Skip to content

Commit

Permalink
add instructions for adding self-signed certificate to docker install…
Browse files Browse the repository at this point in the history
…ation
  • Loading branch information
tiroessler authored and oliverguenther committed Sep 26, 2024
1 parent 9b07010 commit 458e1a9
Showing 1 changed file with 52 additions and 1 deletion.
53 changes: 52 additions & 1 deletion docs/installation-and-operations/installation/docker/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -437,7 +437,7 @@ The `-t` option is the tag for your image. You can choose what ever you want.

**5. Run the image**

You can run the image just like the normal OpenProject image (as shown earlier).
You can run the image just like the normal OpenProject image (as shown [here](#quick-start)).
You just have to use your chosen tag instead of `openproject/openproject:14`.
To just give it a quick try you can run this:

Expand All @@ -447,6 +447,57 @@ docker run -p 8080:80 --rm -it openproject-with-slack

After which you can access OpenProject under `http://localhost:8080`.

## Import self-signed root certificate

If you want to connect OpenProject to an external server as example SMTP-Server or a Nextcloud-Server that uses a self-signed certificate, you need to import the root certificate that was used to create the self-signed certificate. There are two ways to archive this.

The first way is to mount the root certificate via the ``` --mount``` option into the container and add the certificate to the ```SSL_CERT_FILE``` variable.
```shell
sudo docker run -it -p 8080:80 \
-e OPENPROJECT_SECRET_KEY_BASE=secret \
-e OPENPROJECT_HOST__NAME=localhost:8080 \
-e OPENPROJECT_HTTPS=false \
-e OPENPROJECT_DEFAULT__LANGUAGE=en \
--mount type=bind,source=$(pwd)/my_root.crt,target=/tmp/my_root.crt \ #mount my_root.crt to /tmp
-e SSL_CERT_FILE=/tmp/my_root.crt \ #set the SSL_CERT_FILE to the path of my_root.crt
openproject/openproject:14
```

The second way would be to build a new image of the ```openproject/openproject:14``` or the ```-slim``` image.

**1. Create a new folder** with any name, for instance `custom-openproject`. Change into that folder.

**2. Put your root SSL certificate** into the folder. In this example, we will name it ```my_root.crt```.

**3. Create the `Dockerfile`** in the same folder. The contents have to look like this:
```dockerfile
FROM openproject/openproject:14

COPY ./my_root.crt /usr/local/share/ca-certificates/
RUN update-ca-certificates
```

If you are using the -slim tag, you will need to do the following to import your root certificate:
```dockerfile
FROM openproject/openproject:14-slim

USER root
COPY ./smtp.local_rootCA.crt /usr/local/share/ca-certificates/
RUN update-ca-certificates
USER $APP_USER
```

**4. Build the image**
```shell
docker build --pull -t openproject-with-custom-ca .
```

The `-t` option is the tag for your image. You can choose what ever you want.

**5. Run the image**

You can run the image just like the normal OpenProject image (as shown [here](#quick-start)). You just have to use your chosen tag instead of ```openproject/openproject:14```

## Offline/air-gapped installation

It's possible to run the docker image on an a system with no internet access using `docker save` and `docker load`.
Expand Down

0 comments on commit 458e1a9

Please sign in to comment.