Greenlight: Add ability for users to add self-signed certs on pulled dockers

Created on 29 Apr 2020  路  6Comments  路  Source: bigbluebutton/greenlight

When following the documentation found here: http://docs.bigbluebutton.org/greenlight/gl-install.html there is no direction provided on how to add a self-signed cert can be added to the docker container.
As such, the last part of step 3 - Verifying configuration will fail with an SSL error message.

In order to do this, one will have to build from the Dockerfile found in this repo, then manually add commands to the Dockerfile to copy over the certs and update-ca-certificates.

I would like to ask for an option/pass-through/variable or other means be added during configuration to allow for the addition of these certs without having to build a manual docker.

And to clarify, this is not for OAuth, or for creating a cert. I already possess the certs for my internal domain, I just wish to add them to the pulled dockers so I can use https.

Cheers.

feature request

Most helpful comment

I have lots of difficulties to install my own certificate for Greenlight. BBB is working fine with .

All 6 comments

I have lots of difficulties to install my own certificate for Greenlight. BBB is working fine with .

I think you can skip the verification of the ssl certificate of the BBB Server in lib/bbb_api.rb

'# Make the request.
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = (uri.scheme == 'https')
'# don't verify, so it works with own CA or self signed cert
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
response = http.get(uri.request_uri)

But of course this shouldn't be done by just adding the line.

Is it possible to add an environment variable to enable/disable this?

ok, that's not enough, I still get

Checking environment: Passed
Checking Connection: Failed
Error connecting to BigBlueButton server - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (unable to get local issuer certificate)

after I changed the lines and build a new docker file...

@klepptor What you're suggesting is actually separate from the request for this issue. I'm asking for a method/mapping for the docker pulled from the docker hub to allow for easy mapping of custom certs. At first, I had to create a new Dockerfile from the existing one which added the following:

COPY ./myCA.pem /usr/local/share/ca-certificates/myCA.pem
COPY ./myCA.crt /usr/local/share/ca-certificates/myCA.crt

Then I just added a volume to the docker-compose.yml file to map one directory in the greenlight folder containing the certs to the proper location, and had to create volumes for the config directories so I don't lose my configs on restart.

To get my greenlight working, I didn't need (and you shouldn't need) the SSL bypass/verify.

Sorry, I opened a similar issue and for my use case it's ok to have the ability to easily use own certs (which is the much better way!) or to simply bypass the cert verification to get rid off the failure message.

Was this page helpful?
0 / 5 - 0 ratings