SSL certs upgraded, Docker images upgraded, ready to go!

I had to renew my SSL certs for this site, so while doing so I upgraded and addressed a few other issues.

First, apparently when I deployed the SSL certs last time I missed out some of the root certs in the chain. The vendor I used gives you each of the root certs individually and you need to manually concatenate them together yourself. More in another post on the steps I too to do this.

Since certs are part of my nginx Docker image, I rebuilt my image upgrading everything to latest versions. Since it was a also a couple of years since I last did this, I also had to go back through my posts here to work out the steps I took to deploy last time. I’ll post another update on the steps I took for this also later.

apt-get errors building Ubuntu based Docker images from old images

Turns out if you have an older base image downloaded locally and you try to rebuild your own image based on it a couple of years later, you could get errors running apt-get in your own Dockerfiles. I just got errors like this rebuilding an image that I first created 2 years ago:

Err http://archive.ubuntu.com/ubuntu/ trusty-updates/main libcurl3 amd64 7.35.0-1ubuntu2.14
404  Not Found [IP: 91.189.88.149 80]
Get:16 http://archive.ubuntu.com/ubuntu/ trusty-updates/main ca-certificates all 20170717~14.04.1 [167 kB]
Err http://archive.ubuntu.com/ubuntu/ trusty-updates/main krb5-locales all 1.12+dfsg-2ubuntu5.3
404  Not Found [IP: 91.189.88.149 80]
Get:17 http://archive.ubuntu.com/ubuntu/ trusty/main libsasl2-modules amd64 2.1.25.dfsg1-17build1 [64.3 kB]
Err http://security.ubuntu.com/ubuntu/ trusty-security/main libcurl3 amd64 7.35.0-1ubuntu2.14
  404  Not Found [IP: 91.189.88.31 80]
Err http://security.ubuntu.com/ubuntu/ trusty-security/main openssl amd64 1.0.1f-1ubuntu2.23
  404  Not Found [IP: 91.189.88.31 80]
Err http://security.ubuntu.com/ubuntu/ trusty-security/main curl amd64 7.35.0-1ubuntu2.14
  404  Not Found [IP: 91.189.88.31 80]
Fetched 1375 kB in 7s (175 kB/s)
E: Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5support0_1.12+dfsg-2ubuntu5.3_amd64.deb  404  Not Found [IP: 91.189.88.149 80]

If you delete the base ubuntu image you have cached locally, and try again, you’ll pull down a latest image, and now your build should continue as expected.

Docker with remote servers

If you’re running Docker without TLS (hopefully never in production, for dev only), set DOCKER_HOST to host-ip:2375 and should should be good to go:

export DOCKER_HOST=tcp://host-ip:2375

If you’re using TLS certs, point to 2376 on the remote machine and specify a path to the certs:

export DOCKER_HOST=tcp://host-ip:2376
export DOCKER_CERT_PATH=/path/to/certs

Pass the –tlsverify param to ensure certs are passed with command:

docker --tlsverify command

 

Use docker-compose against a remote machine with TLS certs:

docker-compose -H remote-server-ip:2376 --tlscacert ca.pem --tlscert cert.pem --tlskey key.pem -f docker-compose.yml up

How to setup your Docker server to use TLS certs is here: https://docs.docker.com/engine/security/https/

2 years later: 2 years of running WordPress and MySQL on Docker in a VPS

It’s been 2 years since I migrated this site from a native install on a VPS to another VPS running Docker. I covered my migration in a number of posts, the first of which is here:

The surprising thing (maybe? maybe not?) is that the site has been up and running for the past 2 years with no issues. I think I rebooted the VPS a couple of times for reasons I can’t remember, but other than that the site’s been up reliably for the past 2 years.

It’s also been 2 years since I last renewed my SSL certificate, so time to do a couple of updates. More to come later.