Merge pull request #75 from FlowFuse/private-ca

Add support for Private CA

README.md

@@ -4,4 +4,24 @@ FlowFuse driver to create projects as docker containers
 
 ## Configuration
 
+## Configuration
+
+In the `flowforge.yml` file
+
+```yaml
+...
+driver:
+  type: docker
+  options:
+    socket: /var/run/docker.sock
+    registry: containers.flowforge.com
+    privateCA: /full/path/to/chain.pem
+```
+
+ - `registry` is the Docker Registry to load Stack Containers from (default: Docker Hub)
+ - `socket` is the path to the docker unix domain socket (default: /var/run/docker.sock)
+ - privateCA: is the fully qualified path to a pem file containing trusted CA cert chain (default: not set)
+
+### Configuration via environment variables
+
  - `DOCKER_SOCKET` - Path to docker unix domain socket

docker.js

@@ -1,3 +1,4 @@
+const fs = require('fs')
 const got = require('got')
 const Docker = require('dockerode')
 
@@ -85,6 +86,13 @@ const createContainer = async (project, domain) => {
         contOptions.Env.push(`FORGE_NR_SECRET=${credentialSecret}`)
     }
 
+    if (this._app.config.driver.options.privateCA && fs.existsSync(this._app.config.driver.options.privateCA)) {
+        contOptions.Binds = [
+            `${this._app.config.driver.options.privateCA}:/usr/local/ssl-certs/chain.pem`
+        ]
+        contOptions.Env.push('NODE_EXTRA_CA_CERTS=/usr/local/ssl-certs/chain.pem')
+    }
+
     const container = await this._docker.createContainer(contOptions)
     return container.start()
         .then(async () => {