mirror of
https://github.com/eduardolat/pgbackweb.git
synced 2026-04-25 05:35:57 +03:00
[GH-ISSUE #34] Accept Self Signed S3 HTTPS certificates #25
Labels
No labels
bug
confirmed next step
duplicate
enhancement
help wanted
in progress
in progress
pull-request
question
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/pgbackweb#25
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @PaxITIS on GitHub (Aug 16, 2024).
Original GitHub issue: https://github.com/eduardolat/pgbackweb/issues/34
I am testing integration with a compatible Object Storage S3 (Scality) installed with an HTTPS certificate signed by a private CA.
When I try to connect this S3 storage the connection test fails because the application cannot recognize the certificate as trusted.
Would it be possible to add a pop-up that gives the operator the option, to accept the possible security risk and still continue with the connection?
@spagettikod commented on GitHub (Oct 1, 2024):
Not a fix, but a work around that worked for me when using my own S3 was to set the
SSL_CERT_FILEenvironment variable. Since PG Back Web is written in Go you can useSSL_CERT_FILEto point to your CA certificate, it's documented here.Restoring a backup uses
wget. To make that work using your own CA certificate you can mount (or add) a.wgetrcfile to/root/.wgetrcthat points to your CA certificate.Content of your
/root/.wgetrcto mount (or add) using thedocker-composebelow:Here is the
docker-composeexample from the README with my changes included:@spagettikod commented on GitHub (Oct 1, 2024):
Adding the section wrapped by comments below to this block would probably remove the need to use a
.wgetrcfile. Setting theSSL_CERT_FILEenvironment variable would then be enough.