From a545c828c1a273551d5da5897e180cf7fc921693 Mon Sep 17 00:00:00 2001 From: Jana Vrbkova Date: Fri, 20 Oct 2023 09:55:22 +0200 Subject: [PATCH] fix: enabling npm artifacts repo process update (rhdevdocs-5035) (#2640) Co-authored-by: Nick Boldt --- .../pages/enabling-npm-artifact-repositories.adoc | 10 ++++++---- ...abling-self-signed-certificate-validation.adoc | 13 +++++++++++++ ...toring-node-extra-ca-certs-variable-value.adoc | 15 +++++++++++++++ 3 files changed, 34 insertions(+), 4 deletions(-) create mode 100644 modules/end-user-guide/partials/proc_disabling-self-signed-certificate-validation.adoc create mode 100644 modules/end-user-guide/partials/proc_restoring-node-extra-ca-certs-variable-value.adoc diff --git a/modules/end-user-guide/pages/enabling-npm-artifact-repositories.adoc b/modules/end-user-guide/pages/enabling-npm-artifact-repositories.adoc index ce9c011379..71138821f5 100644 --- a/modules/end-user-guide/pages/enabling-npm-artifact-repositories.adoc +++ b/modules/end-user-guide/pages/enabling-npm-artifact-repositories.adoc @@ -26,14 +26,14 @@ apiVersion: v1 metadata: name: tls-cer annotations: - controller.devfile.io/mount-path: /home/user/certs + controller.devfile.io/mount-path: /public-certs controller.devfile.io/mount-as: file labels: controller.devfile.io/mount-to-devworkspace: 'true' controller.devfile.io/watch-secret: 'true' data: - tls.cer: >- - ____ <1> + nexus.cer: >- + __ <1> ---- <1> Base64 encoding with disabled line wrapping. @@ -51,7 +51,9 @@ metadata: controller.devfile.io/mount-to-devworkspace: 'true' controller.devfile.io/watch-configmap: 'true' data: - NODE_EXTRA_CA_CERTS: /home/user/certs/tls.cer NPM_CONFIG_REGISTRY: >- https://____/repository/npm-all/ ---- + +include::partial$proc_disabling-self-signed-certificate-validation.adoc[leveloffset=+1] +include::partial$proc_restoring-node-extra-ca-certs-variable-value.adoc[leveloffset=+1] diff --git a/modules/end-user-guide/partials/proc_disabling-self-signed-certificate-validation.adoc b/modules/end-user-guide/partials/proc_disabling-self-signed-certificate-validation.adoc new file mode 100644 index 0000000000..9a2d008dbb --- /dev/null +++ b/modules/end-user-guide/partials/proc_disabling-self-signed-certificate-validation.adoc @@ -0,0 +1,13 @@ +[id="disabling-self-signed-certificate-validation"] += Disabling self-signed certificate validation + +Run the command below to disable SSL/TLS, bypassing the validation of your self-signed certificates. Note that this is a potential security risk. For a better solution, configure a self-signed certificate you trust with `NODE_EXTRA_CA_CERTS`. + +.Procedure + +* Run the following command in the terminal: ++ +[source, yaml] +---- +npm config set strict-ssl false +---- diff --git a/modules/end-user-guide/partials/proc_restoring-node-extra-ca-certs-variable-value.adoc b/modules/end-user-guide/partials/proc_restoring-node-extra-ca-certs-variable-value.adoc new file mode 100644 index 0000000000..b675cb5eae --- /dev/null +++ b/modules/end-user-guide/partials/proc_restoring-node-extra-ca-certs-variable-value.adoc @@ -0,0 +1,15 @@ +[id="restoring-node-extra-ca-certs-variable-value"] += Configuring NODE_EXTRA_CA_CERTS to use a certificate + +Use the command below to set NODE_EXTRA_CA_CERTS to point to where you have your SSL/TLS certificate. + +.Procedure + +* Run the following command in the terminal: ++ +[source, bash] +---- +`export NODE_EXTRA_CA_CERTS=/public-certs/nexus.cer` <1> +`npm install` +---- +<1> `/public-certs/nexus.cer` is the path to self-signed SSL/TLS certificate of Nexus artifactory. \ No newline at end of file