Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Docker container failing to verify InfluxDB certificate #129

Closed
Luzifer opened this issue Oct 3, 2019 · 3 comments · Fixed by #131

Comments

@Luzifer
Copy link

commented Oct 3, 2019

As of being a scratch container without any root certificates embedded it's not possible to verify the TLS certificate of the InfluxDB URL when using HTTPs.

A workaround for this issue is to mount the host certificates into the container while IMHO a proper solution would be to ship distro-certificates inside the container.

Workaround:

# Generic (Debian/Ubuntu/Gentoo/Alpine/...)
docker run \
	... \
	-v /etc/ssl:/etc/ssl:ro \
	... \
	golift/unifi-poller:stable

# Archlinux
docker run \
	... \
	-v /etc/ssl:/etc/ssl:ro \
	-v /etc/ca-certificates:/etc/ca-certificates:ro \
	... \
	golift/unifi-poller:stable

As an example how to fix this directly you could add another build step:

FROM [...]
[...]

FROM alpine:latest AS certs

FROM scratch
[...]
COPY --from=certs /etc/ssl /etc/ssl
[...]
@Luzifer Luzifer changed the title Docker container failing to verify LetsEncrypt certificate Docker container failing to verify InfluxDB certificate Oct 3, 2019
@davidnewhall

This comment has been minimized.

Copy link
Owner

commented Oct 5, 2019

Thanks for the report! I'll update application-builder and port the changes to the Poller as soon as I'm able to!

@davidnewhall

This comment has been minimized.

Copy link
Owner

commented Oct 8, 2019

I tried something a little different. Can you test the ssl_certs tag?

docker pull golift/unifi-poller:ssl_certs

Thank you!!

@Luzifer

This comment has been minimized.

Copy link
Author

commented Oct 8, 2019

That of course works too! 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.