mirror of
https://github.com/nextcloud/all-in-one.git
synced 2026-05-28 06:20:14 +00:00
7cd2ac1bbd
When NEXTCLOUD_TRUSTED_CACERTS_DIR is set on the mastercontainer, the custom CA certificates are now also mounted into the Talk container. Since the Talk container runs with a read-only root filesystem, update-ca-certificates cannot be used. Instead, the startup script copies the system CA bundle to /tmp (tmpfs), appends any custom certificates from /usr/local/share/ca-certificates/, and sets SSL_CERT_FILE to point Go's TLS stack at the extended bundle. This allows the signaling server to verify TLS connections to Nextcloud instances that use private/internal CA certificates, without requiring skipverify=true. Signed-off-by: Tomas <16553087+michnovka@users.noreply.github.com>
25 KiB
25 KiB