSL to work. Whenever I activate it, it breaks the setup. For me things are somewhat overcomplicated on this setup/docker, thats why I asked to make it as easy as on other dockers, eg. the once I liked.

I already read this exact tutorial, but it still di not work, also I dont want to copy any files into the config folder, that goes against the logic of docker, specially since the Certs are rotating/changing all 3 month, that why I would like to mapp in into the correct path, but this does not seem to work, like it does with all other docker-container providers.
sander wrote: January 21st, 2022, 12:34 am I don't understand what your goal is: get it working in a SAB standard way, get it working with docker, discuss, write documentation, or send a PR?
To get SSL working with a docker container.
User avatar
sander
Release Testers
Release Testers
Posts: 8811
Joined: January 22nd, 2008, 2:22 pm

Re: Can't manage to use SSL with Docker with Docker

Post by sander »

Clear. I've changed the subject for you so that someone willing and able to help you can easily see it.
Post Reply