Acme storage volume on Windows

I'm running a Windows server trying to set up Traefik in Docker (Linux containers) with acme enabled and I'm encountering the famous:
unable to get ACME account: permissions 755 for /acme.json are too open, please use 600

I've seen some tips to do a chmod 600 acme.json, but that doesn't work if I do it from inside WSL or Git bash and then start the container. And what I'm trying to do is create a server that I can easily re-create without a lot of manual steps that I have to do before everything is up and running. And I'd prefer it if I didn't have to do a image of my own where I set the permissions to the file.

Is there some way I can do this through only the docker-compose file, or creating a docker volume beforehand, or scripting?

If you think including my current config here would help, I'd be happy to do it.

Try a docker volume instead of a bind mount.

1 Like

You mean something like

  1. Run
    docker volume create acme_data

  2. In my docker-compose.yml:

    image: traefik:v2.4
      - "acme_data:/acme_data/"

    external: true
  1. In my static configuration file traefik.yml
     storage: /acme_data/acme.json

That seems to work. Maybe I'm just stupid. I feel like I have more control if I can have acme.json in the same folder as my config and everything, where I can see it. But I guess it doesn't matter if it's in some Docker generated folder. It would only be an issue if I move to another server, and then it could just request a new certificate.

I guess this works. Thanks! :slight_smile:

You can copy in or out of a container or even mount it with another container to cat it or upload via cli.

docker cp container:/path/to/file localfilename
docker run --rm -it -v acme-data:/data bash cat /data/acme/json

You're welcome

1 Like

Thanks for trying to improve on the solution.

That would require me running some script regularly, or before and after I setup on a new server, right?
Since changes would not be reflected automatically.
That's certainly a way to go. But I'm not expecting to do that often, I mostly just want to easily replicate the setup if I need to set it up again.
So I think I'll just go with the original solution and if I have to move to a new computer It'll just have to request a new certificate.

Since my post detailing my interpretation of your solution is the most complete with examples, I'll mark that as the solution.

Thanks again!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.