[FEATURE_REQUEST] Customizable SSL CAs

Lissy93 / dashy

🚀 A self-hostable personal dashboard built for you. Includes status-checking, widgets, themes, icon packs, a UI editor and tons more!

https://dashy.to

MIT License

18.04k stars 1.36k forks source link

[FEATURE_REQUEST] Customizable SSL CAs #1025

Open James-Firth opened 1 year ago

James-Firth commented 1 year ago

Is your feature request related to a problem? If so, please describe.

Related to the UNABLE_TO_VERIFY_LEAF_SIGNATURE issue mentioned in #35

Context:

Dashy is running on my home server in a docker container
I use pihole (in a container) to create custom DNS records for my other docker containers (eg coolapp.homeserver.local)
Caddy is a reverse proxy that handles all the SSL/HTTPS with a wildcard certificate I created with mkcert (which I installed on my client machine)

I'd like to use the custom dns coolapp.homeserver.local as both my link and my status check (to ensure it's actually accessible to other clients) but I get the above mentioned error.

Describe the solution you'd like

I would like to see another volume mount documented where I could put my custom root/intermediate CA certificate(s) so dashy will respect them in addition to the typical set of CAs

Priority

Medium (Would be very useful)

Is this something you would be keen to implement

liss-bot commented 1 year ago

If you're enjoying Dashy, consider dropping us a ⭐
_{🤖 I'm a bot, and this message was automated}

liss-bot commented 1 year ago

This issue has gone 6 weeks without an update. To keep the ticket open, please indicate that it is still relevant in a comment below. Otherwise it will be closed in 5 working days.

James-Firth commented 1 year ago

Bump thank you bot!

liss-bot commented 1 year ago

This issue has gone 6 weeks without an update. To keep the ticket open, please indicate that it is still relevant in a comment below. Otherwise it will be closed in 5 working days.

liss-bot commented 1 year ago

This issue was automatically closed because it has been stalled for over 6 weeks with no activity.

tenicio commented 10 months ago

Would love to see this implemented as well.

RamonAbudAlcala commented 9 months ago

Please reopen this! I have a custom CA to manage all my local services and dashy cannot do a "status check" due to errors such as "Server resulted in SELF_SIGNED_CERT_IN_CHAIN" or "Server resulted in UNABLE_TO_VERIFY_LEAF_SIGNATURE".

RamonAbudAlcala commented 6 months ago

I found out that Dashy's underlying system is Debian. Debian based systems have their custom CA certificates stored (usually) in /usr/local/share/ca-certificates/ but this directory does not exist.

docker exec -it dashy sh

Searching for that folder within dashy results in the following:

# cd /usr/local/share
# ls
doc  man

I do not know how else to add custom CA certificates.

Also, please reopen this Feature Request. I'd love to see my green dots for my live services.

CrazyWolf13 commented 6 months ago

@RamonAbudAlcala

Can confirm this, I also struggled to mount my own ca file.

And no dashy is underlying alpine, which has quite some differences and is optimized for lightweight OS.

For me I solved the issue by just getting a letsencrypt ssl cert, it literally made my life so much easier, suggest you the same!

CrazyWolf13 commented 6 months ago

Maybe this helps you get it working: https://stackoverflow.com/questions/67231714/how-to-add-trusted-root-ca-to-docker-alpine/67232164#67232164