From 1b10c55758b828e05ff533b6c2901f5ffd204155 Mon Sep 17 00:00:00 2001 From: David Nguyen Date: Wed, 6 Nov 2024 19:21:52 +0900 Subject: [PATCH] fix: update docker environment (#1438) --- .../local-development/signing-certificate.mdx | 14 ++++++++++---- .../pages/developers/self-hosting/how-to.mdx | 2 +- docker/production/compose.yml | 1 + 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/apps/documentation/pages/developers/local-development/signing-certificate.mdx b/apps/documentation/pages/developers/local-development/signing-certificate.mdx index c06fe9440..55c1ff820 100644 --- a/apps/documentation/pages/developers/local-development/signing-certificate.mdx +++ b/apps/documentation/pages/developers/local-development/signing-certificate.mdx @@ -38,11 +38,17 @@ You will be prompted to enter some information, such as the certificate's Common Combine the private key and the self-signed certificate to create a `.p12` certificate. Use the following command: ```bash -openssl pkcs12 -export -out certificate.p12 -inkey private.key -in certificate.crt +openssl pkcs12 -export -out certificate.p12 -inkey private.key -in certificate.crt -legacy ``` - If you get the error "Error: Failed to get private key bags", add the `-legacy` flag to the command `openssl pkcs12 -export -out certificate.p12 -inkey private.key -in certificate.crt -legacy`. +When running the application in Docker, you may encounter permission issues when attempting to sign documents using your certificate (.p12) file. This happens because the application runs as a non-root user inside the container and needs read access to the certificate. + +To resolve this, you'll need to update the certificate file permissions to allow the container user 1001, which runs NextJS, to read it: + +```bash +sudo chown 1001 certificate.p12 +``` @@ -54,8 +60,8 @@ Note that for local development, the password can be left empty. ### Add Certificate to the Project -Finally, add the certificate to the project. Place the `certificate.p12` file in the `/apps/web/resources` directory. If the directory doesn't exist, create it. +Use the `NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH` environment variable to point at the certificate you created. -The final file path should be `/apps/web/resources/certificate.p12`. +Details about environment variables associated with certificates can be found [here](/developers/self-hosting/signing-certificate#configure-documenso-to-use-the-certificate). diff --git a/apps/documentation/pages/developers/self-hosting/how-to.mdx b/apps/documentation/pages/developers/self-hosting/how-to.mdx index a316b02b1..0d1583859 100644 --- a/apps/documentation/pages/developers/self-hosting/how-to.mdx +++ b/apps/documentation/pages/developers/self-hosting/how-to.mdx @@ -133,7 +133,7 @@ volumes: After updating the volume binding, save the `compose.yml` file and run the following command to start the containers: ```bash -docker-compose --env-file ./.env -d up +docker-compose --env-file ./.env up -d ``` The command will start the PostgreSQL database and the Documenso application containers. diff --git a/docker/production/compose.yml b/docker/production/compose.yml index 4801edb26..505228b24 100644 --- a/docker/production/compose.yml +++ b/docker/production/compose.yml @@ -61,6 +61,7 @@ services: - NEXT_PUBLIC_POSTHOG_KEY=${NEXT_PUBLIC_POSTHOG_KEY} - NEXT_PUBLIC_DISABLE_SIGNUP=${NEXT_PUBLIC_DISABLE_SIGNUP} - NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH=${NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH:-/opt/documenso/cert.p12} + - NEXT_PRIVATE_SIGNING_PASSPHRASE=${NEXT_PRIVATE_SIGNING_PASSPHRASE} ports: - ${PORT:-3000}:${PORT:-3000} volumes: