mosaicstack/stack
1
0
Fork 0
Code Issues 19 Pull Requests Actions Packages Projects Releases 13 Wiki Activity

feat(mosaic-portainer): PORTAINER_INSECURE flag for self-signed TLS #484

Merged
jason.woltje merged 1 commits from feat/mosaic-portainer-tls-flag into main 2026-04-22 01:21:55 +00:00
Conversation 0 Commits 1 Files Changed 8 +59 -9
jason.woltje commented 2026-04-22 01:17:37 +00:00
Owner
Copy Link

Problem

Self-signed Portainer instances (e.g. internal LAN at 10.1.1.43:9443) cause all 7 portainer wrapper scripts to fail silently with HTTP 000. curl rejects the self-signed certificate by default and the scripts interpret the empty response as a non-200 status.

Solution

Add a PORTAINER_INSECURE environment variable. When set to 1, a CURL_OPTS=(-k) array is populated at the top of each script (after env var validation) and passed to every curl invocation targeting the Portainer API.

export PORTAINER_INSECURE=1

Changes

  • All 7 .sh scripts in packages/mosaic/framework/tools/portainer/ updated
  • README.md updated to document the new variable

Testing

  • bash -n syntax check: all 7 scripts pass
  • Smoke test: PORTAINER_INSECURE=1 against https://10.1.1.43:9443 returned HTTP 401 (reached the API, TLS bypass confirmed). Without the flag, curl exits 60 (SSL certificate error).
## Problem Self-signed Portainer instances (e.g. internal LAN at 10.1.1.43:9443) cause all 7 portainer wrapper scripts to fail silently with HTTP 000. curl rejects the self-signed certificate by default and the scripts interpret the empty response as a non-200 status. ## Solution Add a `PORTAINER_INSECURE` environment variable. When set to `1`, a `CURL_OPTS=(-k)` array is populated at the top of each script (after env var validation) and passed to every curl invocation targeting the Portainer API. ```bash export PORTAINER_INSECURE=1 ``` ## Changes - All 7 `.sh` scripts in `packages/mosaic/framework/tools/portainer/` updated - README.md updated to document the new variable ## Testing - `bash -n` syntax check: all 7 scripts pass - Smoke test: `PORTAINER_INSECURE=1` against `https://10.1.1.43:9443` returned HTTP 401 (reached the API, TLS bypass confirmed). Without the flag, curl exits 60 (SSL certificate error).
jason.woltje added 1 commit 2026-04-22 01:17:38 +00:00
feat(mosaic-portainer): add PORTAINER_INSECURE flag for self-signed TLS
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details
0888b8bd6d 
Self-signed Portainer instances (e.g. internal LAN at 10.1.1.43:9443)
caused all wrapper calls to fail silently with HTTP 000. Setting
PORTAINER_INSECURE=1 passes -k to curl, bypassing certificate
verification and unblocking API calls to such instances.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
jason.woltje merged commit 45e8f02c91 into main 2026-04-22 01:21:55 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
jason.woltje
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: mosaicstack/stack#484
Delete Branch "feat/mosaic-portainer-tls-flag"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?