Tag: docker

Posted on

Setting user prompted values during apt-get install (e.g. tzdata)

Installing php-fpm on Ubuntu 22:04 prompts for some timezone values during install which makes it more difficult to install during a ‘docker build’ since passing -y to apt-get-install is not enough to respond to the prompts.

Here’s what I’m prompted for if I just run ‘apt-get install php-fpm’:

Configuring tzdata
------------------

Please select the geographic area in which you live. Subsequent configuration
questions will narrow this down by presenting a list of cities, representing
the time zones in which they are located.

  1. Africa   3. Antarctica  5. Arctic  7. Atlantic  9. Indian    11. US
  2. America  4. Australia   6. Asia    8. Europe    10. Pacific  12. Etc
Geographic area: 8

Please select the city or region corresponding to your time zone.

  1. Amsterdam    17. Guernsey     33. Monaco      49. Stockholm
  2. Andorra      18. Helsinki     34. Moscow      50. Tallinn
  3. Astrakhan    19. Isle_of_Man  35. Nicosia     51. Tirane
  4. Athens       20. Istanbul     36. Oslo        52. Tiraspol
  5. Belfast      21. Jersey       37. Paris       53. Ulyanovsk
  6. Belgrade     22. Kaliningrad  38. Podgorica   54. Uzhgorod
  7. Berlin       23. Kirov        39. Prague      55. Vaduz
  8. Bratislava   24. Kyiv         40. Riga        56. Vatican
  9. Brussels     25. Lisbon       41. Rome        57. Vienna
  10. Bucharest   26. Ljubljana    42. Samara      58. Vilnius
  11. Budapest    27. London       43. San_Marino  59. Volgograd
  12. Busingen    28. Luxembourg   44. Sarajevo    60. Warsaw
  13. Chisinau    29. Madrid       45. Saratov     61. Zagreb
  14. Copenhagen  30. Malta        46. Simferopol  62. Zaporozhye
  15. Dublin      31. Mariehamn    47. Skopje      63. Zurich
  16. Gibraltar   32. Minsk        48. Sofia
Time zone: 27


Current default time zone: 'Europe/London'
Local time is now:      Tue Sep 24 16:39:08 BST 2024.
Universal Time is now:  Tue Sep 24 15:39:08 UTC 2024.
Run 'dpkg-reconfigure tzdata' if you wish to change it.

From answers on this post, the easiest option (rather than setting values for the prompted values) is to run in non-interactive mode, and just default the tz to UTC, with:

DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get install php-fpm

Posted on

Running and connecting to different MySQL servers in Docker containers

Running and exposing default MySQL port:

docker run -e MYSQL_ROOT_PASSWORD=mypassword -p 3306:3306 -d mysql
mysql -u root -p

Running with a different exposed port on the host:

docker run -e MYSQL_ROOT_PASSWORD=mypassword -p 3307:3306 -d mysql

Connecting to server on different port : -P option, but also requires -h for host, otherwise seems to connect to whatever is running on 3306 by default:

mysql -h 127.0.0.1 -P 3307 -u root -p
Posted on

Website down for 24 hours: SSL certificate update failed – checking the contents of your certificate bundle

My SSL certificate for this site was about to expire this week, so I paid for an update for another year and then proceeded to upload my new certificate bundle to my server. Having been through this process a few times, I have a couple of posts describing the steps for configuring nginx with SSL certs here:

Installing SSL certificates for Nginx on Ubuntu

… and how to create a certificate bundle here:

Creating a single SSL certificate bundle from CA root and intermediate certificates

I normally concatenate the root, intermediate and my site certificate manually before uploading using the steps in the post above. This time though I noticed the updated certifcate had a bundle download, so I downloaded this and uploaded straight to my site and then restarted…

Unfortunately, since I run nginx in a Docker container, on restarting the container it failed and then went into a restart loop. While constantly failing and restarting like this, it’s not possible (that I know of) to ‘docker exec -it bash’ into the container since it hasn’t completely started. In hindsight maybe ‘docker log’ would have told be what I needed to know, but I wanted to look at the /var/log/nginx/error.log inside the container to see what the issue was. I found a neat trick to do this which I’ll cover in another post.

In the meantime, I found the error in the nginx error.log was this:

2024/06/12 16:31:02 [emerg] 56#56: SSL_CTX_use_PrivateKey_file("/etc/nginx/ssl-certs/my-site.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)

This seemed odd since I generated my CSR for the new certificate on the server and had the key for the request and new certificate. This post for this error luckily had suggestions to look at the contents of the bundle, using:

openssl x509 -noout -text -in yourcert.cert

And exactly as one of the answers suggested, the ‘Subject:’ field in the certificate was not for my domain, it was for the CA instead. The bundle that I downloaded after purchasing my new certificate contained the CA and the Intermediate certs but not the cert for my domain… I should have followed my own instructions for combining all three and including my own site certificate.

I created my new bundle by hand, uploaded to my server and now everything is back to normal with the new SSL certificate.

In hindsight I should have tested my updates on my test server before upload direct to my live server, but since moving house recently I no longer have the HP rackserver I had before, on which I used to run a test server that mirrored the config of my live site. Lesson learned, I need to set up a new test server…

Posted on

Deploying a Docker container to AWS Elastic Beanstalk

In my previous post, I looked at using the EB cli to deploy a Spring Boot app to Beanstalk. If you have an app that you have packaged in a Docker container, you can prepare this for deployment to Beanstalk using the EB cli command:

$ eb init -p docker application-name

This is described in the docs here.

This command inits the app for deployment, creating a default .elasticbeanstalk/config.yml file that looks like this:

branch-defaults:
  default:
    environment: null
    group_suffix: null
global:
  application_name: beanstalk-docker-with-mounted-volume
  branch: null
  default_ec2_keyname: null
  default_platform: Docker
  default_region: us-west-2
  include_git_submodules: true
  instance_profile: null
  platform_name: null
  platform_version: null
  profile: null
  repository: null
  sc: null
  workspace_type: Application

Next create a Beanstalk environment for deploying your app:

$ eb create environment-name

This will take a few minutes on your first deploy as it provisions everything required for running your app on Beanstalk, including an Auto Scaling Group and an EC2 instance.

Proudly powered by WordPress