-
Notifications
You must be signed in to change notification settings - Fork 75
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
usage with docker? #17
Comments
Hmm, that's a great question. Short version: kinda. Because Docker isolates the container from the host, there's no way for devcert to run inside the container, and get the host outside the container to trust it's certs. However, if you installed devcert on the host machine, and then as part of your build step ran a script that did something like this before the actual let { key, cert } = await devcert.certificateFor('my-app.test');
fs.writeFileSync('./ssl.key', key);
fs.writeFileSync('./ssl.cert', cert); Then the certificates would be available inside the container. Those certificates wouldn't be trusted by the container OS though, so that might get tricky in a microservice style architecture if you have multiple containers communicating with each other over HTTPS, since none of them would trust each other's certs. But if you're just accessing the container processes from your host browser, that should work. I would love to make devcert work better in this case, but I think there are just some fundamental limitations that are difficult to work around. But if anyone else has ideas / suggestions, I'm more than happy to listen! |
hmm yeah I was kind of thinking something like that might work... I'm a bit confused as to where that JS code would actually be run though... Do you mean that if I run that one time (just to get and write the files in the Gatsby root dir) it should work? or did I misunderstand it? |
Yep, exactly right. Devcert doesn't use that approach normally for a few reasons:
With all that said though, it should work if you just save the certificate files, but it comes with those longer-term drawbacks mentioned above. |
unfortunately in gatsby, there is currently no way to pass a custom ssl cert, so putting it in the home dir doesn't work, but as long as the server reads a custom ssl cert, this script should take care of generating the certs to be mounted in the docker container...
I don't know enough about the internals of the lib to think of a way to make a PR so I will just leave this here for anyone who may find it... |
@davewasmer I noticed some differences in the files when I use the method you gave me...Gatsby seems to use
it gives three files to my global config which have the extensions all of them look like regular cert files in the form of
On the other hand when I
Should I only be taking the |
cool project! Thanks for making it. I am using
gatsbyjs
which usesdevcert
and I was wondering if you had a suggested usage flow with docker?Right now I am running the project in docker which works on https but it still gives me the ugly browser warnings since the container is like a separate machine. Can you see an easy way around this to get the certificate trusted on the host machine and used in a container?
Thanks
The text was updated successfully, but these errors were encountered: