search

singularityhub / sregistry

server for storage and management of singularity images
https://singularityhub.github.io/sregistry
Mozilla Public License 2.0
103 stars 42 forks source link

uwsgi_1 - gitlab oauth2 ignore ssl cert #397

Closed ifelsefi closed 2 years ago

ifelsefi commented 2 years ago

Hi

Can I configure uwsgi_1 worker to ignore SSL cert at my local gitlab instance:

uwsgi_1      | social_core.exceptions.AuthFailed: Authentication failed: HTTPSConnectionPool(host='devgitlab.domain.example.com, port=443): Max retries exceeded with url: /oauth/token (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)'),))

The workers are mounting /etc/ssl which has the root ca bundle used by the remote Gitlab server.

Callback URL is correct.

Thank you!

vsoch commented 2 years ago

I've never done that before, but I'd play around with the uwsgi params file, e.g., https://serverfault.com/questions/771177/how-do-i-configure-a-whitelist-of-ssl-tls-protocols-in-uwsgi

ifelsefi commented 2 years ago

I am trying to get uwsgi to use ca path at /etc/ssl which has cert bundle for verifying my Gitlab instance. This would allow uwsgi to verify the identify of the remote Gitlab.

ifelsefi commented 2 years ago

Adding these vars fixed the problem. I can now use Gitlab oAuth:

SSL_CERT_FILE=/etc/pki/tls/certs/ca-bundle.crt
SSL_CERT_DIR=/etc/pki/tls/certs
REQUESTS_CA_BUNDLE=/etc/pki/tls/certs/ca-bundle.crt