diff --git a/application/single_app/Dockerfile b/application/single_app/Dockerfile index 65483ac6..57f377ee 100644 --- a/application/single_app/Dockerfile +++ b/application/single_app/Dockerfile @@ -7,15 +7,13 @@ FROM mcr.microsoft.com/azurelinux/base/python:3.12 AS builder ARG UID ARG GID -# Setup pip.conf if has content -COPY pip.conf.d/ /etc/pip.conf.d +# Copy pip.conf into the image for pip configuration +COPY docker-customization/pip.conf /etc/pip.conf # CA # copy certs to /etc/pki/ca-trust/source/anchors -COPY custom-ca-certificates/ /etc/ssl/certs -RUN mkdir -p /etc/pki/ca-trust/source/anchors/ \ - && update-ca-trust enable \ - && cp /etc/ssl/certs/*.crt /etc/pki/ca-trust/source/anchors/ \ +COPY docker-customization/custom-ca-certificates/ /etc/pki/ca-trust/source/anchors +RUN update-ca-trust enable \ && update-ca-trust extract ENV PYTHONUNBUFFERED=1 @@ -44,6 +42,7 @@ ARG UID ARG GID COPY --from=builder /etc/pki /etc/pki +COPY --from=builder /etc/ssl/certs /etc/ssl/certs COPY --from=builder /home/nonroot /home/nonroot COPY --from=builder /etc/passwd /etc/passwd COPY --from=builder /etc/group /etc/group @@ -59,8 +58,11 @@ ENV HOME=/home/nonroot \ PYTHONIOENCODING=utf-8 \ LANG=C.UTF-8 \ LC_ALL=C.UTF-8 \ - PYTHONUNBUFFERED=1 - + PYTHONUNBUFFERED=1 \ + SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt \ + SSL_CERT_DIR=/etc/ssl/certs \ + REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-bundle.crt + WORKDIR /app # Copy application code and set ownership diff --git a/custom-ca-certificates/.gitkeep b/docker-customization/custom-ca-certificates/.gitkeep similarity index 100% rename from custom-ca-certificates/.gitkeep rename to docker-customization/custom-ca-certificates/.gitkeep diff --git a/docker-customization/pip.conf b/docker-customization/pip.conf new file mode 100644 index 00000000..3dc81272 --- /dev/null +++ b/docker-customization/pip.conf @@ -0,0 +1 @@ +# Add pip configuration here \ No newline at end of file diff --git a/docs/explanation/release_notes.md b/docs/explanation/release_notes.md index c474eb28..0736e4bd 100644 --- a/docs/explanation/release_notes.md +++ b/docs/explanation/release_notes.md @@ -90,6 +90,11 @@ * **Files Modified**: `chat-citations.js`. * (Ref: Citation parsing, page range handling, `CITATION_IMPROVEMENTS.md`) +* **Docker Customization: CA Certificate and pip.conf** + * Fixed Docker customization issues related to custom CA certificate handling and `pip.conf` configuration. + * Ensures Python package installation works reliably in environments requiring custom certificate trust and pip configuration. + * (Ref: Docker customization, CA cert setup, `pip.conf` handling) + #### User Interface Enhancements * **Extended Document Dropdown Width** diff --git a/docs/how-to/docker_customization.md b/docs/how-to/docker_customization.md new file mode 100644 index 00000000..a1d50828 --- /dev/null +++ b/docs/how-to/docker_customization.md @@ -0,0 +1,9 @@ +# Docker Customization + +## Custom Certificate Authorities + +Add custom certificate authorities to [/docker-customization/custom-ca-certificates](/docker-customization/custom-ca-certificates/) and they will be pull in to the system CAs during docker build. Must be in .crt format. + +## Custom pip.conf + +Add customization as needed to [/docker-customization/pip.conf](/docker-customization/pip.conf). This will be used during docker build. \ No newline at end of file diff --git a/pip.conf.d/.gitkeep b/pip.conf.d/.gitkeep deleted file mode 100644 index e69de29b..00000000