Trust Self-Signed Certificates
- This feature is available since 8.0.0
- All certificates mentioned here should be of base64 encoded PEM format, starting with -----BEGIN CERTIFICATE----- and ending with -----END CERTIFICATE-----
Trust Self-Signed Certificates of Reverse Proxy
In case you are using self-signed certificate when configuring OneDev to accept https connections via reverse proxy, you will need to configure OneDev server to trust the certificate if you run CI/CD jobs on OneDev server, and configure OneDev agent to trust the certificate if you run CI/CD jobs on OneDev agent.
Trust Self-Signed Certificates of LDAP or Active Directory Server
In case you are authenticating through LDAP or Active Directory server via ldaps protocol using self-signed certificate, you will need to configure OneDev server to trust that certificate
Trust Self-Signed Certificates on Server
This section explains how to trust self-signed certificates on server with different installation approaches. First make sure to upgrade OneDev to version 8.0.0 or higher before performing below steps.
Running as Docker Container
If you are running OneDev as docker container, you will need to place all certificates to be trusted into a directory on host machine, and then mount that directory to /opt/onedev/conf/trust-certs inside container, for instance:
docker run --name onedev -d --restart always -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd)/onedev:/opt/onedev -v $(pwd)/onedev/conf/trust-certs:/opt/onedev/conf/trust-certs -p 6610:6610 -p 6611:6611 1dev/server
Running on Virtual Machine/Bare Metal
If you are running OneDev on virtual machine/bare metal, place all certificates to be trusted into sub directory conf/trust-certs under OneDev's installation directory, and restart server
Deploying to Kubernetes
If you are deplolying OneDev into Kubernetes cluster, set value of key trustCerts to content of the certificate to trust, for instance:
$ helm install onedev onedev --repo https://dl.cloudsmith.io/public/onedev/onedev/helm/charts --namespace onedev --create-namespace --set-file trustCerts=/path/to/your/certificate
If you have multiple certificates to trust, concatenate them into one like below, and run above command against concatenated certificate:
cat /path/to/trust-certs/* > /path/to/concatenated-certificate
Trust Self-Signed Certificates on Agent
This section explains how to trust self-signed certificates on agent with different installation approaches.
Running as Docker Container
If you are running agent as docker container, first make sure to pull latest agent image by running docker pull 1dev/agent. Then place all certificates to be trusted into a directory on host machine, and start the agent by mounting that directory into /agent/conf/trust-certs inside container, for instance:
docker run -t -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd)/agent/work:/agent/work -v $(pwd)/agent/conf/trust-certs:/agent/conf/trust-certs -e serverUrl=https://onedev.example.com -e agentToken=57f8c1ad-bd71-4252-91ff-fb84af87c245 -h myagent 1dev/agent
Running on Virtual Machine/Bare Metal
If you are running agent on virtual machine/bare metal directly, first make sure to re-install agent using package from OneDev server 8.0.0 or higher. Then place all certificates to be trusted into sub directory conf/trust-certs under agent's installation directory