Sounds challenging. Have you added the cert and environment variable inside the container?
Yes, and tested it using
root@discourse:/ssl-tools# ruby doctor.rb login.xyz.de:443 /usr/local/bin/ruby (2.5.1-p57) OpenSSL 1.0.2g 1 Mar 2016: /usr/lib/ssl SSL_CERT_DIR="" SSL_CERT_FILE="/shared/cacert.pem" HEAD https://login.xyz.de:443 OK
I’d include the directory rather than hope you put the cert where discourse is looking. I believe that the cert will need to be readable by her discourse.
Bitnami recently released new Docker images using Discourse 2.1.x. (former was 1.9.4). Oauth2 stopped working there as well, coming up with same error. For now I will try SAML instead of OAuth2.
Did you try offloading the SSL to a frontend Nginx? In this case the certificate should live outside docker with the Nginx.
As your official certificate is a wildcard you can easily use it locally by adding your fake domain that matches the certificate’s to point to localhost (or whatever private IP you’re using) in /etc/hosts which will bypass the DNS lookup, effectively getting rid of the self-signed certificate issue.
That’s a good idea.
That means the “oauth2 authorize url” will still be the same as this one is only used in the browser. The “oauth2 token url” and “oauth2 user json url” will be unsecure (http) between Discourse and Nginx (outgoing traffic) and from Nginx to the OAuth2 provider it will be secure (https).
Would it be possible to add some settings to customize the button? Things like:
- Change the button color
- Select an icon (Font Awesome?) or upload a small png to sit in front of the text to match other OAuth buttons