Add documentation for self-signed cert healthchecks (#7397)

* Add documentation for self-signed cert healthchecks Adds instruction to set NODE_EXTRA_CA_CERTS in docker-compose healthcheck commands so Node.js can trust the certificate. * [autofix.ci] apply automated fixes * fixup! Add documentation for self-signed cert healthchecks * [autofix.ci] apply automated fixes * Update Docker health checks with self-signed certs If using self signed certs, comment the first test line and uncomment the second test line. * fixup! Update Docker health checks with self-signed certs * fixup! Add documentation for self-signed cert healthchecks * fixup! Update Docker health checks with self-signed certs * [autofix.ci] apply automated fixes * fixup! Add documentation for self-signed cert healthchecks * fixup! Update Docker health checks with self-signed certs --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-05-05 22:52:20 -05:00 · 2026-04-06 18:09:35 -06:00
parent 64b2d9b31a
commit 477fed1607
3 changed files with 17 additions and 0 deletions
--- a/packages/docs/docs/config/https.md
+++ b/packages/docs/docs/config/https.md
@@ -14,6 +14,15 @@ Use a self-signed certificate. This is the easiest way to get HTTPS working, but

 - A command line tool like [mkcert](https://github.com/FiloSottile/mkcert) can automate this process.
 - Alternately, you can manually generate the certificates. Install OpenSSL for your operating system, then run `openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout selfhost.key -out selfhost.crt` in a terminal to generate the certificate and private key. You'll need to enter a two-letter country code to get the `.crt` file to be generated, but you can leave the rest of the fields blank (just hit enter at each prompt). Move the `selfhost.key` and `selfhost.crt` files to a location accessible to the Actual server.
+- When using a self-signed certificate, you may need to update the health check test command in your docker-compose.yml file to ensure it trusts the certificate. Add the `NODE_EXTRA_CA_CERTS=/data/selfhost.crt` environment variable to the health check command:
+
+  ```yaml
+  test:
+    [
+      'CMD-SHELL',
+      'NODE_EXTRA_CA_CERTS=/data/selfhost.crt node src/scripts/health-check.js',
+    ]
+  ```

 ### Obtain a certificate without exposing to the internet

--- a/packages/sync-server/docker-compose.yml
+++ b/packages/sync-server/docker-compose.yml
@@ -22,6 +22,8 @@ services:
    healthcheck:
      # Enable health check for the instance
      test: ['CMD-SHELL', 'node src/scripts/health-check.js']
+      # health check using self signed certs
+      # test: ['CMD-SHELL', 'NODE_EXTRA_CA_CERTS=/data/selfhost.crt node src/scripts/health-check.js']
      interval: 60s
      timeout: 10s
      retries: 3
--- a/upcoming-release-notes/7397.md
+++ b/upcoming-release-notes/7397.md
@@ -0,0 +1,6 @@
+---
+category: Maintenance
+authors: [Kennedy242]
+---
+
+Add documentation for configuring Docker health checks with self-signed certificates using `NODE_EXTRA_CA_CERTS`.