search

hoarder-app / hoarder

A self-hostable bookmark-everything app (links, notes and images) with AI-based automatic tagging and full text search
https://hoarder.app
GNU Affero General Public License v3.0
4.63k stars 155 forks source link

Issues related to self-signed certificates #500

Open anselor opened 2 weeks ago

anselor commented 2 weeks ago

I've run into a number of issues on my home LAN related to self-signed certificates. At a minimum these should be added to the documentation but, perhaps, may be desirable to have the defaults do something similar to this.

The node.js environment appears to have its own list of root CAs that is separate from the host environment it operates in. To have node.js share the same list of root CAs as its host environment (on debian-based linux distros, at least), this environment variable needs to be added to the container:

NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt

In my specific case where I have self-hosted a certificate authority with a self-signed root cert in my LAN, I've registered this cert to the docker host environment and it just needs to be mapped into the hoard container's environment with this:

    volumes:
      - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro

Additionally, on the mobile app, it's unable to connect even when the root CA has been added to the phone's trusted store.

anselor commented 2 weeks ago

It appears this PR may address the last point: https://github.com/hoarder-app/hoarder/pull/416