Custom SSL/TLS certificates in Docker image

[eugeneromero]

We are trying to implement Unleash in my organization. We have deployed the Unleash server internally, and it listens on an internal HTTPS address. The Unleash proxy is therefore unable to connect to it, since it does not have the root CA certificate for our internal addresses. The Unleash proxy shows this error:

ERROR: FetchError: Unleash Repository error: request to https://internal.address/api/client/features failed, reason: self signed certificate in certificate chain

They way we normally work around this is by adding our local CA certificate in our docker images. However, this is not possible to do with the Unleash Proxy because the running user does not have root permissions, so it cannot make any modifications .

A method or some documentation on how to work with custom CA certificates should be added, for situations such as this.

Thanks!

[ivarconr]

Hi there,

you can possibly use NODE_EXTRA_CA_CERTS.

I have not tried this myself, but it could possibly work!

docker run \
   -v /full/path/to/cert.pem:/etc/ssl/cert.pem \
   -e NODE_EXTRA_CA_CERTS="/etc/ssl/cert.pem" \
   -e UNLEASH_PROXY_SECRETS=some-secret \
   -e UNLEASH_URL=https://some-host.com/api/ \
   -e UNLEASH_API_TOKEN=56907a2fa53c1d16101d509a10b78e36190b0f918d9f122d \
   -p 3000:3000 \
   unleashorg/unleash-proxy

[eugeneromero]

Thanks @ivarconr ! I will give this a try and report back.

[eugeneromero]

I can confirm that this flag does indeed work as expected. Maybe this should be added to the docs! Thanks for the prompt help @ivarconr. Closing issue.

[thomasheartman]

Hey, @eugeneromero! 👋🏼 Thanks for raising this; and glad you found a workaround. You're very right that this should be in the docs! I'm doing some work on the proxy documentation right now, so I'll make sure to get this in as part of that 🙋🏼

[eugeneromero]

Wonderful, thanks @thomasheartman!