livebook-dev/livebook
1
1
Fork 0
mirror of https://github.com/livebook-dev/livebook.git synced 2025-10-07 20:16:31 +08:00
Code Issues Projects Releases Packages Wiki Activity

Support custom HTTP certificate (#2287)

Browse source 
Co-authored-by: Jonatan Kłosko <jonatanklosko@gmail.com>
This commit is contained in:
Victor Rodrigues 2023-10-22 11:01:15 +02:00 committed by GitHub
parent ca645ea974
commit 94edf9f8b9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 33 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -191,7 +191,7 @@ The following environment variables can be used to configure Livebook on boot:
are deployed on Livebook startup with the persisted settings. Password-protected are deployed on Livebook startup with the persisted settings. Password-protected
notebooks will receive a random password, unless LIVEBOOK_APPS_PATH_PASSWORD notebooks will receive a random password, unless LIVEBOOK_APPS_PATH_PASSWORD
is set. When deploying using Livebook's Docker image, consider using is set. When deploying using Livebook's Docker image, consider using
`LIVEBOOK_APPS_PATH_WARMUP`. LIVEBOOK_APPS_PATH_WARMUP.
* LIVEBOOK_APPS_PATH_HUB_ID - deploy only the notebooks in * LIVEBOOK_APPS_PATH_HUB_ID - deploy only the notebooks in
LIVEBOOK_APPS_PATH that belong to the given Hub ID LIVEBOOK_APPS_PATH that belong to the given Hub ID
@ -208,6 +208,10 @@ The following environment variables can be used to configure Livebook on boot:
* LIVEBOOK_BASE_URL_PATH - sets the base url path the web application is * LIVEBOOK_BASE_URL_PATH - sets the base url path the web application is
served on. Useful when deploying behind a reverse proxy. served on. Useful when deploying behind a reverse proxy.
* LIVEBOOK_CACERTFILE - path to a local file containing CA certificates.
Those certificates are used during for server authentication when Livebook
accesses files from external sources.
* LIVEBOOK_COOKIE - sets the cookie for running Livebook in a cluster. * LIVEBOOK_COOKIE - sets the cookie for running Livebook in a cluster.
Defaults to a random string that is generated on boot. Defaults to a random string that is generated on boot.

4
lib/livebook.ex
View file

@ -177,6 +177,10 @@ defmodule Livebook do
config :livebook, :force_ssl_host, force_ssl_host config :livebook, :force_ssl_host, force_ssl_host
end end
if cacertfile = Livebook.Config.cacertfile!("LIVEBOOK_CACERTFILE") do
config :livebook, :cacertfile, cacertfile
end
config :livebook, config :livebook,
:cookie, :cookie,
Livebook.Config.cookie!("LIVEBOOK_COOKIE") || Livebook.Config.cookie!("LIVEBOOK_COOKIE") ||

15
lib/livebook/config.ex
View file

@ -319,6 +319,14 @@ defmodule Livebook.Config do
Application.fetch_env!(:livebook, :force_ssl_host) Application.fetch_env!(:livebook, :force_ssl_host)
end end
@doc """
Returns the application cacertfile if any.
"""
@spec cacertfile() :: String.t() | nil
def cacertfile() do
Application.get_env(:livebook, :cacertfile)
end
@feature_flags Application.compile_env(:livebook, :feature_flags) @feature_flags Application.compile_env(:livebook, :feature_flags)
@doc """ @doc """
@ -513,6 +521,13 @@ defmodule Livebook.Config do
System.get_env(env) System.get_env(env)
end end
@doc """
Parses application cacertfile from env.
"""
def cacertfile!(env) do
System.get_env(env)
end
@doc """ @doc """
Parses application service name from env. Parses application service name from env.
""" """

10
lib/livebook/utils/http.ex
View file

@ -213,9 +213,17 @@ defmodule Livebook.Utils.HTTP do
defp http_ssl_opts() do defp http_ssl_opts() do
# Use secure options, see https://gist.github.com/jonatanklosko/5e20ca84127f6b31bbe3906498e1a1d7 # Use secure options, see https://gist.github.com/jonatanklosko/5e20ca84127f6b31bbe3906498e1a1d7
cacert_opt =
if cacertfile = Livebook.Config.cacertfile() do
{:cacertfile, to_charlist(cacertfile)}
else
{:cacerts, @cacerts}
end
[ [
cacert_opt,
verify: :verify_peer, verify: :verify_peer,
cacerts: @cacerts,
customize_hostname_check: [ customize_hostname_check: [
match_fun: :public_key.pkix_verify_hostname_match_fun(:https) match_fun: :public_key.pkix_verify_hostname_match_fun(:https)
] ]