Hi @mrjones , While setting up my project locally I ran into same kind of issue(TLS certs issue)!, I even tried this steps multiple times(restarting via docker helper) but my page still shows ‘not secure’ at the top, are there any other alternative ways?
Hello @stephenmhuli - welcome to the CHT forum! Thanks a bunch for asking your question.
As this is a related, but different question, than where you originally posted, I’ve moved it into it’s own topic.
You mentioned you tried the fix cited in this issue and it didn’t work. Can you be more specific? Which commands did you run? Was there any error output?
An alternate fix is to do a one off cert update.
- First, find the name of the
nginx
container with:docker ps --filter "name=nginx" --format '{{ .Names }}'
- After cloning the CHT Core repo,
cd
into thescripts
directory:cd ./cht-core/scripts
- now using the container name from the first command, call the script to update the cert:
./add-local-ip-certs-to-docker-4.x.sh CONTAINER_NAME
Here’s what this looks like for me:
$ docker ps --filter "name=nginx" --format '{{ .Names }}'
4_3_0_is_here_yay_nginx_1
$ cd Documents/MedicMobile/cht-core/scripts/
scripts $ ./add-local-ip-certs-to-docker-4.x.sh 4_3_0_is_here_yay_nginx_1
4_3_0_is_here_yay_nginx_1
If just container name is shown above, a fresh local-ip.medicmobile.org certificate was downloaded fresh local-ip.medicmobile.org.
Thank you @mrjones for quick response, and I confirm that the solution you provided above solved my issue thank you so much for that, But I would like to show some challenges I went through when configuring my project by using docker-helper.
Firstly, I started by getting this error Failed to start - check docker logs for errors and try again.
But I was able to deal with it by repeating to run ./cht-docker-compose.sh cht_dev_app.env
until all the services are up and running, I used DEBUG=true
to identify which services are running and which are not, I don’t know if there is an alternative way for this and is this caused by poor network connection or what?, but this only happens when creating a new project and I think it because it pulls images from docker hub first and creating containers.
smhuli@HPx:~/Documents/CHT-Projects$ DEBUG=true ./cht-docker-compose.sh cht_dev_app.env
---DEBUG INFO---
Load: 0.34 0.46 0.40
CHT Containers: 1
Global Containers 1
Service Status Container Image
cht-upgrade-service running cht_dev_app-dir-cht-upgrade-service-1 public.ecr.aws/s5s3h4s7/cht-upgrade-service:latest
haproxy NA NA public.ecr.aws/medic/cht-haproxy:4.5.1
healthcheck NA NA public.ecr.aws/medic/cht-haproxy-healthcheck:4.5.1
api NA NA public.ecr.aws/medic/cht-api:4.5.1
sentinel NA NA NA
nginx NA NA public.ecr.aws/medic/cht-nginx:4.5.1
couchdb NA NA public.ecr.aws/medic/cht-couchdb:4.5.1
Failed to start - check docker logs for errors and try again.
---DEBUG INFO---
Load: 0.55 0.50 0.42
CHT Containers: 1
Global Containers 1
Service Status Container Image
cht-upgrade-service running cht_dev_app-dir-cht-upgrade-service-1 public.ecr.aws/s5s3h4s7/cht-upgrade-service:latest
haproxy NA NA public.ecr.aws/medic/cht-haproxy:4.5.1
healthcheck NA NA public.ecr.aws/medic/cht-haproxy-healthcheck:4.5.1
api NA NA public.ecr.aws/medic/cht-api:4.5.1
sentinel NA NA NA
nginx NA NA public.ecr.aws/medic/cht-nginx:4.5.1
couchdb NA NA public.ecr.aws/medic/cht-couchdb:4.5.1
So until it worked by getting this output:
smhuli@HPx:~/Documents/CHT-Projects$ ./cht-docker-compose.sh cht_dev_app.env
homedir: /home/smhuli/.medic/cht-docker/cht_dev_app-dir
[+] Running 1/1
✔ Container cht_dev_app-dir-cht-upgrade-service-1 Started 0.0s
Starting project "cht_dev_app". First run takes a while. Will try for up to five minutes.....2024/02/02 06:38:58 [notice] 57#57: signal process started
--------------------------------------------------------
Success! "cht_dev_app" is set up:
https://192-168-1-24.local-ip.medicmobile.org:10445/ (CHT)
https://192-168-1-24.local-ip.medicmobile.org:10445/_utils/ (Fauxton)
Login: medic
Password: password
--------------------------------------------------------
Start existing project
./cht-docker-compose.sh ENV-FILE.env
Stop and keep project:
./cht-docker-compose.sh ENV-FILE.env stop
Stop and destroy all project data:
./cht-docker-compose.sh ENV-FILE.env destroy
https://docs.communityhealthtoolkit.org/apps/guides/hosting/4.x/app-developer/
Have a great day!
And here was the result on the browser:
And the solution that I tried but didn’t work which is stopped the containers and removed them, removed images and volumes.
smhuli@HPx:~/Documents/CHT-Projects$ docker kill $(docker ps -q);docker rm cht_dev_app_api_1 cht_dev_app_couchdb_1 cht_dev_app-dir-cht-upgrade-service-1 cht_dev_app_haproxy_1 cht_dev_app cht_dev_app_haproxy_1 cht_dev_app_healthcheck_1 cht_dev_app_nginx_1 cht_dev_app_sentinel_1;docker image rm -f public.ecr.aws/medic/cht-nginx:4.5.1 public.ecr.aws/medic/cht-haproxy-healthcheck:4.5.1 public.ecr.aws/medic/cht-haproxy:4.5.1 public.ecr.aws/medic/cht-couchdb:4.5.1 public.ecr.aws/medic/cht-sentinel:4.5.1 public.ecr.aws/medic/cht-api:4.5.1;docker volume rm -f cht_dev_app_cht-ssl;docker volume rm -f cht_dev_app_cht-credentials;
db2e0bfb465f
12dacf1010a3
d9b36236e8bc
ff4306699a50
5fe74861ff3f
a0386c442d1f
7414d64fc2a9
cht_dev_app_api_1
cht_dev_app_couchdb_1
cht_dev_app-dir-cht-upgrade-service-1
cht_dev_app_haproxy_1
cht_dev_app_healthcheck_1
cht_dev_app_nginx_1
cht_dev_app_sentinel_1
Error response from daemon: removal of container cht_dev_app_haproxy_1 is already in progress
Error response from daemon: No such container: cht_dev_app
Untagged: public.ecr.aws/medic/cht-nginx:4.5.1
Untagged: public.ecr.aws/medic/cht-nginx@sha256:b0da03974f8839d6a1c84a6bd7e65da347ddfc685bd7aad2f71ee64349422ed4
Deleted: sha256:f44c9847e418ed9f1e8e5eeb2416085414ce6a23d081edb9b24515cd484ce557
Deleted: sha256:26b55d2df2a483a9db105e2166a29fb148a8f1c8551a85ccba0c6736d35ccebb
Deleted: sha256:e6c88735ecdd1541a3256f1b3eb854be92c260af5db1c0d66a494422de4608e6
Deleted: sha256:5b7b612092c5308a67b06060c2137a91078e271438b6555bf44ea44a20fb9eb8
Deleted: sha256:69dd8a8283b2e5cf074fea875c1335b104110d0d6282a25194af309229db4358
Deleted: sha256:5f7933244056e49e8a36a54d2621895bdd23826ba460ea5da345246e7149a0cc
Deleted: sha256:7149a9c3332d8191a405eed6f552e6a813c513e758e97192cffdd32a05a4c1c3
Deleted: sha256:bb7532bc97148d30a630c5427f0813ea8989004ba05994dc7c2b3fa82ad6d0d4
Deleted: sha256:9bda845e75e7d09711292078b7346cc7baac0509a0c8d7ac82616e4e039b2ce3
Untagged: public.ecr.aws/medic/cht-haproxy-healthcheck:4.5.1
Untagged: public.ecr.aws/medic/cht-haproxy-healthcheck@sha256:f8693eb8aa40cb70550aaf567164cc94bcbbfd88a5b674d1872d3d4e06da986d
Deleted: sha256:23e4a339a386ded55a639a1caa5ed89d56f8801b198de2ebad06e6f4954843bb
Deleted: sha256:9879d90e79a86be1e7d8743f2319c519992a055e371a841b75ab97956b9bdf03
Deleted: sha256:332f9da18b5db9ddc0b0a39bb21ccb2486e1078ce6af95cda0706a7994e4310b
Deleted: sha256:619356df46a00f69e9c0339cbf9c83fa5756d3f010b51188ee6188192b429aa0
Untagged: public.ecr.aws/medic/cht-haproxy:4.5.1
Untagged: public.ecr.aws/medic/cht-haproxy@sha256:7c6a3e3dfbdb1d5b1d97a79218220cc1eb7e3693312338f41f8078279c23b7de
Deleted: sha256:0f45b5bb5cdd3c16e4f071db7b4f940cf22b010cc3936f0b3db8191c9bd60a95
Deleted: sha256:c8b193d91a8eb6b457d5c2b022166e5bb75044d0971d7a9d29d3fc77632d4fd5
Deleted: sha256:f8c7b3202d85f6fc1a0b641a2ee927feeb2363d9f689e6d7a19a81ae99ee3222
Deleted: sha256:564e04545298e7fbd22169c220156b958c7d1f64bb2f5cb89b4d8a544e458f90
Deleted: sha256:0c3e3f7f0f88f0d9434c8a3049261a94d5598247cae02ab7dd7a61593f209a6e
Deleted: sha256:9c02a0b7c4d29e98b3b76b82ed72bbbed84fbc681729fc13e2fa21089e1bc143
Deleted: sha256:ed495d484edba3a12913e4c5f5d7d19ebb44d881d403f1e9e7f74560234f0cb6
Deleted: sha256:1454ba2502a2c4a70d7f0d64b0d6603d8fe80fce5514ea5e209c070dd4003332
Untagged: public.ecr.aws/medic/cht-couchdb:4.5.1
Untagged: public.ecr.aws/medic/cht-couchdb@sha256:f6155efcf60fdb36c3ead32b4886d04b94f96917884535c0676190b7577df2cc
Deleted: sha256:9cfece4dafa2dc416073e716a1d7b4eb31e4f77812fb07a4e6fbf7551432bdf2
Deleted: sha256:8132c6cf27a7198907701fa5b8314fb66dbb3014a58b842e76f90365174ba25e
Deleted: sha256:b069044f5c1d8710ea292b7f1c7a86da6d11b70f1f0658d3baaa9d874059ae60
Deleted: sha256:4100d5892b656fb40053a580faa2ba5c885dbbb8f6102bff3c8dd0157bfedca4
Deleted: sha256:468c8de7993a1ebe64ce8714c2bfc95fe5121c2c981be2df4c833717a535a207
Deleted: sha256:2630735e6f8cdd50629c5947df9f3c720344378fffbc511c0f81ac001ebe9e09
Deleted: sha256:a6238ea41bcecda4d3be9bd9bd32db7daae6d234739f41f022b3b7ee3cf05268
Deleted: sha256:a1dcb789b63917f993f88805a0c7869a6eed98e0fa591aeac7925b45b96c97ef
Untagged: public.ecr.aws/medic/cht-sentinel:4.5.1
Untagged: public.ecr.aws/medic/cht-sentinel@sha256:562b3cdb534f64bed6ce7fa04a8e43d06aab205eebdd97eb97379cda9ef3dd52
Deleted: sha256:49fe12c5dc5088b8bc9fe18bec4a9d6af54161bd64fee38c449a8c886023b208
Deleted: sha256:7588acf0235c4ce453cc5c2dcbaf9acccba4511f970877a630ad70642ceea2fc
Deleted: sha256:af142701b7d037715bac83c4e07ef480a7e7ecc3c0e8e12257048954bcf1bd01
Deleted: sha256:0ad2d2b52f9a0fd9e033a880412b69ffcedb57833bd5f2ddc85d6fcf2c1b6547
Deleted: sha256:8ceaf72b6d957930eadfe5273dd08e72935871adf3d6c4ca4249c9ed5645c82a
Deleted: sha256:b786e7f5de9f28dac8b31a30a9ebc4e355f0d8f156500cc04b693cef20fa2876
Deleted: sha256:112043a720d187267b1b1070abf0299d03892a386857fbac613f2ddf3f03e802
Untagged: public.ecr.aws/medic/cht-api:4.5.1
Untagged: public.ecr.aws/medic/cht-api@sha256:747e420ef6e227ea320c451c9c76ac97c306bec4962edbd55c8d52cc8c26abc3
Deleted: sha256:014c94b7a2d064a8c4cc8ac282ce9eebf0c7edbea042b0beaa61e69d8e21a6b4
Deleted: sha256:0a5913c3389051ad65a6af48fc87c6a61d0bafabc311cc79ac1d475c85554c3e
Deleted: sha256:1f99d190a1a35c4607093a5bd0d7500b675ae2994b7b107a0d6c5c7faca1a794
Deleted: sha256:9915510fad58fbe0c747159d9455065fbc41489cb63d736265b5b1a6bd09d8d4
Deleted: sha256:8d6b25a02c05a3a93d24afd695b3c5f98f93e97f021abeaf8b74cd81f36c6d77
Deleted: sha256:0c8febdc7223fa00fd33199077d63c51e0942dfd4c406b8ab6c0a76b80551756
Deleted: sha256:754d7f0ea4742c8a08c1fc54ea714f14449656bbc85454736ef7db7aa3127b66
cht_dev_app_cht-ssl
cht_dev_app_cht-credentials
And the then I restarted everything:
smhuli@HPx:~/Documents/CHT-Projects$ ./cht-docker-compose.sh cht_dev_app.env
homedir: /home/smhuli/.medic/cht-docker/cht_dev_app-dir
[+] Running 1/0
✔ Container cht_dev_app-dir-cht-upgrade-service-1 Running 0.0s
Starting project "cht_dev_app". First run takes a while. Will try for up to five minutes............................................................................................2024/02/02 06:30:24 [notice] 67#67: signal process started
--------------------------------------------------------
Success! "cht_dev_app" is set up:
https://192-168-0-118.local-ip.medicmobile.org:10445/ (CHT)
https://192-168-0-118.local-ip.medicmobile.org:10445/_utils/ (Fauxton)
Login: medic
Password: password
--------------------------------------------------------
Start existing project
./cht-docker-compose.sh ENV-FILE.env
Stop and keep project:
./cht-docker-compose.sh ENV-FILE.env stop
Stop and destroy all project data:
./cht-docker-compose.sh ENV-FILE.env destroy
https://docs.communityhealthtoolkit.org/apps/guides/hosting/4.x/app-developer/
Have a great day!
I stopped the services a few times by docker kill $(docker ps -q)
and restarted them but still I was getting not secure
page.
So I followed the steps above and solved the issue:
smhuli@HPx:~/Documents/CHT-Projects$ docker ps --filter "name=nginx" --format '{{ .Names }}'
cht_dev_app_nginx_1
smhuli@HPx:~/Documents/CHT-Projects$ cd cht-core/scripts/
smhuli@HPx:~/Documents/CHT-Projects/cht-core/scripts$ ./add-local-ip-certs-to-docker-4.x.sh cht_dev_app_nginx_1
cht_dev_app_nginx_1
If just container name is shown above, a fresh local-ip.medicmobile.org certificate was downloaded fresh local-ip.medicmobile.org.
Output on the browser:
Hi @stephenmhuli - thanks for the detailed response!
Yes - this is likely accurate! I have seen end users that, for what ever reason, can not download the docker images quickly will fail to start in the allotted 5 minutes. Re-running the docker helper script is the right path.
Noteworthy, docker helper will re-use images if they’re already downloaded. If you don’t need a different CHT version/branch, try and re-use a version you have already used - it should start up more quickly!
A post was split to a new topic: Using sudo with docker helper, installing TLS certs