TLDR: Has anyone using docker set up SSL yet with the automated (docker-compose) or other methods?
I have been working on getting the docker open-emr image up on google infrastructure, and have been successful so far. I have been documenting my process and will make that available once I get it cleaned up. I could not get it working following google’s tutorial at https://cloud.google.com/community/tutorials/docker-compose-on-container-optimized-os because the file system on the container optimized images is read only.
Their smallest (1 shared cpu, .6gb memory) was too short on memory. The next largest (g1-small (1 vCPU, 1.7 GB memory)) is roughly $11 a month to run and it is working for me so far in development (and may even work for my wife). I used a ubuntu 16.04 image, installed docker, pulled my source from github and was working on a live dynamic IP within an hour or so.
I was able to secure a static address, figure out how to get the a name dns entries to add a forward from one of my wife’s domains to the address in google’s cloud, and can access the site through http.
I want to enable SSL and the ports are forwarded appropriately, but I can’t seem to figure out how to accomplish the certificate part in openemr. I tried to follow the instructions under Administration/Other/Certificates, but failed once I could not restart the apache service within the docker container. I then saw that I could put the DOMAIN and EMAIL environment variables to automate the process but I got the following message in the log:
dhillison@another-emr:~/openemr$ docker container logs 3813cc9ff372
WARNING: SETTING AN EMAIL VIA $EMAIL is HIGHLY RECOMMENDED IN ORDER TO
RECEIVE ALERTS FROM LETSENCRYPT ABOUT YOUR SSL CERTIFICATE.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for emr.capitalspeechpath.com
Using the webroot path /var/www/localhost/htdocs/openemr for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. emr.capitalspeechpath.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://emr.capitalspeechpath.com/.well-known/acme-challenge/C27aszh6Snl2ZbSryceQQpijk39RfTrGk_xhMoURrUM: Timeout
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: emr.capitalspeechpath.com
Type: connection
Detail: Fetching
http://emr.capitalspeechpath.com/.well-known/acme-challenge/C27aszh6Snl2ZbSryceQQpijk39RfTrGk_xhMoURrUM:
Timeout
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
WARNING: SETTING AN EMAIL VIA $EMAIL is HIGHLY RECOMMENDED IN ORDER TO
RECEIVE ALERTS FROM LETSENCRYPT ABOUT YOUR SSL CERTIFICATE.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
It kept trying to redo this step and getting the error until letsencrypt stopped responding to its requests. I ended the container, so I don’ have access to the lets encrypt log. Is it necessary for me to get it or am I doing something else boneheaded that needs to be fixed first?
Has anyone using docker set up SSL yet with the automated or other methods?
Thanks,
Derek