I am running headless chrome using python and selenium. For my automated tests we are testing on a non-production environment which is not accessible without installing a .crt cert on your machine to:
Current User>Trusted Root Certificate Authority
In the Dockerfile I am installing the certs as below:
FROM selenium/standalone-chrome-debug:latest
RUN sudo apt-get update && sudo apt-get install -y python3 python3-pip
RUN sudo apt-get update && sudo pip3 install pytest pytest-html selenium behave allure-behave
COPY . /home
ADD /certs/*.crt /usr/local/share/ca-certificates/
RUN sudo chmod 644 /usr/local/share/ca-certificates/*.crt && sudo apt-get update && sudo update-ca-certificates && sudo apt-get update
to make headless chrome working I am using below parameters for chrome options:
elif data.get('browser') == 'container':
chrome_options.add_argument("--headless")
chrome_options.add_argument('--disable-gpu')
chrome_options.add_argument('--no-sandbox')
chrome_options.add_argument('--disable-dev-shm-usage')
chrome_options.add_argument('add_experimental_option("excludeSwitches",["ignore-certificate-errors"])')
chrome_options.add_argument('window-size=1200x600')
context.driver = webdriver.Chrome(executable_path="/usr/bin/chromedriver", chrome_options=chrome_options)
Issue: Now when I run my tests in headless mode on my personal machine where this .crt certificate is installed my tests work. When I try to run it inside a container in headless mode where these certs are being installed in Dockerfile my tests fail and taking a screenshot of this non prod environment gives my a blank image (all white screen). Which means headless chrome in container is not able to load the site due to certificate issue.
If I try to take screenshot of any other site which does not need any cert it works as expected.
do I need to add any other steps to make sure the .crt certificate is installed properly in the "Trusted Root Certificate Authority" for making this work in headless mode in containers also.
From inside the container:
/usr/local/share/ca-certificates dir.After some more digging I found the certs were being copied to the below dir inside the container (I had to go in the bash shell in container and do some troubleshooting for below steps):
/usr/local/share/ca-certificates
to test the certs are working or not I tried using curl on the non prod environment url (from inside the container), which also worked. At this point I was sure that certs are in the container and are working but chrome for some reason is not able to use those certs.
To resolve this I added these capabilities to chrome with chrome options:
capabilities = chrome_options.to_capabilities() #cap
capabilities['acceptInsecureCerts'] = True #cap
and it started working as expected. To see all the arguments and capabilites I had to add to make this work below is complete configuration for chrome:
elif data.get('browser') == 'container':
#chrome_options.addArguments("--headless", "--window-size=1920,1200","--ignore-certificate-errors")
chrome_options.add_argument("--headless")
chrome_options.add_argument('--disable-gpu')
chrome_options.add_argument('--no-sandbox')
chrome_options.add_argument('--disable-dev-shm-usage')
#chrome_options.add_argument('--allow-running-insecure-content')
#chrome_options.add_argument('--disable-web-security')
#chrome_options.add_experimental_option('useAutomationExtension', False)
chrome_options.add_argument('add_experimental_option("excludeSwitches",["ignore-certificate-errors"])')
chrome_options.add_argument('window-size=1200x600')
capabilities = chrome_options.to_capabilities() #cap
capabilities['acceptInsecureCerts'] = True #cap
context.driver = webdriver.Chrome(executable_path="/usr/bin/chromedriver", chrome_options=chrome_options)