Auth0 SAML no such file ./private_key.key

GrittingGrister · May 26, 2023, 5:25am

Hi there,
I am trying to get grist-core setup with authentication. I am using docker-compose and here is my docker compose file:

version: '3'

services:
  grist:
    image: gristlabs/grist
    environment:
      - GRIST_SANDBOX_FLAVOR=pyodide
      - GRIST_DEFAULT_EMAIL=admin@xxxx.xxx
      - APP_HOME_URL=https://grist.xxxx.org
      - GRIST_FORCE_LOGIN=true
      - GRIST_SAML_SP_HOST=http://localhost:8484
      - GRIST_SAML_IDP_UNENCRYPTED=1
      - GRIST_SAML_IDP_LOGIN=https://xxxx.eu.auth0.com/samlp/xxxx
      - GRIST_SAML_IDP_LOGOUT=https://xxxx.eu.auth0.com/samlp/xxxx
      - GRIST_SAML_IDP_CERTS=./auth0.pem
      - GRIST_SAML_SP_KEY=$PWD/pkey.key
      - GRIST_SAML_SP_CERT=$PWD/certificate.crt
    ports:
      - 8484:8484
    volumes:
      - ./persist:/persist
    stdin_open: true
    tty: true

Here is the files and folders there.

dockerbox@dockerbox:/docker/grist$ ls -al
total 28
drwxr-xr-x  3 dockerbox dockerbox 4096 May 26 01:22 .
drwxr-xr-x 11 dockerbox dockerbox 4096 May 26 00:30 ..
-rw-r--r--  1 dockerbox dockerbox  768 May 26 01:13 docker-compose.yml
-rw-r--r--  1 dockerbox dockerbox 1200 May 26 01:07 certificate.crt
-rw-r--r--  1 dockerbox dockerbox 1107 May 26 00:59 auth0.pem
-rw-------  1 dockerbox dockerbox 1704 May 26 01:06 pkey.key
drwxr-xr-x  3 root      root      4096 May 26 01:04 persist

Why am I getting this error when I try to run it?

dockerbox@dockerbox:/docker/grist$ docker-compose logs
Attaching to grist_grist_1
grist_1  | Welcome to Grist.
grist_1  | In quiet mode, see http://localhost:8484 to use.
grist_1  | For full logs, re-run with DEBUG=1
grist_1  | 2023-05-26 05:13:59.129 - info: == Grist version is 1.1.0 (commit unknown)
grist_1  | 2023-05-26 05:13:59.136 - debug: skipping incomplete language fa (set GRIST_OFFER_ALL_LANGUAGES if you want it)
grist_1  | 2023-05-26 05:13:59.147 - info: Loading empty config because /persist/config.json missing
grist_1  | [Error: ENOENT: no such file or directory, open '/docker/grist/pkey.key'] {
grist_1  |   errno: -2,
grist_1  |   code: 'ENOENT',
grist_1  |   syscall: 'open',
grist_1  |   path: '/docker/grist/pkey.key'
grist_1  | }

EDIT: Forgot to say that the .key and .crt was created from here with this command:
openssl req -x509 -nodes -sha256 -days 3650 -newkey rsa:2048 -keyout private_key.key -out certificate.crt

Thank you in advance!

paul-grist · May 26, 2023, 12:27pm

Hi @GrittingGrister, a docker container only has access to the parts of your file system that you grant access to via the volumes section. Some options to make progress would be to share /docker/grist with the container via a second volumes line, or to move the key files to /persist, or to add a new shared directory specifically for the keys.

Good luck!

GrittingGrister · May 26, 2023, 12:33pm

Ahh, I knew I was forgetting something really silly. Thank you @paul-grist !

For anyone that made the same mistake I made.
It is referencing the location INSIDE the container. Not in the host machine.