Mount ssl certificate failed because of permission denied


I am trying to add SSL certificate and key to Docker container to use in it. I do not want to use the COPY Dockerfile command, instead, I used the “Bind mount a volume” as follows

docker run  -p 443:443 -v grafana-storage:/var/lib/grafana -v /etc/ssl/certs/platform-loc/x.crt:/etc/grafana/x.crt -v /etc/ssl/certs/platform-loc/x.key:/etc/grafana/x.key -e "GF_INSTALL_PLUGINS=yesoreyeram-boomtable-panel"  grafana_app

but the previous command failed with the following errors

t=2019-08-28T17:33:40+0000 lvl=info msg="HTTP Server Listen" logger=http.server address= protocol=https subUrl= socket=
t=2019-08-28T17:33:40+0000 lvl=eror msg="Stopped HTTPServer" logger=server reason="open /etc/grafana/x.crt: permission denied"
t=2019-08-28T17:33:40+0000 lvl=info msg="Stopped provisioningServiceImpl" logger=server reason="context canceled"
t=2019-08-28T17:33:40+0000 lvl=eror msg="Server shutdown" logger=server reason="open /etc/grafana/x.crt: permission denied"

and this is the content of my Dockerfile

FROM grafana/grafana
COPY config /config
USER root
RUN apt-get update && apt-get install -y vim
RUN cp /config/x.toml /etc/grafana/x.toml &&\
    cp /config/grafana.ini /etc/grafana/grafana.ini

Could someone please help me to fix this?

Start container with user id, which has permission to read that cert (--user <user-id>)
change ownership of cert in your filesystem, so default user in Grafana will have permissions to read it (e.g. chown 472:472 x.crt)


1 Like