Support for Nextcloud Certificates in ExApps for OAuth2 and Self-Signed Certificate Use Cases #411
Description
Description:
We need to add support for Nextcloud certificates so that they appear in ExApps(our applications in Docker containers managed by AppAPI) when they are imported into Nextcloud.
This is especially important for those cases when ExApp uses OAuth2 or the deployment occurs on a server where Nextcloud has a self-signed certificate.
In the current implementation, this is not possible, because when the certificate is imported into the NC viaocc, it does not automatically propagate to ExApps.
Solution:
- When creating a container we must copy the current certificates from the cloud to the container
- When a certificate is imported to the cloud, AppAPI should automatically copy it to each ExApp
- AppAPI will also run a command inside the ExApp containers to rebuild the certificates, such as
update-ca-certificates(or the equivalent command depending on the OS used in the container)
Algorithm for step 1:
1. we start container with `sleep infinite` as entry point
2. upload certs
3. executing `update-ca-certificates`
4. stop container
5. start container as usual
Algorithm for step 2 almost the same, except we also doing full application disabling and starting.
Note that AppAPI cannot automatically restart the containers, as we cannot know the application’s current state (it could be processing important tasks). Therefore, automatic restarts would be too disruptive.
OCC Command Addition:
To address this, we will introduce the following OCC command in AppAPI:
occ app_api:restart --daemon_id=(optional) --app_id=(optional)
This command can be used to restart (i.e., stop and start) ExApp applications by either daemon_id or app_id, or restart all ExApps if neither option is specified.
After importing a certificate, the administrator can use this command to manually restart ExApps to reload certificates if needed.
To implement restart action we first need to do implement this: #410