Docker helper certificate not working on Git Bash

Hey team,

I am running docker helper on Git bash and seems like it’s working but I am still getting the self-signed certificate.Below is the error I get on Git bash CI.

./cht-docker-compose.sh: line 117: ip: command not found
./cht-docker-compose.sh: line 122: ip: command not found
./cht-docker-compose.sh: line 123: ip: command not found
Container test_vs_code_container-dir-cht-upgrade-service-1 Running
Starting project “test_vs_code_container”. First run takes a while. Will try for up to five minutes…the input device is not a TTY. If you are using mintty, try prefixing the command with ‘winpty’
the input device is not a TTY. If you are using mintty, try prefixing the command with ‘winpty’
the input device is not a TTY. If you are using mintty, try prefixing the command with ‘winpty’

Success! “test_vs_code_container” is set up:

@Esther_Moturi - thanks so much for reporting this issue! It looks like this is the main issue:

 the input device is not a TTY. If you are using mintty, try prefixing the command with ‘winpty’

Looking it up, it looks like when we try and inject the cert by calling 3 docker exec commands, they fail.

I’ve done some research (and filed a ticket!) but can you try this and confirm it’s a viable work around?

1. finding the name of the nginx container with: docker ps|grep nginx
2. entering the container with this (being sure to replace CONTAINER_NAME with the value form above): winpty docker exec -it CONTAINER_NAME bash
3. and then running these 3 commands:

   curl -s -o /etc/nginx/private/cert.pem https://local-ip.medicmobile.org/fullchain
   curl -s -o /etc/nginx/private/key.pem https://local-ip.medicmobile.org/key
   nginx -s reload
   

Hey @mrjones ,

I ran the commands and still got the error as shown on the screenshot below. But I am not getting the ‘Not secure’ prompt on the browser so I guess it worked, right?

image1517×498 25.5 KB

@mrjones ,I tried re running the instance today and was able to get the local instance up as shown below. The only issue is that I am getting the error below when I try pushing my code to the local instance.

ERROR Failed to get a response from https://medic:****@<local-ip-url/medic/. Maybe you entered the wrong URL, wrong port or the instance is not started. Please check and try again.

image1691×914 48.8 KB

Hi @Esther_Moturi !

That’s great news! It looks like everything worked. I should have specified that the 3 steps I listed you only need to run once after you’ve called Docker Helper the first time. The TLS certs will persist across reboots of the CHT instance. You’ll only need to run my 3 steps when you want to renew your certs, but hopefully we have a native solution in place before then!

I tried re running the instance today and was able to get the local instance up as shown below. The only issue is that I am getting the error below when I try pushing my code to the local instance.

ERROR Failed to get a response from https://medic:****@<local-ip-url/medic/. Maybe you entered the wrong URL, wrong port or the instance is not started. Please check and try again.

I’m guessing you’re using the wrong URL in your cht-conf call. You should just be able to copy the URL that Docker Helper prints out when it starts, but assuming your IP is 192.168.0.50, your port is 10443 and you’re using medic/password, your call would be:

cht --url=https://medic:password@192-168-0-50.local-ip.medicmobile.org

Let me know if using the correct URL fixes it!

Hey @mrjones , the CHT core upgrade enabled docker helper download the TLS certificate. The only issue now is that docker helper is providing https://127-0-0-1.local-ip.medicmobile.org:10443/ as the URL which from discussions with @jkuester ,is a loopback URL. I am unable to push project files to my local instance(I suspect, it’s because of this loopback URL).Have you experienced this before? I am using cht --url=https://127-0-0-1.local-ip.medicmobile.org:10443 to push the code in the VS code dev container

Yay! I’m so glad we the fix we made enables Git Bash users on Windows to successfully have the TLS cert installed. For others following along, you should git pull origin in the the CHT Core repo to get the latest changes which fix this issue.

Please note that the very first time you download all assets and create volumes, the TLS cert may still not load. A simple restart will fix this, as documented in this new issue.

Next - I’m going to split your next question into it’s own topic so we can work to figure out why the CHT Conf isn’t working with the URL!

A post was split to a new topic: TLS certificate not loading in Docker Helper

I had this same issue, using cht v4.3.4 on Apple M1. I had to install a valid TLS Certificate to fix the issue. I first ran this:

docker ps | grep nginx

to find the name of the nginx container as suggested by @mrjones above, then I opened a terminal in the cht-core directory and installed a TLS certificate using this:

./scripts/add-local-ip-certs-to-docker-4.x.sh CONTAINER_NAME

where CONTAINER_NAME is the container name returned by the first command above. If this is successful, you get a message:

CONTAINER_NAME

If just the container name is shown above, a fresh local-ip.medicmobile.org certificate was downloaded.

Note: All this is done with the CHT instance running. And also a bash terminal couldn’t work but zsh terminal on mac M1 works to run these commands.

With all that sorted, cht-conf works making sure also you use your IP and not the loopback url, plus also add the port number and don’t forget the username and password too e.g. cht --url=https://medic:password@192-168-0-50.local-ip.medicmobile.org:10443