search

processone / docker-ejabberd

Set of ejabberd Docker images
95 stars 77 forks source link

cafile and ca-certificates #90

Closed lukewarms closed 1 year ago

lukewarms commented 1 year ago

Hi, I am running a docker smallstep PKI and wanting to run ACME in the ejabberd container. I have pointed ACME to my ca_url in the config file and build the following Dockerfile which i can confirm adds my root_ca.crt to the Alpine container /etc/ssl/certs/ca-certificates.crt

FROM ghcr.io/processone/ejabberd
USER root
RUN apk update && apk add --no-cache --update ca-certificates
COPY ./root_ca.crt /usr/local/share/ca-certificates
COPY ./ejabberd.yml /opt/ejabberd/conf/ejabberd.yml
RUN update-ca-certificates

However, when i run the container, it still fails to validate my ca with:

2022-11-03 20:56:53.729535+00:00 [warning]
 Description: "Authenticity is not established by certificate path validation"
     Reason: "Option {verify, verify_peer} and cacertfile/cacerts is missing"

Am i missing something on how /opt/ejabberd/conf/cacert.pem is populated?

Thanks Luke

lukewarms commented 1 year ago

Solved by appending the file instead ie:

FROM alpine:latest

COPY my-cert.pem /usr/local/share/ca-certificates/my-cert.crt

RUN cat /usr/local/share/ca-certificates/my-cert.crt >> /etc/ssl/certs/ca-certificates.crt && \
    apk --no-cache add \
        curl

https://stackoverflow.com/questions/67231714/how-to-add-trusted-root-ca-to-docker-alpine