Self-signed certificates not working with Minio
KALRONG opened this issue · 3 comments
Hi,
Trying to make the docker-compose infraestructure work found out that using the documentation commands the self-signed certificates where giving errors on the connection towards Minio, the solution I found was to add the cert_check=False after line 61 on https://github.com/k1nd0ne/VolWeb/blob/main/cases/views.py
Didnt create a PR as I think it should be up to the dev to decide if this should be hardcoded or another option that the userrs could customize.
Sadly seems that while creating cases now is possible uploading evidences still doesn't work it gives an xhr error:
Cross origin requests blocked: Source politic doesnt allow the read of remote resources (sorry, is a rough translation)
Best regards
Hello,
Thank you for your interest in the VolWeb project!
The error you are facing seems to come from your web browser not trusting the self-signed certificate.
I guess you are accepting the risk in your web browser ?
If so, navigate to https://fqdn-or-ipaddress-of-volweb:9000 and accept the risk there too.
You should be good to go.
VolWeb will not be modified to downgrade the security of the TLS verification procedure by all of the components of the application. This is a choice of implementation and I hope you will be okay with it :).
However, In the docker-compose configuration, your self-signed certificates are added to the list of trusted certificates of the Workers, the VolWeb platform and minio . So the communication between the workers, the platform and minio should be ok without adding the option you are suggesting.
Make sure you have signed your certificates with the right FQDN/IP and that they are placed at the right locations with the right names:
VolWeb/docker/minio/privkey.pemVolWeb/docker/minio/fullchain.pemVolWeb/docker/nginx/ssl/privkey.pemVolWeb/docker/nginx/ssl/fullchain.pem
Hope it helps !!
Let me know If I should update the project documentation to include your issue once it is resolved.
Best regards.
Félix.
Sorry for the delay on my reply, yeah, it was solved after accepting the risk on the browser :S it will be nice to have a little warning for dummies like me hehe
Hello, thank you for following up on this.
I have updated the documentation with more details about this use case.
Best regards.