docker icon indicating copy to clipboard operation
docker copied to clipboard
verified publisher icon WeblateOrg

Feature: Easy method to add trusted CA Certificate in containerized installation

Open clawoflight opened this issue 3 years ago • 2 comments

Describe the problem

Your recommendation for handling private CAs is to trust them system-wide. This is a perfectly normal practice for system-wide installations. However, that would require building custom docker images for many on-prem installations, which brings a lot of maintenance overhead. IMHO this is something that the weblate docker image should support. We certainly do this for our products :)

Describe the solution you'd like

Proposal: A simple environment variable that we could set with a path to a CA certificate. The entrypoint of the docker image could then add it to the CA bundle itself.

This makes it easy to mount in a CA cert from a volume, as a Kubernetes secret object, etc.

Describe alternatives you've considered

No response

Screenshots

No response

Additional context

No response

clawoflight avatar May 30 '22 13:05 clawoflight

Maybe it could be a fixed location in /app/data/ssl? We already use this for SAML SSL certificates (see https://docs.weblate.org/en/latest/admin/install/docker.html#saml).

nijel avatar Jun 07 '22 07:06 nijel