[question] problems inside of docker

[ghstahl]

The error I get from

    provider, err := oidc.NewProvider(ctx, s.config.Authority)
    if err != nil {
        log.Error().Err(err).Msg("Failed to query provider.")
        return nil, status.Error(codes.Internal, "Failed to query provider.")
    }

 Failed to query provider. error="Get \"https://rage.localhost.dev/.well-known/openid-configuration\": tls: failed to verify certificate: x509: certificate signed by unknown authority" 

The setup is traefik in docker and I can get to that endpoint just fine outside of docker. This error is happens when a call is made from inside one of the containers.

I have setup docker-compse this way so that internal calls can resolve the url.

version: "3.8"

services:
  micro:
    deploy:
      restart_policy:
        condition: on-failure
        delay: 10s
        max_attempts: 10
        window: 120s
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"
    networks:
      - rage
      - proxy
    extra_hosts:
      - "host.docker.internal:host-gateway"
      - "rage.localhost.dev:host-gateway"

Is there a way to configure the provider to ignore tls?

[ericchiang]

You're likely missing root certificates for your container https://stackoverflow.com/questions/65297751/docker-container-with-golang-http-get-error-certificate-signed-by-unknown-autho

Go actually provides a package explicitly for this if you want to compile the certs into your binary rather than installing them in the image https://pkg.go.dev/golang.org/x/crypto/x509roots/fallback

Closing since this isn't a bug with go-oidc

[ghstahl]

Thank you!

That worked. added the following to my Dockerfile.

COPY ./certs /etc/ssl/certs/

My certs folder contains.

local-cert
local-key.pem