daenamnu/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2026-05-29 23:10:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(talk): trust custom CA certificates via NEXTCLOUD_TRUSTED_CACERTS_DIR

Browse Source 
When NEXTCLOUD_TRUSTED_CACERTS_DIR is set on the mastercontainer,
the custom CA certificates are now also mounted into the Talk container.

Since the Talk container runs with a read-only root filesystem,
update-ca-certificates cannot be used. Instead, the startup script
copies the system CA bundle to /tmp (tmpfs), appends any custom
certificates from /usr/local/share/ca-certificates/, and sets
SSL_CERT_FILE to point Go's TLS stack at the extended bundle.

This allows the signaling server to verify TLS connections to
Nextcloud instances that use private/internal CA certificates,
without requiring skipverify=true.

Signed-off-by: Tomas <16553087+michnovka@users.noreply.github.com>
This commit is contained in:
michnovka
2026-03-03 00:06:22 +01:00
committed by Tomas
parent c1faa785b3
commit 7cd2ac1bbd
2 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
php/containers.json
View File

@@ -437,6 +437,13 @@
"8081"
],
"internal_port": "%TALK_PORT%",
"volumes": [
{
"source": "%NEXTCLOUD_TRUSTED_CACERTS_DIR%",
"destination": "/usr/local/share/ca-certificates",
"writeable": false
}
],
"environment": [
"NC_DOMAIN=%NC_DOMAIN%",
"TALK_HOST=nextcloud-aio-talk",