We have Rocket.Chat installed as a snap app in Ubuntu and have tried to set up an outgoing webhook but in the server log, we get entries with SELF_SIGNED_CERT_IN_CHAIN when the server is trying to contact the external site for the webhook.
We are behind a corporate firewall, and need to add the corporate certificate to the certificate store of the npm installation bundled with the Rocket Chat snap.
This is potentially more of a snap + npm question, but how does one do this?
OK, so that didn’t work. I also set the NODE_EXTRA_CA_CERTS environment variable in the root user’s .profile and .bashrc files, but this seems to have had no effect.
What is the correct way to add the CA cert for Node in a snap installation?
After doing some more research on snaps, it seems they are not dependent on the user under which the snap executes.
So, even though I am setting environment variables in root’s .profile and .bashrc, I suspect they are ignored because snap rewrites the HOME environment variable (as explained here https://docs.snapcraft.io/reference/env).
However, I don’t want to add something in the snap’s HOME directory, because it points to the current snap version of the app, which will change the next time the snap updates, and then I lose my change.
How can I, for the rocketchat-server snapp app, set the environment variable to point to my extra CA certificate, or is there another way to do this altogether?
I have also filed a bug on the Rocket.Chat github page. It seems there are several potential layers at which a solution could be devised. The most logical seems to me to be able to amend the snap environment, but I cannot see an obvious solution to that, and perhaps that option is not supported.
On that snapcraft forum post I linked to, I got what seems to be a workaround, which I have yet to try.
However, the moderator on that side suggested that perhaps it’s possible to use configuration to make this kind of thing work, so that options like this can be provided with snap set.