dosubot[bot] commented on issue #38379: URL: https://github.com/apache/superset/issues/38379#issuecomment-3995539387
<!-- Answer --> Thanks for the detailed bug report. Here's what I found regarding your webhook issues: **1. HTTPS Enforcement** - You can disable the HTTPS requirement by setting [`ALERT_REPORTS_WEBHOOK_HTTPS_ONLY = False`](https://github.com/apache/superset/pull/36127) in your `superset_config.py`. This allows HTTP webhook URLs. **2. Network Unreachable** - Using Docker service names (like `https://nginx/...`) instead of host IPs is the correct approach for container-to-container communication. **3. Self-Signed Certificate Verification** - Unfortunately, there's currently **no configuration option** to disable SSL certificate verification specifically for webhook requests. The `ALERT_REPORTS_WEBHOOK_HTTPS_ONLY` setting only controls URL scheme validation (`https://` vs `http://`), not certificate verification. **Workarounds for self-signed certificates:** - Use properly signed certificates (e.g., via Let's Encrypt) - Set the [`REQUESTS_CA_BUNDLE` environment variable](https://github.com/apache/superset/issues/34666) to include your self-signed CA: ```bash export REQUESTS_CA_BUNDLE=/path/to/your/ca-bundle.crt ``` - If using HTTP internally is acceptable, set `ALERT_REPORTS_WEBHOOK_HTTPS_ONLY = False` and use `http://` URLs Since the webhook feature is relatively new ([merged December 2025](https://github.com/apache/superset/pull/36127)), this might be worth opening as a feature request for adding webhook-specific SSL verification controls similar to what exists for [database connections](https://github.com/apache/superset/issues/32266). <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/baf39c24-4409-4d63-8fa7-b2625ea59ea3?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/baf39c24-4409-4d63-8fa7-b2625ea59ea3?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/baf39c24-4409-4d63-8fa7-b2625ea59ea3?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/baf39c24-4409-4d63-8fa7-b2625ea59ea3?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/baf39c24-4409-4d63-8fa7-b2625ea59ea3?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/baf39c24-4409-4d63-8fa7-b2625ea59ea3?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/baf39c24-4409-4d63-8fa7-b2625ea59ea3?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github) [](https://cursor.com/link/prompt?text=Thanks%20for%20the%20detailed%20bug%20report.%20Here%27s%20what%20I%20found%20regarding%20your%20webhook%20issues%3A%0A%0A%2A%2A1.%20HTTPS%20Enforcement%2A%2A%20-%20You%20can%20disable%20the%20HTTPS%20requirement%20by%20setting%20%5B%60ALERT_REPORTS_WEBHOOK_HTTPS_ONLY%20%3D%20False%60%5D%28https%3A//github.com/apache/superset/pull/36127%29%20in%20your%20%60superset_config.py%60.%20This%20allows%20HTTP%20webhook%20URLs.%0A%0A%2A%2A2.%20Network%20Unreachable%2A%2A%20-%20Using%20Docker%20service%20names%20%28like%20%60https%3A//nginx/...%60%29%20instead%20of%20host%20IPs%20is%20the%20correct%20approach%20for%20container-to-container%20communication.%0A%0A%2A%2A3.%20Self-Signed%20Certificate%20Verification%2A%2A%20-%20Unfortunately%2C%20there%27s%20cur rently%20%2A%2Ano%20configuration%20option%2A%2A%20to%20disable%20SSL%20certificate%20verification%20specifically%20for%20webhook%20requests.%20The%20%60ALERT_REPORTS_WEBHOOK_HTTPS_ONLY%60%20setting%20only%20controls%20URL%20scheme%20validation%20%28%60https%3A//%60%20vs%20%60http%3A//%60%29%2C%20not%20certificate%20verification.%0A%0A%2A%2AWorkarounds%20for%20self-signed%20certificates%3A%2A%2A%0A-%20Use%20properly%20signed%20certificates%20%28e.g.%2C%20via%20Let%27s%20Encrypt%29%0A-%20Set%20the%20%5B%60REQUESTS_CA_BUNDLE%60%20environment%20variable%5D%28https%3A//github.com/apache/superset/issues/34666%29%20to%20include%20your%20self-signed%20CA%3A%0A%20%20%60%60%60bash%0A%20%20export%20REQUESTS_CA_BUNDLE%3D/path/to/your/ca-bundle.crt%0A%20%20%60%60%60%0A-%20If%20using%20HTTP%20internally%20is%20acceptable%2C%20set%20%60ALERT_REPORTS_WEBHOOK_HTTPS_ONLY%20%3D%20False%60%20and%20use%20%60http%3A//%60%20URLs%0A%0ASince%20the%20webhook%20feature%20is%20relatively%20new%20%28%5Bmerged% 20December%202025%5D%28https%3A//github.com/apache/superset/pull/36127%29%29%2C%20this%20might%20be%20worth%20opening%20as%20a%20feature%20request%20for%20adding%20webhook-specific%20SSL%20verification%20controls%20similar%20to%20what%20exists%20for%20%5Bdatabase%20connections%5D%28https%3A//github.com/apache/superset/issues/32266%29.) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/issues/38379) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
