Re: Docker TLS for PGAdmin

Hi Aditya

Yes I can get a regular http connection with myip:80 when I run:

docker run -p 80:80 -e 'PGADMIN_DEFAULT_EMAIL=somebody(at)anyemail(dot)com' -e 'PGADMIN_DEFAULT_PASSWORD=userpwd' -e 'PGADMIN_ENABLE_TLS=True' -d dpage/pgadmin4

I was able to do this last week when I first accessed the image. However my query has been about getting pgadmin to run with TLS with the following:

docker run -p 443:443 -v /private/var/lib/pgadmin:/var/lib/pgadmin -v /etc/ssl/certs/server.cert:/certs/server.cert -v /etc/ssl/private/server.key:/certs/server.key -v /private/var/lib/pgadmin/servers.json:/pgadmin4/servers.json -e 'PGADMIN_DEFAULT_EMAIL=somebody(at)anyemail(dot)com' -e 'PGADMIN_DEFAULT_PASSWORD=userpwd' -e 'PGADMIN_ENABLE_TLS=True' -d dpage/pgadmin4

Just to confirm I am on an EC2 instance running Ubuntu and all my certs and keys are self signed

Regards

Omar

> On 26 Jun 2020, at 11:51, Aditya Toshniwal <aditya(dot)toshniwal(at)enterprisedb(dot)com> wrote:
>
> Hi Omar,
>
> It looks to be launched successfully. What does 'docker ps' show now ? For me without TLS it shows following and works with 0.0.0.0:80 in the browser:
>
> adityatoshniwal(at)Laptop381pnin pgadmin4_copy % docker ps
> CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
> a7f32fd312c7 dpage/pgadmin4 "/entrypoint.sh" 4 seconds ago Up 3 seconds 0.0.0.0:80->80/tcp, 443/tcp objective_swanson
>
>
>
>> On Fri, Jun 26, 2020 at 3:09 PM Omar Francis <omar(dot)francis(at)branchbot(dot)com> wrote:
>> Hi Aditya thanks for your help I have given a+rwx to that dir. The container status is now up however I am not getting a pgadmin login screen on my browser when I navigate to publicip:443
>>
>> Is there a critical connection flaw in the logs below that stops this?
>>
>> Thanks again :)
>>
>>
>> WARNING: Failed to set ACL on the directory containing the configuration database: [Errno 1] Operation not permitted: '/var/lib/pgadmin'
>> NOTE: Configuring authentication for SERVER mode.
>>
>> WARNING: Failed to set ACL on the directory containing the configuration database: [Errno 1] Operation not permitted: '/var/lib/pgadmin'
>> Added 1 Server Group(s) and 1 Server(s).
>> sudo: setrlimit(RLIMIT_CORE): Operation not permitted
>> [2020-06-26 09:28:34 +0000] [1] [INFO] Starting gunicorn 19.9.0
>> [2020-06-26 09:28:34 +0000] [1] [INFO] Listening at: http://[::]:443 (1)
>> [2020-06-26 09:28:34 +0000] [1] [INFO] Using worker: threads
>> /usr/local/lib/python3.8/os.py:1023: RuntimeWarning: line buffering (buffering=1) isn't supported in binary mode, the default buffer size will be used
>> return io.open(fd, *args, **kwargs)
>> [2020-06-26 09:28:34 +0000] [91] [INFO] Booting worker with pid: 91
>>
>>
>>
>>
>>> On 26 Jun 2020, at 09:39, Aditya Toshniwal <aditya(dot)toshniwal(at)enterprisedb(dot)com> wrote:
>>>
>>> Hi Omar,
>>>
>>> The logs say there's insufficient permission given to the mapped volume - /private/var/lib/pgadmin. Please go through - https://www.pgadmin.org/docs/pgadmin4/4.23/container_deployment.html#mapped-files-and-directories once and make sure the requirements are satisfied.
>>>
>>>> On Fri, Jun 26, 2020 at 1:55 PM Omar Francis <omar(dot)francis(at)branchbot(dot)com> wrote:
>>>> Hi Aditya
>>>>
>>>> Please find the lovs below thanks :)
>>>>
>>>>
>>>>
>>>> ubuntu(at)my-ip:~$ docker logs tender_goodall
>>>> WARNING: Failed to set ACL on the directory containing the configuration database: [Errno 1] Operation not permitted: '/var/lib/pgadmin'
>>>> Traceback (most recent call last):
>>>> File "run_pgadmin.py", line 4, in <module>
>>>> from pgAdmin4 import app
>>>> File "/pgadmin4/pgAdmin4.py", line 92, in <module>
>>>> app = create_app()
>>>> File "/pgadmin4/pgadmin/__init__.py", line 241, in create_app
>>>> create_app_data_directory(config)
>>>> File "/pgadmin4/pgadmin/setup/data_directory.py", line 40, in create_app_data_directory
>>>> _create_directory_if_not_exists(config.SESSION_DB_PATH)
>>>> File "/pgadmin4/pgadmin/setup/data_directory.py", line 16, in _create_directory_if_not_exists
>>>> os.mkdir(_path)
>>>> PermissionError: [Errno 13] Permission denied: '/var/lib/pgadmin/sessions'
>>>> WARNING: Failed to set ACL on the directory containing the configuration database: [Errno 1] Operation not permitted: '/var/lib/pgadmin'
>>>> Traceback (most recent call last):
>>>> File "/pgadmin4/setup.py", line 407, in <module>
>>>> load_servers(args)
>>>> File "/pgadmin4/setup.py", line 167, in load_servers
>>>> app = create_app()
>>>> File "/pgadmin4/pgadmin/__init__.py", line 241, in create_app
>>>> create_app_data_directory(config)
>>>> File "/pgadmin4/pgadmin/setup/data_directory.py", line 40, in create_app_data_directory
>>>> _create_directory_if_not_exists(config.SESSION_DB_PATH)
>>>> File "/pgadmin4/pgadmin/setup/data_directory.py", line 16, in _create_directory_if_not_exists
>>>> os.mkdir(_path)
>>>> PermissionError: [Errno 13] Permission denied: '/var/lib/pgadmin/sessions'
>>>> sudo: setrlimit(RLIMIT_CORE): Operation not permitted
>>>> [2020-06-26 08:21:48 +0000] [1] [INFO] Starting gunicorn 19.9.0
>>>> [2020-06-26 08:21:48 +0000] [1] [INFO] Listening at: http://[::]:443 (1)
>>>> [2020-06-26 08:21:48 +0000] [1] [INFO] Using worker: threads
>>>> /usr/local/lib/python3.8/os.py:1023: RuntimeWarning: line buffering (buffering=1) isn't supported in binary mode, the default buffer size will be used
>>>> return io.open(fd, *args, **kwargs)
>>>> [2020-06-26 08:21:48 +0000] [91] [INFO] Booting worker with pid: 91
>>>> [2020-06-26 08:21:49 +0000] [91] [ERROR] Exception in worker process
>>>> Traceback (most recent call last):
>>>> File "/usr/local/lib/python3.8/site-packages/gunicorn/arbiter.py", line 583, in spawn_worker
>>>> worker.init_process()
>>>> File "/usr/local/lib/python3.8/site-packages/gunicorn/workers/gthread.py", line 104, in init_process
>>>> super(ThreadWorker, self).init_process()
>>>> File "/usr/local/lib/python3.8/site-packages/gunicorn/workers/base.py", line 129, in init_process
>>>> self.load_wsgi()
>>>> File "/usr/local/lib/python3.8/site-packages/gunicorn/workers/base.py", line 138, in load_wsgi
>>>> self.wsgi = self.app.wsgi()
>>>> File "/usr/local/lib/python3.8/site-packages/gunicorn/app/base.py", line 67, in wsgi
>>>> self.callable = self.load()
>>>> File "/usr/local/lib/python3.8/site-packages/gunicorn/app/wsgiapp.py", line 52, in load
>>>> return self.load_wsgiapp()
>>>> File "/usr/local/lib/python3.8/site-packages/gunicorn/app/wsgiapp.py", line 41, in load_wsgiapp
>>>> return util.import_app(self.app_uri)
>>>> File "/usr/local/lib/python3.8/site-packages/gunicorn/util.py", line 350, in import_app
>>>> __import__(module)
>>>> File "/pgadmin4/run_pgadmin.py", line 4, in <module>
>>>> from pgAdmin4 import app
>>>> File "/pgadmin4/pgAdmin4.py", line 92, in <module>
>>>> app = create_app()
>>>> File "/pgadmin4/pgadmin/__init__.py", line 241, in create_app
>>>> create_app_data_directory(config)
>>>> File "/pgadmin4/pgadmin/setup/data_directory.py", line 40, in create_app_data_directory
>>>> _create_directory_if_not_exists(config.SESSION_DB_PATH)
>>>> File "/pgadmin4/pgadmin/setup/data_directory.py", line 16, in _create_directory_if_not_exists
>>>> os.mkdir(_path)
>>>> PermissionError: [Errno 13] Permission denied: '/var/lib/pgadmin/sessions'
>>>> [2020-06-26 08:21:49 +0000] [91] [INFO] Worker exiting (pid: 91)
>>>> WARNING: Failed to set ACL on the directory containing the configuration database: [Errno 1] Operation not permitted: '/var/lib/pgadmin'
>>>> /usr/local/lib/python3.8/os.py:1023: RuntimeWarning: line buffering (buffering=1) isn't supported in binary mode, the default buffer size will be used
>>>> return io.open(fd, *args, **kwargs)
>>>> [2020-06-26 08:21:49 +0000] [1] [INFO] Shutting down: Master
>>>> [2020-06-26 08:21:49 +0000] [1] [INFO] Reason: Worker failed to boot.
>>>>
>>>>
>>>>> On 26 Jun 2020, at 06:53, Aditya Toshniwal <aditya(dot)toshniwal(at)enterprisedb(dot)com> wrote:
>>>>>
>>>>> Hi Omar,
>>>>>
>>>>> I meant the "docker logs" command. Refer- https://docs.docker.com/engine/reference/commandline/logs/. Run "docker ps -a", grab the container id and user "docker logs <container id>".
>>>>>
>>>>>> On Thu, Jun 25, 2020 at 7:03 PM Omar Francis <omar(dot)francis(at)branchbot(dot)com> wrote:
>>>>>> Hi Aditya
>>>>>>
>>>>>> Below is the output from when I run it in ubuntu. Moments after running docker ps the first time the container exits
>>>>>>
>>>>>> ubuntu(at)my-ip:~$ docker run -p 443:443 -v /private/var/lib/pgadmin:/var/lib/pgadmin -v /etc/ssl/certs/server.cert:/certs/server.cert -v /etc/ssl/private/server.key:/certs/server.key -v /private/var/lib/pgadmin/servers.json:/pgadmin4/servers.json -e 'PGADMIN_DEFAULT_EMAIL=somebody(at)anyemail(dot)com' -e 'PGADMIN_DEFAULT_PASSWORD=userpwd' -e 'PGADMIN_ENABLE_TLS=True' -d dpage/pgadmin4
>>>>>> f17b1525d62908a8440a3f8caa73c8442de077e652d311e44df6630f5cc3babd
>>>>>> ubuntu(at)my-ip:~$ docker ps
>>>>>> CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
>>>>>> f17b1525d629 dpage/pgadmin4 "/entrypoint.sh" 4 seconds ago Up 3 seconds 80/tcp, 0.0.0.0:443->443/tcp gracious_shockley
>>>>>> ubuntu(at)my-ip:~$ docker ps
>>>>>> CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
>>>>>> ubuntu(at)my-ip:~$
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> On 25 Jun 2020, at 11:25, Aditya Toshniwal <aditya(dot)toshniwal(at)enterprisedb(dot)com> wrote:
>>>>>>>
>>>>>>> Hi Omar,
>>>>>>>
>>>>>>> Could you please share docker logs ? Might get something helpful there.
>>>>>>>
>>>>>>>> On Thu, Jun 25, 2020 at 3:29 PM Omar Francis <omar(dot)francis(at)branchbot(dot)com> wrote:
>>>>>>>>
>>>>>>>> Hi am I emailing the right mailbox? Dave Page advised this was the correct channel for support on his image.
>>>>>>>>
>>>>>>>> Regards
>>>>>>>>
>>>>>>>> Omar
>>>>>>>>
>>>>>>>> > On 22 Jun 2020, at 09:38, Omar Francis <omar(dot)francis(at)branchbot(dot)com> wrote:
>>>>>>>> >
>>>>>>>> > Hi all
>>>>>>>> >
>>>>>>>> > I am looking to run PGAdmin4 over TLS through a Docker container in a Ubuntu terminal. I have been able to run over a simple http connection but when I pass in the arguments below to set up TLS the container ID runs for several seconds before exiting.
>>>>>>>> >
>>>>>>>> > docker run -p 443:443 \
>>>>>>>> > -v /private/var/lib/pgadmin:/var/lib/pgadmin \
>>>>>>>> > -v /etc/ssl/certs/server.cert:/certs/server.cert \
>>>>>>>> > -v /etc/ssl/private/server.key:/certs/server.key \
>>>>>>>> > -v /private/var/lib/pgadmin/servers.json:/pgadmin4/servers.json \
>>>>>>>> > -e 'PGADMIN_DEFAULT_EMAIL=user(at)email(dot)com' \
>>>>>>>> > -e 'PGADMIN_DEFAULT_PASSWORD=userpwd' \
>>>>>>>> > -e 'PGADMIN_ENABLE_TLS=True' \
>>>>>>>> > -d dpage/pgadmin4
>>>>>>>> >
>>>>>>>> > I have created the key, certificates required and am pointing to the correct directories. Would anyone who has connected through Docker be able to shed some light?
>>>>>>>> >
>>>>>>>> > Thanks
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Thanks and Regards,
>>>>>>> Aditya Toshniwal
>>>>>>> pgAdmin Hacker | Sr. Software Engineer | EnterpriseDB India | Pune
>>>>>>> "Don't Complain about Heat, Plant a TREE"
>>>>>
>>>>>
>>>>> --
>>>>> Thanks and Regards,
>>>>> Aditya Toshniwal
>>>>> pgAdmin Hacker | Sr. Software Engineer | EnterpriseDB India | Pune
>>>>> "Don't Complain about Heat, Plant a TREE"
>>>
>>>
>>> --
>>> Thanks and Regards,
>>> Aditya Toshniwal
>>> pgAdmin Hacker | Sr. Software Engineer | EnterpriseDB India | Pune
>>> "Don't Complain about Heat, Plant a TREE"
>
>
> --
> Thanks and Regards,
> Aditya Toshniwal
> pgAdmin Hacker | Sr. Software Engineer | EnterpriseDB India | Pune
> "Don't Complain about Heat, Plant a TREE"