I have the following problem. I run Grafana in a Docker container via Plesk Obsidian and now I want to reach Grafana via https. Of course I want to use the already created certificate of my domain.
For that I have added with volume mapping the Docker directory “/cert” to “/usr/local/psa/var/modules/letsencrypt/etc/live/DOMAIN” containing the .pem files.
GF_SERVER_CERT_FILE = /cert/fullchain.pem
GF_SERVER_PROTOCOL = https
GF_SERVER_CERT_KEY = /cert/privkey.pem
(Don’t be confused, the environment variables in Plesk are probably specified like this)
But now I get the message “open /cert/fullchain.pem: permission denied”, why this happens is of course obvious to me - but how should I fix it?
The permissions of the directory /live and the /DOMAIN directory are:
drwx------ 4 psaadm psaadm 4,0K Feb 20 10:54 live
The permissions of the files in /DOMAIN are:
lrwxrwxrwx 1 psaadm psaadm 37 Feb 16 18:14 cert.pem → …/…/archive/_plesk_domain/cert2.pem
lrwxrwxrwx 1 psaadm psaadm 38 Feb 16 18:14 chain.pem → …/…/archive/_plesk_domain/chain2.pem
lrwxrwxrwx 1 psaadm psaadm 42 Feb 16 18:14 fullchain.pem → …/…/archive/_plesk_domain/fullchain2.pem
lrwxrwxrwx 1 psaadm psaadm 40 Feb 16 18:14 privkey.pem → …/…/archive/_plesk_domain/privkey2.pem
If I copy the privkey.pem and the fullchain.pem into another directory, then give the directory chown 472:root & chmod 777 and the files chmod +r, then it works. But I can’t copy the files every 3 months and most of all I want to have these files only once.
I’m not sure what effect it would have if I assign a different user to the certificate type files or similar, or if I should add the user (But which one is it when using a docker?) to the psaadm group?
In any case I am up for anything that works