Extending the container with CA Certs

elegant_dijkstra · 18 January 2024 16:01

Hello fellow Node-Red enthusiasts,

I need to add a custom CA Certificate to node-RED running in the official container.
Ideally, I would like to keep it outside of the container in the directory I will bind mount to /data.
In a native install, I would just add it to the systems certificate store /etc/ssl/certs, and I found some recommendation to just do the same inside the container (docker cp, then update-ca-certificates as root inside the container). That works but will not be persistent when the container is updated.
I had the idea to use the env variable NODE_EXTRA_CA_CERTS, set it in the settings.js and point it to the CA Cert somewhere in the mounted /data, but I am not really sure if my understanding of that mechanism correct. Is this the way to go or did I miss something? How would that have to be added to the settings.js?

Glad for any help!

elegant_dijkstra · 22 January 2024 07:38

I have found a surprisingly simple solution to my problem myself.
I just add two HTTP Request nodes in sequence. One set up to use my custom CA Cert directly in node-RED, the second one uses the global CA Certs Storage.
If the first fails, the second one is used as a fallback.

system · 5 February 2024 07:38

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
TLS Config Node: CA Certificate General http-request , docker	7	157	18 July 2024
Setting HTTPS in Docker Compose General docker	4	250	25 June 2023
Can't enable https General docker	20	789	27 June 2022
SSL certificate General security , docker	8	181	24 June 2024
Setting Node Red SSL on Docker General	7	6268	2 February 2019

Extending the container with CA Certs

Related topics