image-export with self signed CA & certs -> ERR_CERT_AUTHORITY_INVALID

jgraph / docker-drawio

Dockerized draw.io based on whichever is the most secure image at the time.

GNU General Public License v3.0

1.48k stars 359 forks source link

Hey, I'm trying to get image-export running so we can export diagrams as PDFs, but unfortunately I cannot get it to work:

services:
  image-export:
    image: jgraph/export-server
    expose:
      - "8000"
    networks:
      - drawionet
    volumes:
      - ./fonts:/usr/share/fonts/drawio
    environment:
      - DRAWIO_BASE_URL=https://test-drawio.example.org
  drawio:
    image: jgraph/drawio
    ports:
      - 7071:8443
      - 7070:8080
    depends_on:
      - image-export
    networks:
      - drawionet
    environment:
      - EXPORT_URL=http://image-export:8000/
      - DRAWIO_BASE_URL=https://test-drawio.example.org
      - DRAWIO_SERVER_URL=https://test-drawio.example.org
networks:
  drawionet:

I tried to build the container myself with this lines added to Dockerfile:

COPY CA.crt /usr/local/share/ca-certificates/CA.crt

RUN update-ca-certificates

but the error keeps occuring.

We got this working with an (internal) self signed wildcard cert using Traefik as a middleman. No modifications were needed to the docker containers, and no certs needed to be inserted beyond what is done for Traefik.

This will vary depending on how you setup Traefik (Or your reverse proxy of choice), but basically the 3 containers route their traffic through the traefik network.

Added to each container -

` labels:

"traefik.enable=true"
"traefik.http.routers.drawio.rule=Host(drawio.domain.xxx)"
"traefik.http.routers.drawio.entrypoints=websecure"
"traefik.http.routers.drawio.tls=true"
"traefik.http.services.drawio.loadbalancer.server.port=8080"
`

Added to the bottom of the docker-compose

networks: drawionet: traefik_default: external: true

jgraph / docker-drawio

image-export with self signed CA & certs -> ERR_CERT_AUTHORITY_INVALID #159