Certbot with filerun in docker listening to port 80

I have installed this docker app.
https://docs.filerun.com/docker
It is listening on port 80

version: ‘2’

services:
db:
image: mariadb:10.1
environment:
MYSQL_ROOT_PASSWORD: your_mysql_root_password
MYSQL_USER: your_filerun_username
MYSQL_PASSWORD: your_filerun_password
MYSQL_DATABASE: your_filerun_database
volumes:
- /filerun/db:/var/lib/mysql

web:
image: afian/filerun
environment:
FR_DB_HOST: db
FR_DB_PORT: 3306
FR_DB_NAME: your_filerun_database
FR_DB_USER: your_filerun_username
FR_DB_PASS: your_filerun_password
APACHE_RUN_USER: www-data
APACHE_RUN_USER_ID: 33
APACHE_RUN_GROUP: www-data
APACHE_RUN_GROUP_ID: 33
depends_on:
- db
links:
- db:db
ports:
- “80:80”
volumes:
- /filerun/html:/var/www/html
- /filerun/user-files:/user-files

How can i also install a certbot letsencrypt in the same container?

1 Like

Hi @manish-fn,

Is your trouble that, since MariaDB is using port 80, Certbot won’t be able to use it for the validation process?

The easiest thing in this case is probably to use certbot --standalone. It does need port 80 temporarily just during the validation, so you can use something like certbot --standalone --pre-hook "service mariadb stop" --post-hook "service mariadb start". This will cause a MariaDB outage but it should be just a few seconds every time the certificate needs to be renewed.

If that outage isn’t acceptable, you can use a reverse proxy that forwards /.well-known/acme-challenge to a port that Certbot uses, and forwards other URLs to the MariaDB service. This is certainly more configuration complexity, but it’s probably necessary if you want to use the HTTP-01 validation method for your certificate without any database service outages at all while also having MariaDB listening on port 80.

1 Like

MariaDB is not using port 80. afian/filerun is.

certbot --standalone --pre-hook “service mariadb stop” --post-hook “service mariadb start” wont help

1 Like

In that case, you would need to substitute a command that stops and restarts filerun.

1 Like

I stopped the container and installed the certbot apache certificates. At that stage https is available. But when i start the container again, there is no https access.

1 Like

I don’t quite understand what you’re looking for here. Is the problem just about how to configure another program to use the certificate that you’ve already obtained?

1 Like

I just want to enable ssl without closing my app filerun on port 80 installed using docker.

1 Like

I’m still not sure that I understand your situation properly.

If you’re using the HTTP-01 challenge to prove control over your domain name, Certbot or another Let’s Encrypt client will need to be reachable from the Internet on port 80 of your server during each certificate renewal.

If you don’t have a proxy that can route different web request paths to different processes or containers, this means you’ll need to temporarily stop whatever other software on your server is using port 80, so that Certbot can use it instead. Or you’ll need to use a different method to prove control of your domain name.

1 Like

I temporarily stopped my container, installed apache and certbot. Then installed certificates, which worked. Then stopped apache2 to restore my container. Now the there is not https.

1 Like

What program is supposed to provide HTTPS? Is it running? Did it work before? Is it not listening on port 443 at all, or not speaking HTTPS on port 443?

What made you conclude that the certificate installation step worked?

1 Like

I used apache to install certbot and the certificates. When i access the website ssl is enabled and showing https. Next i stop apache to make the port 80 available for my filerun app in docker with the yml file that i posted above. At this point when i don’t get https secure.

Hi,

Since you originally used Apache to obtain the certificate, your Apache is configured to use the certificate certbot generated. You could also use that certificate in your docker, however it will not renew properly (since you want to use filerun, not Apache and Apache will be used when certbot attempt to run).

Your filerun is only configured with port 80, without any listen on port 443 or certificate configured, which is why it doesn’t work when you tried to connect with https.

From filerun’s official GitHub, they suggest you to use a reverse proxy for filerun docker and (possibly) terminate SSL/TLS connections in that proxy.

Thank you

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.