S3ng Trust Internal CA

techmagellc · October 7, 2023, 3:00am

→

Steps to reproduce

Configure OCIS to connect to Minio Instance behind proxy using internal CA cert
Attempt to upload file to OCIS
Fail with error in log “failed to upload file to blostore: could not store object ‘blobuid’ into bucket ‘bucketname’: Put "h t t p s://url:port/bucketname/blobuid": tls: failed to verify certificate: x509: certificate signed by unknown authority”

Expected behaviour

Tell us what should happen
There should be a way to provide the internal CA’s cert to the docker container. I tried copying it into the container and running update-ca-certificates.

Actual behaviour

Tell us what happens instead
It doesn’t trust the internal CA.

Server configuration

Operating system: Docker

Web server: NA

Database: NA

PHP version: NA

ownCloud version: (see ownCloud admin page) 4.0.0+8931ee118

Updated from an older ownCloud or fresh install: Fresh

Where did you install ownCloud from: Docker

Alternatively, since this is running all inside my own network, I’d be okay with an option to tell it to skip verifying the certificate. But, I’d prefer not to do that if I can avoid it.

dragonchaser · October 9, 2023, 7:03am

You are right we do not have an option for passing a custom CA to the container. I would suggest to build your own container based on ocis:<desired_tag> for now (and pass your own ca there). I assume running update-ca-certificates on the won’t work once ocis ist started. It would be awesome if you´d create a ticket (as a [Feature Request] for that on github and describe you use-case in more detail so we can discuss this internally.