Trust Self-Signed Certificates
- This feature is available since 8.0.0
- All certificates mentioned here should be of base64 encoded PEM format, starting with -----BEGIN CERTIFICATE----- and ending with -----END CERTIFICATE-----
Trust Self-Signed Certificates of Reverse Proxy
In case you are using self-signed certificate when configuring OneDev to accept https connections via reverse proxy, you will need to configure OneDev server to trust the certificate if you run CI/CD jobs on OneDev server, and configure OneDev agent to trust the certificate if you run CI/CD jobs on OneDev agent.
Trust Self-Signed Certificates of LDAP or Active Directory Server
In case you are authenticating through LDAP or Active Directory server via ldaps protocol using self-signed certificate, you will need to configure OneDev server to trust that certificate
Trust Self-Signed Certificates of Mail Server
In case your mail server uses self-signed certificate, you will need to configure OneDev server to trust that certificate
Trust Self-Signed Certificates on Server
This section explains how to trust self-signed certificates on server with different installation approaches. First make sure to upgrade OneDev to version 8.0.0 or higher before performing below steps.
Running as Docker Container
If you are running OneDev as docker container, you will need to place all certificates to be trusted into a directory on host machine, and then mount that directory to /opt/onedev/conf/trust-certs inside container, for instance:
docker run --name onedev -d --restart always -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd)/onedev:/opt/onedev -v $(pwd)/onedev/conf/trust-certs:/opt/onedev/conf/trust-certs -p 6610:6610 -p 6611:6611 1dev/server
This procedure should be performed on all OneDev servers if you are running a cluster
Running on Virtual Machine/Bare Metal
If you are running OneDev on virtual machine/bare metal, place all certificates to be trusted into sub directory conf/trust-certs under OneDev's installation directory, and restart server
This procedure should be performed on all OneDev servers if you are running a cluster
Deploying to Kubernetes
If you are deplolying OneDev into Kubernetes cluster, create secret onedev-trustcerts to contain all certificates to be trusted like below:
kubectl create secret generic onedev-trustcerts -n onedev --from-file=/path/to/trust-certs
Here /path/to/trust-certs is a local directory containing all certificates to be trusted. Certificate should be of base64 encoded PEM format beginning with -----BEGIN CERTIFICATE----- and ending with -----END CERTIFICATE-----
Trust Self-Signed Certificates on Agent
This section explains how to trust self-signed certificates on agent with different installation approaches.
Running as Docker Container
If you are running agent as docker container, first make sure to pull latest agent image by running docker pull 1dev/agent. Then place all certificates to be trusted into a directory on host machine, and start the agent by mounting that directory into /agent/conf/trust-certs inside container, for instance:
docker run -t -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd)/agent/work:/agent/work -v $(pwd)/agent/conf/trust-certs:/agent/conf/trust-certs -e serverUrl=https://onedev.example.com -e agentToken=57f8c1ad-bd71-4252-91ff-fb84af87c245 -h myagent 1dev/agent
Running on Virtual Machine/Bare Metal
If you are running agent on virtual machine/bare metal directly, first make sure to re-install agent using package from OneDev server 8.0.0 or higher. Then place all certificates to be trusted into sub directory conf/trust-certs under agent's installation directory