Impossible to use behind a proxy with a custom certificate (Cloudflare Zero Trust)

Question

Impossible to use behind a proxy with a custom certificate (Cloudflare Zero Trust)

Closed this issue 3 months ago · 5 comments

Bug Description

Hello,

I'm using my Mac with a corporate Zero Trust solution (Cloudflare Zero Trust) that requires to add a custom certificate in the keychain and some specific programms (https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/user-side-certificates/install-cloudflare-cert/).

The console is spammed with messages like

service - Unexpected error occurred: [SSL: service.py:76 CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)

It's not possible to run anything that requires http calls

Reproduction

I tried running the image with:

docker run -it --rm -v ~/workspace/Cloudflare_CA.pem:/tmp/cf.pem -e REQUESTS_CA_BUNDLE=/tmp/cf.pem -p 7860:7860 langflowai/langflow:latest

But the project doesn't seem to use the certificate when doing external calls.

Expected behavior

Who can help?

No response

Operating System

MacOS 14.6.1

Langflow Version

v1.0.18

Python Version

None

Screenshot

Flow File

No response

Answer 1 · 2024-09-16T14:20:41.000Z

Langflow currently does not have built-in support for specifying custom CA certificates for SSL verification directly. However, you can try the following workaround to use your custom certificate with the httpx library, which Langflow uses for HTTP requests.

Ensure the certifi package is installed:
```
pip install certifi
```

Combine the Cloudflare certificate with existing CA certificates:

cat /path/to/cacert.pem /path/to/Cloudflare_CA.pem > /path/to/combined_ca.pem

Set the REQUESTS_CA_BUNDLE environment variable:

export REQUESTS_CA_BUNDLE=/path/to/combined_ca.pem

Run the Docker container with the combined CA bundle:

docker run -it --rm -v /path/to/combined_ca.pem:/tmp/combined_ca.pem -e REQUESTS_CA_BUNDLE=/tmp/combined_ca.pem -p 7860:7860 langflowai/langflow:latest

This should allow Langflow to use the custom certificate for SSL verification. If the issue persists, you might need to modify the httpx client configuration in the Langflow codebase to explicitly use the custom CA bundle.

For reference, the relevant code for making HTTP requests in Langflow is located in the src/backend/base/langflow/components/data/APIRequest.py file ^[1].

To continue talking to Dosu, mention @dosu.

Answer 2 · 2024-09-17T11:28:01.000Z

@tristanbes I think dosubot suggestion is valuable, could you try ? we're not using requests library so your workaorund is not effective

Answer 3 · 2024-09-17T12:58:47.000Z

My bad, I ignored the solution from the bot because to me it was like the one I used (my mistake).
Right now I asked our devops to host it on the cloud because I could not afford to loose time working around it

Answer 4 · 2024-10-03T21:17:20.000Z

Hey @tristanbes
Do you need any assistance with this case? If not, please let us know if this issue can be closed.

Answer 5 · 2024-10-10T13:51:22.000Z

Thank you for your contribution! This issue will be closed. If you have any questions or encounter another problem, please open a new issue and we will be ready to help you.