Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum
Apps | Demo | Docs | Install

If the Custom Certificate option is chosen please map a path to the public keys into each container's ca-certificates or equivalent

Scheduled Pinned Locked Moved Feature Requests
1 Posts 1 Posters 179 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • ChristopherMagC Online
    ChristopherMagC Online
    ChristopherMag
    wrote on last edited by nebulon
    #1

    The Custom Certificate's documentation mentions that

    Intermediate Certs - You can upload a certificate chain by simply appending all the intermediate certs in the same cert file.

    In my scenario I use a wild card certificate that was issued using our own root ca.

    Appending its public key to the certificate chain works fine to allow me to use the wild card certificate in cloudron but there isn't a process in place to expose the public key of the custom root ca to each of the containers.

    It would be really helpful if all the public keys contained in whatever custom certificate file is uploaded using the Custom Certificate feature were automatically added/linked/exposed in the right spot in each container so that those containers would automatically trust the wild card cert and anything else from the root ca that issued it.

    Something like adding the following to the docker file:

    ADD your_ca_root.crt /usr/local/share/ca-certificates/foo.crt
RUN chmod 644 /usr/local/share/ca-certificates/foo.crt && update-ca-certificates

    Source

    Currently I have to be aware of this whenever adding new apps as I may hit broken functionality and ambigous errors that in the end track back to this issue and require their own app specific work around.

    Here are some examples:

    • Redash
      • cloudron env set --app redash.cloudron.domain.com REDASH_ENFORCE_PRIVATE_IP_BLOCK=false
      • Add a file named cloudronwildcard.pem that contains the public key for the wildcard certificate to the /app/data directory
      • cloudron env set --app redash.cloudron.domain.com REQUESTS_CA_BUNDLE=/app/data/cloudronwildcard.pem
    • N8N
      • cloudron env set --app n8n.cloudron.domain.com NODE_TLS_REJECT_UNAUTHORIZED=0
    • Onlyoffice
      • services.CoAuthoring.requestDefaults.rejectUnauthorized=false in /etc/onlyoffice/documentserver/defaults.json Source

    For these examples I believe if each of these containers was configured to trust all the public keys that were loaded when the custom certificate file was uploaded then N8N and Onlyoffice would work without anything extra, Redash may still require REDASH_ENFORCE_PRIVATE_IP_BLOCK=false but the other steps wouldn't be needed.

    1 Reply Last reply
    1
  • nebulonN nebulon moved this topic from Support on
  • ChristopherMagC ChristopherMag referenced this topic on
  • ChristopherMagC ChristopherMag referenced this topic on
  • ChristopherMagC ChristopherMag referenced this topic on

  • Login
  • Don't have an account? Register
  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks