Configuring custom certificate authority
If you need to execute request to sources with custom authority then you need to configure the datasource container to use extra certificate. In Docker Compose deployments, it's essential to store the certificate as a file in the file system and then connect this file to the
datasource container.1. Place the necessary certificates in a directory linked as a volume for the
datasource container. The following code example employs the ./ca directory.2. Adjust the
docker-compose.yaml file to enable the datasource container to link the ./ca directory as a volume:datasource:
container_name: datasource
volumes:
- ./ca:/usr/datasource/ca
3. Utilize the provided certificate from the volume by setting it in the
NODE_EXTRA_CA_CERTS environment variable:datasource:
container_name: datasource
environment:
- NODE_EXTRA_CA_CERTS=/usr/datasource/ca/certificate.pem
If your Single Sign-On (SSO) services or OAuth sources require the use of a custom certificate authority, you need to configure the
bakery-back service.1. Create a custom
keystore on your host machinekeytool -genkey -keyalg RSA -keystore mybakerystore.jks
2. Import your certificate into the keystore
keytool -import -trustcacerts -keystore mybakerystore.jks -alias mycert -file file.cer
3. Update your
docker-compose.yml file to include a volume for the bakery-back service, enabling it to access the custom keystore: bakery-back:
container_name: bakery-back
depends_on:
db:
condition: service_healthy
image: cruibakeryonprem.azurecr.io/cloud/bakery-back:latest
restart: always
env_file: .env
volumes:
- ./keystore_folder:/usr/bakery/keystore_folder
4. Modify
.env file to include the following environment variable setting:JAVA_OPTS='-Djavax.net.ssl.trustStore=/usr/bakery/keystore_folder/mybakerystore.jks -Djavax.net.ssl.trustStorePassword=yourpassword'
Last modified 1mo ago