traefik permissions 777 for acme.json are too open, please use 600

mapa0402 picture mapa0402 · Sep 4, 2018 · Viewed 9k times · Source

Yes, I get this when I try to run traefik with https. Problem is I mount the dir on my Win7 machine but I cant chmod the file.

The mount is working but file permissions are off.

looks like this:

volumes
  - d:/docker/traefikcompose/acme/acme.json:/etc/traefik/acme/acme.json:rw

traefik | time="2018-09-04T12:57:11Z" level=error msg="Error starting provider *acme.Provider: unable to get ACME account : permissions 777 for /etc/traefik/acme/acme.json are too open, please use 600"

If I remove the acme.json file I get this:

ERROR: for traefik Cannot start service traefik: b'OCI runtime create failed: container_linux.go:348: starting container process caused "process_linux.go:402: container init caused \"rootfs_linux.go:58: mounting \\\"/d/docker/traefikcompose/acme/acme.json\\\" to rootfs \\\"/mnt/sda1/var/lib/docker/aufs/mnt/c84d8644252848bde8f0322bafba3d206513ceb8479eb95aeee0b4cafd4a7251\\\" at \\\"/mnt/sda1/var/lib/docker/aufs/mnt/c84d8644252848bde8f0322bafba3d206513ceb8479eb95aeee0b4cafd4a7251/etc/traefik/acme/acme.json\\\" caused \\\"not a directory\\\"\"": unknown: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type'

Answer

mapa0402 picture mapa0402 · Sep 26, 2018

I did finally find the solution thanks to Cooshals kind help,

we have to ssh into the virtualbox-machine and make the file there, and then point it out right from the docker-compose.yml, in this case I did like this:

docker-machine ssh default
touch /var/acme.json
chmod 600 /var/acme.json

Then in my docker-compose:

volumes:
 - /var/:/var/acme.json

Finally in traefik.toml:

[acme]
  storage = "acme.json"