Skip to main content

Trust Self-Signed Certificates

note
  1. This feature is available since 8.0.0
  2. All certificates mentioned here should be of base64 encoded PEM format, starting with -----BEGIN CERTIFICATE----- and ending with -----END CERTIFICATE-----

Trust Self-Signed Certificates of Reverse Proxy

In case you are using self-signed certificate when configuring OneDev to accept https connections via reverse proxy, you will need to configure OneDev server to trust the certificate if you run CI/CD jobs on OneDev server, and configure OneDev agent to trust the certificate if you run CI/CD jobs on OneDev agent.

Trust Self-Signed Certificates of LDAP or Active Directory Server

In case you are authenticating through LDAP or Active Directory server via ldaps protocol using self-signed certificate, you will need to configure OneDev server to trust that certificate

Trust Self-Signed Certificates on Server

This section explains how to trust self-signed certificates on server with different installation approaches. First make sure to upgrade OneDev to version 8.0.0 or higher before performing below steps.

Running as Docker Container

If you are running OneDev as docker container, you will need to place all certificates to be trusted into a directory on host machine, and then mount that directory to /opt/onedev/conf/trust-certs inside container, for instance:

docker run --name onedev -d --restart always -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd)/onedev:/opt/onedev -v $(pwd)/onedev/conf/trust-certs:/opt/onedev/conf/trust-certs -p 6610:6610 -p 6611:6611 1dev/server

Running on Virtual Machine/Bare Metal

If you are running OneDev on virtual machine/bare metal, place all certificates to be trusted into sub directory conf/trust-certs under OneDev's installation directory, and restart server

Deploying to Kubernetes

If you are deplolying OneDev into Kubernetes cluster, set value of key trustCerts to content of the certificate to trust, for instance:

$ helm install onedev onedev --repo https://dl.cloudsmith.io/public/onedev/onedev/helm/charts --namespace onedev --create-namespace --set-file trustCerts=/path/to/your/certificate

If you have multiple certificates to trust, concatenate them into one like below, and run above command against concatenated certificate:

cat /path/to/trust-certs/* > /path/to/concatenated-certificate

Trust Self-Signed Certificates on Agent

This section explains how to trust self-signed certificates on agent with different installation approaches.

Running as Docker Container

If you are running agent as docker container, first make sure to pull latest agent image by running docker pull 1dev/agent. Then place all certificates to be trusted into a directory on host machine, and start the agent by mounting that directory into /agent/conf/trust-certs inside container, for instance:

docker run -t -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd)/agent/work:/agent/work -v $(pwd)/agent/conf/trust-certs:/agent/conf/trust-certs -e serverUrl=https://onedev.example.com -e agentToken=57f8c1ad-bd71-4252-91ff-fb84af87c245 -h myagent 1dev/agent

Running on Virtual Machine/Bare Metal

If you are running agent on virtual machine/bare metal directly, first make sure to re-install agent using package from OneDev server 8.0.0 or higher. Then place all certificates to be trusted into sub directory conf/trust-certs under agent's installation directory