TRUSTED_CACERTS_DIR should also make occ trust additional CA certs in start.sh for nextcloud container #6239

worldlifedd · 2025-03-25T19:16:20Z

worldlifedd
Mar 25, 2025

Steps to reproduce

Perform manual install with NEXTCLOUD_TRUSTED_CACERTS_DIR set (e.g. /usr/local/share/ca-certificates/my-custom-ca)
run 'docker logs manual-install-nextcloud-aio-nextcloud-1'

Expected behavior

Nextcloud server start normally.

Actual behavior

When doing manual install with custom CA certificates (needed by my custom https proxy server), the start script of nextcloud might fail when running some occ commands, e.g.:

cURL error 60: SSL certificate problem: unable to get local issuer certificate
......
The notify_push binary was not found.
......

Possible fix maybe add 'php occ security:certificates:import' command in Containers/nextcloud/start.sh:

# Trust additional Cacerts, if the user provided $TRUSTED_CACERTS_DIR
if [ -n "$TRUSTED_CACERTS_DIR" ]; then
    echo "User required to trust additional CA certificates, running 'update-ca-certificates.'"
    update-ca-certificates
    php /var/www/html/occ security:certificates:import /etc/ssl/certs/ca-certificates.crt
    # or copy certs directly to occ certificate dir
    # cp $TRUSTED_CACERTS_DIR/* $NEXTCLOUD_DATA_DIR/files_external/uploads
fi

Other information

Host OS

Debian 12

Output of `sudo docker info`

Client: Docker Engine - Community
Version: 28.0.1
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.21.1
Path: /usr/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.33.1
Path: /usr/libexec/docker/cli-plugins/docker-compose
......

Docker run command or docker-compose file that you used

As in manual-install.

Other valuable info

Answered by szaimen

Mar 26, 2025

Hi, we could add this but it will not solve the interoperability of the containers itself. This feature was only intended for LDAPS to work correctly out of the box.

See https://github.com/nextcloud/all-in-one?tab=readme-ov-file#are-self-signed-certificates-supported-for-nextcloud

View full answer

szaimen · 2025-03-26T09:42:11Z

szaimen
Mar 26, 2025
Maintainer

Hi, we could add this but it will not solve the interoperability of the containers itself. This feature was only intended for LDAPS to work correctly out of the box.

See https://github.com/nextcloud/all-in-one?tab=readme-ov-file#are-self-signed-certificates-supported-for-nextcloud

0 replies

szaimen · 2025-03-26T09:45:52Z

szaimen
Mar 26, 2025
Maintainer

I've made this a bit more explicit now with d3ac48f

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

TRUSTED_CACERTS_DIR should also make occ trust additional CA certs in start.sh for nextcloud container #6239

{{title}}

Replies: 2 comments

{{title}}

{{title}}

Select a reply

TRUSTED_CACERTS_DIR should also make occ trust additional CA certs in start.sh for nextcloud container #6239

worldlifedd Mar 25, 2025

Steps to reproduce

Expected behavior

Actual behavior

Other information

Host OS

Output of sudo docker info

Docker run command or docker-compose file that you used

Other valuable info

Replies: 2 comments

szaimen Mar 26, 2025 Maintainer

szaimen Mar 26, 2025 Maintainer

worldlifedd
Mar 25, 2025

Output of `sudo docker info`

szaimen
Mar 26, 2025
Maintainer

szaimen
Mar 26, 2025
Maintainer