Caprover Path For Shared Folder

tbvgl · January 25, 2023, 4:46pm

I have a Caprover server with a Wappler app deployed to it.
I’m using an SSL cert to authenticate with the database, and the path is defined in the ENV.

From the Caprover docs:

The directory /captain/data/nginx-shared in your server is available in your nginx container as /nginx-shared . Let’s say you place a custom SSL cert in that folder and call it /captain/data/nginx-shared/custom-cert.pem . In order to reference that file in your nginx config, you’ll use /nginx-shared/custom-cert.pem

Wappler defines the system path in the docker file though:
ENV PATH /opt/node_app/node_modules/.bin:$PATH

Can I define the path from the root directory of the server to the SSL cert in the shared folder via ENV?

I tried multiple things like for example:

../../usr/share/ca-certificate.crt

but that is invalid:

{"status":"500","message":"path.toSystemPath: Invalid path \"../../usr/share/ca-certificate.crt\".","stack":"Error: path.toSystemPath: Invalid path

Any help would be appreciated.

Apple · January 25, 2023, 5:43pm

In Caprover control panel bind-mount the host folder you want (e.g.: /usr/share) to e.g. /opt/node_app/certificates

And then in Wappler access the certificates folder

tbvgl · January 25, 2023, 5:47pm

Thanks @Apple. That only works for persistent apps though.

I came up with another solution if anybody needs to add a DO cert for the db connection but doesn’t want to push it to git. You can store it in the ENV base64 encoded and extend express to write the file when the app starts:

require("dotenv").config();
const fs = require("fs");

exports.before = (app) => {
    const dbSslCert = process.env.DB_SSL_CERT;
    const decodedCert = Buffer.from(dbSslCert, "base64");
    fs.writeFileSync("/certs/ca-certificate.crt", decodedCert);
};

tbvgl · January 25, 2023, 7:32pm

Updated version with logs and validation that works:


require("dotenv").config();
const fs = require("fs-extra");
const path = require("path");
const { toSystemPath } = require("../../../lib/core/path");

const validator = require("validator");

exports.before = async (app) => {
  try {
    const dbSslCert = process.env.DB_SSL_CERT;
    if (!validator.isBase64(dbSslCert)) {
      throw new Error(
        "Invalid base64 encoded SSL cert in DB_SSL_CERT env variable"
      );
    }
    const decodedCert = Buffer.from(dbSslCert, "base64");
    const dir = toSystemPath("/");
    console.log("Attempting to create folder at: ", dir);
    const certPath = path.join(dir, "certs");
    await fs.mkdir(certPath, { recursive: true });
    await fs.writeFile(path.join(certPath, "ca-certificate.crt"), decodedCert);
  } catch (err) {
    console.error(err);
  }
};