No HTTP or HTTPS connections after bootstrapping while LDAP works #98
Description
Hello. I am using the config very similar to the demo. I've modified it so ulimits won't need changing.
I get no HTTP or HTTPS connections.
There is no connection even from inside the container when I run bash in it, do apt-get update and apt-get install elinks, the 8080 port does not respond, but PHPLDAPADMIN_HTTPS is set as false.
Certificates are not generated when I disable the option.
Docker version 20.10.14, build a224086349
docker-compose version 1.29.2, build 5becea4c
.env:
LDAP_ORGANISATION=Megacorp LDAP_DOMAIN=megacorp.org LDAP_BASE_DN= LDAP_ADMIN_PASSWORD=SOMEPW-0docker-compose.yml
version: '2' services: openldap: image: osixia/openldap:latest container_name: openldap environment: LDAP_LOG_LEVEL: "256" LDAP_ORGANISATION: $LDAP_ORGANISATION LDAP_DOMAIN: $LDAP_DOMAIN LDAP_BASE_DN: $LDAP_BASE_DN LDAP_ADMIN_PASSWORD: $LDAP_ADMIN_PASSWORD LDAP_CONFIG_PASSWORD: "config" LDAP_READONLY_USER: "false" LDAP_RFC2307BIS_SCHEMA: "false" LDAP_BACKEND: "mdb" LDAP_TLS: "true" LDAP_TLS_CRT_FILENAME: "ldap.crt" LDAP_TLS_KEY_FILENAME: "ldap.key" LDAP_TLS_DH_PARAM_FILENAME: "dhparam.pem" LDAP_TLS_CA_CRT_FILENAME: "ca.crt" LDAP_TLS_ENFORCE: "false" LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0" LDAP_TLS_VERIFY_CLIENT: "demand" LDAP_REPLICATION: "false" KEEP_EXISTING_CONFIG: "false" LDAP_REMOVE_CONFIG_AFTER_SETUP: "true" LDAP_SSL_HELPER_PREFIX: "ldap" tty: true stdin_open: true volumes: - type: bind source: ./ldap target: /var/lib/ldap - type: bind source: ./slapd.d target: /etc/ldap/slapd.d - type: bind source: ./openldap_certs target: /container/service/slapd/assets/certs/ ports: - "389:389" - "636:636" # For replication to work correctly, domainname and hostname must be # set correctly so that "hostname"."domainname" equates to the # fully-qualified domain name for the host. domainname: $LDAP_DOMAIN hostname: "ldap-server" phpldapadmin: image: osixia/phpldapadmin:latest container_name: phpldapadmin hostname: phpldapadmin.megacorp.org environment: PHPLDAPADMIN_LDAP_HOSTS: "openldap" PHPLDAPADMIN_HTTPS: "false" ports: - "8080:8080" - "6443:6443" depends_on: - openldap ulimits: nproc: 65535 nofile: soft: 26677 hard: 46677Now, to confirm LDAP works, I did:
$ docker exec -ti 19c ldapsearch -x -H ldap://localhost -b dc=megacorp,dc=org -D "cn=admin,dc=megacorp,dc=org" -w MCRP-0# extended LDIF # # LDAPv3 # base <dc=megacorp,dc=org> with scope subtree # filter: (objectclass=*) # requesting: ALL # # megacorp.org dn: dc=megacorp,dc=org objectClass: top objectClass: dcObject objectClass: organization o: Megacorp dc: megacorp # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 Moreover, I ran a Python script to confirm it connects from the outside of Docker, which works correctly:
import ldap l = ldap.initialize("ldap://localhost") login_dn = "cn=admin,dc=megacorp,dc=org" login_pw = "SOMEPW-0" l.simple_bind_s(login_dn, login_pw) items = l.search_s("dc=megacorp,dc=org", ldap.SCOPE_SUBTREE, "objectclass=*") for item in items: print(item) print('\n')I get an output, so I presume this is an Apache issue in phpldapadmin:
('dc=megacorp,dc=org', {'objectClass': [b'top', b'dcObject', b'organization'], 'o': [b'Megacorp'], 'dc': [b'megacorp']}) Start log:
phpldapadmin | *** CONTAINER_LOG_LEVEL = 3 (info) phpldapadmin | *** Search service in CONTAINER_SERVICE_DIR = /container/service : phpldapadmin | *** link /container/service/:apache2/startup.sh to /container/run/startup/:apache2 phpldapadmin | *** link /container/service/:apache2/process.sh to /container/run/process/:apache2/run phpldapadmin | *** link /container/service/:apache2/finish.sh to /container/run/process/:apache2/finish phpldapadmin | *** link /container/service/:cron/startup.sh to /container/run/startup/:cron phpldapadmin | *** link /container/service/:cron/process.sh to /container/run/process/:cron/run phpldapadmin | *** link /container/service/:logrotate/startup.sh to /container/run/startup/:logrotate phpldapadmin | *** link /container/service/:php7.3-fpm/startup.sh to /container/run/startup/:php7.3-fpm phpldapadmin | *** link /container/service/:php7.3-fpm/process.sh to /container/run/process/:php7.3-fpm/run phpldapadmin | *** link /container/service/:ssl-tools/startup.sh to /container/run/startup/:ssl-tools phpldapadmin | *** link /container/service/:syslog-ng-core/startup.sh to /container/run/startup/:syslog-ng-core phpldapadmin | *** link /container/service/:syslog-ng-core/process.sh to /container/run/process/:syslog-ng-core/run phpldapadmin | *** link /container/service/ldap-client/startup.sh to /container/run/startup/ldap-client phpldapadmin | *** link /container/service/phpldapadmin/startup.sh to /container/run/startup/phpldapadmin phpldapadmin | *** Set environment for startup files phpldapadmin | *** Environment files will be proccessed in this order : phpldapadmin | Caution: previously defined variables will not be overriden. phpldapadmin | /container/environment/99-default/default.yaml phpldapadmin | /container/environment/99-default/default.startup.yaml phpldapadmin | phpldapadmin | To see how this files are processed and environment variables values, phpldapadmin | run this container with '--loglevel debug' phpldapadmin | *** Running /container/run/startup/:apache2... phpldapadmin | *** Running /container/run/startup/:cron... phpldapadmin | *** Running /container/run/startup/:logrotate... phpldapadmin | *** Running /container/run/startup/:php7.3-fpm... phpldapadmin | *** Running /container/run/startup/:ssl-tools... phpldapadmin | *** Running /container/run/startup/:syslog-ng-core... phpldapadmin | *** Running /container/run/startup/ldap-client... phpldapadmin | No certificate file and certificate key provided, generate: phpldapadmin | /container/service/ldap-client/assets/certs/ldap-client.crt and /container/service/ldap-client/assets/certs/ldap-client.key phpldapadmin | 2022/04/14 18:34:35 [INFO] generate received request phpldapadmin | 2022/04/14 18:34:35 [INFO] received CSR phpldapadmin | 2022/04/14 18:34:35 [INFO] generating key: ecdsa-384 phpldapadmin | 2022/04/14 18:34:35 [INFO] encoded CSR phpldapadmin | 2022/04/14 18:34:35 [INFO] signed certificate with serial number 40500726237652571496349888843840547090689414995 phpldapadmin | Link /container/service/:ssl-tools/assets/default-ca/default-ca.pem to /container/service/ldap-client/assets/certs/ldap-ca.crt phpldapadmin | *** Running /container/run/startup/phpldapadmin... phpldapadmin | Set apache2 http config... phpldapadmin | *** Set environment for container process phpldapadmin | *** Remove file /container/environment/99-default/default.startup.yaml phpldapadmin | *** Environment files will be proccessed in this order : phpldapadmin | Caution: previously defined variables will not be overriden. phpldapadmin | /container/environment/99-default/default.yaml phpldapadmin | phpldapadmin | To see how this files are processed and environment variables values, phpldapadmin | run this container with '--loglevel debug' phpldapadmin | *** Running runit daemon... phpldapadmin | [14-Apr-2022 18:34:37] NOTICE: fpm is running, pid 1508 phpldapadmin | [14-Apr-2022 18:34:37] NOTICE: ready to handle connections phpldapadmin | [14-Apr-2022 18:34:37] NOTICE: systemd monitor interval set to 10000ms phpldapadmin | Apr 14 18:34:37 phpldapadmin syslog-ng[1510]: syslog-ng starting up; version='3.19.1' phpldapadmin | [Thu Apr 14 18:34:37.319850 2022] [ssl:warn] [pid 1524:tid 140553432401024] AH01882: Init: this version of mod_ssl was compiled against a newer library (OpenSSL 1.1.1d 10 Sep 2019, version currently loaded is OpenSSL 1.1.1c 28 May 2019) - may result in undefined or erroneous behavior phpldapadmin | [Thu Apr 14 18:34:37.323042 2022] [ssl:warn] [pid 1524:tid 140553432401024] AH01882: Init: this version of mod_ssl was compiled against a newer library (OpenSSL 1.1.1d 10 Sep 2019, version currently loaded is OpenSSL 1.1.1c 28 May 2019) - may result in undefined or erroneous behavior phpldapadmin | [Thu Apr 14 18:34:37.323973 2022] [mpm_event:notice] [pid 1524:tid 140553432401024] AH00489: Apache/2.4.38 (Debian) OpenSSL/1.1.1c configured -- resuming normal operations phpldapadmin | [Thu Apr 14 18:34:37.323983 2022] [core:notice] [pid 1524:tid 140553432401024] AH00094: Command line: '/usr/sbin/apache2 -D FOREGROUND' phpldapadmin | Apr 14 18:39:01 phpldapadmin CRON[2137]: (root) CMD ( [ -x /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then /usr/lib/php/sessionclean; fi) Lack of certificates makes me suspect messages of a broken OpenSSL in the log below, although I am not sure.
Message:
AH01882: Init: this version of mod_ssl was compiled against a newer library (OpenSSL 1.1.1d 10 Sep 2019, version currently loaded is OpenSSL 1.1.1c 28 May 2019) - may result in undefined or erroneous behavior Log, when PHPLDAPADMIN_HTTPS is re-enabled:
phpldapadmin | *** CONTAINER_LOG_LEVEL = 3 (info) phpldapadmin | *** Search service in CONTAINER_SERVICE_DIR = /container/service : phpldapadmin | *** link /container/service/:apache2/startup.sh to /container/run/startup/:apache2 phpldapadmin | *** link /container/service/:apache2/process.sh to /container/run/process/:apache2/run phpldapadmin | *** link /container/service/:apache2/finish.sh to /container/run/process/:apache2/finish phpldapadmin | *** link /container/service/:cron/startup.sh to /container/run/startup/:cron phpldapadmin | *** link /container/service/:cron/process.sh to /container/run/process/:cron/run phpldapadmin | *** link /container/service/:logrotate/startup.sh to /container/run/startup/:logrotate phpldapadmin | *** link /container/service/:php7.3-fpm/startup.sh to /container/run/startup/:php7.3-fpm phpldapadmin | *** link /container/service/:php7.3-fpm/process.sh to /container/run/process/:php7.3-fpm/run phpldapadmin | *** link /container/service/:ssl-tools/startup.sh to /container/run/startup/:ssl-tools phpldapadmin | *** link /container/service/:syslog-ng-core/startup.sh to /container/run/startup/:syslog-ng-core phpldapadmin | *** link /container/service/:syslog-ng-core/process.sh to /container/run/process/:syslog-ng-core/run phpldapadmin | *** link /container/service/ldap-client/startup.sh to /container/run/startup/ldap-client phpldapadmin | *** link /container/service/phpldapadmin/startup.sh to /container/run/startup/phpldapadmin phpldapadmin | *** Set environment for startup files phpldapadmin | *** Environment files will be proccessed in this order : phpldapadmin | Caution: previously defined variables will not be overriden. phpldapadmin | /container/environment/99-default/default.yaml phpldapadmin | /container/environment/99-default/default.startup.yaml phpldapadmin | phpldapadmin | To see how this files are processed and environment variables values, phpldapadmin | run this container with '--loglevel debug' phpldapadmin | *** Running /container/run/startup/:apache2... phpldapadmin | *** Running /container/run/startup/:cron... phpldapadmin | *** Running /container/run/startup/:logrotate... phpldapadmin | *** Running /container/run/startup/:php7.3-fpm... phpldapadmin | *** Running /container/run/startup/:ssl-tools... phpldapadmin | *** Running /container/run/startup/:syslog-ng-core... phpldapadmin | *** Running /container/run/startup/ldap-client... phpldapadmin | No certificate file and certificate key provided, generate: phpldapadmin | /container/service/ldap-client/assets/certs/ldap-client.crt and /container/service/ldap-client/assets/certs/ldap-client.key phpldapadmin | 2022/04/14 18:51:39 [INFO] generate received request phpldapadmin | 2022/04/14 18:51:39 [INFO] received CSR phpldapadmin | 2022/04/14 18:51:39 [INFO] generating key: ecdsa-384 phpldapadmin | 2022/04/14 18:51:39 [INFO] encoded CSR phpldapadmin | 2022/04/14 18:51:39 [INFO] signed certificate with serial number 171745378929885408454382754041033011731405062887 phpldapadmin | Link /container/service/:ssl-tools/assets/default-ca/default-ca.pem to /container/service/ldap-client/assets/certs/ldap-ca.crt phpldapadmin | *** Running /container/run/startup/phpldapadmin... phpldapadmin | Set apache2 https config... phpldapadmin | No certificate file and certificate key provided, generate: phpldapadmin | /container/service/phpldapadmin/assets/apache2/certs/phpldapadmin.crt and /container/service/phpldapadmin/assets/apache2/certs/phpldapadmin.key phpldapadmin | 2022/04/14 18:51:40 [INFO] generate received request phpldapadmin | 2022/04/14 18:51:40 [INFO] received CSR phpldapadmin | 2022/04/14 18:51:40 [INFO] generating key: ecdsa-384 phpldapadmin | 2022/04/14 18:51:40 [INFO] encoded CSR phpldapadmin | 2022/04/14 18:51:40 [INFO] signed certificate with serial number 712482994095419219466934054043972453438626003754 phpldapadmin | Link /container/service/:ssl-tools/assets/default-ca/default-ca.pem to /container/service/phpldapadmin/assets/apache2/certs/ca.crt phpldapadmin | *** Set environment for container process phpldapadmin | *** Remove file /container/environment/99-default/default.startup.yaml phpldapadmin | *** Environment files will be proccessed in this order : phpldapadmin | Caution: previously defined variables will not be overriden. phpldapadmin | /container/environment/99-default/default.yaml phpldapadmin | phpldapadmin | To see how this files are processed and environment variables values, phpldapadmin | run this container with '--loglevel debug' phpldapadmin | *** Running runit daemon... phpldapadmin | Apr 14 18:51:41 phpldapadmin syslog-ng[1562]: syslog-ng starting up; version='3.19.1' phpldapadmin | [14-Apr-2022 18:51:41] NOTICE: fpm is running, pid 1563 phpldapadmin | [14-Apr-2022 18:51:41] NOTICE: ready to handle connections phpldapadmin | [14-Apr-2022 18:51:41] NOTICE: systemd monitor interval set to 10000ms phpldapadmin | [Thu Apr 14 18:51:41.303856 2022] [ssl:warn] [pid 1577:tid 140584945452160] AH01882: Init: this version of mod_ssl was compiled against a newer library (OpenSSL 1.1.1d 10 Sep 2019, version currently loaded is OpenSSL 1.1.1c 28 May 2019) - may result in undefined or erroneous behavior phpldapadmin | [Thu Apr 14 18:51:41.304493 2022] [ssl:error] [pid 1577:tid 140584945452160] AH02218: ssl_stapling_init_cert: no OCSP URI in certificate and no SSLStaplingForceURL set [subject: CN=phpldapadmin.megacorp.org,OU=Information Technology Dep.,O=A1A Car Wash,L=Albuquerque,ST=New Mexico,C=US / issuer: CN=docker-light-baseimage,ST=New Mexico,L=Albuquerque,OU=Information Technology Dep.,O=A1A Car Wash,C=US / serial: 7CCCD7A88A5033EAC5AE1FA3AC66FFB49374FB2A / notbefore: Apr 14 18:47:00 2022 GMT / notafter: Apr 14 18:47:00 2023 GMT] phpldapadmin | [Thu Apr 14 18:51:41.304500 2022] [ssl:error] [pid 1577:tid 140584945452160] AH02604: Unable to configure certificate phpldapadmin.megacorp.org:443:0 for stapling phpldapadmin | [Thu Apr 14 18:51:41.307686 2022] [ssl:warn] [pid 1577:tid 140584945452160] AH01882: Init: this version of mod_ssl was compiled against a newer library (OpenSSL 1.1.1d 10 Sep 2019, version currently loaded is OpenSSL 1.1.1c 28 May 2019) - may result in undefined or erroneous behavior phpldapadmin | [Thu Apr 14 18:51:41.309042 2022] [ssl:error] [pid 1577:tid 140584945452160] AH02218: ssl_stapling_init_cert: no OCSP URI in certificate and no SSLStaplingForceURL set [subject: CN=phpldapadmin.megacorp.org,OU=Information Technology Dep.,O=A1A Car Wash,L=Albuquerque,ST=New Mexico,C=US / issuer: CN=docker-light-baseimage,ST=New Mexico,L=Albuquerque,OU=Information Technology Dep.,O=A1A Car Wash,C=US / serial: 7CCCD7A88A5033EAC5AE1FA3AC66FFB49374FB2A / notbefore: Apr 14 18:47:00 2022 GMT / notafter: Apr 14 18:47:00 2023 GMT] phpldapadmin | [Thu Apr 14 18:51:41.309051 2022] [ssl:error] [pid 1577:tid 140584945452160] AH02604: Unable to configure certificate phpldapadmin.megacorp.org:443:0 for stapling phpldapadmin | [Thu Apr 14 18:51:41.309898 2022] [mpm_event:notice] [pid 1577:tid 140584945452160] AH00489: Apache/2.4.38 (Debian) OpenSSL/1.1.1c configured -- resuming normal operations phpldapadmin | [Thu Apr 14 18:51:41.309911 2022] [core:notice] [pid 1577:tid 140584945452160] AH00094: Command line: '/usr/sbin/apache2 -D FOREGROUND' How can I proceed and attempt to run phpldapadmin in Docker?