nijel
commented
2 years ago Maybe it could be a fixed location in /app/data/ssl? We already use this for SAML SSL certificates (see https://docs.weblate.org/en/latest/admin/install/docker.html#saml).
Open clawoflight opened 2 years ago
nijel
commented
2 years ago Maybe it could be a fixed location in /app/data/ssl? We already use this for SAML SSL certificates (see https://docs.weblate.org/en/latest/admin/install/docker.html#saml).
Describe the problem
Your recommendation for handling private CAs is to trust them system-wide. This is a perfectly normal practice for system-wide installations. However, that would require building custom docker images for many on-prem installations, which brings a lot of maintenance overhead. IMHO this is something that the weblate docker image should support. We certainly do this for our products :)
Describe the solution you'd like
Proposal: A simple environment variable that we could set with a path to a CA certificate. The entrypoint of the docker image could then add it to the CA bundle itself.
This makes it easy to mount in a CA cert from a volume, as a Kubernetes secret object, etc.
Describe alternatives you've considered
No response
Screenshots
No response
Additional context
No response