堆栈内存溢出
  简体   繁体   English

添加SSL证书存储在docker

[英]Add SSL certificate to store in docker

 原文  2022-09-13 14:50:12       docker/ dockerfile/ docker-for-windows/ certificate-store

问题描述

I am trying to create a simple docker image that runs .NET Core APIs.我正在尝试创建一个运行 .NET 核心 API 的简单 docker 映像。 The problem is, my environment is behind a proxy with self-signed certificate ie not trusted:(问题是,我的环境位于具有自签名证书的代理后面,即不受信任:(

Following is my docker file以下是我的 docker 文件

## runtime:3.1 does not support certoc or openssl or powershell which forced me to change image to nanoserver-1809
#FROM mcr.microsoft.com/dotnet/core/runtime:3.1

FROM mcr.microsoft.com/dotnet/core/runtime:3.1-nanoserver-1809 
ARG source
ARG BUILD_ENV=development

# Option - 1 
# ADD z-scaler-certificate.crt /usr/local/share/ca-certificates/z-scaler-certificate.crt
# RUN certoc -addstore root /usr/local/share/ca-certificates/z-scaler-certificate.crt

# Option - 2
# RUN powershell IMPORT-CERTIFICATE -FilePath /usr/z-scaler-certificate.crt -CertStoreLocation 'Cert:\\LocalMachine\Root'


# Option - 3
# RUN CERT_DIR=(openssl version -d | cut -f2 -d \")/certs; cp /usr/z-scaler-certificate.crt $CERT_DIR; update-ca-certificates; fi

# Option - 4
ADD z-scaler-certificate.crt /container/cert/path
RUN update-ca-certificates

WORKDIR /app
COPY ${source:-bin/Debug/netcoreapp3.1} .
ENTRYPOINT ["dotnet", "Webjob.dll"]

I tried almost all possible options I could try from internet but all fails with the same error -我尝试了几乎所有可以从互联网上尝试的选项,但都失败并出现相同的错误 -

executor failed running [cmd /S /C update-ca-certificates]: unable to find user ContainerUser: invalid argument

I need help in figuring out what is that I am doing wrong that the certificate is not being added to the store?我需要帮助来弄清楚我做错了什么,证书没有被添加到商店?

2 个解决方案

解决方案1
 0  2022-09-23 07:20:55

In order to execute admin tasks you should use ContainerAdministrator user为了执行管理任务,您应该使用ContainerAdministrator用户

FROM mcr.microsoft.com/dotnet/core/runtime:3.1-nanoserver-1809 
ARG source
ARG BUILD_ENV=development
USER ContainerAdministrator
...

解决方案2
 0  2022-09-27 19:19:44

When working with containers, I'd recommend keeping to standard Linux tech unless there is a good reason.使用容器时,除非有充分的理由,否则我建议保持标准的 Linux 技术。 This is the most standard option and will work on the MS Debian images:这是最标准的选项,适用于 MS Debian 图像:

COPY z-scaler-certificate.crt /usr/local/share/certificates/z-scaler-certificate.crt
RUN update-ca-certificates

I am assuming here that your CRT file is a valid root certificate.我在这里假设您的 CRT 文件是有效的根证书。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 将SSL证书添加到Windows Docker容器 - Add SSL Certificate to Windows Docker Container 多个Docker容器的SSL证书 - SSL Certificate for Multiple Docker Containers 私有Docker存储库的ssl证书 - ssl certificate for private docker repository SSL docker 容器内的证书 - SSL certificate inside docker container macOS 上 docker build 中的证书/SSL 连接问题 - Certificate / SSL connection problem in docker build on macOS Gitlab代理的SSL(Docker)证书验证失败 - Gitlab proxied SSL (Docker) certificate verification failed 改变ssl证书的代理后面的Docker - Docker behind proxy that changes ssl certificate Mac上的Docker代理更改了ssl证书 - Docker on Mac behind proxy that changes ssl certificate SSL 证书验证适用于 Docker,而不适用于 Kubernetes - SSL certificate verification works in Docker, not on Kubernetes 在 Docker 中使用 Nginx 加载 SSL 证书失败 - SSL Certificate fails to load with Nginx in Docker
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM