search

MichaIng / DietPi

Lightweight justice for your single-board computer!
https://dietpi.com/
GNU General Public License v2.0
4.9k stars 499 forks source link

DietPi-Software | Enable Portainer to use services using certs issued by a private CA #7215

Closed oldboys92 closed 2 months ago

oldboys92 commented 2 months ago

Creating a feature request

Is your feature request related to a problem? Please describe:

Portainer docker image is not able to use services secured by certificates issued by a private CA (like Step CA). Even the docker host machine has these CA in the /etc/ssl/certs/ca-certificates.crt the portainer image has his own certificates file and not using the ones on the docker host machine.

Describe the solution you'd like:

Overwrite image default certificates store with the one from host system /etc/ssl/certs/ca-certificates.crt. This can be done by overwriting the file via docker volume parameter when portainer container is started. The volume can be mounted as read-only, so changes are possible only from the docker host.

Additional context

I've activated OIDC auth in portainer using Gitea OAuth feature and both services are using SSL configuration via certificates issued by a private CA. In order for portainer to accept these certificates, the private issuer CA must be made available inside the docker image, without a custom build.

Going to open a PR for supporting this feature.

MichaIng commented 2 months ago

Implemented for next release, many thanks 👍.