search

mprahl / s2i-angular-httpd24

S2I Builder for Angular Apps Based on the Official CentOS and RHEL httpd-24 Images
MIT License
2 stars 14 forks source link

Specifying certs for private npm registry/mirror #4

Closed ddelabru closed 5 years ago

ddelabru commented 5 years ago

I'm having a little trouble reconfiguring an OpenShift 3.11 build configuration to use this builder with a private mirror of the npm registry. I've used .npmrc to specify what I think should be an appropriate certificate file, but I'm getting an "unable to specify local issuer certificate" error the first time the assemble script tries to fetch something from the npm repo. Do you have any advice on configuring the s2i builder for this?

mprahl commented 5 years ago

I haven't tried using a private NPM registry yet, but this is something I'll need to do soon.

You might be able to mount your custom CA at /etc/ssl/certs/ca-bundle.crt as part of your build config. This assumes that the Red Hat RPM that provides npm is patched to use the system certificate bundle, which I haven't verified.

You might also have some luck using the NODE_EXTRA_CA_CERTS environment variable.

Were you able to verify that the .npmrc file exists in the directory that the assemble script runs in? I wonder if the file isn't getting copied over there for some reason since it's a hidden file.

ddelabru commented 5 years ago

When I have the bandwidth I'm going to test a few different ways to specify the certificate; I'm sure there's something simple I'm missing, or maybe it's the certificate file I was trying to use itself.

I am sure the .npmrc was making it into the build, because once I removed it, builds started working again. Obviously that's just kicking the can down the road in terms of our underlying need to use the mirror, though.

ddelabru commented 5 years ago

Okay, so I was ultimately able to fix this just by using the registry and cafile variables in .npmrc. I think the reason I was having problems before is that there was something wrong with the CA cert itself. So it should be a breeze to do this if you can include the CA cert right in SCM.

mprahl commented 5 years ago

@ddelabru this commit might be of interest to you if you decide to not use the .npmrc file: https://github.com/mprahl/s2i-angular-httpd24/commit/e6ad29e6443d3d72ca017f12f52d6f89ad1d6dbd