#I have a question for mounting tls certs

1 messages · Page 1 of 1 (latest)

dusky sand
#

Hi @tepid loom , could you try running the service as the root user and set the certificates with read-only permissions, updating the TLS path as well? I’ve prepared an example below.

version: '3.9'
services:
    permify:
        image: ghcr.io/permify/permify
        container_name: permify
        user: root  # Run as root
        volumes:
          - /opt/permify/config.yaml:/config/config.yaml
          - /etc/letsencrypt/live/shadow-labs.org/:/tls/:ro  # Separate path for certificates, read-only
        command: serve -c=/config/config.yaml
        ports:
            - 3478:3478
            - 3476:3476

networks:
  default:
    name: envoy
    external: true

And in the config.yaml, update the TLS path as follows:

tls:
  enabled: true
  cert: /tls/fullchain.pem  # New TLS path
  key: /tls/privkey.pem  # New TLS path