image-export with self signed CA & certs -> ERR_CERT_AUTHORITY_INVALID

[dom6770]

Hey, I'm trying to get image-export running so we can export diagrams as PDFs, but unfortunately I cannot get it to work:

services:
  image-export:
    image: jgraph/export-server
    expose:
      - "8000"
    networks:
      - drawionet
    volumes:
      - ./fonts:/usr/share/fonts/drawio
    environment:
      - DRAWIO_BASE_URL=https://test-drawio.example.org
  drawio:
    image: jgraph/drawio
    ports:
      - 7071:8443
      - 7070:8080
    depends_on:
      - image-export
    networks:
      - drawionet
    environment:
      - EXPORT_URL=http://image-export:8000/
      - DRAWIO_BASE_URL=https://test-drawio.example.org
      - DRAWIO_SERVER_URL=https://test-drawio.example.org
networks:
  drawionet:

I tried to build the container myself with this lines added to Dockerfile:

COPY CA.crt /usr/local/share/ca-certificates/CA.crt

RUN update-ca-certificates

but the error keeps occuring.

[sarcasimo]

We got this working with an (internal) self signed wildcard cert using Traefik as a middleman. No modifications were needed to the docker containers, and no certs needed to be inserted beyond what is done for Traefik.

This will vary depending on how you setup Traefik (Or your reverse proxy of choice), but basically the 3 containers route their traffic through the traefik network.

Added to each container -

labels: - "traefik.enable=true" - "traefik.http.routers.drawio.rule=Host(drawio.domain.xxx)" - "traefik.http.routers.drawio.entrypoints=websecure" - "traefik.http.routers.drawio.tls=true" - "traefik.http.services.drawio.loadbalancer.server.port=8080"

Added to the bottom of the docker-compose

networks: drawionet: traefik_default: external: true