[GH-ISSUE #753] Docker solution to mount certs folder or files, rather than import via env file #2424

New issue

Closed

opened 2026-03-14 03:59:59 +03:00 by kerem · 12 comments

kerem commented 2026-03-14 03:59:59 +03:00

Owner

Copy link

Originally created by @ninjamonkey198206 on GitHub (Oct 9, 2021).
Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/753

I think it would be extremely useful to be able to simply mount a folder containing cert/key to use that's located on the host.

Example configs:
Let'sEncrypt ACME on PFSense that automatically renews, with rsync cron job that copies the certs to the host server.

Let'sEncrypt on host server.

The one thing I haven't figured out is how to automatically reload the necessary services when the cert/key changes, but since that has to be done manually anyway with the current docker setup, I don't see that as much of an issue at the moment.

Originally created by @ninjamonkey198206 on GitHub (Oct 9, 2021). Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/753 I think it would be extremely useful to be able to simply mount a folder containing cert/key to use that's located on the host. Example configs: Let'sEncrypt ACME on PFSense that automatically renews, with rsync cron job that copies the certs to the host server. Let'sEncrypt on host server. The one thing I haven't figured out is how to automatically reload the necessary services when the cert/key changes, but since that has to be done manually anyway with the current docker setup, I don't see that as much of an issue at the moment.

kerem 2026-03-14 03:59:59 +03:00

• closed this issue
• added the
  wontfix
  label

kerem commented 2026-03-14 04:00:15 +03:00

Author

Owner

Copy link

@dinger1986 commented on GitHub (Oct 9, 2021):

Would need to be able to create a share and map it, thats a lot more work than just copying the cert across.

Are you all working now?

<!-- gh-comment-id:939343308 --> @dinger1986 commented on GitHub (Oct 9, 2021): Would need to be able to create a share and map it, thats a lot more work than just copying the cert across. Are you all working now?

kerem commented 2026-03-14 04:00:20 +03:00

Author

Owner

Copy link

@ninjamonkey198206 commented on GitHub (Oct 9, 2021):

Haven't gotten to the other issue yet.

I thought I input this one specifically as a feature request.

I should've stayed in bed today.

<!-- gh-comment-id:939347969 --> @ninjamonkey198206 commented on GitHub (Oct 9, 2021): Haven't gotten to the other issue yet. I thought I input this one specifically as a feature request. I should've stayed in bed today.

kerem commented 2026-03-14 04:00:25 +03:00

Author

Owner

Copy link

@dinger1986 commented on GitHub (Oct 9, 2021):

Didn't even realise it was a separate issue. I'll leave it up to the devs but I think it's more work than doing it the existing way

<!-- gh-comment-id:939348744 --> @dinger1986 commented on GitHub (Oct 9, 2021): Didn't even realise it was a separate issue. I'll leave it up to the devs but I think it's more work than doing it the existing way

kerem commented 2026-03-14 04:00:31 +03:00

Author

Owner

Copy link

@ninjamonkey198206 commented on GitHub (Oct 10, 2021):

It could be up front, but it would be really great for setting up an automated system. Configure it once and done. The only thing that might mess that up is whether or not the mesh agent that you upload initially during configuration actually contains any part of the cert or not.

In my specific setup, for instance, I've got PFSense with ACME configured for automatic renewal of the Let'sEncrypt cert. I could edit the cron job for the cert renewal to trigger copying the required files to the host system, triggering another script to restart the necessary containers or services within them.

It would eliminate that particular maintenance headache.

Just an idea. I'm always trying to figure out how eliminate potential hassles.

<!-- gh-comment-id:939520536 --> @ninjamonkey198206 commented on GitHub (Oct 10, 2021): It could be up front, but it would be really great for setting up an automated system. Configure it once and done. The only thing that might mess that up is whether or not the mesh agent that you upload initially during configuration actually contains any part of the cert or not. In my specific setup, for instance, I've got PFSense with ACME configured for automatic renewal of the Let'sEncrypt cert. I could edit the cron job for the cert renewal to trigger copying the required files to the host system, triggering another script to restart the necessary containers or services within them. It would eliminate that particular maintenance headache. Just an idea. I'm always trying to figure out how eliminate potential hassles.

kerem commented 2026-03-14 04:00:36 +03:00

Author

Owner

Copy link

@dinger1986 commented on GitHub (Oct 10, 2021):

Could you not have your cron job connect to the rmm server and copy the files over ssh to the relevant folder?

<!-- gh-comment-id:939550551 --> @dinger1986 commented on GitHub (Oct 10, 2021): Could you not have your cron job connect to the rmm server and copy the files over ssh to the relevant folder?

kerem commented 2026-03-14 04:00:41 +03:00

Author

Owner

Copy link

@ninjamonkey198206 commented on GitHub (Oct 10, 2021):

...
I had not thought of that.

It's certainly possible.

I'll have to find which containers need them, and where the certs are stored inside them, but it should be possible.

<!-- gh-comment-id:939551261 --> @ninjamonkey198206 commented on GitHub (Oct 10, 2021): ... I had not thought of that. It's certainly possible. I'll have to find which containers need them, and where the certs are stored inside them, but it should be possible.

kerem commented 2026-03-14 04:00:46 +03:00

Author

Owner

Copy link

@silversword411 commented on GitHub (Oct 11, 2021):

Seems like an unnecessary security issue when you have SSH, closing. Post if further info

<!-- gh-comment-id:940055448 --> @silversword411 commented on GitHub (Oct 11, 2021): Seems like an unnecessary security issue when you have SSH, closing. Post if further info

kerem commented 2026-03-14 04:00:51 +03:00

Author

Owner

Copy link

@sadnub commented on GitHub (Oct 11, 2021):

You can docker cp the files to /opt/tactical/certs to bypass needing to put them in the .env file.

You can use the trmm-backend container to do it

<!-- gh-comment-id:940055827 --> @sadnub commented on GitHub (Oct 11, 2021): You can `docker cp` the files to `/opt/tactical/certs` to bypass needing to put them in the .env file. You can use the trmm-backend container to do it

kerem commented 2026-03-14 04:00:56 +03:00

Author

Owner

Copy link

@ninjamonkey198206 commented on GitHub (Oct 11, 2021):

@sadnub Thank you! I was just about to ask about that!

<!-- gh-comment-id:940122686 --> @ninjamonkey198206 commented on GitHub (Oct 11, 2021): @sadnub Thank you! I was just about to ask about that!

kerem commented 2026-03-14 04:01:01 +03:00

Author

Owner

Copy link

@ninjamonkey198206 commented on GitHub (Oct 11, 2021):

@sadnub I figured out how to proxy all ports on HAProxy as well, and I was thinking about creating a walkthrough to configure a fully automated renewal setup.

Do the client agents need to be updated if the certs are renewed/changed?

<!-- gh-comment-id:940127027 --> @ninjamonkey198206 commented on GitHub (Oct 11, 2021): @sadnub I figured out how to proxy all ports on HAProxy as well, and I was thinking about creating a walkthrough to configure a fully automated renewal setup. Do the client agents need to be updated if the certs are renewed/changed?

kerem commented 2026-03-14 04:01:06 +03:00

Author

Owner

Copy link

@silversword411 commented on GitHub (Oct 11, 2021):

Shouldn't need to do cert stuff on the agents...that would be a nightmare ;)

<!-- gh-comment-id:940374754 --> @silversword411 commented on GitHub (Oct 11, 2021): Shouldn't need to do cert stuff on the agents...that would be a nightmare ;)

kerem commented 2026-03-14 04:01:11 +03:00

Author

Owner

Copy link

@ninjamonkey198206 commented on GitHub (Oct 11, 2021):

Awesome.

And thank you all for being patient with me.

I'm new to using Docker (I've resisted taking the plunge until now) and just found Tactical a week or so ago, so it's been like Xmas. New shinies to tinker with and test out.

<!-- gh-comment-id:940383193 --> @ninjamonkey198206 commented on GitHub (Oct 11, 2021): Awesome. And thank you all for being patient with me. I'm new to using Docker (I've resisted taking the plunge until now) and just found Tactical a week or so ago, so it's been like Xmas. New shinies to tinker with and test out.

kerem referenced this issue 2026-03-14 07:44:46 +03:00

[PR #2424] [CLOSED] Update binary of nats api #3894

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

master

1.0.0

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

v0.20.1

v0.20.0

v0.19.4

v0.19.3

v0.19.2

v0.19.1

v0.19.0

v0.18.2

v0.18.1

v0.18.0

v0.17.5

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.5

v0.16.4

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.12

v0.15.11

v0.15.10

v0.15.9

v0.15.8

v0.15.7

v0.15.6

v0.15.5

v0.15.4

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.8

v0.14.7

v0.14.6

v0.14.5

v0.14.4

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.4

v0.13.3

v0.13.2

v0.13.1

v0.13.0

v0.12.4

v0.12.3

v0.12.2

v0.12.1

v0.12.0

v0.11.3

v0.11.2

v0.11.1

v0.11.0

v0.10.5

v0.10.4

v0.10.3

v0.10.2

v0.10.1

v0.10.0

v0.9.2

v0.9.1

v0.9.0

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.2

v0.7.1

v0.7.0

v0.6.15

v0.6.14

v0.6.13

v0.6.12

v0.6.11

v0.6.10

v0.6.9

v0.6.8

v0.6.7

v0.6.6

v0.6.5

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.32

v0.4.31

v0.4.30

v0.4.29

v0.4.28

v0.4.27

v0.4.26

v0.4.25

v0.4.24

v0.4.23

v0.4.22

v0.4.21

v0.4.20

v0.4.19

v0.4.18

v0.4.17

v0.4.16

v0.4.15

v0.4.14

v0.4.13

v0.4.12

v0.4.11

v0.4.10

v0.4.9

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.23

v0.2.22

v0.2.21

v0.2.20

v0.2.19

v0.2.18

v0.2.17

v0.2.16

v0.2.15

v0.2.14

v0.2.13

v0.2.12

v0.2.11

v0.2.10

v0.2.9

v0.2.8

v0.2.7

v0.2.6

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.8

v0.1.7

v0.1.6

v0.1.5

v0.1.4

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels   

In Process

  

bug

  

bug

  

dev-triage

  

documentation

  

duplicate

  

enhancement

  

fixed

  

good first issue

  

help wanted

  

integration

  

invalid

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

requires agent update

  

security

  

ui tweak

  

wontfix

No labels

In Process

bug

bug

dev-triage

documentation

duplicate

enhancement

fixed

good first issue

help wanted

integration

invalid

pull-request

question

requires agent update

security

ui tweak

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/tacticalrmm#2424

No description provided.