Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permission issues on /etc/prosody/certs/localhost.key #66

Open
NaitYoussef opened this issue Oct 25, 2020 · 2 comments
Open

Permission issues on /etc/prosody/certs/localhost.key #66

NaitYoussef opened this issue Oct 25, 2020 · 2 comments

Comments

@NaitYoussef
Copy link

NaitYoussef commented Oct 25, 2020
edited
Loading

Hello,

I'm trying to launch Prosody XMPP Server using prosody/prosody (sha256:aae908010395ced83280368b00d1a88520d4c3128a182cd2e4a3c81d44722589) docker image. The ouput of the docker run command bellow mentions permissions error while reading some key files.

$ docker run prosody/prosody
usermod: no changes
startup             info	Hello and welcome to Prosody version 0.11.7
startup             info	Prosody is using the select backend for connection handling
portmanager         info	Activated service 's2s' on [::]:5269, [*]:5269
portmanager         info	Activated service 'c2s' on [::]:5222, [*]:5222
portmanager         info	Activated service 'legacy_ssl' on no ports
certmanager         error	SSL/TLS: Failed to load '/etc/prosody/certs/localhost.key': Check that the permissions allow Prosody to read this file. (for localhost)
localhost:tls       error	Error creating context for c2s: error loading private key (Permission denied)
certmanager         error	SSL/TLS: Failed to load '/etc/prosody/certs/localhost.key': Previous error (see logs), or other system error. (for localhost)
localhost:tls       error	Error creating contexts for s2sout: error loading private key (system lib)
certmanager         error	SSL/TLS: Failed to load '/etc/prosody/certs/localhost.key': Previous error (see logs), or other system error. (for localhost)
localhost:tls       error	Error creating contexts for s2sin: error loading private key (system lib)
localhost:tls       info	Certificates loaded

When I logged into the docker container I noticed that this file is owned by root :
-rw------- 1 root root 1704 Oct 1 15:14 /etc/prosody/certs/localhost.key

Shouldn't the owner be prosody ?
@lonllua
Copy link

lonllua commented Apr 22, 2021

same issue.

@Fuwn
Copy link

Fuwn commented Sep 10, 2022

I just attempted to set up a Prosody server and get the same error, however, I have found a solution.

First, I searched for the string "Check that the permissions allow Prosody to read this file." and came across this comment on the Prosody issues forum where Zash is seen replying to a user about the proper user for permissions issues, the correct user is 'prosody'.

After that, I exec'd into the container and messed with the permissions of the /etc/prosody directory to allow proper access to it.

docker exec -it prosody bash   # Gain shell access to the Prosody container
chown -R prosody /etc/prosody/ # Change owner of the Prosody directory

I've seen that quite a bit of people has been having this issue, it should really have been fixed by now... Hope this can help someone!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lonllua @NaitYoussef @Fuwn