Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permission denied when passing SSL certificates #66

Closed
mavdi opened this issue Feb 2, 2016 · 5 comments
Closed

Permission denied when passing SSL certificates #66

mavdi opened this issue Feb 2, 2016 · 5 comments

Comments

@mavdi
Copy link

mavdi commented Feb 2, 2016

Running the container with the following settings:

rb:
  image: rabbitmq
  volumes:
    - ./certificates:/certificates
  environment:
    RABBITMQ_SSL_CERT_FILE: /certificates/server/cert.pem
    RABBITMQ_SSL_KEY_FILE:  /certificates/server/key.pem
    RABBITMQ_SSL_CA_FILE: /certificates/ca/cacert.pem
  ports:
    - "15672:15672"
    - "5672:5672"
    - "1883:1883"

getting:

/docker-entrypoint.sh: line 132: /tmp/combined.pem: Permission denied

The script doesn't have access to the temp combined file it creates?

Edit: After many tries it starts up sometimes, it seems to me some sort of race condition.
@simodima
Copy link

simodima commented Mar 7, 2016

👍 i've the same issue

@oryband
Copy link

oryband commented Mar 23, 2016

@mavdi @toretto460 you should probably chown and chmod the files. This probably means you'll have to create your own image based on this one. This is what I did and it works:

FROM rabbitmq:3.6.1-management
MAINTAINER Ory Band @ Rounds <ory@rounds.com>

ENV RABBITMQ_DEFAULT_USER=guest \
    RABBITMQ_DEFAULT_PASS=guest \
    RABBITMQ_DEFAULT_VHOST=/ \
    RABBITMQ_SSL_CERT_FILE=/etc/rabbitmq/ssl/cert.pem \
    RABBITMQ_SSL_KEY_FILE=/etc/rabbitmq/ssl/key.pem \
    RABBITMQ_SSL_CA_FILE=/etc/rabbitmq/ssl/cacert.pem

# set erlang cookie if desired
# https://www.rabbitmq.com/clustering.html
# ENV RABBITMQ_ERLANG_COOKIE=

# copy ssl keys and set rabbitmq to use them
COPY etc/rabbitmq/ssl/* /etc/rabbitmq/ssl/
RUN chown rabbitmq:rabbitmq /etc/rabbitmq/ssl/* \
    && chmod 400 /etc/rabbitmq/ssl/*

@oryband
Copy link

oryband commented Mar 27, 2016

UPDATE: this happens to me as well, regardless of what I wrote.

@oryband oryband mentioned this issue Mar 28, 2016
Closed
@oryband
Copy link

oryband commented Mar 28, 2016

UPDATE: I managed to fix this. I changed this:

RUN chown rabbitmq:rabbitmq /etc/rabbitmq/ssl/* \
    && chmod 400 /etc/rabbitmq/ssl/*

Into this:

RUN chown 999:999 /etc/rabbitmq/ssl/* \
    && chmod 400 /etc/rabbitmq/ssl/*

# alternatively you can use `chown -R 999:999 /etc/rabbitmq/ssl`
# instead of the `chown ...` statement above.

Apparantly the problem was with accessing the .pem files, not creating the /tmp/combined.pem file.

I've noticed in #59 that the rabbitmq:rabbitmq user:group is equal to 999:999, so I thought maybe using ids instead of names might do the trick.

I don't exactly understand why this fixed the problem, since the user:group already exist because of FROM rabbitmq:3.6.1:

rabbitmq/Dockerfile

Line 4 in e9e416f

RUN groupadd -r rabbitmq && useradd -r -d /var/lib/rabbitmq -m -g rabbitmq rabbitmq

Hope this helps.

@oryband
Copy link

oryband commented Mar 28, 2016

UPDATE: this still occurs on random as well. I haven't fixed the problem. This bug renders the rabbitmq trusted build unusable. :\

@vovanbo vovanbo mentioned this issue May 6, 2016
Closed
@tianon tianon mentioned this issue Jul 7, 2016
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix for #66
3 participants
@oryband @mavdi @simodima