Loading volume into docker container

I am using Ubuntu on my host machine, and I have a docker container also running Ubuntu that contains an ASP .NET website. Now the issue is I can’t seem to figure out how to get the container to mount my SSL keys from my host machine. My docker-compose.yml file has the following volumes specified.

    volumes:
      - /etc/letsencrypt/archive/example.com/fullchain.pem:/etc/ssl/certs/fullchain.pem:ro
      - /etc/letsencrypt/archive/example.com/privkey.pem:/etc/ssl/private/privkey.pem:ro
      - app-data:/app/data
      - app-data:/root/.aspnet/DataProtection-Keys

volumes:
  app-data:

I also verified these files exist by using cat /etc/letsencrypt/archive/example.com/privkey1.pem and cat /etc/letsencrypt/archive/example.com/fullchain1.pem which all worked perfectly. But when I compose my container, I always get the following errors because it can’t seem to find the file.

Unhandled exception. Interop+Crypto+OpenSslCryptographicException: error:2006D080:BIO routines:BIO_new_file:no such file
   at Interop.Crypto.CheckValidOpenSslHandle(SafeHandle handle)
   at Internal.Cryptography.Pal.OpenSslX509CertificateReader.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
   at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
   at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
   at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, String fileName, String password)

I also ensured the permissions are right by running the following to no avail.

sudo chmod 644 /etc/letsencrypt/archive/example.com/fullchain1.pem
sudo chmod 600 /etc/letsencrypt/archive/example.com/privkey1.pem
sudo chmod 755 /etc/letsencrypt/archive
sudo chmod 755 /etc/letsencrypt/archive/example.com

Next, I tried manually starting the container, but I get the same error where the container instantly closes due to the exception.

docker run -it --rm \
  -v /etc/letsencrypt/archive/example.com/fullchain1.pem:/etc/ssl/certs/fullchain.pem:ro \
  -v /etc/letsencrypt/archive/example.com/privkey1.pem:/etc/ssl/private/privkey.pem:ro \
  server /bin/bash

Lastly, here is my Program class which is trying to read the HTTPS cert which is what is generating the actual no file found exception.

    public class Program
    {
        public static void Main(string[] args)
        {
            CreateHostBuilder(args).Build().Run();
        }

        public static IHostBuilder CreateHostBuilder(string[] args) =>
        Host.CreateDefaultBuilder(args)
            .ConfigureWebHostDefaults(webBuilder =>
            {
                webBuilder.UseStartup<Startup>()
                    .UseKestrel(options =>
                    {
                        options.ListenAnyIP(80); // HTTP
                        options.ListenAnyIP(443, listenOptions =>
                        {
                            listenOptions.UseHttps("/etc/ssl/certs/fullchain.pem", "/etc/ssl/private/privkey.pem");
                        });
                    });
            });
    }

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.