Installing georchestra using docker - Problem with ssl certification
155 views
Skip to first unread message
Victor H Quispe
May 29, 2017, 6:41:01 PM5/29/17
to georchestra-dev
Hola soy nuevo en la instalación de georchestra, estoy probando la instalación georchestra 16.12 con docker, en una maquina-virtual kvm con debian 8.8.0.
Para esto estoy siguiendo el documento (https://github.com/georchestra/georchestra/blob/16.12/docs/docker.md) saltando la configuración opcional, pero tuve problemas que se corrigieron al seguir este documento (https://github.com/georchestra/docker).
Todos los contenedores se inician correctamente aparentemente, pero al probar la conexión con "curl https://georchestra.mydomain.org" me sale un error con la certificación:
curl: (60) SSL certificate problem: self signed certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
Me podrían indicar como hacer la configuración o actualización de la certificación, o cual es el problema que podría estar ocurriendo, la salida desde un navegador es una pantalla en blanco (ver adjunto)
julien....@camptocamp.com
Jun 9, 2017, 6:07:18 AM6/9/17
to georchestra-dev
Your are using a self signed certificate (for demo/test purpose) so you can try with --insecure option of curl : curl --insecure https://georchestra.mydomain.org it should work.
About blank page on your browser you try to connect on https server with http protocol, so you just need to add 's' on http : try https://192.......:443/ ;-)
About blank page on your browser you try to connect on https server with http protocol, so you just need to add 's' on http : try https://192.......:443/ ;-)
Ernest CHIARELLO
Jun 9, 2017, 6:37:31 AM6/9/17
to georche...@googlegroups.com, julien....@camptocamp.com
thanks Julien.
i had a similar problem with a Digicert x509 certificate. i solved it by adding the Digicert CA certificate (DigiCertCA.crt) in /etc/ssl/certs with the update-ca-certificates command.
update-ca-certificates is a program that updates the directory /etc/ssl/certs to hold SSL certificates and generates ca-certificates.crt, a concatenated single-file list of certificates.
[...]
all certificates with a .crt extension found below /usr/local/share/ca-certificates are also included as implicitly trusted
first i mounted the DigiCertCA.crt as a volume, in my container, on /usr/local/share/ca-certificates, in my docker-compose.override.yml file :
volumes:
- ./docker/ssl/DigiCertCA.crt:/usr/local/share/ca-certificates/DigiCertCA.crt:ro
and then i used an entry.sh script to execute the command :
/usr/sbin/update-ca-certificates
hope it helps.
Ernest.
i had a similar problem with a Digicert x509 certificate. i solved it by adding the Digicert CA certificate (DigiCertCA.crt) in /etc/ssl/certs with the update-ca-certificates command.
update-ca-certificates is a program that updates the directory /etc/ssl/certs to hold SSL certificates and generates ca-certificates.crt, a concatenated single-file list of certificates.
[...]
all certificates with a .crt extension found below /usr/local/share/ca-certificates are also included as implicitly trusted
first i mounted the DigiCertCA.crt as a volume, in my container, on /usr/local/share/ca-certificates, in my docker-compose.override.yml file :
volumes:
- ./docker/ssl/DigiCertCA.crt:/usr/local/share/ca-certificates/DigiCertCA.crt:ro
and then i used an entry.sh script to execute the command :
/usr/sbin/update-ca-certificates
hope it helps.
Ernest.
--
--
projet: http://www.georchestra.org/
---
Vous recevez ce message, car vous êtes abonné au groupe Google Groupes "georchestra-dev".
Pour vous désabonner de ce groupe et ne plus recevoir d'e-mails le concernant, envoyez un e-mail à l'adresse georchestra-d...@googlegroups.com.
Pour obtenir davantage d'options, consultez la page https://groups.google.com/d/optout.
-- Ernest CHIARELLO - Ernest.C...@univ-fcomte.fr UMR6049 ThéMA -- CNRS / université de Franche-Comté 32 rue Mégevand 25030 Besançon cedex Tel : 03 81 66 54 80 Mob : 07 82 99 11 08
Victor H Quispe
Jun 27, 2017, 10:21:09 AM6/27/17
to georchestra-dev
Gracias Julien, el problema era la capacidad de la memoria RAM, es que instale los contenedores de georchestra dentro de una maquina virtual (kvm) y ahora estoy intentando cambiar el valor predeterminado FQDN (georchestra.mydomain.org). No se si podrías darme algunas pautas.
Gracias.
François Van Der Biest
Jun 28, 2017, 1:54:06 PM6/28/17
to georchestra-dev
Hi Victor,
Yes, you have to change it:
* in the composition -
https://github.com/georchestra/docker/blob/master/docker-compose.override.yml#L8-L26
* in your config (git grep georchestra.mydomain.org in the config
subfolder to locate the files)
Don't forget to restart the composition after these changes.
You should also use a true SSL certificate, read more on eg
https://docs.traefik.io/user-guide/examples/#lets-encrypt-support
Regards,
F.
Yes, you have to change it:
* in the composition -
https://github.com/georchestra/docker/blob/master/docker-compose.override.yml#L8-L26
* in your config (git grep georchestra.mydomain.org in the config
subfolder to locate the files)
Don't forget to restart the composition after these changes.
You should also use a true SSL certificate, read more on eg
https://docs.traefik.io/user-guide/examples/#lets-encrypt-support
Regards,
F.
Reply all
Reply to author
Forward
0 new messages