Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Support for custom CA root certificates in Appsmith fat container #14207

Merged
merged 4 commits into from
Jun 1, 2022
Merged

feat: Support for custom CA root certificates in Appsmith fat container #14207

merged 4 commits into from
Jun 1, 2022

Conversation

sharat87
Copy link
Member

@sharat87 sharat87 commented May 31, 2022
edited

Problem description at #13202.

How to use solution

Problem: We have a custom CA root certificate that we want to install into Appsmith's container environment.

To do so, create a ca-certs folder under stacks, and place the ca certificate file in it. It your file ends with a .pem extension, please rename it to .crt extension, since Ubuntu only picks up files with .crt extension for this purpose.

Restart the Appsmith container and the new root cert should've been installed and setup.

To remove it, just remove the cert file and restart.

How to test solution

  1. Get mitmproxy with brew install mitmproxy (for macOS).

  2. Start mitmproxy with the command mitmweb --listen-port 9020 --web-port 9021. This will open a browser tab with the proxied requests. Keep this running for the remainder of this test.

  3. Start a new Appsmith Docker container with the command:

    docker run --name ace -p 8001:80 -v ~/appsmith-stacks-14207:/appsmith-stacks -d -e HTTPS_PROXY=http://host.docker.internal:9020 -e HTTP_PROXY=http://host.docker.internal:9020 appsmith/appsmith-ce:release

  4. Now login to Appsmith at http://localhost:8001, signup, create an app, create an API action, and use httpbun.com/get as the query.

  5. Run this query, and see the cert validation failure error. This request should also show up in the proxy web interface, but in an incomplete/incorrect way.

  6. Now let's copy the custom CA root cert of mitmproxy. Run:

    mkdir -v ~/appsmith-stacks-14207/ca-certs && cp -v ~/.mitmproxy/mitmproxy-ca-cert.pem ~/appsmith-stacks-14207/ca-certs/mitmproxy-ca-cert.crt

  7. Restart the container with docker restart ace.

  8. Repeat step 4, but see that the JSON response shows up correctly. This request should also show up with full details in the proxy web interface.

Additional test cases

  • Empty ca-certs folder and restart.
  • Delete ca-certs folder and restart.
  • Check if proxy works for HTTP URLs as well.
  • Empty value for HTTPS_PROXY and restart.

@sharat87
Support custom CA root certs
9415c7a 
Signed-off-by: Shrikant Sharat Kandula <shrikant@appsmith.com>
@sharat87
Don't fail when proxy not configured
819c38c 
Signed-off-by: Shrikant Sharat Kandula <shrikant@appsmith.com>
@vercel
Copy link

vercel bot commented May 31, 2022
edited

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Updated
appsmith ✅ Ready (Inspect) Visit Preview Jun 1, 2022 at 3:17AM (UTC)

@github-actions github-actions bot added the Enhancement New feature or request label May 31, 2022
@github-actions
Copy link

Unable to find test scripts. Please add necessary tests to the PR.

@sharat87 sharat87 linked an issue May 31, 2022 that may be closed by this pull request
[Feature]: Install custom trust root CA in the Appsmith container #13202
Closed
1 task
@github-actions github-actions bot added Business Edition Features that will be a part of our business edition Community Reported issues reported by community members Deployment DevOps Pod Issues related to devops Team Managers Pod Issues that team managers care about for the security and efficiency of their teams labels May 31, 2022
@github-actions
Copy link

Unable to find test scripts. Please add necessary tests to the PR.

@sharat87
Intelligently fill up proxy env variables
9cd5b77 
Signed-off-by: Shrikant Sharat Kandula <shrikant@appsmith.com>
@github-actions
Copy link

Unable to find test scripts. Please add necessary tests to the PR.

@sharat87
Don't override http_proxy with https_proxy
16ba7f8 
Signed-off-by: Shrikant Sharat Kandula <shrikant@appsmith.com>
@github-actions
Copy link

github-actions bot commented Jun 1, 2022

Unable to find test scripts. Please add necessary tests to the PR.

@sharat87 sharat87 marked this pull request as ready for review June 1, 2022 03:14
@sharat87 sharat87 changed the title feat: Custom CA root certificates feat: Support for custom CA root certificates in Appsmith fat container Jun 1, 2022
@github-actions
Copy link

github-actions bot commented Jun 1, 2022

Unable to find test scripts. Please add necessary tests to the PR.

@sharat87 sharat87 merged commit 73e43fa into release Jun 1, 2022
@sharat87 sharat87 deleted the feat/custom-ca-cert-fat-container branch June 1, 2022 05:44
@sharat87 sharat87 mentioned this pull request Jun 1, 2022
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@trishaanand trishaanand trishaanand approved these changes

@pratapaprasanna pratapaprasanna Awaiting requested review from pratapaprasanna pratapaprasanna is a code owner

Assignees
No one assigned
Labels
Business Edition Features that will be a part of our business edition Community Reported issues reported by community members DevOps Pod Issues related to devops Enhancement New feature or request Team Managers Pod Issues that team managers care about for the security and efficiency of their teams
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Feature]: Install custom trust root CA in the Appsmith container
2 participants
@sharat87 @trishaanand