mirror of
https://github.com/netbox-community/netbox-docker.git
synced 2025-06-27 05:11:47 +02:00
Created Custom CA (markdown)
parent
ca4adc7bfc
commit
51cbb190e9
53
Custom-CA.md
Normal file
53
Custom-CA.md
Normal file
@ -0,0 +1,53 @@
|
||||
When using TLS with a custom CA, there are a few variables that need to be set up.
|
||||
|
||||
Make sure that on the docker host has the self-signed trusted CA certificate in the OS cert bundle (e.g. in Ubuntu / Debian `/etc/ssl/certs/ca-certificates.crt` or in RHEL `/etc/ssl/certs/ca-bundle.crt`).
|
||||
|
||||
## For GIT datasources
|
||||
|
||||
For HTTPS repos, the Python `requests` package is used, which does not use the `SSL_CERT_FILE` environment variable. By default, `requests` is shipped with a dedicated (OS independent) trusted CA bundle. It relies on `certifi` as CA bundle source.
|
||||
In order to override this, override the env variable `REQUESTS_CA_BUNDLE`.
|
||||
|
||||
Adjust the `/path/to/os/cert/file` and update the `docker-compose.override.yml` as follows:
|
||||
|
||||
```yaml
|
||||
---
|
||||
services:
|
||||
netbox:
|
||||
environment:
|
||||
REQUESTS_CA_BUNDLE: /etc/ssl/certs/ca-certificates.crt
|
||||
volumes:
|
||||
volumes:
|
||||
- /path/to/os/cert/file:/etc/ssl/certs/ca-certificates.crt:ro
|
||||
netbox-worker:
|
||||
environment:
|
||||
REQUESTS_CA_BUNDLE: /etc/ssl/certs/ca-certificates.crt
|
||||
volumes:
|
||||
volumes:
|
||||
- /path/to/os/cert/file:/etc/ssl/certs/ca-certificates.crt:ro
|
||||
```
|
||||
|
||||
This overrides the trusted CA certificates within the containers, with the trusted CA certificates of your Linux Docker host (which includes your private CA certificates as well).
|
||||
|
||||
|
||||
## For LDAPS
|
||||
|
||||
Netbox [[LDAP]] uses django-ldap-auth which in turn uses the python-ldap package.
|
||||
This package currently does not support cert bundles with [EV data](https://en.wikipedia.org/wiki/Extended_Validation_Certificate) which are often delivered by modern OS (e.g. in RHEL `/etc/ssl/certs/ca-bundle.trust.crt`)
|
||||
|
||||
Make sure to use the cert bundle without the EV data (e.g. in RHEL `/etc/ssl/certs/ca-bundle.crt`)
|
||||
|
||||
|
||||
Adjust the `/path/to/os/cert/file` and update the `docker-compose.override.yml` as follows:
|
||||
|
||||
```yaml
|
||||
---
|
||||
services:
|
||||
netbox:
|
||||
environment:
|
||||
LDAP_IGNORE_CERT_ERRORS: False
|
||||
LDAP_CA_CERT_FILE: /etc/ssl/certs/ca-certificates.crt
|
||||
volumes:
|
||||
- /path/to/os/cert/file:/etc/ssl/certs/ca-certificates.crt:ro
|
||||
```
|
||||
|
||||
This overrides the trusted CA certificates within the containers, with the trusted CA certificates of your Linux Docker host (which includes your private CA certificates as well).
|
Loading…
x
Reference in New Issue
Block a user