I try to run as many images as possible read-only to reduce the chances of being hacked. It would be nice if there were an option to completely disable TLS and the generation of the keystore file via environment variables. I do my TLS termination in another container and don't need/want the JVM to do it.
I run my draw.io container with a tmpfs at /usr/local/tomcat/work/Catalina/localhost to keep Tomcat happy, and I copied a .keystore out to my host filesystem and mount it into the container at /usr/local/tomcat/.keystore as a temporary workaround.
I try to run as many images as possible read-only to reduce the chances of being hacked. It would be nice if there were an option to completely disable TLS and the generation of the keystore file via environment variables. I do my TLS termination in another container and don't need/want the JVM to do it.
I run my draw.io container with a tmpfs at
/usr/local/tomcat/work/Catalina/localhostto keep Tomcat happy, and I copied a.keystoreout to my host filesystem and mount it into the container at/usr/local/tomcat/.keystoreas a temporary workaround.Thanks for the fantastic image!