I am trying to run docker instance locally using docker helper, but am getting the following bad getway error. Any ideas how to solve this? @mrjones
Hi @iesmail
This looks like you can’t reach the public Amazon docker image repository.
Can you please try pulling the image manually and share the result?
docker pull public.ecr.aws/s5s3h4s7/cht-upgrade-service:latest
Hi @iesmail
This is strange. I’m able to access AWS ECR without issue. Can you maybe try with a different connection, or later in the day, to see if the issue was resolved?
According to https://health.aws.amazon.com/health/status, the service should be up and running.
What happens if you try to CURL the ECR url? curl https://public.ecr.aws/v2/
I tried with a different connection but got the same response.
The curl command returns
errors":[{“code”:“DENIED”,“message”:“Not Authorized”}]}
Yes, I had this same Not Authorized response with the curl command, but my docker pull command works as expected.
Are you able to pull the latest hello-world image from doker.io?
docker pull docker.io/library/hello-world:latest
Running the docker command gives me:
Error response from daemon: Get “https://registry-1.docker.io/v2/”: Bad Gateway
Interesting! This looks like something is wrong locally on your computer if two totally different image repositories have the same error and different network connections also give an error.
Can you try restarting your computer to see if that solves it?
@mrjones , I had to re-install docker to resolve this particular error. So I have managed to run it but the nginx container is stuck somehow in Restarting status. Hence, the certificates are not updated and I can’t access the local instance.
Hi @iesmail
Can you please check the logs of the nginx container and share the error that is triggering the restart?
docker logs mpya_nginx_1
Thanks!
Thanks for sharing @iesmail
It looks like docker-helper finished successfully (the “Success! mypa is set up!” got logged) and overwrote the original certificate that was generated by nginx with the local-ip ones, but those were corrupted or malformed somehow.
Leaving it up to @mrjones to support further.
Thanks @diana !
Yes - I agree that the TLS certs look corrupt. Can you try re-adding them? You can first try using the automated script. However, this may suffer the same issues as docker helper and also your nginx container keeps rebooting, which will make it hard to run the script on. If that fails, here’s the manual steps I’d recommend. These specifically include steps to validate the certs before loading them:
- On your workstation where you’re running docker, download the 3 cert files and concatenate the two public pem files:
curl -s -o server.pem http://local-ip.co/cert/server.pem curl -s -o chain.pem http://local-ip.co/cert/chain.pem cat server.pem chain.pem > cert.pem curl -s -o key.pem http://local-ip.co/cert/server.key rm server.pem chain.pem - inspect the
key.pemandcert.pemfiles to make sure they have matchingBEGINandENDsections (1 inkey, 3 incert), lines are 65 chars long and their hashes match when you check them withopensslandmd5:$ openssl rsa -modulus -in key.pem -noout | openssl md5 (stdin)= 95cf269bb846f0c58e3adb9fd4fee8d5 $ openssl x509 -modulus -in cert.pem -noout | openssl md5 (stdin)= 95cf269bb846f0c58e3adb9fd4fee8d5 - Follow the “Adding TLS certificates in CHT 4.x” using the two files from above
@mrjones, the manual steps worked. Thanks!
@iesmail - awesome! I’m glad that worked.