Configuring custom certificate authority
If you need to execute request to sources with custom authority then you need to configure the datasource container to use extra certificate. In Docker Compose deployments, it's essential to store the certificate as a file in the file system and then connect this file to the
datasource
container.1. Place the necessary certificates in a directory linked as a volume for the
datasource
container. The following code example employs the ./ca
directory.2. Adjust the
docker-compose.yaml
file to enable the datasource
container to link the ./ca
directory as a volume:datasource:
container_name: datasource
volumes:
- ./ca:/usr/datasource/ca
3. Utilize the provided certificate from the volume by setting it in the
NODE_EXTRA_CA_CERTS
environment variable:datasource:
container_name: datasource
environment:
- NODE_EXTRA_CA_CERTS=/usr/datasource/ca/certificate.pem
If your Single Sign-On (SSO) services or OAuth sources require the use of a custom certificate authority, you need to configure the
bakery-back
service.1. Create a custom
keystore
on your host machinekeytool -genkey -keyalg RSA -keystore mybakerystore.jks
2. Import your certificate into the keystore
keytool -import -trustcacerts -keystore mybakerystore.jks -alias mycert -file file.cer
3. Update your
docker-compose.yml
file to include a volume for the bakery-back
service, enabling it to access the custom keystore: bakery-back:
container_name: bakery-back
depends_on:
db:
condition: service_healthy
image: cruibakeryonprem.azurecr.io/cloud/bakery-back:latest
restart: always
env_file: .env
volumes:
- ./keystore_folder:/usr/bakery/keystore_folder
4. Modify
.env
file to include the following environment variable setting:JAVA_OPTS='-Djavax.net.ssl.trustStore=/usr/bakery/keystore_folder/mybakerystore.jks -Djavax.net.ssl.trustStorePassword=yourpassword'
Last modified 1mo ago