These are just my notes on how to solve the issue, on nextcloud with the official docker image, where the SMTP sever used to send notifications doesn’t have a recognised certificate authority or is self signed.
Rather that lowering your server’s security by using (IMHO) dangerous options such as:
‘allow_self_signed’ => ‘true’,
‘verify_peer’ => ‘false’,
‘verify_peer_name’ => ‘false’,
One should rather install the missing CA (third party or your own) into the docker image.
To achieve this, create a nextcloud/Dockerfile
like this one
FROM nextcloud:latest
ADD TI_Trust_Technologies_OV_CA.crt /usr/local/share/ca-certificates/TI_Trust_Technologies_OV_CA.crt
RUN update-ca-certificates
Where TI_Trust_Technologies_OV_CA.crt
is the name of the file containing the CA that you want to install in PEM format. The extension must be .crt
.
Then reference it in your docker-compose.yml
:
nextcloud:
#image: nextcloud:latest
build: nextcloud
Then do a docker compose build
and your image is ready to run! It should connect to your SMTP server without lowering your security posture.