-
Notifications
You must be signed in to change notification settings - Fork 514
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow to disable the ssl cert validation on the S3 API #1182
Comments
You can use some Golang environment variables to override where the application looks for its ca bundles. Eg: SSL_CERT_FILE=/etc/tempo/ca/ca-bundle.pem Or merge / replace the OS trusted ca bundle. |
It looks like this is currently possible when using minio/s3. https://github.com/grafana/tempo/blob/main/tempodb/backend/s3/config.go#L15 Though, if you have TLS enabled on the server side and also have the capability to inject the CA cert into the environment as @trexx suggests, that might be a better alternative. Does the configuration option work for your situation here? |
I've just tried this, and the flag in fact disables https entirely and forces http. It does not just disable certificate verification. https://github.com/grafana/tempo/blob/v1.3.0/tempodb/backend/s3/s3.go |
Fixed in a duplicate issue: #1466 |
Is your feature request related to a problem? Please describe.
Currently its not possible to deploy tempo in a way where the a self hosted S3 e.g. a minio instance is secured with a certificate form a private CA. This is problematic for enterprises that use on private CAs that are then used to secure private minio instances over https.
Describe the solution you'd like
A config flag to disable the ssl cert validation
The text was updated successfully, but these errors were encountered: