homarr icon indicating copy to clipboard operation
homarr copied to clipboard

Published 20 hours ago verified publisher icon ajnart

Allow for custom CA/self signed certificates

Open FileGo opened this issue 3 years ago • 5 comments

Description

I run my own CA in my lab, and as a result, homarr throws errors when it tries to integrated with services like Sonarr and Radarr:

RequestError: unable to get local issuer certificate
at ClientRequest.<anonymous> (file:///app/node_modules/got/dist/source/core/index.js:760:107)
at Object.onceWrapper (node:events:642:26)
at ClientRequest.emit (node:events:539:35)
at TLSSocket.socketErrorListener (node:_http_client:454:9)
at TLSSocket.emit (node:events:527:28)
at emitErrorNT (node:internal/streams/destroy:157:8)
at emitErrorCloseNT (node:internal/streams/destroy:122:3)
at processTicksAndRejections (node:internal/process/task_queues:83:21)
at TLSSocket.onConnectSecure (node:_tls_wrap:1532:34)
at TLSSocket.emit (node:events:527:28)
at TLSSocket._finishInit (node:_tls_wrap:946:8)
at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:727:12)

It would be a nice to be able to add a custom CA certificate, or at a minimum, disable the strict certificate verifiction (i.e. accept any certificate, as long as it's valid).

Priority

Medium (Would be very useful)

Please tick the boxes

FileGo avatar Jun 12 '22 22:06 FileGo

If you are using docker-compose.yml you can try adding this into the homarr block:

command: 'yarn config set "strict-ssl" false -g'

services:
  homarr:
    command: 'yarn config set "strict-ssl" false -g'

DebugDax avatar Jun 13 '22 19:06 DebugDax

If you are using docker-compose.yml you can try adding this into the homarr block:

command: 'yarn config set "strict-ssl" false -g'

services:
  homarr:
    command: 'yarn config set "strict-ssl" false -g'

This might be a good idea to add as an Environment variable. That way it can easily be toggled.

LarveyOfficial avatar Jun 13 '22 19:06 LarveyOfficial

If you are using docker-compose.yml you can try adding this into the homarr block:

command: 'yarn config set "strict-ssl" false -g'

services:
  homarr:
    command: 'yarn config set "strict-ssl" false -g'

I've tried that, but it just loops itself on start:

yarn config v1.22.19
warning package.json: No license field
success Set "strict-ssl" to "false".
Done in 0.04s.
yarn config v1.22.19
warning package.json: No license field
success Set "strict-ssl" to "false".
Done in 0.04s.

I agree with @LarveyOfficial , setting this via environmental variable or similar would be a much better solution.

FileGo avatar Jun 14 '22 06:06 FileGo

Well if you find an environnment variable responsible for this then I'd be more than happy to write an article about it in the wiki :)

ajnart avatar Jun 14 '22 19:06 ajnart

Well if you find an environnment variable responsible for this then I'd be more than happy to write an article about it in the wiki :)

Well it would have to be coded into the docker-compose.yml

LarveyOfficial avatar Jun 15 '22 23:06 LarveyOfficial

I managed to get around this by setting the following ENV var on the container

NODE_TLS_REJECT_UNAUTHORIZED=0

Edit: This doesn't however appear to be passed on to the Torrent module, as I get DEPTH_ZERO_SELF_SIGNED_CERT error when trying to enable it

Jared0430 avatar Aug 24 '22 12:08 Jared0430