xorinzor Posted January 16, 2020 Share Posted January 16, 2020 (edited) All PHP commands from this container are suddenly giving "Bus Error". This started yesterday. It's currently sending me an error mail roughly every 30 minutes because of the cronjob trying to execute `/usr/lib/php/sessionclean`. If I open the container console and run "php" or even just "php -v" I also get "Bus Error". EDIT: Having rebooted the entire Unraid server seems to have fixed it. Not sure what was going on, rebuilding the container didn't fix it. No disks are out of space, no other containers had issues. Edited January 16, 2020 by xorinzor Quote Link to comment
Squid Posted January 17, 2020 Share Posted January 17, 2020 On 1/16/2020 at 4:00 AM, xorinzor said: All PHP commands from this container are suddenly giving "Bus Error". This started yesterday. It's currently sending me an error mail roughly every 30 minutes because of the cronjob trying to execute `/usr/lib/php/sessionclean`. If I open the container console and run "php" or even just "php -v" I also get "Bus Error". EDIT: Having rebooted the entire Unraid server seems to have fixed it. Not sure what was going on, rebuilding the container didn't fix it. No disks are out of space, no other containers had issues. You should run a memtest. A bus error is when a program (any program) attempts to access a memory location that isn't divisible by 4. For an interpreted language such as PHP, a bus error from an executing script is impossible unless it came from the originating interpreter (ie: PHP itself) 1 Quote Link to comment
capino Posted March 30, 2020 Share Posted March 30, 2020 Once in a while I receive the following mail from my poste.io docker. subject: Cron <root@mail> test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ) Message: /etc/cron.daily/logrotate: pkill: cannot allocate 4611686018427387903 bytes Does anybody have any clue why? Quote Link to comment
paperblankets Posted June 19, 2020 Share Posted June 19, 2020 (edited) Hi there, I'm attempting to set up this container for the first time. I am getting a port in use error (Starting the docker container) on `443` I believe because I am running letsencrypt. Error starting userland proxy: listen tcp 0.0.0.0:443: bind: address already in use. Edit: I just set an explicit https port the way I would with other containers and that seems to be working for serving the admin UI at least. Edited June 19, 2020 by paperblankets Potential solution found. Quote Link to comment
kharntiitar Posted July 15, 2020 Share Posted July 15, 2020 On 3/30/2020 at 6:48 PM, capino said: Once in a while I receive the following mail from my poste.io docker. subject: Cron <root@mail> test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ) Message: /etc/cron.daily/logrotate: pkill: cannot allocate 4611686018427387903 bytes Does anybody have any clue why? Can't tell you why, but I'm having the exact some issue... exact same number and everything. It's working fine, just get that email every day for the past while. root@mail:/etc/cron.daily# logrotate /etc/logrotate.conf pkill: cannot allocate 4611686018427387903 bytes Quote Link to comment
kharntiitar Posted July 15, 2020 Share Posted July 15, 2020 8 minutes ago, kharntiitar said: Can't tell you why, but I'm having the exact some issue... exact same number and everything. It's working fine, just get that email every day for the past while. root@mail:/etc/cron.daily# logrotate /etc/logrotate.conf pkill: cannot allocate 4611686018427387903 bytes A very short time after this, I rebooted the container, and ran the logrotate again. This time I got a bunch of errors for items in /var/log: " because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation. I changed permissions on those folders to 755, and chowned to root, and it all started working, no errors. On reboot though, it reclaims the folders and errors come back. I tried rolling the docker back 2 months, and then 2 years, but same issue. Might look at editing the "su" config for it. Quote Link to comment
kharntiitar Posted July 15, 2020 Share Posted July 15, 2020 @paperblankets I got mine solved, hopefully you can too. I installed a second docker, which worked fine, then had a look at the file structure, the permissions were very different, one by one I chmod'd every single file and directory in /var/log for poste's docker. I now get no errors at all, even after reboot. Running Version 2.2.21 Free. Hope it helps. Quote Link to comment
Parton Posted July 16, 2020 Share Posted July 16, 2020 Where do I put the -e "HTTPS=OFF" To disable HTTPS? Quote Link to comment
tmor2 Posted November 15, 2020 Share Posted November 15, 2020 On 10/22/2019 at 5:31 AM, aterfax said: For users who want the letsencrypt in Poste IO working but are already using a letsencrypt docker, all you need to do is share the .well-known folders between your Poste IO and letsencrypt docker i.e. in the Poste IO docker config: Hi, How come your POste.io config is so drastically different from mine? Quote Link to comment
tmor2 Posted November 15, 2020 Share Posted November 15, 2020 I can't create valid certificates using Poste.io's built in function (within web GUI). I don't know how to set up either of the two to work together. Any help? I'm using Poste.io docker and I also have Letsencrypt docker for cloud and other stuff. I couldn't find premade certificate file in UNRAID->apps->letsencrypt->nginx-> proxy-confs. It's really annoying since my iOS devices keep bringing up pop-up "invalid certificate". Even after clicking "cancel" the prompt just keeps coming back. Error message emailed by post.io are: I get another message (emailed) that says: Does anyone have a simple solution on how to make this work? Snapshots (images) of solutions are more helpful than textual explanations. Quote Link to comment
aterfax Posted November 17, 2020 Share Posted November 17, 2020 (edited) On 11/15/2020 at 5:48 PM, tmor2 said: Hi, How come your POste.io config is so drastically different from mine? You have advanced view turned on, you can toggle this at the top right. Edited November 17, 2020 by aterfax Quote Link to comment
aterfax Posted November 17, 2020 Share Posted November 17, 2020 (edited) On 11/15/2020 at 6:05 PM, tmor2 said: I can't create valid certificates using Poste.io's built in function (within web GUI). I don't know how to set up either of the two to work together. Any help? I'm using Poste.io docker and I also have Letsencrypt docker for cloud and other stuff. I couldn't find premade certificate file in UNRAID->apps->letsencrypt->nginx-> proxy-confs. It's really annoying since my iOS devices keep bringing up pop-up "invalid certificate". Even after clicking "cancel" the prompt just keeps coming back. Error message emailed by post.io are: I get another message (emailed) that says: Does anyone have a simple solution on how to make this work? Snapshots (images) of solutions are more helpful than textual explanations. EDIT: UPDATED MAY 2021! I ended up mounting the default certificate files in the docker directly to the certificates from my letsencrypt docker: To be explicit with my volume mounts for SSL working: /data/ssl/server.crt → /mnt/user/appdata/letsencrypt/etc/letsencrypt/live/mailonlycert.DOMAIN.com/cert.pem /data/ssl/ca.crt → /mnt/user/appdata/letsencrypt/etc/letsencrypt/live/mailonlycert.DOMAIN.com/chain.pem /data/ssl/server.key → /mnt/user/appdata/letsencrypt/etc/letsencrypt/live/mailonlycert.DOMAIN.com/privkey.pem I do not recall the exact details of why the above is optimal but I suspect that Poste is handling making it's own full chain cert which results in some cert mangling if you do give it your fullchain cert rather than each separately (various internal services inside the docker need different formats) - I believe that without the mounts as above the administration portal will be unable to log you in. As I mentioned further up in this thread you can alternatively mount .well-known folders between your Poste IO and letsencrypt docker - this will not work if your domain has HSTS turned on with redirects to HTTPS (or this was the case with the version of letsencypt in the docker a while ago as it was reported here: https://bitbucket.org/analogic/mailserver/issues/749/lets-encrypt-errors-with-caprover ) Edited May 18, 2021 by aterfax Update Quote Link to comment
akamemmnon Posted January 2, 2021 Share Posted January 2, 2021 On 6/14/2019 at 6:58 PM, wierdbeard65 said: Ok, after much digging as well as not a little hair-pulling, I now have it working. If anyone else stumbles across this post and has the same problem, it seems that when you access the web interface using port 8280, it redirects the browser to use https on port 443, changing the location to be /webmail. I hadn't noticed the switch.... The Let's Encrypt challenge works on http on port 80. So, what I did was to set my reverse proxy to forward all http requests to mail.<mydomain> port 80 to https on my Unraid box and it was able to verify everything.... If you use a reverse proxy, which ports do you have to open up? Quote Link to comment
tmor2 Posted January 24, 2021 Share Posted January 24, 2021 (edited) I have another issue...... When I was logging into webui, I received error that local domain 10.10.20.x was blacklisted and I need to wait 2 days to release the block. Are there suggestions on how to overcome that block? thx Edited January 24, 2021 by tmor2 Quote Link to comment
tmor2 Posted January 24, 2021 Share Posted January 24, 2021 On 11/16/2020 at 7:14 PM, aterfax said: I ended up mounting the default certificate files in the docker directly to the certificates from my letsencrypt docker: But as I mentioned further up in this thread you can also mount .well-known folders between your Poste IO and letsencrypt docker - this will not work if your domain has HSTS turned on with redirects to HTTPS (or this was the case with the version of letsencypt in the docker a while ago as it was reported here: https://bitbucket.org/analogic/mailserver/issues/749/lets-encrypt-errors-with-caprover ) How did you add this: Is this, Variable, Path, Prot, Label or Device? What did you do in letsencrypt to issue certificate (I issue one for bitwarden, nextcloudetc) Did you add in "Sudomains": "mail"? (next to "nextcloud,sonnar,bitwarden...") Did you have to do anthing else on DNS provider (my MX record is enabeld)? Did you have to add .config file within letenscrypt? I see no existing template when I navigate to /etc/letsencrypt/live I don't see the 3 .pem files. Why? There is only etc/letsencrypt/live/nextcloud.MYDOMAIN.COM folder, but the folder is empty Quote Link to comment
aterfax Posted January 28, 2021 Share Posted January 28, 2021 On 1/24/2021 at 1:53 AM, tmor2 said: How did you add this: Is this, Variable, Path, Prot, Label or Device? What did you do in letsencrypt to issue certificate (I issue one for bitwarden, nextcloudetc) Did you add in "Sudomains": "mail"? (next to "nextcloud,sonnar,bitwarden...") Did you have to do anthing else on DNS provider (my MX record is enabeld)? Did you have to add .config file within letenscrypt? I see no existing template when I navigate to /etc/letsencrypt/live I don't see the 3 .pem files. Why? There is only etc/letsencrypt/live/nextcloud.MYDOMAIN.COM folder, but the folder is empty 1 - Yes these are paths. 2 - I added mail.domain.com - naturally you need to have setup your CNAME / MX records and forward ports in your router/network gateway to the Poste.io server. If you wish for the web GUI of poste.io also to be accessible externally you will also need to setup the correct reverse proxy with SWAG. I don't know what you mean by .config 3 - I blanked the folder in the screen shot as I do not want to share my domain name, but yes the subfolder with your domain name / subdomain name is where the PEM files should be if you have setup SWAG correctly to get SSL certificates. If you are lacking certificates you have probably got it setup incorrectly. Quote Link to comment
tmor2 Posted January 29, 2021 Share Posted January 29, 2021 (edited) 9 hours ago, aterfax said: 1 - Yes these are paths. 2 - I added mail.domain.com - naturally you need to have setup your CNAME / MX records and forward ports in your router/network gateway to the Poste.io server. If you wish for the web GUI of poste.io also to be accessible externally you will also need to setup the correct reverse proxy with SWAG. I don't know what you mean by .config 3 - I blanked the folder in the screen shot as I do not want to share my domain name, but yes the subfolder with your domain name / subdomain name is where the PEM files should be if you have setup SWAG correctly to get SSL certificates. If you are lacking certificates you have probably got it setup incorrectly. The guide may pertain to Letsencrypt docker (which is not maintained any longer and has been migrated to SWAG docker). Your screen shot has 4 lines, what is the FILE NAME (!) of the first path? Line ends with /liv....????? I assume it's fullchain.pem??? But that needs not be true because there is also priv-fullchain-bundle.pem file. Your screen shot (below) shows path to swag...as /mnt/user/appdata/letsencrypt/live/SUBDOMAIN.DOMAIN.COM/*.PEM In swag, this directory is empty -> if you SSH into it from Docker command line, it will be empty. The keys are stored in following directory: /mnt/usr/appdata/swag/KEYS/letsencrypt/*.PEM Edited January 29, 2021 by tmor2 Quote Link to comment
aterfax Posted January 29, 2021 Share Posted January 29, 2021 (edited) 19 hours ago, tmor2 said: The guide may pertain to Letsencrypt docker (which is not maintained any longer and has been migrated to SWAG docker). Your screen shot has 4 lines, what is the FILE NAME (!) of the first path? Line ends with /liv....????? I assume it's fullchain.pem??? But that needs not be true because there is also priv-fullchain-bundle.pem file. Your screen shot (below) shows path to swag...as /mnt/user/appdata/letsencrypt/live/SUBDOMAIN.DOMAIN.COM/*.PEM In swag, this directory is empty -> if you SSH into it from Docker command line, it will be empty. The keys are stored in following directory: /mnt/usr/appdata/swag/KEYS/letsencrypt/*.PEM You are familiar with the concept of the past I assume? Edit: Here are the docs you need, your certificate files are not in the keys folder: https://certbot.eff.org/docs/using.html#where-are-my-certificates Edited January 30, 2021 by aterfax Quote Link to comment
tmor2 Posted January 30, 2021 Share Posted January 30, 2021 (edited) 9 hours ago, aterfax said: You are familiar with the concept of the past I assume? Edit: Here are the docs you need, your certificate files are not in the keys folder: https://certbot.eff.org/docs/using.html#where-are-my-certificates Thanks, I understand what you are saying, and I read this page, however it does not reference SWAG docker, which is what I am using. I cannot reference such a user guide because I am interested in what works in practice, and not on paper (webpage). What happens in practice is following: Upon generation of certificates (when swag docker is restarted), the content in the following folder /mnt/usr/appdata/swag/KEYS/letsencrypt/ disappears (is deleted by swag docker) and then new files appear, namely all certificates newly issued. The certificates in that folder have timestamp that is few seconds older than when swag docker was restarted. In other words this statement from your refernce is simply NOT true: /etc/letsencrypt/archive and /etc/letsencrypt/keys contain all previous keys and certificates, while /etc/letsencrypt/live symlinks to the latest versions. /etc/letsencrypt/keys does not contain all previous keys, because I verified this ( looked at exitigng keys frst, then restarted swag server, and the new keys in this folder were definitvly different (along with file time stamp being newer). There were no traces at all from "old" certificates.. This may be how swag docker is implemented. Folder /mnt/user/appdata/letsencrypt/live/ has certificates only for cloud.mydomain.com....but for not other subdomains or other domains. When I point Poste.io to folder /mnt/usr/appdata/swag/KEYS/letsencrypt/, Poste.io correctly restarts, there are no more warnings on iOS/Mac devices such as "the identity of the server yyz.com cannot be verifiied....". The aforementioned error was occurring for all 3 mail domains, for over 1 year on all of my devices. So if your solutions works for you great (using Letsencrypt docker), but my solution works for me (using swag docker), as evidenced by resolution of the problem that prompted me to post to begin with, and might work for others using swag docker and poste.io. Edited January 30, 2021 by tmor2 Quote Link to comment
aterfax Posted January 30, 2021 Share Posted January 30, 2021 (edited) 11 hours ago, tmor2 said: In other words this statement from your refernce is simply NOT true The SWAG docker uses certbot........ https://github.com/linuxserver/docker-swag/blob/master/Dockerfile /mnt/usr/appdata/swag/KEYS/letsencrypt/ is a symlink - due to the way docker mounts things you are better avoiding trying to mount anything symlinked as the appropriate file pathing must exist in the container. If you mount the symlink it will point at things that do not exist within a given container which is why the method 1 below required you to mount the entire config folder - a bad practice. Mounting a symlink of a cert directly will work, but mounting directly from /mnt/usr/appdata/swag/KEYS/letsencrypt/ will almost certainly break the minute you attempt to get multiple certs for more than one domain. You appear to be talking about generating a single certificate with multiple subdomains.... this is going to generate only one certificate and one folder it sits in. Feel free to make an issue on their Github if you are so convinced that you know their container better than they do: https://github.com/linuxserver/docker-swag/issues You can argue the toss about how you should correctly mount things - but you really should be doing method 2. https://hub.docker.com/r/linuxserver/swag Quote Using certs in other containers This container includes auto-generated pfx and private-fullchain-bundle pem certs that are needed by other apps like Emby and Znc. To use these certs in other containers, do either of the following: 1 : (Easier) Mount the container's config folder in other containers (ie. -v /path-to-le-config:/le-ssl) and in the other containers, use the cert location /le-ssl/keys/letsencrypt/ 2: (More secure) Mount the SWAG folder etc that resides under /config in other containers (ie. -v /path-to-le-config/etc:/le-ssl) and in the other containers, use the cert location /le-ssl/letsencrypt/live/<your.domain.url>/ (This is more secure because the first method shares the entire SWAG config folder with other containers, including the www files, whereas the second method only shares the ssl certs) These certs include: 1: cert.pem, chain.pem, fullchain.pem and privkey.pem, which are generated by Certbot and used by nginx and various other apps 2: privkey.pfx, a format supported by Microsoft and commonly used by dotnet apps such as Emby Server (no password) 3: priv-fullchain-bundle.pem, a pem cert that bundles the private key and the fullchain, used by apps like ZNC I am not using the letsencrypt docker, I am using swag which is a meaningless distinction since they are the same project with a different name due to copyright issues. You do not really appear to be reading anything linked properly nor understanding anything fully. I'm not continuing with this dialogue. Edited January 30, 2021 by aterfax Quote Link to comment
Muff Posted February 19, 2021 Share Posted February 19, 2021 Hi, I'm in need of some help with poste.io container. I can receive emails from e.g @gmail.com but I can't send any emails. They are stuck in the queue. I've tried to read the logs but couldn't find anything and my DNS records (MX, DKIM, SFP) looks Ok. Also I've googled for around 8h now and I can't find anything. Anyone have any idé? Thanks! Quote Link to comment
schuu Posted March 18, 2021 Share Posted March 18, 2021 On 3/7/2018 at 11:22 PM, gxs said: I can't enter the web interface screen. Port 8280 (webui port) only forwards me to https://myserver/admin/install/server. The problem is that this then shows my unraid interface. Adding the port like https://myserver:8280/admin/install/server or even changing it to http doesn't do anything. Is there anything I'm missing? Did you find a solution for this? I am having the same problem. Quote Link to comment
xaositek Posted March 19, 2021 Share Posted March 19, 2021 Noticed I can view messages but I can not longer delete messages. Here's the log files (logs on a recreation so time stamps are a bit off) and a screenshot. ==> mail.log <== Mar 19 11:10:22 ce466793ae2b dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=192.168.55.11, lip=127.0.0.1, mpid=14851, TLS, session=<LugE9OW9toLAqDcL> Mar 19 11:10:22 ce466793ae2b dovecot: imap([email protected])<14851><LugE9OW9toLAqDcL>: Error: Mailbox INBOX: link(/data/domains/mymailserver.info/xaositek/Maildir/cur/1615003435.M382342P32606.3b20f19fac1b,S=6950,W=7251:2,S, /data/domains/mymailserver.info/xaositek/Maildir/.Trash/tmp/1616170222.M693717P14851.ce466793ae2b) failed: Function not implemented Mar 19 11:10:22 ce466793ae2b dovecot: imap([email protected])<14851><LugE9OW9toLAqDcL>: Logged out in=155 out=1173 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0 Mar 19 11:10:22 ce466793ae2b dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=192.168.55.11, lip=127.0.0.1, mpid=14856, TLS, session=<It0F9OW9uILAqDcL> Mar 19 11:10:22 ce466793ae2b dovecot: imap([email protected])<14856><It0F9OW9uILAqDcL>: Logged out in=318 out=4258 deleted=0 expunged=0 trashed=0 hdr_count=6 hdr_bytes=1802 body_count=0 body_bytes=0 ==> mail.warn <== Mar 19 11:10:22 ce466793ae2b dovecot: imap([email protected])<14851><LugE9OW9toLAqDcL>: Error: Mailbox INBOX: link(/data/domains/mymailserver.info/xaositek/Maildir/cur/1615003435.M382342P32606.3b20f19fac1b,S=6950,W=7251:2,S, /data/domains/mymailserver.info/xaositek/Maildir/.Trash/tmp/1616170222.M693717P14851.ce466793ae2b) failed: Function not implemented ==> syslog <== Mar 19 11:10:22 ce466793ae2b dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=192.168.55.11, lip=127.0.0.1, mpid=14851, TLS, session=<LugE9OW9toLAqDcL> Mar 19 11:10:22 ce466793ae2b dovecot: imap([email protected])<14851><LugE9OW9toLAqDcL>: Error: Mailbox INBOX: link(/data/domains/mymailserver.info/xaositek/Maildir/cur/1615003435.M382342P32606.3b20f19fac1b,S=6950,W=7251:2,S, /data/domains/mymailserver.info/xaositek/Maildir/.Trash/tmp/1616170222.M693717P14851.ce466793ae2b) failed: Function not implemented Mar 19 11:10:22 ce466793ae2b dovecot: imap([email protected])<14851><LugE9OW9toLAqDcL>: Logged out in=155 out=1173 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0 Mar 19 11:10:22 ce466793ae2b dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=192.168.55.11, lip=127.0.0.1, mpid=14856, TLS, session=<It0F9OW9uILAqDcL> Mar 19 11:10:22 ce466793ae2b dovecot: imap([email protected])<14856><It0F9OW9uILAqDcL>: Logged out in=318 out=4258 deleted=0 expunged=0 trashed=0 hdr_count=6 hdr_bytes=1802 body_count=0 body_bytes=0 Quote Link to comment
brucejobs Posted March 30, 2021 Share Posted March 30, 2021 On 3/18/2021 at 10:09 AM, schuu said: Did you find a solution for this? I am having the same problem. The reason is explained at the top on the first page. I tried to quote but I am lacking the understanding how multi-quote works across pages. Quote Link to comment
brucejobs Posted March 30, 2021 Share Posted March 30, 2021 Hello, I have been able to get to the admin login page. What I failing to comprehend is the login credentials that I must use and how to set about creating those. I think it may all be in vein because the PTR for my static ip shows my ISP. I have added a PTR on my cloudflared but I dont see that working out. Might have to call my ISP and beg but first, how in the binaries do I get access to my own site. I feel so noob. Please help. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.