mount self-signed certificates

Author: yashsinghcodes

docs/configuration.md

@@ -707,8 +707,9 @@ server {
 ## Internal Certificate Authority
 By default, certificates are not being verified when outbound traffic goes from Shuffle. This is due to the massive use of self-signed certificates when using internal services. You may ignore certificate warnings by adding `SHUFFLE_SKIPSSL_VERIFY=true` to the environment of each relevant service - most notably used for Orborus.  If you want to accept your Certificate Authority for all requests, there are a few ways to do this:
 
-1. Docker Daemon level (recommended) - point to your cert: `$ dockerd --tlscacert=/path/to/custom-ca-cert.pem`
-2. Add it to every app (per-image configuration). You can do this by modifying the Dockerfile for an app and manually building it with the certificate in the Dockerfile of each Docker image. Restart Shuffle after this is done.
+1. Mount your CA certificates (recommended): Add the ./certs:/certs mount to the Orborus service in your docker-compose.yml. Ensure that the shuffle directory contains a certs subdirectory with all the necessary certificate files. This will automatically append all certificates in ./certs to the system's root CA.
+2. Docker Daemon level  - point to your cert: `$ dockerd --tlscacert=/path/to/custom-ca-cert.pem`
+3. Add it to every app (per-image configuration). You can do this by modifying the Dockerfile for an app and manually building it with the certificate in the Dockerfile of each Docker image. Restart Shuffle after this is done.
 
 As this may require advanced Docker understanding, reach out to ask us about it: [[email protected]](mailto:[email protected])