My Docker Stack

Check file permissions then because it’s stating it can’t access the file

who has to own it then? root or my user (finity)?

the /certs directory i created is owned finity.

the mydomain.duckdns.org directory is owned by root.

which one should i change?

edit:

sorry the letsencrypt folder i created is by finity

its conents are owned by root

Dude. Calm down.

You are the one in control here.

Who owns the config directory on the host? Have you at least chmodded 755 the files as indicated in the tutorial you said you followed?

:crazy_face: :laughing:

I’m not sure I actually believe that. But yeah, sorry, I REALLY just want to get this done so I can move on to better things.

but yes, I have changed the owner -R to user finity and did a chmod -R 777 on the /docker/letsencrypt directory.

as far as I can tell user finity owns everything in the /docker directory & all subdirectories

and i’m still getting the same error

But your docker container isn’t running as user ‘finity’

I didn’t know that. I assumed finity was the docker user.

So I have to change the entire /docker directory to user root?

I just changed everything to user root:

sudo chown -R root:root /docker

and I still have the same error.

is my mapping of the folders correct in my yaml file posted above?

INSIDE the docker container…your user account is not running inside the container

I honestly have no idea. You’ve changed so much and moved so much around in a wild attempt to make something work that I have no idea what your layout looks like now.

How do I find out what user is running inside the container?

If you look at post 140 or so the last wild attempt :wink: is laid out there.

My current setup is still an RPi3 running Hass.IO. Waiting for my new NUC to come in to set it up through Docker. My test virtual machine/docker instance is working like a charm so far with about 12 containers running and talking to each other.

As for Home Assistant using Lets Encrypt (normal method, not nginx) I think the only issue I had setting it up that way was a permissions issue back when I ran Hassbian some time ago. I missed a chmod step somewhere. Found it, fixed it, and it has worked for a long time now using external port 8123 to RPi on 8123. I don’t use 443 at all. Don’t think I’m even going to go the nginx route when I go Docker (at least for awhile) since I don’t need anything more than Home Assistant exposed. My router does loopback just fine and I can access via IP address in a pinch if I just ignore the cert errors in Chrome.

You should get into the Home Assistant container and cd /certs.

ls -la

show us what you see there.

here it is:

[screen shot redacted]

:slight_smile:

so let’s break this down.

the pem files are symlinked UP 2 directories to …/…/archive/domainname/

so you need your bind mount to point to /docker/letsencrypt and not the path TO the domain

Then you need to fix your filenames in your home assistant config because what I see in your screenshot has the number 1 in the filename and your config does not.

do these look correct?

sudo docker run -d --name="home-assistant" -v /docker/ha-config:/config -v /docker/letsencrypt:/certs -v /etc/localtime:/etc/localtime:ro --net=host homeassistant/home-assistant

http:
  api_password: !secret http_password
  server_port: 8124
  base_url: mydomain.duckdns.org:8124
  ssl_certificate: /certs/fullchain1.pem
  ssl_key: /certs/privkey1.pem

Almost.

since you are mounting the directory /docker/letsencrypt to /certs, your path should be /certs/live/domainname/filename

and now?

http:
  api_password: !secret http_password
  server_port: 8124
  base_url: mydomain.duckdns.org:8124
  ssl_certificate: /certs/live/mydomain.duckdns.org/fullchain1.pem
  ssl_key: /certs/live/mydomain.duckdns.org/privkey1.pem

should be good, but I would go ahead and delete the screenshot, and the domain name from your config there on the forums. :wink:

yup.

i just wanted to be very clear. :grinning:

1 Like