[FEAT] Add a custom CA certificate folder for external services

[zazizou]

Is this a new feature request?

• I have searched the existing issues

Wanted change

Hi,

The idea is to allow the injection of custom CA, let's say by en environment setting like TRUSTED_CACERTS_DIR. The path should be parsed, and the certificate inside should be trusted.

Reason for change

My direct use case is to allow secured ldaps connection for users authentication. There are probably other use cases that may fall in .

Thanks again

Proposed code change

No response

[LinuxServer-CI]

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

[mariovata]

I agree this would be a nice feature!

[j0nnymoe]

Not something we'll likely add but its easy enough to swap the self signed cert in the /config mount or map an additional volume and adjust the nginx config accordingly.

[zazizou]

Not something we'll likely add but its easy enough to swap the self signed cert in the /config mount or map an additional volume and adjust the nginx config accordingly.

Did I read you right ? The feature asked is not for the internal Nextcloud, as you mentioned nginx. We need the Nextcloud container to trust other external services certificate like LDAPS (locally exposed only and no Letsencrypt). For that, we need to feed the CA of these certificates to Nextcloud container to trust.

So the image built for Nextcloud should take care of trusting the external CA. I thought an environment variable like TRUSTED_CACERTS_DIR or whatever could be easier to implement.

[j0nnymoe]

Not something we'll likely add but its easy enough to swap the self signed cert in the /config mount or map an additional volume and adjust the nginx config accordingly.

Did I read you right ? The feature asked is not for the internal Nextcloud, as you mentioned nginx. We need the Nextcloud container to trust other external services certificate like LDAPS (locally exposed only and no Letsencrypt). For that, we need to feed the CA of these certificates to Nextcloud container to trust.

So the image built for Nextcloud should take care of trusting the external CA. I thought an environment variable like TRUSTED_CACERTS_DIR or whatever could be easier to implement.

Ah ha, I've misunderstood 😅 - I'll leave this open in case one of our devs are interested in adding (or someone external provides a PR).

Just to note, you could script this to apply on start up. https://www.linuxserver.io/custom

[zazizou]

Great @j0nnymoe ,

I didn't know about running custom scripts, that's a cool feature I was missing !!

[LinuxServer-CI]

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.