Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: allow TLS with remote docker when using public CA #5123

Draft
wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

fix: allow TLS with remote docker when using public CA #5123

wants to merge 2 commits into from
+32 −9

Conversation

pridkett
Copy link

@pridkett pridkett commented Sep 21, 2024
edited
Loading

⚠️⚠️⚠️ Since we do not accept all types of pull requests and do not want to waste your time. Please be sure that you have read pull request rules:
https://github.com/louislam/uptime-kuma/blob/master/CONTRIBUTING.md#can-i-create-a-pull-request-for-uptime-kuma

Tick the checkbox if you understand [x]:

  • I have read and understand the pull request rules.

Description

While uptime-kuma allows monitoring or remote docker hosts, and it allows using TLS to secure those connections with mutual TLS, the code is only set up to allow mutual TLS if you're using you're using your own CA. If, instead, you're using a public CA that is part of the standard web of trust with mutual TLS certificates, it wouldn't allow for a TLS connection to the remote docker host. This fixes that.

This is a fix for an issue I was going to file, but was easier just to write the code to fix it.

More completely, there are four different combinations of CAs and mutual TLS that you need to consider:

  1. Mutual TLS, docker host uses non-standard CA
  2. Mutual TLS, docker host uses standard CA
  3. No Authentication, docker host uses non-standard CA
  4. No authentication, docker host uses standard CA

Currently, uptime-kuma only supported condition 1 and 4. This adds support for condition 2 and 3 too.

Type of change

Please delete any options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)

Checklist

  • My code follows the style guidelines of this project
  • I ran ESLint and other linters for modified files
  • I have performed a self-review of my own code and tested it
  • I have commented my code, particularly in hard-to-understand areas (including JSDoc for methods)
  • My changes generates no new warnings
  • My code needed automated testing. I have added them (this is optional task) [N/A - didn't see existing tests for the docker code]

Screenshots (if any)

N/A - server side change

@pridkett
fix: allow TLS with remote docker when using public CA
495bf51 
This provides a small fix that allows you to define docker hosts that
you can connect with in three different ways:

1. Mutual TLS, docker host uses non-standard CA
2. Mutual TLS, docker host uses standard CA
3. No Authentication, docker host uses non-standard CA
4. No authentication, docker host uses standard CA

In the previous implementation only condition 1 and 4 were allowed. This
makes condition 2 and 3 possible. The logic is a little messy, but it
works.

DCO-1.1 Signed-off-by: Patrick Wagstrom <[email protected]>
@pridkett
fix: correct linter errors
f65453e 
I missed some of the `let` definitions for the ca, cert, and key when
establishing the docker TLS connection.

DCO-1.1 Signed-off-by: Patrick Wagstrom <[email protected]>
@pridkett
Copy link
Author

@louislam - looks like I got all of the checks to pass. Tagging you as per guidance in CONTRIBUTING.md.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@pridkett