Docker: Remove pre-gen self-sign cert in image (#2962)

VietND96 · web-flow · commit 1162c08469c3 · 2025-09-27T21:32:30.000+07:00
Fix for security best practices

Signed-off-by: Viet Nguyen Duc &lt;nguyenducviet4496@gmail.com&gt;
diff --git a/Base/Dockerfile b/Base/Dockerfile
@@ -168,9 +168,9 @@ COPY supervisord.conf /etc
 #===================================================
 # Add the default self-signed certificate to the bundle CA
 #===================================================
-ARG CERT_TRUST_ATTR=TCu,Cu,Tu
+#ARG CERT_TRUST_ATTR=TCu,Cu,Tu
 COPY --chown="${SEL_UID}:${SEL_GID}" certs/add-cert-helper.sh certs/add-jks-helper.sh /opt/bin/
-COPY --chown="${SEL_UID}:${SEL_GID}" certs/tls.crt certs/tls.key certs/server.jks certs/server.pass /opt/selenium/secrets/
+#COPY --chown="${SEL_UID}:${SEL_GID}" certs/tls.crt certs/tls.key certs/server.jks certs/server.pass /opt/selenium/secrets/
 
 #===================================================
 # Add envsubst binary
@@ -194,8 +194,8 @@ RUN python3 -m venv $VENV_PATH \
     && $VENV_PATH/bin/python3 -m pip install --break-system-packages . \
     && rm -rf /tmp/supervisor.zip /tmp/supervisor-main
 
-RUN /opt/bin/add-jks-helper.sh -d /opt/selenium/secrets \
-    && /opt/bin/add-cert-helper.sh -d /opt/selenium/secrets ${CERT_TRUST_ATTR}
+#RUN /opt/bin/add-jks-helper.sh -d /opt/selenium/secrets \
+#    && /opt/bin/add-cert-helper.sh -d /opt/selenium/secrets ${CERT_TRUST_ATTR}
 #======================================
 # Configure environement
 #======================================
diff --git a/Makefile b/Makefile
@@ -138,8 +138,8 @@ prepare_resources:
 	rm -rf ./Base/configs/node && mkdir -p ./Base/configs/node && cp -r ./charts/selenium-grid/configs/node ./Base/configs
 
 gen_certs:
-	rm -rf ./Base/certs && cp -r ./charts/selenium-grid/certs ./Base
-	./Base/certs/gen-cert-helper.sh -d ./Base/certs
+	rm -rf ./Base/certs && mkdir -p ./Base/certs && cp -r ./charts/selenium-grid/certs/*.sh ./Base/certs
+	# ./Base/certs/gen-cert-helper.sh -d ./Base/certs
 
 base: prepare_resources gen_certs
 	cd ./Base && SEL_PASSWD=$(SEL_PASSWD) docker buildx build --platform $(PLATFORMS) $(BUILD_ARGS) --build-arg VERSION=$(BASE_VERSION) --build-arg RELEASE=$(BASE_RELEASE) --build-arg AUTHORS=$(AUTHORS) \
@@ -297,9 +297,11 @@ all_browsers: node_base
 	cd .. ; \
 	cd ./NodeFirefox && docker buildx build --platform $(PLATFORMS) $(BUILD_ARGS) $(FROM_IMAGE_ARGS) --build-arg BASE=node-all-browsers --build-arg FIREFOX_DOWNLOAD_URL=$(FIREFOX_DOWNLOAD_URL) -t $(NAME)/node-all-browsers:$(TAG_VERSION) . ; \
 	cd .. ; \
-	cd ./NodeChrome && docker buildx build --platform $(PLATFORMS) $(BUILD_ARGS) $(FROM_IMAGE_ARGS) --build-arg BASE=node-all-browsers -t $(NAME)/node-all-browsers:$(TAG_VERSION) . ; \
+	cd ./NodeChrome && docker buildx build --platform $(PLATFORMS) $(BUILD_ARGS) $(FROM_IMAGE_ARGS) --build-arg BASE=node-all-browsers -t $(NAME)/node-all-browsers:$(TAG_VERSION) . || true ; \
 	cd .. ; \
-	cd ./NodeEdge && docker buildx build --platform $(PLATFORMS) $(BUILD_ARGS) $(FROM_IMAGE_ARGS) --build-arg BASE=node-all-browsers -t $(NAME)/node-all-browsers:$(TAG_VERSION) . ; \
+	cd ./NodeEdge && docker buildx build --platform $(PLATFORMS) $(BUILD_ARGS) $(FROM_IMAGE_ARGS) --build-arg BASE=node-all-browsers -t $(NAME)/node-all-browsers:$(TAG_VERSION) . || true ; \
+	cd .. ; \
+	cd ./NodeAllBrowsers && docker buildx build --platform $(PLATFORMS) $(BUILD_ARGS) $(FROM_IMAGE_ARGS) --build-arg BASE=node-all-browsers -t $(NAME)/node-all-browsers:$(TAG_VERSION) . ; \
 	cd .. ;
 
 standalone_all_browsers: all_browsers
diff --git a/NodeAllBrowsers/Dockerfile b/NodeAllBrowsers/Dockerfile
@@ -0,0 +1,8 @@
+ARG NAMESPACE=selenium
+ARG VERSION=latest
+ARG BASE
+FROM ${NAMESPACE}/${BASE}:${VERSION}
+ARG AUTHORS
+LABEL authors=${AUTHORS}
+
+ENV SE_OTEL_SERVICE_NAME="selenium-node"
