I'm running a Windows server trying to set up Traefik in Docker (Linux containers) with acme enabled and I'm encountering the famous:
unable to get ACME account: permissions 755 for /acme.json are too open, please use 600
I've seen some tips to do a
chmod 600 acme.json, but that doesn't work if I do it from inside WSL or Git bash and then start the container. And what I'm trying to do is create a server that I can easily re-create without a lot of manual steps that I have to do before everything is up and running. And I'd prefer it if I didn't have to do a image of my own where I set the permissions to the file.
Is there some way I can do this through only the docker-compose file, or creating a docker volume beforehand, or scripting?
If you think including my current config here would help, I'd be happy to do it.
Try a docker volume instead of a bind mount.
You mean something like
docker volume create acme_data
- In my static configuration file
That seems to work. Maybe I'm just stupid. I feel like I have more control if I can have
acme.json in the same folder as my config and everything, where I can see it. But I guess it doesn't matter if it's in some Docker generated folder. It would only be an issue if I move to another server, and then it could just request a new certificate.
I guess this works. Thanks!
You can copy in or out of a container or even mount it with another container to
cat it or upload via cli.
docker cp container:/path/to/file localfilename
docker run --rm -it -v acme-data:/data bash cat /data/acme/json
Thanks for trying to improve on the solution.
That would require me running some script regularly, or before and after I setup on a new server, right?
Since changes would not be reflected automatically.
That's certainly a way to go. But I'm not expecting to do that often, I mostly just want to easily replicate the setup if I need to set it up again.
So I think I'll just go with the original solution and if I have to move to a new computer It'll just have to request a new certificate.
Since my post detailing my interpretation of your solution is the most complete with examples, I'll mark that as the solution.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.