stable
Clone or download
This is needed to make services running inside the container to communicate between themselves using HTTPS. The way the self-signed cert is created during the first installation has been modified. The existing generation did not properly set the needed properties to make certificate recognized as a CA file. This prevented `update-ca-trust` to extract the certificate to put it in the CA bundle. Also in the dev context we now copy this certificate into the source anchors so it is recognized without additional manipulations. To test with an existing dev instance, you will need to, from within the container: * recreate the certificate: the easieast way is to move `/etc/nginx/conf.d/tuleap.conf` and `/etc/pki/tls/certs/localhost.cert.pem` to backup paths and then call `tuleap-cfg site-deploy` * restart nginx with `systemctl restart nginx` * move the new certificate into the source anchors directory: `cp /etc/pki/tls/certs/localhost.cert.pem /etc/pki/ca-trust/source/anchors/tuleap-web-cert.pem` * call `update-ca-trust` to regenerate the bundle * test everything work with `curl https://tuleap-web.tuleap-aio-dev.docker/`, no error should be thrown Part of story #26042: install mediawiki standalone Change-Id: I25ebd79e34f4cdc52b002fdf832754ce0a7062fe
Modified Files
| Name | ||||
|---|---|---|---|---|
| M | docker-compose.yml | +5 | −0 | Go to diff View file |
| M | src/tuleap-cfg/Command/SiteDeploy/Nginx/NginxCommon.php | +5 | −1 | Go to diff View file |
| A | src/tuleap-cfg/Command/SiteDeploy/Nginx/openssl-conf-self-signed-cert.cnf | +7 | −0 | Go to diff View file |
| M | tools/docker/tuleap-aio-dev/run.sh | +2 | −0 | Go to diff View file |