Setting up CA certificate for the container

Hey there!

I'm hosting Coder on a Redhat VM that is already configured with it's certificate from our CA. However, I'm having a hard time trying to set it up on the container.

After starting the workspace if I check the

docker logs

docker logs

of the container I get

curl -fsSL --compressed https://coder.ourdomain.com/bin/coder-linux-amd64 -o coder
curl: (60) SSL certificate problem: unable to get local issuer certificate

curl -fsSL --compressed https://coder.ourdomain.com/bin/coder-linux-amd64 -o coder
curl: (60) SSL certificate problem: unable to get local issuer certificate

I'm using the Docker Containers starter template and added the upload block on the docker_container resource to upload the certificate from the Coder machine to the container.

upload {
  file   = "/usr/local/share/ca-certificates/cert.crt"
  source = "/srv/certificate.pem
}

upload {
  file   = "/usr/local/share/ca-certificates/cert.crt"
  source = "/srv/certificate.pem
}

This part is working fine, however it does not update the certificates automatically, leading to the error above. To fix this, on the Coder host I have to

docker exec -it <container_id> bash

docker exec -it <container_id> bash

and then run the

sudo update-ca-certificates

sudo update-ca-certificates

(without sudo fails).

I tryed adding this

entrypoint = ["sh", "-c", replace(...), "&&", "sudo update-ca-certificates"]

entrypoint = ["sh", "-c", replace(...), "&&", "sudo update-ca-certificates"]

to the entrypoint parameter of the docker_containers resource but it did not work.

Is it possible to configure like this? Thanks in advance!

Solution

Updating here in case it helps someone going through something similar, the "unable to get local issuer certificate" as the error itself suggests was a problem with how our intermediate certificate was generated.

However, using a self-signed certificate to validate it still caused the "could not resolve hostname" error when trying to open Coder on VS Code Desktop extension.

It was necessary, in addition to including the self-signed certificate in the trust store of our machine, which had already been done, to add the environment variable NODE_EXTRA_CA_CERTS on the machine pointing to the path of the certificate.

Jump to solution

Coder.com•12mo ago•

17 replies

GR8B8

Setting up CA certificate for the container

docker logs

docker logs

of the container I get

curl -fsSL --compressed https://coder.ourdomain.com/bin/coder-linux-amd64 -o coder
curl: (60) SSL certificate problem: unable to get local issuer certificate

curl -fsSL --compressed https://coder.ourdomain.com/bin/coder-linux-amd64 -o coder
curl: (60) SSL certificate problem: unable to get local issuer certificate

I'm using the Docker Containers starter template and added the upload block on the docker_container resource to upload the certificate from the Coder machine to the container.

upload {
  file   = "/usr/local/share/ca-certificates/cert.crt"
  source = "/srv/certificate.pem
}

upload {
  file   = "/usr/local/share/ca-certificates/cert.crt"
  source = "/srv/certificate.pem
}

This part is working fine, however it does not update the certificates automatically, leading to the error above. To fix this, on the Coder host I have to

docker exec -it <container_id> bash

docker exec -it <container_id> bash

and then run the

sudo update-ca-certificates

sudo update-ca-certificates

(without sudo fails).

I tryed adding this

entrypoint = ["sh", "-c", replace(...), "&&", "sudo update-ca-certificates"]

entrypoint = ["sh", "-c", replace(...), "&&", "sudo update-ca-certificates"]

to the entrypoint parameter of the docker_containers resource but it did not work.

Is it possible to configure like this? Thanks in advance!

Solution

Jump to solution

Setting up CA certificate for the container

Setting up CA certificate for the container

Similar Threads

Similar Threads

Similar Threads