Keyfactor
Improve way to specify the private HTTPS port with the container so the Administration Web links uses the right port
I started SignServer CE from the docker image using
docker run -it --rm -p 8080:8080 -p 8443:8443 -h localhost --name signserver keyfactor/signserver-ce
Then I tried to access https://localhost:8443/signserver/.
The page loads properly, but the link to "Administration Web" is not correct, it uses port 443:
I believe it currently is a known issue that the admin web link assumes the default ports are being used.
The port for the link can be changed in /opt/signserver/conf/signserver_deploy.properties changing to:
httpserver.external.privhttps=8443
Then when starting the container you can mount in your modified version of signserver_deploy.properties:
docker run -it --rm \
-p 8080:8080 -p 8443:8443 -h localhost \
-v /home/user/my-signserver_deploy.properties:/opt/signserver/conf/signserver_deploy.properties \
--name signserver \
keyfactor/signserver-ce:6.3.0
Then the link should use what you have set in the config file (i.e. 8443).
Not sure if a container could be made aware of what port mappings are used and if we then could set the right port automagically. Otherwise, maybe we could introduce some ENV variable where the correct port could be specified so that mounting in the conf file would not be necessary.
Or maybe just use a relative path like for the other links and if you want to ensure this path is only access via https, ensure this otherwise?
Relative paths are not enough as the point with the Administration Web link is to use HTTPS and the port that can accept client-certificate authentication.
I think this is something that the one starting the container will need to provide as this depends on the port-mappings provided with your docker run. Currently it can be achieved by mounting in your own signserver_deploy.properties but we are considering if not this should be possible through an container environment variable to make it easier.