You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A vantage6 node running on a host behind a transparent HTTPS proxy fails to connect to the vantage6 server because the node does not trust the necessary CA certificate set up for this transparent proxy.
Desired solution
A way for a node administrator to add a CA certificate for the node to trust, or the set of certificates to trust (?).
Additional context
In Python, requests uses a separate rootstore from the system's (e.g. /etc/ssl). But I believe environment variable REQUESTS_CA_BUNDLE can be used to specify a different rootstore. Of course, this CA bundle / rootstore should exist in the container's file system, perhaps by means of volume mapping.
Note too, that even when running v6 node new on the host (no docker), this will fail due to the configuration's wizard attempt to fetch data from the server. But in this case, the user can manually set the REQUESTS_CA_BUNDLE environment variable beforehand.
Note
Perhaps after we provide users with an option to run a node only using docker-compose, this feature will be implicit.
The text was updated successfully, but these errors were encountered:
node_extra_mounts: allows the node administrator to mount on the node
additional volumes.
node_extra_env: allows the node administrator to set additional
environment variables.
Combined, these options can be used to address #961
(#961)
Problem description
A vantage6 node running on a host behind a transparent HTTPS proxy fails to connect to the vantage6 server because the node does not trust the necessary CA certificate set up for this transparent proxy.
Desired solution
A way for a node administrator to add a CA certificate for the node to trust, or the set of certificates to trust (?).
Additional context
In Python,
requests
uses a separate rootstore from the system's (e.g./etc/ssl
). But I believe environment variableREQUESTS_CA_BUNDLE
can be used to specify a different rootstore. Of course, this CA bundle / rootstore should exist in the container's file system, perhaps by means of volume mapping.Note too, that even when running
v6 node new
on the host (no docker), this will fail due to the configuration's wizard attempt to fetch data from the server. But in this case, the user can manually set theREQUESTS_CA_BUNDLE
environment variable beforehand.Note
Perhaps after we provide users with an option to run a node only using docker-compose, this feature will be implicit.
The text was updated successfully, but these errors were encountered: