[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)


Recommended Posts

Thank you that was it. I changed the ports to 444 and 84 and they are forwarded. The Docker does start now, but I can't reach the webui.

I'm trying to follow the cyanlabs guide and I'm also cross reading the dockerhub documentation. But I can't figure out why I can't reach the webui.

Is the cyanlabs guide still up to date?

Link to comment
4 hours ago, Heciruam said:

Thank you that was it. I changed the ports to 444 and 84 and they are forwarded. The Docker does start now, but I can't reach the webui.

I'm trying to follow the cyanlabs guide and I'm also cross reading the dockerhub documentation. But I can't figure out why I can't reach the webui.

Is the cyanlabs guide still up to date?

 

I'm guessing it fails because you are trying to add www.duckdns.org

  • Like 1
Link to comment
3 hours ago, GilbN said:

 

I'm guessing it fails because you are trying to add www.duckdns.org

@Heciruam

I say it over and over again. Please read the instructions. It literally says underneath that field that if you're using a ddns, it should be set to customsubdomain.ddnsprovider.com

 

If you're following a guide, please ask for help from the guide's author, and if you're following our instructions, please read them.

  • Like 1
Link to comment

I assume there is some kind of special configuration needed to use UniFi behind the Letsencrypt reverse proxy?  I have my cert and domain name (unifi.domain.com) working fine.  Typing in https://unifi.domain.com redirects me to https://unifi.domain.com/manage/account/login?redirect=%2Fmanage.  Then when I try to login I get a login error.  I assume the issue is because it's not redirecting me to unifi.domain.com:8443 even though that's what is listed in my site-conf file for unifi.

 

I must be missing something simple...

Link to comment
4 minutes ago, IamSpartacus said:

I assume there is some kind of special configuration needed to use UniFi behind the Letsencrypt reverse proxy?  I have my cert and domain name (unifi.domain.com) working fine.  Typing in https://unifi.domain.com redirects me to https://unifi.domain.com/manage/account/login?redirect=%2Fmanage.  Then when I try to login I get a login error.  I assume the issue is because it's not redirecting me to unifi.domain.com:8443 even though that's what is listed in my site-conf file for unifi.

 

I must be missing something simple...

 

This is what works for me


 

server {
       listen         80;
       server_name    unifi.server.com;
       return         301 https://$server_name$request_uri;
}

server {

    listen 443 ssl;
    server_name unifi.server.com;

    include /config/nginx/ssl.conf;
    
        location / {
        proxy_pass https://192.168.0.1:8443/;
        include /config/nginx/proxy.conf;
        proxy_set_header X-Real-IP $remote_addr;
        }
}

 

Link to comment
11 minutes ago, CHBMB said:

 

This is what works for me


 


server {
       listen         80;
       server_name    unifi.server.com;
       return         301 https://$server_name$request_uri;
}

server {

    listen 443 ssl;
    server_name unifi.server.com;

    include /config/nginx/ssl.conf;
    
        location / {
        proxy_pass https://192.168.0.1:8443/;
        include /config/nginx/proxy.conf;
        proxy_set_header X-Real-IP $remote_addr;
        }
}

 

 

LE definitely doesn't like that as I get the following error over and over once I add that to my site-conf and restart LE.

 

nginx: [emerg] the size 52428800 of shared memory zone "SSL" conflicts with already declared size 10485760 in /config/nginx/ssl.conf:3

 

Link to comment

Found a conf that works:

 

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

server {
    listen 80;
    listen [::]:80 ipv6only=on;
    listen 443 ssl;
    listen [::]:443 ipv6only=on ssl;

    server_name unifi.MYDOMAIN.COM;
    client_max_body_size 2G;

    ssl_dhparam /etc/ssl/certs/dhparam.pem;

    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

    location / {
        proxy_pass https://localhost:8443;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_buffering off;
    }

    # These are managed by certbot.
    # ssl_certificate /etc/letsencrypt/live/YOUR_FQDN/fullchain.pem;
    # ssl_certificate_key /etc/letsencrypt/live/YOUR_FQDN/privkey.pem;
}

 

Link to comment

Hey all,

 

I'm new here, but I'm at the point where I really need to stop bashing my head against the wall and seek help for this. I'm doing my best to set up an automated media server from my home pc. I've gotten it to the point where it works pretty much perfectly... internally. I have containers for Transmission-vpn, Sonarr, Radarr, Jackett, Ombi, etc.

 

However, I really want to be able to access some of these containers externally as well (ombi) or view the status of my downloads in an android app like nzb360 (which supports sonarr, radar, transmission). 

 

I was really excited when I came across the linuxserver/letsencrypt image (as I am on a Win10 pc and am unable to use alternatives like Traefik because I can't chmod permissions for the ssl key file -- but that's another topic), and the setup/config for it seemed pretty straightforward.

 

In terms of the domain itself, I purchased a domain name from google domains and transferred it to Cloudflare DNS. There I set up some A records (www.*, *.domain.net) and CNAME records for the subdomains for each container I want to make available externally. 

 

I have also forwarded both ports 80 and 443 on my dd-wrt router. 

 

I'm using docker-compose to make it a lot easier to test changes and bring up/down the containers as I go. Here is the compose entry for letsencrypt (minus sensitive info [email, domain name, etc]):

  letsencrypt:
    image: linuxserver/letsencrypt
    container_name: le
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ${CONFIG}/letsencrypt:/config
    restart: always
    depends_on:
      - transmission-vpn
      - sonarr
      - radarr
      - ombi
      - jackett
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - EMAIL=email@gmail.com
      - URL=domain.net
      - SUBDOMAINS=tv,movies,downloads,requests,ombi,transmission,radarr,sonarr,jackett
      - ONLY_SUBDOMAINS=false
      - VALIDATION=dns
      - DNSPLUGIN=cloudflare
      - DHLEVEL=4096
      - TZ=America/Los_Angeles

 My \letsencrypt\nginx\site-confs\default file looks like this:

# main server block
server {
	listen 443 ssl default_server;

	root /config/www;
	index index.html index.htm index.php;

	server_name domain.net;

	# enable subfolder method reverse proxy confs
	include /config/nginx/proxy-confs/*.subfolder.conf;

	# all ssl related config moved to ssl.conf
	include /config/nginx/ssl.conf;

	client_max_body_size 0;

	location / {
		try_files $uri $uri/ /index.html /index.php?$args =404;
	}

	location ~ \.php$ {
		fastcgi_split_path_info ^(.+\.php)(/.+)$;
		# With php7-cgi alone:
		fastcgi_pass 127.0.0.1:9000;
		# With php7-fpm:
		#fastcgi_pass unix:/var/run/php7-fpm.sock;
		fastcgi_index index.php;
		include /etc/nginx/fastcgi_params;
	}


# sample reverse proxy config for password protected couchpotato running at IP 192.168.1.50 port 5050 with base url "cp"
# notice this is within the same server block as the base
# don't forget to generate the .htpasswd file as described on docker hub
#	location ^~ /cp {
#		auth_basic "Restricted";
#		auth_basic_user_file /config/nginx/.htpasswd;
#		include /config/nginx/proxy.conf;
#		proxy_pass http://192.168.1.50:5050/cp;
#	}

}

# sample reverse proxy config without url base, but as a subdomain "cp", ip and port same as above
# notice this is a new server block, you need a new server block for each subdomain
#server {
#	listen 443 ssl;
#
#	root /config/www;
#	index index.html index.htm index.php;
#
#	server_name cp.*;
#
#	include /config/nginx/ssl.conf;
#
#	client_max_body_size 0;
#
#	location / {
#		auth_basic "Restricted";
#		auth_basic_user_file /config/nginx/.htpasswd;
#		include /config/nginx/proxy.conf;
#		proxy_pass http://192.168.1.50:5050;	
#	}
#}


# enable subdomain method reverse proxy confs
include /config/nginx/proxy-confs/*.subdomain.conf;

And I've renamed the subdomain files I want to use under \proxy-confs\ and they look like this (sonarr example):

# make sure that your dns has a cname set for sonarr and that your sonarr container is not using a base url
# to enable password access, uncomment the two auth_basic lines

server {
    listen         80;
    server_name    sonarr.domain.net;
    return         301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name sonarr.domain.net;

    access_log /var/log/nginx/sonarr.domain.net.log;

    location / {
        proxy_pass        http://127.0.0.1:8989;
        proxy_set_header  X-Real-IP  $remote_addr;
        proxy_set_header        Host            $host;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        proxy_redirect off;
        proxy_buffering off;

    }
}

To my eye, all of that looks like it *should* be working and allowing me to access sonarr from "sonarr.domain.net" -- but instead I get "ERR_CONNECTION_TIMED_OUT" page.

 

I can ping sonarr.domain.net -- and it returns a reply, along with my valid WAN IP. But I can't reach it in a browser window, and I have no idea what the cause of the issue is.

 

If anyone can help me figure this out, I would be eternally grateful. I've spent the past week or two staying up late trying to get all of this set up correctly, and I feel like I'm *SO CLOSE*! 

 

Thanks in advance!

-Adam

 

 

Link to comment
3 hours ago, ablaine said:

Hey all,

 

I'm new here, but I'm at the point where I really need to stop bashing my head against the wall and seek help for this. I'm doing my best to set up an automated media server from my home pc. I've gotten it to the point where it works pretty much perfectly... internally. I have containers for Transmission-vpn, Sonarr, Radarr, Jackett, Ombi, etc.

 

However, I really want to be able to access some of these containers externally as well (ombi) or view the status of my downloads in an android app like nzb360 (which supports sonarr, radar, transmission). 

 

I was really excited when I came across the linuxserver/letsencrypt image (as I am on a Win10 pc and am unable to use alternatives like Traefik because I can't chmod permissions for the ssl key file -- but that's another topic), and the setup/config for it seemed pretty straightforward.

 

In terms of the domain itself, I purchased a domain name from google domains and transferred it to Cloudflare DNS. There I set up some A records (www.*, *.domain.net) and CNAME records for the subdomains for each container I want to make available externally. 

 

I have also forwarded both ports 80 and 443 on my dd-wrt router. 

 

I'm using docker-compose to make it a lot easier to test changes and bring up/down the containers as I go. Here is the compose entry for letsencrypt (minus sensitive info [email, domain name, etc]):


  letsencrypt:
    image: linuxserver/letsencrypt
    container_name: le
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ${CONFIG}/letsencrypt:/config
    restart: always
    depends_on:
      - transmission-vpn
      - sonarr
      - radarr
      - ombi
      - jackett
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - EMAIL=email@gmail.com
      - URL=domain.net
      - SUBDOMAINS=tv,movies,downloads,requests,ombi,transmission,radarr,sonarr,jackett
      - ONLY_SUBDOMAINS=false
      - VALIDATION=dns
      - DNSPLUGIN=cloudflare
      - DHLEVEL=4096
      - TZ=America/Los_Angeles

 My \letsencrypt\nginx\site-confs\default file looks like this:


# main server block
server {
	listen 443 ssl default_server;

	root /config/www;
	index index.html index.htm index.php;

	server_name domain.net;

	# enable subfolder method reverse proxy confs
	include /config/nginx/proxy-confs/*.subfolder.conf;

	# all ssl related config moved to ssl.conf
	include /config/nginx/ssl.conf;

	client_max_body_size 0;

	location / {
		try_files $uri $uri/ /index.html /index.php?$args =404;
	}

	location ~ \.php$ {
		fastcgi_split_path_info ^(.+\.php)(/.+)$;
		# With php7-cgi alone:
		fastcgi_pass 127.0.0.1:9000;
		# With php7-fpm:
		#fastcgi_pass unix:/var/run/php7-fpm.sock;
		fastcgi_index index.php;
		include /etc/nginx/fastcgi_params;
	}


# sample reverse proxy config for password protected couchpotato running at IP 192.168.1.50 port 5050 with base url "cp"
# notice this is within the same server block as the base
# don't forget to generate the .htpasswd file as described on docker hub
#	location ^~ /cp {
#		auth_basic "Restricted";
#		auth_basic_user_file /config/nginx/.htpasswd;
#		include /config/nginx/proxy.conf;
#		proxy_pass http://192.168.1.50:5050/cp;
#	}

}

# sample reverse proxy config without url base, but as a subdomain "cp", ip and port same as above
# notice this is a new server block, you need a new server block for each subdomain
#server {
#	listen 443 ssl;
#
#	root /config/www;
#	index index.html index.htm index.php;
#
#	server_name cp.*;
#
#	include /config/nginx/ssl.conf;
#
#	client_max_body_size 0;
#
#	location / {
#		auth_basic "Restricted";
#		auth_basic_user_file /config/nginx/.htpasswd;
#		include /config/nginx/proxy.conf;
#		proxy_pass http://192.168.1.50:5050;	
#	}
#}


# enable subdomain method reverse proxy confs
include /config/nginx/proxy-confs/*.subdomain.conf;

And I've renamed the subdomain files I want to use under \proxy-confs\ and they look like this (sonarr example):


# make sure that your dns has a cname set for sonarr and that your sonarr container is not using a base url
# to enable password access, uncomment the two auth_basic lines

server {
    listen         80;
    server_name    sonarr.domain.net;
    return         301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name sonarr.domain.net;

    access_log /var/log/nginx/sonarr.domain.net.log;

    location / {
        proxy_pass        http://127.0.0.1:8989;
        proxy_set_header  X-Real-IP  $remote_addr;
        proxy_set_header        Host            $host;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        proxy_redirect off;
        proxy_buffering off;

    }
}

To my eye, all of that looks like it *should* be working and allowing me to access sonarr from "sonarr.domain.net" -- but instead I get "ERR_CONNECTION_TIMED_OUT" page.

 

I can ping sonarr.domain.net -- and it returns a reply, along with my valid WAN IP. But I can't reach it in a browser window, and I have no idea what the cause of the issue is.

 

If anyone can help me figure this out, I would be eternally grateful. I've spent the past week or two staying up late trying to get all of this set up correctly, and I feel like I'm *SO CLOSE*! 

 

Thanks in advance!

-Adam

 

 

 

Why did you completely modify the preset proxy conf? They are supposed to work out of the box as long as you followed the readme in that folder

 

Also, did you even confirm that letsencrypt cert generation worked successfully? I recommend doing all of those things step by step. Don't go from scratch to reverse proxying something at once. 

 

Also, post a log

Edited by aptalca
Link to comment

I would like to limit the upload speed of my server to the outside world for specific dockers. Is this possible to do? I'm currently running Nextcloud and Plex for which I would like to limit the upload speed. I've found some articles about rate limiting in NGINX, but I can't make much sense of it to apply it.

 

Would be nice to make sure other people are not collapsing my full bandwidth.

Link to comment
34 minutes ago, Kaizac said:

I would like to limit the upload speed of my server to the outside world for specific dockers. Is this possible to do? I'm currently running Nextcloud and Plex for which I would like to limit the upload speed. I've found some articles about rate limiting in NGINX, but I can't make much sense of it to apply it.

 

Would be nice to make sure other people are not collapsing my full bandwidth.

 

Plex has a built in setting for that

Link to comment
53 minutes ago, aptalca said:

 

Plex has a built in setting for that

 

That only works with a Plex Pass AFAIK, which I do not have. And since I also have Nextcloud I would like to be able to limit it from within NGINX (or maybe there is an other and better solution).

Link to comment
15 hours ago, aptalca said:

 

Why did you completely modify the preset proxy conf? They are supposed to work out of the box as long as you followed the readme in that folder

 

Also, did you even confirm that letsencrypt cert generation worked successfully? I recommend doing all of those things step by step. Don't go from scratch to reverse proxying something at once. 

 

Also, post a log

 

Thanks for the response. Re: the proxy conf file, I made those changes after the default wasn't working, after seeing some example versions of that file online. I was worried that the ($upstream_sonarr) value wasn't working properly. I've reverted my changes (deleted my conf and renamed the clean sample version), but the issue still exists.

 

Letsencrypt certification does appear to be working correctly. Here's a log from the le container viewed within Kitematic (with email/domain edited out):

-------------------------------------
          _         ()
         | |  ___   _    __
         | | / __| | |  /  \ 
         | | \__ \ | | | () |
         |_| |___/ |_|  \__/
2018-06-18T04:50:38.547439400Z 
2018-06-18T04:50:38.547441200Z 
Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donations/
-------------------------------------
GID/UID
-------------------------------------
2018-06-18T04:50:38.589599400Z 
User uid:    1000
User gid:    1000
-------------------------------------
2018-06-18T04:50:38.589618200Z 
[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing... 
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing... 
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing... 
Variables set:
PUID=1000
PGID=1000
TZ=America/Los_Angeles
URL=domain.net
SUBDOMAINS=tv,movies,downloads,requests,ombi,transmission,radarr,sonarr,jackett
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=false
DHLEVEL=4096
VALIDATION=dns
DNSPLUGIN=cloudflare
EMAIL=email@gmail.com
STAGING=
2018-06-18T04:50:44.317418600Z 
Backwards compatibility check. . .
No compatibility action needed
4096 bit DH parameters present
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Sub-domains processed are:  -d tv.domain.net -d movies.domain.net -d downloads.domain.net -d requests.domain.net -d ombi.domain.net -d transmission.domain.net -d radarr.domain.net -d sonarr.domain.net -d jackett.domain.net
E-mail address entered: email@gmail.com
dns validation via cloudflare plugin is selected
Certificate exists; parameters unchanged; attempting renewal
<------------------------------------------------->
2018-06-18T04:50:48.076788400Z 
<------------------------------------------------->
cronjob running on Sun Jun 17 21:50:48 PDT 2018
Running certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-06-18T04:51:03.055017000Z 
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/domain.net.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal
Plugins selected: Authenticator dns-cloudflare, Installer None
2018-06-18T04:51:03.198860000Z 
-------------------------------------------------------------------------------
2018-06-18T04:51:03.198871200Z 
The following certs are not due for renewal yet:
  /etc/letsencrypt/live/domain.net/fullchain.pem expires on 2018-09-15 (skipped)
No renewals were attempted.
No hooks were run.
-------------------------------------------------------------------------------
[cont-init.d] 50-config: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Server ready

Unless you were referring to another log? 

 

I'm starting to think it's not an issue with the reverse proxy setup as much as it is a firewall/gateway issue. I'm not sure how to even go about testing things on that end though. I've already added port forwards for 80, 443, 8080 through the windows firewall settings (and my router), and I don't have any other form of firewall/antivirus on my system. 

Link to comment
2 hours ago, ablaine said:

 

Thanks for the response. Re: the proxy conf file, I made those changes after the default wasn't working, after seeing some example versions of that file online. I was worried that the ($upstream_sonarr) value wasn't working properly. I've reverted my changes (deleted my conf and renamed the clean sample version), but the issue still exists.

 

Letsencrypt certification does appear to be working correctly. Here's a log from the le container viewed within Kitematic (with email/domain edited out):


-------------------------------------
          _         ()
         | |  ___   _    __
         | | / __| | |  /  \ 
         | | \__ \ | | | () |
         |_| |___/ |_|  \__/
2018-06-18T04:50:38.547439400Z 
2018-06-18T04:50:38.547441200Z 
Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donations/
-------------------------------------
GID/UID
-------------------------------------
2018-06-18T04:50:38.589599400Z 
User uid:    1000
User gid:    1000
-------------------------------------
2018-06-18T04:50:38.589618200Z 
[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-config: executing... 
[cont-init.d] 20-config: exited 0.
[cont-init.d] 30-keygen: executing... 
using keys found in /config/keys
[cont-init.d] 30-keygen: exited 0.
[cont-init.d] 50-config: executing... 
Variables set:
PUID=1000
PGID=1000
TZ=America/Los_Angeles
URL=domain.net
SUBDOMAINS=tv,movies,downloads,requests,ombi,transmission,radarr,sonarr,jackett
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=false
DHLEVEL=4096
VALIDATION=dns
DNSPLUGIN=cloudflare
EMAIL=email@gmail.com
STAGING=
2018-06-18T04:50:44.317418600Z 
Backwards compatibility check. . .
No compatibility action needed
4096 bit DH parameters present
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Sub-domains processed are:  -d tv.domain.net -d movies.domain.net -d downloads.domain.net -d requests.domain.net -d ombi.domain.net -d transmission.domain.net -d radarr.domain.net -d sonarr.domain.net -d jackett.domain.net
E-mail address entered: email@gmail.com
dns validation via cloudflare plugin is selected
Certificate exists; parameters unchanged; attempting renewal
<------------------------------------------------->
2018-06-18T04:50:48.076788400Z 
<------------------------------------------------->
cronjob running on Sun Jun 17 21:50:48 PDT 2018
Running certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-06-18T04:51:03.055017000Z 
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/domain.net.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal
Plugins selected: Authenticator dns-cloudflare, Installer None
2018-06-18T04:51:03.198860000Z 
-------------------------------------------------------------------------------
2018-06-18T04:51:03.198871200Z 
The following certs are not due for renewal yet:
  /etc/letsencrypt/live/domain.net/fullchain.pem expires on 2018-09-15 (skipped)
No renewals were attempted.
No hooks were run.
-------------------------------------------------------------------------------
[cont-init.d] 50-config: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Server ready

Unless you were referring to another log? 

 

I'm starting to think it's not an issue with the reverse proxy setup as much as it is a firewall/gateway issue. I'm not sure how to even go about testing things on that end though. I've already added port forwards for 80, 443, 8080 through the windows firewall settings (and my router), and I don't have any other form of firewall/antivirus on my system. 

 

Go to https://yourdomain.com from your cell phone while on cell connection (wifi turned off). If you get the default homepage then you confirm port 443 is forwarded correctly. If not, is a port issue (or the ip on cloudflare is not correct) 

Link to comment

Ok next problem now!

I needed https://www.imagemagick.org/script/index.php

So I got into the docker and installed it using

apk add imagemagick

 

Now as I have already found from previous posts :)

after an update everything is cleared.

So I put the command in post arguments field but I get an error even it's being installed during docker start

 

(I didn't include the beginning of the log)

Quote

No renewals were attempted.
No hooks were run.
-------------------------------------------------------------------------------
[cont-init.d] 50-config: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
fetch http://dl-cdn.alpinelinux.org/alpine/v3.7/main/x86_64/APKINDEX.tar.gz
Server ready
fetch http://dl-cdn.alpinelinux.org/alpine/v3.7/community/x86_64/APKINDEX.tar.gz
(1/33) Installing fontconfig (2.12.6-r0)
(2/33) Installing libgomp (6.4.0-r5)
(3/33) Installing lcms2 (2.8-r1)
(4/33) Installing libltdl (2.4.6-r4)
(5/33) Installing imagemagick-libs (7.0.7.11-r1)
(6/33) Installing libxrender (0.9.10-r2)
(7/33) Installing pixman (0.34.0-r3)
(7/33) Installing pixman (0.34.0-r3)
(8/33) Installing cairo (1.14.10-r0)
(9/33) Installing libintl (0.19.8.1-r1)
(10/33) Installing libblkid (2.31-r0)
(11/33) Installing libmount (2.31-r0)
(9/33) Installing libintl (0.19.8.1-r1)
(10/33) Installing libblkid (2.31-r0)
(11/33) Installing libmount (2.31-r0)
(12/33) Installing glib (2.54.2-r0)
(13/33) Installing dbus-libs (1.10.24-r0)
(14/33) Installing avahi-libs (0.6.32-r4)
(13/33) Installing dbus-libs (1.10.24-r0)
(14/33) Installing avahi-libs (0.6.32-r4)
(15/33) Installing gmp (6.1.2-r1)
(16/33) Installing nettle (3.3-r0)
(17/33) Installing libtasn1 (4.12-r3)
(18/33) Installing p11-kit (0.23.2-r2)
(19/33) Installing libunistring (0.9.7-r0)
(20/33) Installing gnutls (3.6.1-r0)
(20/33) Installing gnutls (3.6.1-r0)
(21/33) Installing cups-libs (2.2.5-r0)
(22/33) Installing jbig2dec (0.14-r0)
(23/33) Installing tiff (4.0.9-r4)
(24/33) Installing ghostscript (9.22-r0)
(25/33) Installing libxft (2.3.2-r2)
(25/33) Installing libxft (2.3.2-r2)
(26/33) Installing graphite2 (1.3.10-r0)
(27/33) Installing harfbuzz (1.6.3-r0)
(28/33) Installing pango (1.40.14-r0)
(29/33) Installing libcroco (0.6.12-r0)
(30/33) Installing shared-mime-info (1.9-r0)
(31/33) Installing gdk-pixbuf (2.36.10-r0)
(32/33) Installing librsvg (2.40.19-r0)
(31/33) Installing gdk-pixbuf (2.36.10-r0)
(32/33) Installing librsvg (2.40.19-r0)
(33/33) Installing imagemagick (7.0.7.11-r1)
Executing busybox-1.27.2-r11.trigger
Executing fontconfig-2.12.6-r0.trigger
Executing glib-2.54.2-r0.trigger
Executing shared-mime-info-1.9-r0.trigger
Executing gdk-pixbuf-2.36.10-r0.trigger
OK: 283 MiB in 240 packages
[cmd] apk exited 0
Signal handled: Terminated.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] syncing disks.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

 

Link to comment
1 hour ago, karateo said:

Ok next problem now!

I needed https://www.imagemagick.org/script/index.php

So I got into the docker and installed it using

apk add imagemagick

 

Now as I have already found from previous posts :)

after an update everything is cleared.

So I put the command in post arguments field but I get an error even it's being installed during docker start

 

(I didn't include the beginning of the log)

 

 

If you use a command in post arguments like that, the container executes that command and when the command exits, container shuts down

That's a docker thing.

 

Try mapping a file named 80-config into /etc/cont-init.d/ and in that file, put your apk add command

 

ie. "-v /path/to/80-config:/etc/cont-init.d/80-config" equivalent in dockerman

  • Like 1
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.