[英]Making HTTPS requests within a Docker image behind a Zscaler firewall
I'm interested in running a simple image like this behind a corporate Zscaler firewall:我有兴趣在公司 Zscaler 防火墙后面运行这样一个简单的图像:
FROM rocker/r-base
RUN apt-get update && apt-get install libssl-dev
CMD Rscript -e "install.packages('beepr')"
Building the image with docker build -t test.
使用
docker build -t test.
fails with errors like this:失败并出现如下错误:
Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: ]
I've tried some of the solutions from here but they don't work.我已经尝试了这里的一些解决方案,但它们不起作用。 For example:
例如:
FROM rocker/r-base
# Add local certificate to Docker
ADD ./zscaler.cer /usr/local/share/ca-certificates/zscaler.crt
# Move the certificate to the cert dir of openssl and update certificates
RUN CERT_DIR=$(openssl version -d | cut -f2 -d \")/certs ; cp /usr/local/share/ca-certificates/zscaler.crt $CERT_DIR ; update-ca-certificates
# Try making https requests
RUN apt-get update && apt-get install libssl-dev
CMD Rscript -e "install.packages('beepr')"
Same errors persist with docker build -t test.
docker build -t test.
. . I've read some possible solutions online but all of them continually fail either for
apt-get
or for installing packages with R
.我已经在线阅读了一些可能的解决方案,但是对于
apt-get
或使用R
安装软件包,它们都不断失败。 Is there anyone who has experienced this and found a fix?有没有人经历过这个并找到了解决办法?
Apparently, the current advice is slightly wrong.显然,目前的建议有点错误。 The certificate should not go in
/etc/ssl/certs/
(which is the result of CERT_DIR=$(openssl version -d | cut -f2 -d \")/certs
) but rather on CERT_DIR=/usr/local/share/ca-certificates/
(at least on this Ubuntu image). After changing that, update-ca-certificates
correctly updates the certificate an all HTTPS requests are successful.证书不应 go 在
/etc/ssl/certs/
(这是CERT_DIR=$(openssl version -d | cut -f2 -d \")/certs
的结果),而是CERT_DIR=/usr/local/share/ca-certificates/
(至少在此 Ubuntu 映像上)。更改后, update-ca-certificates
正确更新证书,所有 HTTPS 请求都成功。
This should work now:现在应该可以了:
FROM rocker/r-base
# Add local certificate to Docker
ADD ./zscaler.pem /usr/local/share/ca-certificates/ZscalerRootCertificate-2048-SHA256.crt
# update certificates
RUN update-ca-certificates
# Try making https requests
RUN apt-get update && apt-get install libssl-dev
CMD Rscript -e "install.packages('beepr')"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.