Setup Issues: Gramps Web on VPS with SSL

Hi David,

We posted at the same time… please see post with docker error…

I am not using the IP address, I am using the host name as recorded in my DNS entry table (A record) on a separate web hosting service than my VPS.

Currently looking into my firewall settings.

Chris

Hi David,

Learned something new. I’m getting an error from nginx on startup…

Attaching to nginx-proxy, grampsweb_redis, nginx-proxy-acme, grampsweb, grampsweb_celery
grampsweb_redis     | 1:C 03 Jul 2023 16:39:53.573 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
grampsweb_redis     | 1:C 03 Jul 2023 16:39:53.573 # Redis version=7.0.11, bits=64, commit=00000000, modified=0, pid=1, just started
grampsweb_redis     | 1:C 03 Jul 2023 16:39:53.573 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf
grampsweb_redis     | 1:M 03 Jul 2023 16:39:53.580 * monotonic clock: POSIX clock_gettime
grampsweb_redis     | 1:M 03 Jul 2023 16:39:53.589 * Running mode=standalone, port=6379.
grampsweb_redis     | 1:M 03 Jul 2023 16:39:53.589 # Server initialized
grampsweb_redis     | 1:M 03 Jul 2023 16:39:53.590 # WARNING Memory overcommit must be enabled! Without it, a background save or replication may fail under low
memory condition. Being disabled, it can can also cause failures without low memory condition, see https://github.com/jemalloc/jemalloc/issues/1328. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
grampsweb_redis     | 1:M 03 Jul 2023 16:39:53.593 * Ready to accept connectionsnginx-proxy         | Info: running nginx-proxy version 1.3.1-22-g4304dcd
nginx-proxy         | Warning: A custom dhparam.pem file was provided. Best practice is to use standardized RFC7919 DHE groups instead.
nginx-proxy         | Warning: TRUST_DOWNSTREAM_PROXY is not set; defaulting to
"true". For security, you should explicitly set TRUST_DOWNSTREAM_PROXY to "false" if there is not a trusted reverse proxy in front of this proxy.
nginx-proxy         | Warning: The default value of TRUST_DOWNSTREAM_PROXY might change to "false" in a future version of nginx-proxy. If you require TRUST_DOWNSTREAM_PROXY to be enabled, explicitly set it to "true".
nginx-proxy         | forego      | starting dockergen.1 on port 5000
nginx-proxy         | forego      | starting nginx.1 on port 5100
nginx-proxy         | nginx.1     | 2023/07/03 16:39:53 [crit] 16#16: pread() "/etc/nginx/conf.d/my_proxy.conf" failed (21: Is a directory)
nginx-proxy         | nginx.1     | nginx: [crit] pread() "/etc/nginx/conf.d/my_proxy.conf" failed (21: Is a directory)

I have a docker-compose folder, and in it I place the yml file and the find conf file.

Will keep you posted,

Chris

Oh. Let me guess, you don’t have nginx_proxy.conf in the same directory as docker-compose.yml?

Hi David,

root@localhost:~/docker-compose# ls
dc2.bak  dc.bak  docker-compose.yml  ng.bak  nginx_proxy.conf

Files live together in the same folder.

I just did a remove all images and tried to a docker-compose up… Pertinent updates below…

Creating nginx-proxy      ... error
Creating grampsweb   ...
Creating grampsweb_redis ...
Creating nginx-proxy-acme ...
ERROR: for nginx-proxy  Cannot start service proxy: failed to create task
for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container
init: error mounting "/root/docker-compose/nginx_proxy.conf" to rootfs at
"/etc/nginx/conf.d/my_proxy.conf": mount /root/docker-compose/nginx_proxy.conf:/etc/nginx/conf.d/my_proxy.conf (via /proc/self/fd/6), flags: 0x5001:Creating grampsweb        ... done
Creating grampsweb_redis  ... done
Creating nginx-proxy-acme ... done
Creating grampsweb_celery ... done
ERROR: for proxy  Cannot start service proxy: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init:
error mounting "/root/docker-compose/nginx_proxy.conf" to rootfs at "/etc/nginx/conf.d/my_proxy.conf": mount /root/docker-compose/nginx_proxy.conf:/etc/nginx/conf.d/my_proxy.conf (via /proc/self/fd/6), flags: 0x5001: not a directory: unknown: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type
ERROR: Encountered errors while bringing up the project.
root@localhost:~/docker-compose#

As a reminder proxy area of docker compose here:

  proxy:
    image: nginxproxy/nginx-proxy
    container_name: nginx-proxy
    restart: always
    ports:
      - 80:80
      - 443:443
    environment:
      ENABLE_IPV6: "true"
    volumes:
      - ./nginx_proxy.conf:/etc/nginx/conf.d/my_proxy.conf:ro
      - conf:/etc/nginx/conf.d
      - dhparam:/etc/nginx/dhparam
      - certs:/etc/nginx/certs:ro
      - vhost.d:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/tmp/docker.sock:ro
    networks:
      - proxy-tier

Very :thinking:

Chris

This seems to be the issue; thus my guess. Weird indeed.

Is the expected outcome a conf folder in the proxy image with the nginx_proxy.conf within it?

What is the objective of this volume line?

  - ./nginx_proxy.conf:/etc/nginx/conf.d/my_proxy.conf:ro

It’s to mount the file on the LHS to the file on the RHS, to have nginx pick up the client_max_body_size setting.

If /root/docker-compose/nginx_proxy.conf is not a directory (please check), try changing the file name on the RHS; nginx should use any *.conf file in conf.d.

I’ve tried many different ways of doing the bind and it seems current docker and docker-compose will not allow a single file to be bound… It does allow a folder containing a single file to be bound to a target, but that has downstream problems.

If someone has the let’s encrypt working please let me know which version of docker and docker-compose.

Did you find any documentation about that? I find it very surprising. What are your versions?

Hi David

I’m sure it’s a bug and not an intended change. In fact it looks like this bug has existed in the past, and was fixed before. I’ve seen evidence for this in other people having posted the same problem years ago.

The behaviour does not reflect the documentation, and I’ve tried 2 different Linux distros.

Docker:

Client: Docker Engine - Communitydocker version
 Version:           24.0.2
 API version:       1.43
 Go version:        go1.20.4
 Git commit:        cb74dfc
 Built:             Thu May 25 21:53:10 2023
 OS/Arch:           linux/amd64
 Context:           default
Server: Docker Engine - Community
 Engine:
  Version:          24.0.2
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.20.4
  Git commit:       659604f
  Built:            Thu May 25 21:52:10 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.21
  GitCommit:        3dce8eb055cbb6872793272b4f20ed16117344
f8
 runc:
  Version:          1.1.7
  GitCommit:        v1.1.7-0-g860f061
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

Docker-Compose

Docker Compose version v2.19.1

Hey David…

On a whim I started from scratch again. This time with no pre installs of docker…

And guess what, I made it beyond the darn file mount… Yay…

But still got stuck… Boo…

 ✔ Container nginx-proxy-acme  Created                                                    0.0s Attaching to grampsweb, grampsweb_celery, grampsweb_redis, nginx-proxy, nginx-proxy-acme
nginx-proxy       | Info: running nginx-proxy version 1.3.1-30-g6329ea9
nginx-proxy       | Warning: A custom dhparam.pem file was provided. Best practice is to use standardized RFC7919 DHE groups instead.
grampsweb_redis   | 1:C 04 Jul 2023 20:37:50.605 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
grampsweb_redis   | 1:C 04 Jul 2023 20:37:50.606 # Redis version=7.0.11, bits=64, commit=00000000, modified=0, pid=1, just started
grampsweb_redis   | 1:C 04 Jul 2023 20:37:50.606 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf
grampsweb_redis   | 1:M 04 Jul 2023 20:37:50.607 * Increased maximum number of open files to 10032 (it was originally set to 1024).
grampsweb_redis   | 1:M 04 Jul 2023 20:37:50.607 * monotonic clock: POSIX clock_gettime
grampsweb_redis   | 1:M 04 Jul 2023 20:37:50.626 * Running mode=standalone, port=6379.
grampsweb_redis   | 1:M 04 Jul 2023 20:37:50.626 # Server initialized
grampsweb_redis   | 1:M 04 Jul 2023 20:37:50.626 # WARNING Memory overcommit must be enabled! Without it, a background save or replication may fail under low memory condition. Being disabled, it can can also cause failures without low memory condition, see https://github.com/jemalloc/jemalloc/issues/1328. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and
then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
grampsweb_redis   | 1:M 04 Jul 2023 20:37:50.642 * Loading RDB produced by version 7.0.11
grampsweb_redis   | 1:M 04 Jul 2023 20:37:50.642 * RDB age 33728 seconds
grampsweb_redis   | 1:M 04 Jul 2023 20:37:50.642 * RDB memory usage when created 0.82 Mb
grampsweb_redis   | 1:M 04 Jul 2023 20:37:50.642 * Done loading RDB, keys loaded: 0, keys expired: 0.
grampsweb_redis   | 1:M 04 Jul 2023 20:37:50.642 * DB loaded from disk: 0.012 seconds
grampsweb_redis   | 1:M 04 Jul 2023 20:37:50.642 * Ready to accept connections
nginx-proxy       | Warning: TRUST_DOWNSTREAM_PROXY is not set; defaulting to "true". For security, you should explicitly set TRUST_DOWNSTREAM_PROXY to "false" if there is not a trusted reverse proxy in front of this proxy.
nginx-proxy       | Warning: The default value of TRUST_DOWNSTREAM_PROXY might change to "false" in a future version of nginx-proxy. If you require TRUST_DOWNSTREAM_PROXY to be enabled, explicitly set it to "true".
nginx-proxy       | forego      | starting dockergen.1 on port 5000
nginx-proxy       | forego      | starting nginx.1 on port 5100
nginx-proxy       | nginx.1     | 2023/07/04 20:37:50 [notice] 16#16: using the "epoll" event method
nginx-proxy       | nginx.1     | 2023/07/04 20:37:50 [warn] 16#16: 10240 worker_connections exceed open file resource limit: 1024
nginx-proxy       | nginx.1     | nginx: [warn] 10240 worker_connections exceed open file resource limit: 1024
nginx-proxy       | nginx.1     | 2023/07/04 20:37:50 [notice] 16#16: nginx/1.25.1
nginx-proxy       | nginx.1     | 2023/07/04 20:37:50 [notice] 16#16: built by gcc 12.2.0 (Debian 12.2.0-14)
nginx-proxy       | nginx.1     | 2023/07/04 20:37:50 [notice] 16#16: OS: Linux 5.15.0-76-generic
nginx-proxy       | nginx.1     | 2023/07/04 20:37:50 [notice] 16#16: getrlimit(RLIMIT_NOFILE): 1024:524288
nginx-proxy       | nginx.1     | 2023/07/04 20:37:50 [notice] 16#16: start worker processes
nginx-proxy       | nginx.1     | 2023/07/04 20:37:50 [notice] 16#16: start worker process 22
nginx-proxy       | dockergen.1 | 2023/07/04 20:37:54 Generated '/etc/nginx/conf.d/default.conf' from 5 containers
nginx-proxy       | dockergen.1 | 2023/07/04 20:37:54 Running 'nginx -s reload'
nginx-proxy-acme  | Info: running acme-companion version v2.2.8-8-g6106556
nginx-proxy       | nginx.1     | 2023/07/04 20:37:55 [notice] 16#16: signal 1 (SIGHUP) received from 24, reconfiguring
nginx-proxy       | nginx.1     | 2023/07/04 20:37:55 [notice] 16#16: reconfiguring
nginx-proxy       | nginx.1     | 2023/07/04 20:37:55 [notice] 16#16: using the "epoll" event method
nginx-proxy       | nginx.1     | 2023/07/04 20:37:55 [warn] 16#16: 10240 worker_connections exceed open file resource limit: 1024
nginx-proxy       | nginx.1     | 2023/07/04 20:37:55 [notice] 16#16: start worker processes
nginx-proxy       | nginx.1     | 2023/07/04 20:37:55 [notice] 16#16: start worker process 25
nginx-proxy       | nginx.1     | 2023/07/04 20:37:55 [notice] 22#22: gracefully shutting down
nginx-proxy       | nginx.1     | 2023/07/04 20:37:55 [notice] 22#22: exiting
nginx-proxy       | nginx.1     | 2023/07/04 20:37:55 [notice] 22#22: exit
nginx-proxy       | dockergen.1 | 2023/07/04 20:37:55 Watching docker events
nginx-proxy       | nginx.1     | 2023/07/04 20:37:55 [notice] 16#16: signal 17 (SIGCHLD) received from 22
nginx-proxy       | nginx.1     | 2023/07/04 20:37:55 [notice] 16#16: worker process 22 exited with code 0
nginx-proxy       | nginx.1     | 2023/07/04 20:37:55 [notice] 16#16: signal 29 (SIGIO) received
nginx-proxy       | dockergen.1 | 2023/07/04 20:37:55 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
^CGracefully stopping... (press Ctrl+C again to force)

Have you seen this behaviour before? And hints on how to fix?

Chris

The answer is in the log:

You have a memory management problem and you need to tune the linux kernel.

1 Like

Thanks SNoiraud…

I’ll look into my options…

Thank you David and SNoiraud,

I had a breakthrough tonight! System is up.

VPS - Ubuntu 22.04 and current docker

Thanks again,

Chris

3 Likes

Hi,

I finally updated the DO image at Gramps Web | DigitalOcean Marketplace 1-Click App because I think the Let’s Encrypt setup had an issue. Hope it will run more smooth for future users.

1 Like

plz tell what s solution for problem:
- ./nginx_proxy.conf:/etc/nginx/conf.d/my_proxy.conf:ro

Chris, plz call me on email!

Have you looked at this message above on this thead:

sorry.
yes, i have looked, but HOW i can find answer for it:

Is the expected outcome a conf folder in the proxy image with the nginx_proxy.conf within it?

everybody dancing from
https://www.grampsweb.org/LetsEncrypt/
and receives this error

  • ./nginx_proxy.conf:/etc/nginx/conf.d/my_proxy.conf:ro

Looks like, this line from docker-compose.yml says:

mount the file on the LeftHandSide to the file on the RightHandSide, to have nginx pick up the client_max_body_size setting.

is it possible to mount a file on a directory?

is the RightHandSide = folder in the proxy image (how check it)?
is the LeftHandSide = my local path (on pic below)?

Снимок экрана от 2023-11-08 02-12-38

if it cant be easy mounted => What should be in this mount line in the standard way for
user@user-v:~/app$ sudo docker compose up -d
?

What should be the local file hierarchy in ubuntu/linux?
Tnx

Thanks for expanding the details on your question. The 1st posting was vague.

There’s a better chance of getting an actionable reply now.