soroushdes/HokmPlay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CI/Docker: use SSL-free Nexus endpoints (mirror serves partial chain)
CI/CD / CI - API (dotnet build + engine sim) (push) Successful in 6m21s
Details
CI/CD / CI - Web (tsc + next build) (push) Successful in 1m3s
Details
CI/CD / Deploy - local stack (db + server + web) (push) Failing after 1s
Details

Browse Source 
The HTTPS Nexus serves an incomplete cert chain that container trust stores
reject (NU1301 PartialChain / UNABLE_TO_GET_ISSUER), failing CI restore/install.
- NuGet has no strict-ssl flag → point CI + Dockerfile + compose at the plain-HTTP
  Nexus (http://171.22.25.73:8081, allowInsecureConnections) — no TLS, no cert check.
- npm: add --strict-ssl=false to the CI web-check install (Dockerfile already had it);
  Docker npm registry default also moved to the HTTP Nexus.
- ENV_FILE.example documents NUGET_INDEX/NPM_REGISTRY overrides.

Local dev (Windows trusts the cert) + image base pulls (Docker trusts it) are
unaffected — only in-container package feeds switch to HTTP.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
soroush.asadi
2026-06-05 08:53:46 +03:30
parent 4b33ea318a
commit 96c8abbeb3
5 changed files with 17 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docker-compose.yml
+5 -4
View File
@@ -30,8 +30,9 @@ services:
context: ./server
dockerfile: Dockerfile
args:
# Default HTTPS; local .env overrides to the HTTP Nexus IP (PartialChain).
NUGET_INDEX: ${NUGET_INDEX:-https://mirror.soroushasadi.com/repository/nuget-group/index.json}
# Plain-HTTP Nexus (no SSL) — the HTTPS mirror serves a partial cert chain
# containers can't validate. Override via .env if needed.
NUGET_INDEX: ${NUGET_INDEX:-http://171.22.25.73:8081/repository/nuget-group/index.json}
image: hokm-server:latest
container_name: hokm-server
restart: unless-stopped
@@ -70,8 +71,8 @@ services:
# BROWSER uses to reach the API (host-mapped api port, or LAN IP).
NEXT_PUBLIC_USE_SERVER: "1"
NEXT_PUBLIC_SERVER_URL: ${NEXT_PUBLIC_SERVER_URL:-http://localhost:1505}
# Default HTTPS; local .env overrides to the HTTP Nexus IP (PartialChain).
NPM_REGISTRY: ${NPM_REGISTRY:-https://mirror.soroushasadi.com/repository/npm-group/}
# Plain-HTTP Nexus (no SSL). Override via .env if needed.
NPM_REGISTRY: ${NPM_REGISTRY:-http://171.22.25.73:8081/repository/npm-group/}
image: hokm-web:latest
container_name: hokm-web
restart: unless-stopped