From 4ea905d9715dbb7e3a46eb3b2badc09875125035 Mon Sep 17 00:00:00 2001
From: Ben Hardill <ben@flowforge.com>
Date: Tue, 23 Dec 2025 15:16:47 +0000
Subject: [PATCH 1/2] Add comments about private CA certs to services

part of #525

Adds commented out Env Var pointing at /opt/flowfuse-device/chain.pem
to make enableding private CA certs support easier.
---
 installer/go/pkg/service/templates.go | 6 ++++++
 installer/go/pkg/service/windows.go   | 1 +
 2 files changed, 7 insertions(+)

diff --git a/installer/go/pkg/service/templates.go b/installer/go/pkg/service/templates.go
index a94ed78..6a84045 100644
--- a/installer/go/pkg/service/templates.go
+++ b/installer/go/pkg/service/templates.go
@@ -15,6 +15,7 @@ WorkingDirectory={{.WorkDir}}
 
 Environment="NODE_OPTIONS=--max_old_space_size=512"
 Environment="PATH={{.NodeBinDir}}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+# Environment="NODE_EXTRA_CA_CERTS={{.WorkDir}}/chain.pem"
 ExecStart=/usr/bin/env -S flowfuse-device-agent --dir {{.WorkDir}} --port {{.Port}}
 # Use SIGINT to stop
 KillSignal=SIGINT
@@ -59,6 +60,7 @@ WORKING_DIR={{.WorkDir}}
 do_start() {
     log_daemon_msg "Starting $DESC" "$NAME"
     export NODE_OPTIONS="--max_old_space_size=512"
+    # export NODE_EXTRA_CA_CERTS="{{.WorkDir}}/chain.pem"
     start-stop-daemon --start --quiet --background --user $USER --chdir $WORKING_DIR \
         --make-pidfile --pidfile $PIDFILE --startas /bin/bash \
         -- -c "exec $DAEMON $DAEMON_ARGS > $LOGFILE 2>&1"
@@ -135,6 +137,10 @@ const launchdTemplate = `<?xml version="1.0" encoding="UTF-8"?>
         <string>--max_old_space_size=512</string>
         <key>PATH</key>
         <string>{{.NodeBinDir}}:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin</string>
+        <!--
+        <key>NODE_EXTRA_CA_CERTS</key>
+        <string>{{.WorkDir}}/chain.pem</string>
+        -->
     </dict>
 </dict>
 </plist>`
diff --git a/installer/go/pkg/service/windows.go b/installer/go/pkg/service/windows.go
index 7b94326..65b40bc 100644
--- a/installer/go/pkg/service/windows.go
+++ b/installer/go/pkg/service/windows.go
@@ -102,6 +102,7 @@ func configureService(nssmPath, serviceName, workDir string, port int) error {
 
 	// Configure environment variables
 	nodeOptions := "NODE_OPTIONS=--max_old_space_size=512"
+	extaCACerts := fmt.Sprintf("NODE_EXTRA_CA_CERTS=%s/chain.pem", workDir)
 	// The AppEnvironmentExtra parameter needs multiple values, which requires a direct command
 	envCmd := exec.Command(nssmPath, "set", serviceName, "AppEnvironmentExtra", nodeOptions, os.Getenv("PATH"))
 	logger.Debug("Set environment command: %s", envCmd.String())

From 227ae46d311a821798c67c50e7fdfdf0ad3da6dc Mon Sep 17 00:00:00 2001
From: Ben Hardill <ben@flowforge.com>
Date: Tue, 23 Dec 2025 15:21:11 +0000
Subject: [PATCH 2/2] Pass lint

---
 installer/go/pkg/service/windows.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/installer/go/pkg/service/windows.go b/installer/go/pkg/service/windows.go
index 65b40bc..96d1089 100644
--- a/installer/go/pkg/service/windows.go
+++ b/installer/go/pkg/service/windows.go
@@ -102,7 +102,7 @@ func configureService(nssmPath, serviceName, workDir string, port int) error {
 
 	// Configure environment variables
 	nodeOptions := "NODE_OPTIONS=--max_old_space_size=512"
-	extaCACerts := fmt.Sprintf("NODE_EXTRA_CA_CERTS=%s/chain.pem", workDir)
+	// extaCACerts := fmt.Sprintf("NODE_EXTRA_CA_CERTS=%s/chain.pem", workDir)
 	// The AppEnvironmentExtra parameter needs multiple values, which requires a direct command
 	envCmd := exec.Command(nssmPath, "set", serviceName, "AppEnvironmentExtra", nodeOptions, os.Getenv("PATH"))
 	logger.Debug("Set environment command: %s", envCmd.String())