This repository has been archived by the owner on Mar 27, 2019. It is now read-only.
Specify a self-signed CA Certificate #140
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Impressive @lingrino, I'm very surprised at how simple this looks. Thanks for cleaning up the Dockerfile also! I'll take a deeper look into this tonight (flying back in from vacation today) and if it works great, as I assume it does, we'll get it merged in. Thanks for this! |
|
@lingrino Looks good! Referencing NODE_EXTRA_CA_CERTS @stephansnyt this should take care of #97 as well. |
|
@djenriquez Thanks! Glad I could contribute. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR lets anyone pass a self-signed certificate as a runtime environment variable using
CUSTOM_CA_CERT. This is a much better solution than ignoring TLS rejections.Previously this could only be accomplished by building your child image, copying the cert, and specifying
NODE_EXTRA_CA_CERTS. With this PR users won't have to build and host their own images just to use a self-signed CA.I also updated the Dockerfile to use an ENTRYPOINT instead of CMD, based on the best practices guide. This lets you start the app by default, but easily pass
/bin/shor any other command to docker run instead. It also lets us trust the CA cert before starting the app.Let me know any thoughts/feedback. Thanks.