1

I am trying to access certbot ssl certificates on my host machine within a docker container. My certifications are located in /etc/letsencrypt/live/domain.com I am loading my container using the args:

docker run -v /etc/letsencrypt/live/domain.com:/certs -it --rm -p 80:80 kaws/kaws_app:latest

My python script within the docker container says that the files or directories are not found. I'm trying to load the certificates that exist in /etc/letsencrypt/live/domain.com/

The error I'm receiving says:

ssl_context.load_cert_chain('/certs/fullchain.pem', '/certs/privkey.pem')
FileNotFoundError: [Errno 2] No such file or directory

How do I access files on my host machine from my python script within my docker container?

Dockerfile

# Use the official Python 3 image.
# https://hub.docker.com/_/python
FROM python:3-alpine

RUN \
  apk add --no-cache python3 py3-pip \
  && apk upgrade --update \
  && apk add git \
  && apk add --update alpine-sdk \
  && apk add libffi-dev openssl-dev \
  && apk --no-cache --update add build-base

COPY . /app

# Create and change to the app directory.
WORKDIR /app

RUN apk add --no-cache --virtual .build-deps \
  gcc musl-dev

RUN pip install --no-cache-dir -r requirements.txt

# Cleanup dev dependencies
RUN apk del -f .build-deps

RUN chmod 444 app.py
RUN chmod 444 requirements.txt

# Service must listen to $PORT environment variable.
# This default value facilitates local development.
ENV PORT 80
ENV PORT 443

# Run the web service on container startup.
CMD [ "python", "app.py" ]

Update:
I ran the following code within my python script to see if it could see the certs and its able to see them, but it still gives an error.

for root, dirs, files in os.walk("/certs"):
    for filename in files:
        print(filename)

Output:

docker run kaws/kaws_app:latest
chain.pem
fullchain.pem
privkey.pem
cert.pem
README
Traceback (most recent call last):
  File "/app/app_pusher.py", line 83, in <module>
    ssl_context.load_cert_chain('/certs/fullchain.pem', '/certs/privkey.pem')
kaws
  • 105
  • 9
  • Which OS are you running? – jtlz2 Jan 07 '21 at 06:14
  • Are you sure `/etc/letsencrypt/live/domain.com/fullchain.pem` and `/etc/letsencrypt/live/domain.com/privkey.pem` exist? – jtlz2 Jan 07 '21 at 06:15
  • @jtlz2 I'm running ubuntu 20.04. I'm sure the files exist, I can cat/print them. – kaws Jan 07 '21 at 07:33
  • Does this answer your question? [How to mount a host directory in a Docker container](https://stackoverflow.com/questions/23439126/how-to-mount-a-host-directory-in-a-docker-container) – jtlz2 Jan 07 '21 at 08:06
  • Possible duplicate of https://stackoverflow.com/questions/34504156/docker-volume-not-mounting-any-files – jtlz2 Jan 07 '21 at 08:13
  • 1
    Does the python process have the required permissions to list those files in that dir? – jtlz2 Jan 07 '21 at 09:39
  • 1
    @jtlz2 I'll try adding permissions to the files in the directory and try again. Thank you for your time – kaws Jan 08 '21 at 05:24
  • @jtlz2 I was mistaken, the permissions even at 777 can't see the files for some reason. when I use `ls /certs` in run, it shows the files though, but the python script says `ssl_context.load_cert_chain('/certs/fullchain.pem', '/certs/privkey.pem') FileNotFoundError: [Errno 2] No such file or directory` – kaws Jan 10 '21 at 06:07

2 Answers2

1

Looking at https://docs.docker.com/storage/volumes/#choose-the--v-or---mount-flag, you need to drop the : after /certs.

Your command is then

docker run -v /etc/letsencrypt/live/domain.com:/certs -it --rm -p 80:80 kaws/kaws_app:latest

You may need to enable sharing on your OS as well (you do on macOS).

jtlz2
  • 7,700
  • 9
  • 64
  • 114
0

You should mount cert dictionary into docker container:

docker run -it --rm -v /etc/letsencrypt/live/domain.com:/certs -p 80:80 kaws/kaws_app:latest
Thanh Nguyen Van
  • 10,292
  • 6
  • 35
  • 53