feat: add self-signed SSL certificate support for Nextcloud connections
Add NEXTCLOUD_VERIFY_SSL and NEXTCLOUD_CA_BUNDLE env vars to configure TLS certificate verification for all outbound Nextcloud connections. Centralizes SSL config via a new HTTP client factory (http.py) used by all 27 Nextcloud-bound call sites, including API clients, OIDC endpoints, OAuth flows, and health checks. Closes #560 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Chris Coutinho
+13
@@ -217,6 +217,19 @@ NEXTCLOUD_PASSWORD=
|
||||
#CUSTOM_PROCESSOR_TIMEOUT=60
|
||||
#CUSTOM_PROCESSOR_TYPES=application/pdf,image/jpeg,image/png
|
||||
|
||||
# ===== SSL/TLS =====
|
||||
# For Nextcloud behind reverse proxies with self-signed or private CA certificates
|
||||
#
|
||||
# Disable TLS certificate verification (insecure, development only):
|
||||
#NEXTCLOUD_VERIFY_SSL=false
|
||||
#
|
||||
# Use a custom CA bundle (path to PEM file):
|
||||
#NEXTCLOUD_CA_BUNDLE=/etc/ssl/certs/my-ca.pem
|
||||
#
|
||||
# Docker example: mount the CA bundle as a volume
|
||||
# docker run -v /path/to/ca.pem:/etc/ssl/certs/my-ca.pem:ro \
|
||||
# -e NEXTCLOUD_CA_BUNDLE=/etc/ssl/certs/my-ca.pem ...
|
||||
|
||||
# ===== SECURITY & ADVANCED =====
|
||||
# Cookie security (browser UI)
|
||||
# Auto-detects from NEXTCLOUD_HOST protocol if not set
|
||||
|
||||
Reference in New Issue
Block a user