Docker TLS certificate not presented to server

[sevmonster]

⚠️ Please verify that this bug has NOT been raised before.

• I checked and didn't find similar issue

🛡️ Security Policy

• I agree to have read this project Security Policy

Description

I added ca.pem, cert.pem, and key.pem to the docker-tls directory, and added the self-signed CA to Node with NODE_EXTRA_CA_CERTS=/app/data/docker-tls/ca.pem in my docker-compose.yml, but I get the error http: TLS handshake error from 1.2.3.4:1234: tls: client didn't provide a certificate in Docker logs, and Uptime Kuma is unable to connect.

I am able to manually connect to the daemon with curl:

sudo sh -c "cd data/docker-tls; curl 'https://1.2.3.4:2376/containers/json?all=true' --cert cert.pem --cacert ca.pem --key key.pem"

{"docker json": "output"}

And for good measure I am able to do so from the host as well:

sudo curl 'https://1.2.3.4:2376/containers/json?all=true' -k --cert cert.pem --cacert ca-public.pem --key key.pem

{"docker json": "output"}

👟 Reproduction steps

1. Generate self-signed host and client certs
2. Enable tls in Docker daemon and provide host keys/CA
3. Install client keys/CA to docker-tls directory in Uptime Kuma data directory
4. Add HTTPS Docker host to Uptime Kuma

👀 Expected behavior

It works

😓 Actual Behavior

It doesn't work

🐻 Uptime-Kuma Version

1.23.6

💻 Operating System and Arch

Alpine Linux edge

🌐 Browser

Chromium 119

🐋 Docker Version

Docker 24.0.7

🟩 NodeJS Version

No response

📝 Relevant log output

No response

[chakflying]

According to #2852 you need to put the certificate files in a subfolder in docker-tls with the FQDN as the folder name. Have you tried doing so?

[sevmonster]

You're right, I missed the dataDir variable. I will update the wiki later since that hasn't been done yet.