How to import self-signed certificates in rhodecode (docker)?

breports · November 28, 2023, 7:44am

Hi to all,

I have already set up RhodeCode (docker) and I’m trying to set custom certificates.

The only relevant info I’ve found is here0, but while I found the relevant rhodecode.ini in config/_shared/rhodecode.ini, I cannot understand where (container/path) it expects to find the certificates.

I know I’m missing something, but it seems I don’t know where to look.

[edit]: above regarding RhodeCode community edition

Kind regards.

justinmassiot · November 28, 2023, 1:16pm

You may have a look at the rcstack documentation.
The page you probably look for is here.

breports · December 5, 2023, 9:17am

Thanks for the reply.

Managed to try it, but it seems that I’m missing something, as the certificates do not seem to be overwrited.

Key structure:

~/docker-rhodecode$  ls -la .custom/traefik_custom/certs/
total 28
drwxr-xr-x 2 root root  4096 Dec  5 11:05 .
drwxr-xr-x 5 root root  4096 Dec  1 09:24 ..
-rw-r--r-- 1 root root     0 Dec  1 09:57 .keepdir
-rw-r--r-- 1 root root    74 Dec  1 09:57 README.md
-rw-r--r-- 1 root root 11222 Dec  1 09:36 rhodecode.local.crt
-rw-r--r-- 1 root root  3272 Dec  1 09:36 rhodecode.local.key

Relevant config:

~/docker-rhodecode$  tail -n 15 .custom/traefik_custom/dynamic/traefik_dynamic.yaml 

# Dynamic configuration for standard file-based SSL cert
# create a custom copy of the traefik into .custom/ and remount this
# to enable custom certificates
tls:
  stores:
    default: {}

  # the below should be used only if acme/letsencrypt is not used, and we want a default file-based SSL certificates
  certificates:
    # first certificate in default store
    - certFile: /etc/traefik/certs/rhodecode.local.crt
      keyFile: /etc/traefik/certs/rhodecode.local.key
      stores:
        - default

The end result is the same (default) traefik certificate, as when I inspect it, I get “Verified by: CN=TRAEFIK DEFAULT CERT”.

[edit]: router logs do not show anything relevant (certificate error for example)

justinmassiot · December 5, 2023, 1:13pm

You may encounter the same problem as I did.

A configuration was missing in the documentation page but it has been updated some hours ago.
For the custom Traefik configuration files to work,

In the file .custom/docker-compose-router.override.yaml uncomment the two binds that would override defaults and allow custom code from the .custom directory

breports · December 5, 2023, 1:52pm

Well, that was it! It was the missing mounts.

Thank you so much for the help and for the documentation update!

Kind regards.