Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Config: Skip the creation of a default HTTPS certificate if PHOTOPRISM_DEFAULT_TLS is "false" #3823

Closed
lastzero opened this issue Oct 14, 2023 Discussed in #3819 · 3 comments
Closed

Config: Skip the creation of a default HTTPS certificate if PHOTOPRISM_DEFAULT_TLS is "false" #3823

lastzero opened this issue Oct 14, 2023 Discussed in #3819 · 3 comments
Assignees
@lastzero
Labels
docker Docker Images, Build Scripts, Config & Deployment Examples enhancement Optimization, improvement or maintenance task please-test Ready for acceptance test released Available in the stable release

Comments

@lastzero
Copy link
Member

Discussed in #3819

Originally posted by barry-luijten October 12, 2023
Hi,

I have just upgraded Photoprism to the latest version (231011) and I noticed these logs during startup of the container, while I explicitly set the environment variables PHOTOPRISM_DISABLE_TLS="true" and PHOTOPRISM_DEFAULT_TLS="false":

started 231011 as root (amd64-prod)
init: https
Creating a default HTTPS/TLS certificate.
Generating self-signed issuer (CA) certificate...
Generating self-signed tls certificate...
Certificate request self-signature ok
subject=C = DE, ST = Berlin, L = Berlin, O = PhotoPrism, OU = Self-Hosted, emailAddress = hello@photoprism.app, CN = PhotoPrism
Updating permissions of keys in '/etc/ssl/private'...
Running 'update-ca-certificates'...
Updating certificates in /etc/ssl/certs...
mv: cannot move '/etc/ssl/certs/ca-certificates.crt.new' to 'ca-certificates.crt': Device or resource busy
make: *** [Makefile:16: install-https] Error 1

The error message is caused by the fact that I am mounting my own ca-certificates from a Docker config, so it's read-only in the container. I just think it is strange that Photoprism seems to be generating a self-signed CA and certificate while I configured it not to to anything with TLS. Photoprism seems to be working fine, but it looks like the environment variables have no effect on this behavior.
FYI, I'm using Traefik Proxy for handling https certificates, so no need for them in the container.

Please let me know if I'm doing anything wrong here ;)
@lastzero lastzero added enhancement Optimization, improvement or maintenance task docker Docker Images, Build Scripts, Config & Deployment Examples labels Oct 14, 2023
lastzero added a commit that referenced this issue Oct 14, 2023
@lastzero
HTTPS: Skip certificate creation if default TLS is disabled #3819 #3823
ef402ea 
Signed-off-by: Michael Mayer <michael@photoprism.app>
@lastzero lastzero added the please-test Ready for acceptance test label Oct 14, 2023
@lastzero lastzero self-assigned this Oct 14, 2023
@lastzero
Copy link
Member Author

This can be tested with our next preview build, which will be available in the next few days, probably on Sunday or Monday.

@lastzero lastzero changed the title HTTPS: Skip the creation of a default certificate if PHOTOPRISM_DEFAULT_TLS is "false" Config: Skip the creation of a default certificate if PHOTOPRISM_DEFAULT_TLS is "false" Oct 14, 2023
@lastzero lastzero changed the title Config: Skip the creation of a default certificate if PHOTOPRISM_DEFAULT_TLS is "false" Config: Skip the creation of a default HTTPS certificate if PHOTOPRISM_DEFAULT_TLS is "false" Oct 14, 2023
@lastzero
Copy link
Member Author

An updated preview build is now available for testing:

lastzero added a commit that referenced this issue Oct 14, 2023
@lastzero
HTTPS: Skip default certificate creation if TLS is disabled #3819 #3823
afd77a6 
Signed-off-by: Michael Mayer <michael@photoprism.app>
@lastzero
Copy link
Member Author

If we don't get any more feedback/problem reports regarding this issue, I'll consider the improvements ready for release :)

@graciousgrey graciousgrey added the released Available in the stable release label Oct 21, 2023
thiagoalmeidasa added a commit to thiagoalmeidasa/homelab that referenced this issue Dec 3, 2023
@thiagoalmeidasa
feat(photoprism): skip the creation of a default HTTPS certificate
1dd48e5 
photoprism/photoprism#3823
@thiagoalmeidasa thiagoalmeidasa mentioned this issue Dec 3, 2023
Merged
thiagoalmeidasa added a commit to thiagoalmeidasa/homelab that referenced this issue Dec 3, 2023
@thiagoalmeidasa
feat(photoprism): skip the creation of a default HTTPS certificate (#482
cfab157 
)

photoprism/photoprism#3823
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lastzero lastzero

Labels
docker Docker Images, Build Scripts, Config & Deployment Examples enhancement Optimization, improvement or maintenance task please-test Ready for acceptance test released Available in the stable release
Projects
Roadmap 🚀✨
Status: Release 🌈
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lastzero @graciousgrey