Adding support for custom CA certs

3 files changed, 14 insertions, 0 deletions

diff --git a/Dockerfile b/Dockerfile
index fb2a635..a72a925 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -27,6 +27,7 @@ RUN apt-get -y autoremove
 
 ADD extra/oxidized.runit /etc/service/oxidized/run
 ADD extra/auto-reload-config.runit /etc/service/auto-reload-config/run
+ADD extra/update-ca-certificates.runit /etc/service/update-ca-certificates/run
 
 VOLUME ["/root/.config/oxidized"]
 EXPOSE 8888/tcp
diff --git a/README.md b/README.md
index ade2030..5950c1c 100644
--- a/README.md
+++ b/README.md
@@ -364,6 +364,12 @@ If you want to have the config automatically reloaded (e.g. when using a http so
 docker run -v /etc/oxidized:/root/.config/oxidized -p 8888:8888/tcp -e CONFIG_RELOAD_INTERVAL=3600 -t oxidized/oxidized:latest
 ```
 
+If you need to use an internal CA (e.g. to connect to an private github instance)
+
+```
+docker run -v /etc/oxidized:/root/.config/oxidized -v /path/to/MY-CA.crt:/usr/local/share/ca-certificates/MY-CA.crt -p 8888:8888/tcp -e UPDATE_CA_CERTIFICATES=true -t oxidized/oxidized:latest
+```
+
 ## Cookbook
 ### Debugging
 In case a model plugin doesn't work correctly (ios, procurve, etc.), you can enable live debugging of SSH/Telnet sessions. Just add a ```debug``` option containing the value true to the ```input``` section. The log files will be created depending on the parent directory of the logfile option.
diff --git a/extra/update-ca-certificates.runit b/extra/update-ca-certificates.runit
new file mode 100755
index 0000000..53efdb9
--- /dev/null
+++ b/extra/update-ca-certificates.runit
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+if [ "$UPDATE_CA_CERTIFICATES" == "true" ]; then
+    update-ca-certificates
+fi
+
+sleep infinity