TLDR: Has anyone using docker set up SSL yet with the automated (docker-compose) or other methods?
I have been working on getting the docker open-emr image up on google infrastructure, and have been successful so far. I have been documenting my process and will make that available once I get it cleaned up. I could not get it working following google’s tutorial at https://cloud.google.com/community/tutorials/docker-compose-on-container-optimized-os because the file system on the container optimized images is read only.
Their smallest (1 shared cpu, .6gb memory) was too short on memory. The next largest (g1-small (1 vCPU, 1.7 GB memory)) is roughly $11 a month to run and it is working for me so far in development (and may even work for my wife). I used a ubuntu 16.04 image, installed docker, pulled my source from github and was working on a live dynamic IP within an hour or so.
I was able to secure a static address, figure out how to get the a name dns entries to add a forward from one of my wife’s domains to the address in google’s cloud, and can access the site through http.
I want to enable SSL and the ports are forwarded appropriately, but I can’t seem to figure out how to accomplish the certificate part in openemr. I tried to follow the instructions under Administration/Other/Certificates, but failed once I could not restart the apache service within the docker container. I then saw that I could put the DOMAIN and EMAIL environment variables to automate the process but I got the following message in the log:
dhillison@another-emr:~/openemr$ docker container logs 3813cc9ff372 WARNING: SETTING AN EMAIL VIA $EMAIL is HIGHLY RECOMMENDED IN ORDER TO RECEIVE ALERTS FROM LETSENCRYPT ABOUT YOUR SSL CERTIFICATE. Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for emr.capitalspeechpath.com Using the webroot path /var/www/localhost/htdocs/openemr for all unmatched domains. Waiting for verification... Cleaning up challenges Failed authorization procedure. emr.capitalspeechpath.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://emr.capitalspeechpath.com/.well-known/acme-challenge/C27aszh6Snl2ZbSryceQQpijk39RfTrGk_xhMoURrUM: Timeout IMPORTANT NOTES: - The following errors were reported by the server: Domain: emr.capitalspeechpath.com Type: connection Detail: Fetching http://emr.capitalspeechpath.com/.well-known/acme-challenge/C27aszh6Snl2ZbSryceQQpijk39RfTrGk_xhMoURrUM: Timeout To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. WARNING: SETTING AN EMAIL VIA $EMAIL is HIGHLY RECOMMENDED IN ORDER TO RECEIVE ALERTS FROM LETSENCRYPT ABOUT YOUR SSL CERTIFICATE. Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None
It kept trying to redo this step and getting the error until letsencrypt stopped responding to its requests. I ended the container, so I don’ have access to the lets encrypt log. Is it necessary for me to get it or am I doing something else boneheaded that needs to be fixed first?
Has anyone using docker set up SSL yet with the automated or other methods?