- Issue type: Feature Request
- Sourcegraph version: 2.7.6
- OS Version: N/A
- Docker version: N/A
We have a private GitHub Enterprise instance running under a self-signed private Certificate Authority. Because of this, we need to tell the Sourcegraph image about this CA, or Git will complain:
fatal: unable to access 'https://github.example.com/user/repo.git': server certificate verification failed.
The configuration option in github.certificate is available, but it only applies to Sourcegraph, not to processes that gitserver controls. As well, since it only seems to handle server certificates and not CAs, it will have to be updated every time the GitHub Enterprise server rotates its certs.
Our workaround, which you are welcome to document, is to install the certificate in the Docker image, so the OS handles it. In a Dockerfile:
FROM sourcegraph/server:2.7.6
COPY ssl/certificate-authority.crt /usr/local/share/ca-certificates
RUN /usr/sbin/update-ca-certificates
Running this derived image makes everything work magically, because Sourcegraph also trusts the CAs provided by the OS.
We have a private GitHub Enterprise instance running under a self-signed private Certificate Authority. Because of this, we need to tell the Sourcegraph image about this CA, or Git will complain:
The configuration option in
github.certificateis available, but it only applies to Sourcegraph, not to processes thatgitservercontrols. As well, since it only seems to handle server certificates and not CAs, it will have to be updated every time the GitHub Enterprise server rotates its certs.Our workaround, which you are welcome to document, is to install the certificate in the Docker image, so the OS handles it. In a
Dockerfile:Running this derived image makes everything work magically, because Sourcegraph also trusts the CAs provided by the OS.