-
Notifications
You must be signed in to change notification settings - Fork 3.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Support for custom CA root certificates in Appsmith fat container #14207
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Shrikant Sharat Kandula <shrikant@appsmith.com>
Signed-off-by: Shrikant Sharat Kandula <shrikant@appsmith.com>
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
Unable to find test scripts. Please add necessary tests to the PR. |
1 task
github-actions
bot
added
Business Edition
Features that will be a part of our business edition
Community Reported
issues reported by community members
Deployment
DevOps Pod
Issues related to devops
Team Managers Pod
Issues that team managers care about for the security and efficiency of their teams
labels
May 31, 2022
Unable to find test scripts. Please add necessary tests to the PR. |
Signed-off-by: Shrikant Sharat Kandula <shrikant@appsmith.com>
Unable to find test scripts. Please add necessary tests to the PR. |
Signed-off-by: Shrikant Sharat Kandula <shrikant@appsmith.com>
Unable to find test scripts. Please add necessary tests to the PR. |
sharat87
changed the title
feat: Custom CA root certificates
feat: Support for custom CA root certificates in Appsmith fat container
Jun 1, 2022
Unable to find test scripts. Please add necessary tests to the PR. |
trishaanand
approved these changes
Jun 1, 2022
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Business Edition
Features that will be a part of our business edition
Community Reported
issues reported by community members
DevOps Pod
Issues related to devops
Enhancement
New feature or request
Team Managers Pod
Issues that team managers care about for the security and efficiency of their teams
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Problem description at #13202.
How to use solution
Problem: We have a custom CA root certificate that we want to install into Appsmith's container environment.
To do so, create a
ca-certs
folder understacks
, and place the ca certificate file in it. It your file ends with a.pem
extension, please rename it to.crt
extension, since Ubuntu only picks up files with.crt
extension for this purpose.Restart the Appsmith container and the new root cert should've been installed and setup.
To remove it, just remove the cert file and restart.
How to test solution
Get
mitmproxy
withbrew install mitmproxy
(for macOS).Start
mitmproxy
with the commandmitmweb --listen-port 9020 --web-port 9021
. This will open a browser tab with the proxied requests. Keep this running for the remainder of this test.Start a new Appsmith Docker container with the command:
docker run --name ace -p 8001:80 -v ~/appsmith-stacks-14207:/appsmith-stacks -d -e HTTPS_PROXY=http://host.docker.internal:9020 -e HTTP_PROXY=http://host.docker.internal:9020 appsmith/appsmith-ce:release
Now login to Appsmith at http://localhost:8001, signup, create an app, create an API action, and use
httpbun.com/get
as the query.Run this query, and see the cert validation failure error. This request should also show up in the proxy web interface, but in an incomplete/incorrect way.
Now let's copy the custom CA root cert of
mitmproxy
. Run:Restart the container with
docker restart ace
.Repeat step 4, but see that the JSON response shows up correctly. This request should also show up with full details in the proxy web interface.
Additional test cases
ca-certs
folder and restart.ca-certs
folder and restart.HTTPS_PROXY
and restart.