-
Notifications
You must be signed in to change notification settings - Fork 70
Closed
Labels
Description
Bug
When using the Docker image (ghcr.io/coder/mux:nightly) with a volume mounted at /root/.mux, adding a new project via "Clone repo" fails with:
Cloning into '/root/.mux/projects/coder.mux-clone-fcad889dbebe'...
fatal: unable to access 'https://github.com/coder/coder.git/':
server certificate verification failed. CAfile: none CRLfile: none
Root Cause
The runtime stage of the Dockerfile installs git and openssh-client but does not install ca-certificates. Without a CA certificate bundle, git cannot verify any HTTPS server certificate.
Fix
Add ca-certificates to the runtime apt-get install line in the Dockerfile:
RUN apt-get update && \
- apt-get install -y --no-install-recommends git openssh-client && \
+ apt-get install -y --no-install-recommends git openssh-client ca-certificates && \
rm -rf /var/lib/apt/lists/*The comment block above should also be updated:
# - git: required for workspace operations (clone, worktree, etc.)
# - openssh-client: required for SSH runtime support
+# - ca-certificates: required for HTTPS (git clone, API calls, etc.)Workaround
Set GIT_SSL_NO_VERIFY=true as an environment variable when running the container (not recommended for production).
Created on behalf of @ibetitsmike
Reactions are currently unavailable