[FEATURE_REQUEST] Customizable SSL CAs

[James-Firth]

trafficstars

Is your feature request related to a problem? If so, please describe.

Related to the UNABLE_TO_VERIFY_LEAF_SIGNATURE issue mentioned in #35

Context:

• Dashy is running on my home server in a docker container
• I use pihole (in a container) to create custom DNS records for my other docker containers (eg coolapp.homeserver.local)
• Caddy is a reverse proxy that handles all the SSL/HTTPS with a wildcard certificate I created with mkcert (which I installed on my client machine)

I'd like to use the custom dns coolapp.homeserver.local as both my link and my status check (to ensure it's actually accessible to other clients) but I get the above mentioned error.

Describe the solution you'd like

I would like to see another volume mount documented where I could put my custom root/intermediate CA certificate(s) so dashy will respect them in addition to the typical set of CAs

Priority

Medium (Would be very useful)

Is this something you would be keen to implement

No

[liss-bot]

If you're enjoying Dashy, consider dropping us a ⭐
_{🤖 I'm a bot, and this message was automated}

[liss-bot]

This issue has gone 6 weeks without an update. To keep the ticket open, please indicate that it is still relevant in a comment below. Otherwise it will be closed in 5 working days.

[James-Firth]

Bump thank you bot!

[liss-bot]

This issue has gone 6 weeks without an update. To keep the ticket open, please indicate that it is still relevant in a comment below. Otherwise it will be closed in 5 working days.

[liss-bot]

This issue was automatically closed because it has been stalled for over 6 weeks with no activity.

[tenicio]

Would love to see this implemented as well.

[RamonAbudAlcala]

Please reopen this! I have a custom CA to manage all my local services and dashy cannot do a "status check" due to errors such as "Server resulted in SELF_SIGNED_CERT_IN_CHAIN" or "Server resulted in UNABLE_TO_VERIFY_LEAF_SIGNATURE".

[RamonAbudAlcala]

I found out that Dashy's underlying system is Debian. Debian based systems have their custom CA certificates stored (usually) in /usr/local/share/ca-certificates/ but this directory does not exist.

docker exec -it dashy sh

Searching for that folder within dashy results in the following:

# cd /usr/local/share
# ls
doc  man

I do not know how else to add custom CA certificates.

Also, please reopen this Feature Request. I'd love to see my green dots for my live services.

[CrazyWolf13]

@RamonAbudAlcala

Can confirm this, I also struggled to mount my own ca file.

And no dashy is underlying alpine, which has quite some differences and is optimized for lightweight OS.

For me I solved the issue by just getting a letsencrypt ssl cert, it literally made my life so much easier, suggest you the same!

[CrazyWolf13]

Maybe this helps you get it working: https://stackoverflow.com/questions/67231714/how-to-add-trusted-root-ca-to-docker-alpine/67232164#67232164

[giray]

you need to specify NODE_EXTRA_CA_CERTS as an environment variable.

services:
  dashy:
    image: lissy93/dashy:latest
    container_name: dashy
    restart: unless-stopped
    ports:
      - "127.0.0.1:4000:8080"
    environment:
      NODE_ENV: production
      NODE_EXTRA_CA_CERTS: /etc/ssl/certs/ca-certificates.crt

    volumes:
      - ./dashy-config.yml:/app/user-data/conf.yml
      - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro
    networks:
      - dashy-network
    healthcheck:
      test: ['CMD', 'node', '/app/services/healthcheck']
      interval: 1m30s
      timeout: 10s
      retries: 3
      start_period: 40s

networks:
  dashy-network:
    driver: bridge

[RamonAbudAlcala]

OMG! I can confirm that adding NODE_EXTRA_CA_CERTS works for me, Thanks!