Typesense Certificate Error in Docker Compose
TLDR Suraj encountered an issue with typesense not finding SSL certificates in docker compose, even though certs were mounted successfully. After several suggestions by Jason, the issue was resolved by Suraj by mounting the correct folder in the docker compose file.



Aug 22, 2022 (13 months ago)
Suraj
03:34 PMJason
05:09 PMSuraj
05:12 PMversion: "3.9"
services:
typesense:
image: typesense/typesense:0.23.1
environment:
- API_KEY=${API_KEY}
entrypoint: sh -c "/opt/typesense-server --data-dir=/data --api-key=${API_KEY} --enable-cors --api-port=443 --ssl-certificate=/etc/letsencrypt/live/test.domain.io/fullchain.pem --ssl-certificate-key=/etc/letsencrypt/live/test.domain.io/privkey.pem"
ports:
- "443:443"
- "8108:8108"
restart: unless-stopped
volumes:
- typesense-data:/data
- certbot-etc:/etc/letsencrypt/live
depends_on:
- certbot
certbot:
image: certbot/certbot
container_name: certbot
ports:
- "80:80"
volumes:
- certbot-etc:/etc/letsencrypt/live
command: certonly --standalone --agree-tos --redirect --email -d
volumes:
certbot-etc:
typesense-data:
driver: local
driver_opts:
type: none
device: ./typesense-data/
o: bind
Suraj
05:14 PMJason
05:14 PM/etc/letsencrypt/live
for then Typesense to pickup when starting?Jason
05:15 PMSuraj
05:15 PMSuraj
05:15 PMJason
05:16 PMpath/full chain.pem
”Jason
05:16 PMSuraj
05:16 PMJason
05:16 PMJason
05:18 PMThis is from the Typesense container and not the certbot container right?
Suraj
05:19 PMJason
05:19 PMSuraj
05:21 PMSuraj
05:23 PMSuraj
06:08 PME20220822 18:05:29.061584 24 http_server.cpp:1057] An error occurred while trying to load server certificate file: /etc/letsencrypt/live/tests.surajpatel.org/fullchain.pem
E20220822 18:05:29.061868 24 http_server.cpp:174] Failed to listen on 0.0.0.0:443 - No such file or directory
Jason
06:09 PMSuraj
06:10 PMSuraj
06:41 PMJason
06:43 PMSuraj
06:49 PMJason
06:50 PMcat
ing the contents of the SSL cert / key files from inside the Typesense container?Suraj
06:51 PMJason
06:52 PMHow about changing entry point to something like this:
entrypoint: sh -c "cat /etc/letsencrypt/live/test.domain.io/fullchain.pem && /opt/typesense-server --data-dir=/data --api-key=${API_KEY} --enable-cors --api-port=443 --ssl-certificate=/etc/letsencrypt/live/test.domain.io/fullchain.pem --ssl-certificate-key=/etc/letsencrypt/live/test.domain.io/privkey.pem"
Jason
06:53 PMdocker logs
to see if you see the output of the cat commandSuraj
06:53 PMJason
06:54 PMSuraj
06:55 PMdocker-compose exec typesense ls -la /etc/letsencrypt/live
Suraj
07:16 PMroot@test-typesense:~# docker-compose exec typesense ls -la /etc/letsencrypt/live
total 16
drwxr-xr-x 3 root root 4096 Aug 22 19:15 .
drwxr-xr-x 3 root root 4096 Aug 22 19:16 ..
-rw-r--r-- 1 root root 740 Aug 22 19:15 README
drwxr-xr-x 2 root root 4096 Aug 22 19:15
Suraj
07:22 PMAttaching to root_typesense_1
typesense_1 | cat: /etc/letsencrypt/live/testing.surajpatel.org/fullchain.pem: No such file or directory
Suraj
07:22 PMSuraj
07:26 PMSuraj
07:28 PMSuraj
07:29 PME20220822 19:28:24.086433 28 http_server.cpp:1057] An error occurred while trying to load server certificate file: /etc/letsencrypt/live/testing.surajpatel.org/fullchain.pem
E20220822 19:28:24.086486 28 http_server.cpp:174] Failed to listen on 0.0.0.0:443 - No such file or directory
Jason
08:10 PMOk, then the issue is definitely timing related.
I think by the time you run
docker-compose exec typesense ls -la
the SSL certs have already been generated.Jason
08:10 PMentrypoint: sh -c "sleep 120 && cat /etc/letsencrypt/live/test.domain.io/fullchain.pem && /opt/typesense-server --data-dir=/data --api-key=${API_KEY} --enable-cors --api-port=443 --ssl-certificate=/etc/letsencrypt/live/test.domain.io/fullchain.pem --ssl-certificate-key=/etc/letsencrypt/live/test.domain.io/privkey.pem"
Jason
08:11 PMSuraj
08:21 PMSuraj
08:22 PMtypesense_1 | cat: /etc/letsencrypt/live/testing.surajpatel.org/fullchain.pem: No such file or directory
Jason
08:24 PMCould you try the health-check approach mentioned here: https://stackoverflow.com/a/41854997/123545
In your case the health check in the certbot container would be the presence of the SSL cert and key file.
Suraj
08:32 PM depends_on:
certbot:
condition: service_completed_successfully
Suraj
08:32 PMSuraj
08:32 PMSuraj
08:33 PMJason
09:14 PMSuraj
09:45 PMSuraj
09:45 PM healthcheck:
test: ["CMD-SHELL", "test -f /etc/letsencrypt/live/testing.surajpatel.org/fullchain.pem"]
interval: 1m30s
timeout: 1m
retries: 5
start_period: 30s
Suraj
09:45 PMJason
10:08 PMJason
10:08 PMSuraj
10:10 PM


Aug 25, 2022 (13 months ago)
Suraj
07:37 AMJason
02:42 PMTypesense
Indexed 2764 threads (79% resolved)
Similar Threads
Configuring Docker-hosted Typesense with Let's Encrypt SSL Certificates
Ian asked for help with setting up SSL certificates in a Docker-hosted Typesense. Jason provided suggestions but the issue remains unresolved due to port conflict.
Trouble Running Typesense Docker Image on AMD Phenom II X4 955 Processor
Ian struggles to run Typesense on an AMD Phenom II X4 955 Processor, experiencing the docker image to shut down immediately upon startup. Jason and Kishore Nallan suggest multiple troubleshooting steps, identifying the potential issue as the processor's lack of support for MSSE4 flags.

Typesense Project Server Certificate Loading Issue
Philip had issues loading server certificate while trying to secure a Typesense project. Kishore Nallan suggested mounting the /etc/ssl directory, which resolved the problem.
Troubleshooting Typesense Server Error on Docker
vikram was facing an error with Typesense Server Docker container and loss of data on restart. Kishore Nallan guided to avoid mounting tmp directory from localhost and explained stopping the Docker container.

Trouble with DocSearch Scraper and Pipenv Across Multiple OSs
James ran into errors when trying to build Typesense DocSearch Scraper from scratch, and believes it’s because of a bad Pipfile.lock. Jason attempted to replicate the error, and spent hours trying to isolate the issue but ultimately fixed the problem and copied his bash history for future reference. The conversation touches briefly on the subject of using a virtual machine for testing.


