search

zulip / docker-zulip

Container configurations, images, and examples for Zulip.
https://zulip.com/
Apache License 2.0
559 stars 236 forks source link

Using already existing ssl certificates #284

Open panomitrius opened 3 years ago

panomitrius commented 3 years ago

I'm wondering how I should configure my already existing ssl certificates in docker-compose.yml? It says to use the argument "CUSTOM_CA_CERTIFICATES" but with what parameters should I use that?

panomitrius commented 3 years ago

I found a sollution by commenting the SSL_CERTIFICATE_GENERATION option and linking my current ssl certicates by adding them as volumes: volumes: #...after the other volume settings - '/etc/letsencrypt/live/privkey.pem:/data/certs/zulip.key:ro' - '/etc/letsencrypt/live/fullchain.pem:/data/certs/zulip.combined-chain.crt:ro'

misaflo commented 2 years ago

Hello,

Putting the certificates here works:

shanzez commented 4 months ago

Which is the proper location? I don't see it mentioned in the documentation. Commenting out (or just not including) SSL_CERTIFICATE_GENERATION in the docker-compose.yml is not intuitive (to me at least). Especially, when I see in entrypoint that when you don't define it, it is just set to "self-signed".

I suppose I should set SSL_CERTIFICATE_GENERATION to anything except "self-signed" and "certbot". I'll go with "false". https://github.com/zulip/docker-zulip/blob/cd7692a7e6648e5a1da79fa71812428cd250b582/entrypoint.sh#L162-L165

I don't know about putting the certs in /opt/docker/zulip/zulip/certs. I don't see that in the documentation. I'll jump into the docker container once it exists and see if I can tell what the directory is doing.

I think perhaps the right place is:

      - "./zulip.key:/data/certs/zulip.key:ro"
      - "./zulip.combined-chain.crt:/data/certs/zulip.combined-chain.crt:ro"

with SSL_CERTIFICATE_GENERATION set to 'False'.

Update: This worked for me on version 8.2-0.