-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Profile Server: UNABLE_TO_VERIFY_LEAF_SIGNATURE #6
Comments
Nevermind, found a way to fix it. Set Otherwise, if no other solution exists, just add it to the readme or something like that. Since someone else will maybe have a setup like this. |
Strange, now I'm able to login, but I'm always requested to reconnect. |
All the logs that happen on firefox signin.
|
Have you tried to add Reference: rejectUnauthorized: !args.insecureSSL, |
Yeah,
|
Ok, found the solution.
After this, things should work as intended with self-signed certs. |
Hello @Suika I've made a branch It would be appreciated that you can test this branch. |
Since it's a bit of a pain for me to setup another environment ATM, I'll try it at a later date. The rest of REQUESTS_CA_BUNDLE and REQUESTS_CA_BUNDLE make sense, since it works on my side. I'll check the whole setup at a later date. But while I'm at it, is it really needed that the services have to talk via nginx? I know that it's easier to configure it like that and it also makes sense to use uniform addresses everywhere. |
You're right . However it's too time-consuming on distinguish which url in ENV is for internal visit or public visit. I'll try to dig into these deeper in future. |
I have tested half of branch. And it works. I use NODE_EXTRA_CA_CERTS and REQUESTS_CA_BUNDLE part in combination with a patched ca-certificates.crt (own root ca added) in all container via volumes.
|
Hi, nice seeing that someone tackled the... mess that is fxa.
I think most of the services are running properly except the fxa_fxa-profile-server that has a problem with self-signed certificates.
I'm cheating the whole thing a bit, because I want to serve everything on 80/443 with self-signed certificates and have it go through traefik.
If you look at the Compose file at the bottom it's basically: Me > Browser > traefik (443) > nginx(80) > other services
I mounted the
/etc/ssl:/etc/ssl:ro
in hopes that the system would pick up on the host Root CAs, but it doesn't seem to do that for Node applications in this case.Any idea?
Response from profileserver
https://fxa-profile.dockerhost.lan/v1/profile
:From: nginx
From: fxa_fxa-auth-server_1
From: fxa_fxa-auth-db-mysql_1
From: fxa_fxa-profile-server
copmose:
The text was updated successfully, but these errors were encountered: