Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Wrong home directory in scheduler docker image #1945

Open
2 tasks done
Arakmar opened this issue Jan 25, 2025 · 1 comment
Open
2 tasks done

[BUG] Wrong home directory in scheduler docker image #1945

Arakmar opened this issue Jan 25, 2025 · 1 comment
Assignees
@TheophileDiot
Labels
bug Something isn't working next major Will be implemented in the next major version.

Comments

@Arakmar
Copy link

Arakmar commented Jan 25, 2025

What happened?

During some investigation about Let's Encrypt failures (not related), I noticed this warning :

[LETS-ENCRYPT.NEW.CERTBOT] [43] [ℹ ] - unable to cache publicsuffix.org-tlds.{'urls': ('https://publicsuffix.org/list/public_suffix_list.dat', 'https://raw.githubusercontent.com/publicsuffix/list/master/public_suffix_list.dat'), 'fallback_to_snapshot': True} in /var/cache/nginx/.lexicon_tld_set/publicsuffix.org-tlds/de84b5ca2167d4c83e38fb162f2e8738.tldextract.json. This could refresh the Public Suffix List over HTTP every app startup. Construct your TLDExtractwith a writablecache_diror setcache_dir=None to silence this warning. [Errno 13] Permission denied: '/var/cache/nginx/.lexicon_tld_set'

After looking at the container, the /var/cache/nginx directory seems to be missing.
According to the Dockerfile of the scheduler, /var/cache/nginx was used because it's the home directory of the "scheduler" user.

I think the home dir should be /var/cache/bunkerweb instead. It already exists and has proper permissions.

How to reproduce?

Generate a Let's Encrypt cert with dns challenge (don't know if it happens with http challenge)

Configuration file(s) (yaml or .env)



Relevant log output


[LETS-ENCRYPT.NEW.CERTBOT] [43] [ℹ ] - unable to cache publicsuffix.org-tlds.{'urls': ('https://publicsuffix.org/list/public_suffix_list.dat', 'https://raw.githubusercontent.com/publicsuffix/list/master/public_suffix_list.dat'), 'fallback_to_snapshot': True} in /var/cache/nginx/.lexicon_tld_set/publicsuffix.org-tlds/de84b5ca2167d4c83e38fb162f2e8738.tldextract.json. This could refresh the Public Suffix List over HTTP every app startup. Construct your `TLDExtract` with a writable `cache_dir` or set `cache_dir=None` to silence this warning. [Errno 13] Permission denied: '/var/cache/nginx/.lexicon_tld_set'


BunkerWeb version


1.6.0-rc2


What integration are you using?


Docker


Linux distribution (if applicable)


No response


Removed private data


    

  •  I have removed all private data from the configuration file and the logs
    • 



Code of Conduct


    

  •  I agree to follow this project's Code of Conduct
    • 


      		
    

      
  





        



            

              
            

        

      


      
    








      

    



      

  
            

    

      
    

    


      

          @Arakmar
Arakmar




          added
  the 

  bug

  Something isn't working
 label


      Jan 25, 2025

    

  








      

  
      



  

  @TheophileDiot





  


    

      

  

    

        
    
    

  


      
          
  
      
            Copy link

  

      
    

  


  

      

  
  Member


      

  


  

    

  





      


        


  
    

      
          
Hi @Arakmar, thank you for bringing this to our attention. It does seem like an oversight on our part, and we truly appreciate you taking the time to report it.

      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    












      

  
          


  
    
  
  

    
  TheophileDiot 

      added a commit
      that referenced
      this issue

    
      Jan 27, 2025
    
    

      


  

    

      


  

      
        @TheophileDiot
  





      

        
          [#1945] Update Dockerfiles to change user home directories and set sh…
        

          
            
          

      


      

          

    
    
    

  

    


      


      

          

    
    
    

  

  

    
  



      


      
      

        
          b3ddd72
        
      

    

  

    

      
…ell to nologin for autoconf, scheduler, and ui users

    




    

  




    

    

      
    

    


      

          @TheophileDiot
TheophileDiot




              self-assigned this


      Jan 27, 2025

    

  



    

    

      
    

    


      

          @TheophileDiot
TheophileDiot




          added
  the 

  next major

  Will be implemented in the next major version.
 label


      Jan 28, 2025

    

  












  
  

    

      

  





  




  
  

              

  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment


  



  






  
                  




    

  


      
  

    Assignees
  



        

      

        

  
      @TheophileDiot
  
    TheophileDiot
    

      








      


  


  

    Labels
  



    

      

    bug

  Something isn't working
  

    next major

  Will be implemented in the next major version.








      

  

    

        

    Projects
  


        




    None yet




  



      


  

    
  

    Milestone
  


      No milestone





    
      
          


  

    
      

        
    

    Development
  




          
    
No branches or pull requests







    
  




      

    

  
      

  

    

      2 participants
    

    

        
          @Arakmar 
        
          @TheophileDiot