Certbot --nginx generate and install but my container is restarting in loop with nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address in use) and nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use)

netogildo · January 18, 2022, 9:49pm

I've tried this solution https://geko.cloud/en/nginx-letsencrypt-certbot-docker-alpine , but get an error on nginx and is restarting always.

The error reported is:
app-client_1 | 2022/01/18 21:21:55 [emerg] 22#22: bind() to 0.0.0.0:443 failed (98: Address in use)
app-client_1 | nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address in use)
app-client_1 | 2022/01/18 21:21:55 [emerg] 22#22: bind() to 0.0.0.0:80 failed (98: Address in use)
app-client_1 | nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use)

The ssl works, but my docker container is restarting in loop.

In my nginx container, when I set in my entrypoint.sh to run the certbot command, still doing the restart, mas but if I remove and run the same command after the container start, it works.

nginx.conf:

user nginx;

# auto detects a good number of processes to run
worker_processes auto;

#Provides the configuration file context in which the directives that affect connection processing are specified.
events {
    # Sets the maximum number of simultaneous connections that can be opened by a worker process.
    worker_connections 8000;
    # Tells the worker to accept multiple connections at a time
    multi_accept on;
}

http {

    server {
        listen       80;
        server_name  teste-4.codepec.com;

        location / {
            root   /var/www;
            index  index.html index.htm;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }

        location /api/ {
            proxy_read_timeout      300;
            proxy_connect_timeout   300;
            proxy_redirect          off;

            proxy_http_version 1.1;

            proxy_set_header    Host                         $http_host;
            proxy_set_header    X-Real-IP                 $remote_addr;
            proxy_set_header    X-Forwarded-Ssl      on;
            proxy_set_header    X-Forwarded-For      $proxy_add_x_forwarded_for;
            proxy_set_header    X-Forwarded-Proto   $scheme;

            # redirect api calls to the api container, running on the same docker-compose
            proxy_pass http://app-server:8380/;
        }
    }

}

entrypoint.sh:

#!/usr/bin/env bash

envsubst < /etc/nginx/templates/nginx.conf.template > /etc/nginx/nginx.conf
certbot --nginx -d ${DOMAIN} --agree-tos -n -m "${CERTBOT_EMAIL}"
crond -f -d 8 &
nginx -g "daemon off;"

My domain is: codepec.com

The client container is running nginx:1.21.5-alpine

The gerenation of the certs works, but the restart I'cat resolve.

orangepizza · January 18, 2022, 10:03pm

something already running on that port (probably another nginx process) inside your docker image

netogildo · January 18, 2022, 10:19pm

What I don't understand is why it works if I remove the line of certbot from my entrypoint.sh and run the same after my container is up.

If I change my entrypoint.sh to this..

#!/usr/bin/env bash

envsubst < /etc/nginx/templates/nginx.conf.template > /etc/nginx/nginx.conf
#certbot --nginx -d ${DOMAIN} --agree-tos -n -m "${CERTBOT_EMAIL}"
crond -f -d 8 &
nginx -g "daemon off;"

and after start I enter in the container with docker exec -it ... bash and run mannualy:

certbot --nginx -d teste-4.codepec.com --agree-tos -n -m "myemail@email.com"

just works and container not restarts:

my container image is very simple:

#### Stage 1: Build the react application
FROM node:16.13.2-alpine as build

# Configure the main working directory inside the docker image.
# This is the base directory used in any further RUN, COPY, and ENTRYPOINT
# commands.
WORKDIR /app

# Copy the package.json as well as the yarn-lock.json and install
# the dependencies. This is a separate step so the dependencies
# will be cached unless changes to one of those two files
# are made.
COPY package.json yarn.lock ./
RUN yarn install --network-timeout 1000000000

# Copy the main application
COPY . ./

ARG PROFILE
# Build the application
RUN yarn $PROFILE

#### Stage 2: Serve the React application from Nginx
FROM nginx:1.21.5-alpine

# Install certbot
RUN apk add --no-cache bash curl && \
    apk add --no-cache certbot certbot-nginx

# Copy the react build from Stage 1
COPY --from=build /app/build /var/www

# Copy renew cron script
COPY nginx/renew /etc/periodic/daily/renew
RUN chmod +x /etc/periodic/daily/renew

RUN mkdir /etc/letsencrypt

# Copy nginx script to set envsubst
COPY nginx/scripts/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh

# Copy our custom nginx template config
COPY nginx/templates /etc/nginx/templates/

VOLUME /etc/letsencrypt

ENTRYPOINT ["/entrypoint.sh"]

orangepizza · January 18, 2022, 10:44pm

that sounds like init script ran too early to run certbot, and containers internal script didn't expect nginx to be already started. put certbot command after nginx -g

-------- 원본 이메일 --------
발신: Gildo Neto via Let's Encrypt Community Support letsencrypt@discoursemail.com
날짜: 22/1/19 07:30 (GMT+09:00)
받은 사람: tjtncks@gmail.com
제목: [Let's Encrypt Community Support] [Help] Certbot --nginx generate and install but my container is restarting in loop with nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address in use) and nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address in use)

| netogildo
January 18 |

| - |

What I don't understand is why it works if I remove the line of certbot from my entrypoint.sh and run the same after my container is up.

If I change my entrypoint.sh to this..
#!/usr/bin/env bash

envsubst < /etc/nginx/templates/nginx.conf.template > /etc/nginx/nginx.conf

#certbot --nginx -d ${DOMAIN} --agree-tos -n -m "${CERTBOT_EMAIL}"

crond -f -d 8 &

nginx -g "daemon off;"
and after start I enter in the container with docker exec -it ... bash and run mannualy:
certbot --nginx -d teste-4.codepec.com --agree-tos -n -m "myemail@email.com"
just works and container not restarts:

my container image is very simple:
#### Stage 1: Build the react application

FROM node:16.13.2-alpine as build

# Configure the main working directory inside the docker image.

# This is the base directory used in any further RUN, COPY, and ENTRYPOINT

# commands.

WORKDIR /app

# Copy the package.json as well as the yarn-lock.json and install

# the dependencies. This is a separate step so the dependencies

# will be cached unless changes to one of those two files

# are made.

COPY package.json yarn.lock ./

RUN yarn install --network-timeout 1000000000

# Copy the main application

COPY . ./

ARG PROFILE

# Build the application

RUN yarn $PROFILE

#### Stage 2: Serve the React application from Nginx

FROM nginx:1.21.5-alpine

# Install certbot

RUN apk add --no-cache bash curl && \

    apk add --no-cache certbot certbot-nginx

# Copy the react build from Stage 1

COPY --from=build /app/build /var/www

# Copy renew cron script

COPY nginx/renew /etc/periodic/daily/renew

RUN chmod +x /etc/periodic/daily/renew

RUN mkdir /etc/letsencrypt

# Copy nginx script to set envsubst

COPY nginx/scripts/entrypoint.sh /entrypoint.sh

RUN chmod +x /entrypoint.sh

# Copy our custom nginx template config

COPY nginx/templates /etc/nginx/templates/

VOLUME /etc/letsencrypt

ENTRYPOINT ["/entrypoint.sh"]

rg305 · January 19, 2022, 12:29am

Does it require a delay?

orangepizza · January 19, 2022, 2:07am

not a delay but reorder. I think this may work. but it shouldn't run in container anyway: probably meet duplicate certificate rate limit fast. (look at that it needed to register new account each time)

#!/usr/bin/env bash

envsubst < /etc/nginx/templates/nginx.conf.template > /etc/nginx/nginx.conf
crond -f -d 8 &
nginx -g "daemon off;"
certbot --nginx -d ${DOMAIN} --agree-tos -n -m "${CERTBOT_EMAIL}"

system · February 18, 2022, 2:07am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.