Extending the container with CA Certs

Hello fellow Node-Red enthusiasts,

I need to add a custom CA Certificate to node-RED running in the official container.
Ideally, I would like to keep it outside of the container in the directory I will bind mount to /data.
In a native install, I would just add it to the systems certificate store /etc/ssl/certs, and I found some recommendation to just do the same inside the container (docker cp, then update-ca-certificates as root inside the container). That works but will not be persistent when the container is updated.
I had the idea to use the env variable NODE_EXTRA_CA_CERTS, set it in the settings.js and point it to the CA Cert somewhere in the mounted /data, but I am not really sure if my understanding of that mechanism correct. Is this the way to go or did I miss something? How would that have to be added to the settings.js?

Glad for any help!

I have found a surprisingly simple solution to my problem myself.
I just add two HTTP Request nodes in sequence. One set up to use my custom CA Cert directly in node-RED, the second one uses the global CA Certs Storage.
If the first fails, the second one is used as a fallback.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.