Skip to content

Add interceptHttps option to allow intercepting HTTPS and allow/deny list#171

Merged
gabivlj merged 11 commits intomainfrom
gv/tls
Apr 9, 2026
Merged

Add interceptHttps option to allow intercepting HTTPS and allow/deny list#171
gabivlj merged 11 commits intomainfrom
gv/tls

Conversation

@gabivlj
Copy link
Copy Markdown
Collaborator

@gabivlj gabivlj commented Apr 3, 2026

No description provided.

@gabivlj gabivlj requested a review from a team as a code owner April 3, 2026 17:45
@pkg-pr-new
Copy link
Copy Markdown

pkg-pr-new bot commented Apr 3, 2026
edited
Loading

Open in StackBlitz

npm i https://pkg.pr.new/cloudflare/containers/@cloudflare/containers@171

commit: da5627d

mikenomitch
mikenomitch reviewed Apr 7, 2026
View reviewed changes
mikenomitch
mikenomitch reviewed Apr 7, 2026
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Apr 7, 2026
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Apr 7, 2026
View reviewed changes
mikenomitch
mikenomitch reviewed Apr 7, 2026
View reviewed changes
mikenomitch
mikenomitch reviewed Apr 7, 2026
View reviewed changes
mikenomitch
mikenomitch reviewed Apr 7, 2026
View reviewed changes
@mikenomitch
Copy link
Copy Markdown
Collaborator

mikenomitch commented Apr 7, 2026

Let's call out specifically in the docs how to set everything up on various distros:

Distribution Certificate Directory Update Command
Alpine /usr/local/share/ca-certificates/ update-ca-certificates
Debian/Ubuntu /usr/local/share/ca-certificates/ update-ca-certificates
Fedora/RHEL /etc/pki/ca-trust/source/anchors/ update-ca-trust
Arch /etc/ca-certificates/trust-source/anchors/ trust extract-compat

Ideally with explicit "entrypoint" examples. IE:

In Ubuntu and Debian make sure to install "update-ca-certificates" with "RUN apk add --no-cache ca-certificates" in your Dockerfile and add the following entrypoint command ...

@gabivlj
Copy link
Copy Markdown
Collaborator Author

gabivlj commented Apr 7, 2026

Let's call out specifically in the docs how to set everything up on various distros:

Distribution Certificate Directory Update Command Alpine /usr/local/share/ca-certificates/ update-ca-certificates Debian/Ubuntu /usr/local/share/ca-certificates/ update-ca-certificates Fedora/RHEL /etc/pki/ca-trust/source/anchors/ update-ca-trust Arch /etc/ca-certificates/trust-source/anchors/ trust extract-compat

I dont think we should recommend running update-ca-certificates in the Dockerfile related to this feature as it might mislead the user into believing the CA is included on docker build.

@mikenomitch
Copy link
Copy Markdown
Collaborator

mikenomitch commented Apr 8, 2026

I mean running that in the entrypoint override

@gabivlj gabivlj force-pushed the gv/tls branch 2 times, most recently from 5203c8c to 62c7334 Compare April 8, 2026 21:02
@gabivlj
tls: Do not persist enableInternet in outbound configuration so if us…
a6da651 
…er redeploys and the container restarts, internet configuration is applied
@gabivlj
tls: Revert back to intercept outbound all for dynamic rules until we…
da5627d 
… are able to remove hostnames programmatically
@andreisavu andreisavu mentioned this pull request Apr 9, 2026
Open
11 tasks
@gabivlj gabivlj merged commit 2a942e3 into main Apr 9, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mikenomitch mikenomitch mikenomitch approved these changes

+1 more reviewer

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gabivlj @mikenomitch @github-advanced-security