Ubuntu Server Docker Install Dependency Issue

Just moved from a Pi to a Ubuntu Server installation due to my frustration with SD cards dying.
I’ve installed HASS through the docker image which was super simple, but now I’m trying to enable SSL and I’ve got the certs installed but when I make the changes in the config, i get the following errors on bootup:

2017-09-22 10:15:29 ERROR (MainThread) [homeassistant.setup] Unable to setup dependencies of config. Setup failed for dependencies: http 2017-09-22 10:15:29 ERROR (MainThread) [homeassistant.setup] Setup failed for config: Could not setup all dependencies. 2017-09-22 10:15:29 ERROR (MainThread) [homeassistant.setup] Unable to setup dependencies of tts. Setup failed for dependencies: http 2017-09-22 10:15:29 ERROR (MainThread) [homeassistant.setup] Setup failed for tts: Could not setup all dependencies. 2017-09-22 10:15:29 ERROR (MainThread) [homeassistant.setup] Unable to setup dependencies of conversation. Setup failed for dependencies: http 2017-09-22 10:15:29 ERROR (MainThread) [homeassistant.setup] Setup failed for conversation: Could not setup all dependencies. 2017-09-22 10:15:58 ERROR (MainThread) [homeassistant.setup] Unable to setup dependencies of media_player. Setup failed for dependencies: http 2017-09-22 10:15:58 ERROR (MainThread) [homeassistant.setup]
Setup failed for media_player: Could not setup all dependencies.

It looks like the dependencies won’t install - i thought it was a permissions issue so i changed my config install from a home folder to a root folder (/config) and still get the issue. I’ve made the folder permissions 777 and all that, not sure what else I’m missing
Thanks for any leads…

The problem is almost certainly that HA can’t find your SSL certs, so setting up everything else is failing. Where are the certs on your host? Does the container have access? What’s the permissions on the folder containing the certs on the host?

They’re in the default location:

ssl_certificate: /etc/letsencrypt/live/MINE.duckdns.org/fullchain.pem
ssl_key: /etc/letsencrypt/live/MINE.duckdns.org/privkey.pem

I’ve set them up before and its worked so i assume its a permission thing from docker, the folders have the correct permissions (i edited them to allow general access) I didnt find anywhere on how to allow docker images to view local files? Should I move the certs to the config folder and point to them there?

Ok that’s the problem. Docker containers are completely isolated from your host’s filesystem, so the HA container is looking for that path in its OWN filesystem, not finding it, and failing.

Try this: make a folder “ssl” inside your HA “config” folder. Copy the certs into the ssl folder. Update your configuration.yaml to point ssl_certificate and ssl_key at /config/ssl/fullchain.pem and /config/ssl/privkey.pem instead. Make sure the ssl directory and certs are chmod 777.

Start the container. Does it work?

That sounds promising, i made the changes then restarted the machine and my container is missing and when I goto create a new container it says that the name is in use?

I think ill have to keep playing with it but I think the steps you’ve outlined have pointed me in the right direction, so thank you for that

Restarting your machine not necessary.

Just do docker start containername. If you’re on an OS that uses sudo, preface that with sudo.

Oh awesome! That worked!

I was typing sudo docker ps and my container wasn’t listed so I thought it had been removed - i didn’t realize that it only showed running containers. I also assumed that it would run my container by default on startup. I assume theres a way somehow to make it autostart

But that appears to have solved my issue for now - im now greeted with the login screen using my SSL link. Thank you!

No problem! docker ps -a will list all your containers, running or not. As you’ve seen docker ps lists only running containers.

You have two options for autostarting. First, you can create the container with an additional option: -- restart always which will start the container when Docker starts up at boot. Or, you can use systemd to start and manage the container. Copy the following into a file called /etc/systemd/system/homeassistant.service:

Description=Home Assistant container

ExecStart=/usr/bin/docker start -a  containername 
ExecStop=/usr/bin/docker stop -t 2 containername


Obviously replace containername with the name of your HA container.

Then do systemctl daemon-reload, and systemctl enable homeassistant. Now, HA will start on boot!

I highly recommend deploying portainer to manage your docker.
Do take time to learn the docker command line… but portainer will save you a lot of time - e.g. managing stopped containers, deleting old images etc.

Its super easy to deploy, too:

docker run -d -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer

See here:

Another suggestion is to provide docker container access to SSL folder
This makes it easier for SSL cert renew(no need to copy/paste to config folder)

docker create -p 8123:8123 -v /host/SSLfolder:/dockerhha/sslfolder:ro -v /host/config:/dockerhha/config home-assistant/home-assistant:version

There is a problem with this though: when certbot fetches or renews your cert, it doesn’t place a copy of the cert in the “live” directory on the host but only symlinks it there. When the Docker container tries to follow the symlink it will fail, since the actual cert won’t be present in the container where the symlink points to. I tried to figure out a way around this but ultimately just wrote a bash script that copies the newest certs into my config/ssl directory after a successful certbot renew.

It’s usually a good idea to include bash in the Dockerfile while you’re developing. Doing so allows you connect to the container and troubleshoot from the inside. The way to call it is:

docker exec -it your_container_name /bin/bash

You should then be able to determine where the certs are (|should be?) stored and be able to create the needed volume export (the “-v” switch) when you first create the container.

I ended up just copying the actual certs into the /config/certs folder I made and pointing to them there, kind of a pain in the ass but it currently works