stackoom
  简体   繁体   中英

Docker on windows - certificate error

 原文  2016-04-11 13:51:21       windows/ docker/ virtualbox/ docker-registry/ docker-machine

Question

When I try to build or run a docker container, eg:

docker build -t docker.example.com/research/example_project .

It leads to following error: 

Sending build context to Docker daemon 6.513 MB
Step 1 : FROM docker.example.com/research/example_project:latest
unable to ping registry endpoint https://docker.example.com/v0/
v2 ping attempt failed with error: Get https://docker.example.com/v2/: x509: certificate signed by unknown authority
 v1 ping attempt failed with error: Get https://docker.example.com/v1/_ping: x509: certificate signed by unknown authority

All workaround I found on google are for ubuntu, but this case is when docker is running on windows 8 (virtual machine is installed).

2 answers

solution1
 0  2016-08-31 15:14:04

If you are using the pre-1.12 Docker version for Windows (the one that uses VirtualBox with Boot2Docker), you need to add your registry certificate to the Boot2Docker virtual machine. From your Docker console window, type: 

$ docker-machine ssh default
$ DOMAIN_NAME=<type your domain name here>:5000
$ sudo mkdir -p /etc/docker/certs.d/$DOMAIN_NAME
$ sudo vi /etc/docker/certs.d/$DOMAIN_NAME/ca.crt

--> then copy certificate text in there and save (type :wq)

The next step is creating a script that adds the certificate to a list of allowed certificates: 

$ sudo touch /var/lib/boot2docker/bootlocal.sh && sudo chmod +x /var/lib/boot2docker/bootlocal.sh
$ sudo vi /var/lib/boot2docker/bootlocal.sh

Then fill in the "your domain name" variable below and paste this script in the file you just created: 

#!/bin/bash
CA_CERTS_DIR=/usr/local/share/ca-certificates
DOCKER_CERTS_DOMAIN_DIR=/etc/docker/certs.d/<your domain name>
CERTS_DIR=/etc/ssl/certs
CAFILE=${CERTS_DIR}/ca-certificates.crt

cp ${DOCKER_CERTS_DOMAIN_DIR}/ca.crt ${CA_CERTS_DIR}


for cert in $(/bin/ls -1 ${DOCKER_CERTS_DOMAIN_DIR}); do
SRC_CERT_FILE=${CA_CERTS_DIR}/${cert}
CERT_FILE=${CERTS_DIR}/${cert}
HASH_FILE=${CERTS_DIR}/$(/usr/local/bin/openssl x509 -noout -hash -in ${SRC_CERT_FILE} 2>/dev/null)

[ ! -L ${CERT_FILE} ] && /bin/ln -fs ${SRC_CERT_FILE} ${CERT_FILE}

for idx in $(/usr/bin/seq 0 9); do
if [ -L ${HASH_FILE}.${idx} ]; then
[ "$(/usr/bin/readlink ${HASH_FILE}.${idx})" = "${SRC_CERT_FILE}" ] && break
else
/bin/ln -fs ${SRC_CERT_FILE} ${HASH_FILE}.${idx}
break
fi
done
/bin/cat ${SRC_CERT_FILE} >> ${CAFILE}
done

solution2
 0  2016-08-31 16:09:22

If you are running Docker >= 1.12 for Windows (the one that runs native and uses Hyper-V instead of VirtualBox), you can add the host address of your registry as an "insecure registry" to the Docker daemon config:

Right click Docker icon in your system tray --> Settings... --> click the 'Docker Daemon' tab --> change the line 

"insecure-registries": [
  ],

into 

"insecure-registries": [
"your.domain.com:5000"
  ],

This allowed me to access my private registry again using the new Docker for Windows. Probably works for Mac too, but haven't tested.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Docker on Windows (Boot2Docker) - certificate signed by unknown authority error Certificate Verification Error in Windows Docker container running python Fiddler 4 Certificate error on Windows Login to docker registry with client certificate under windows Certificate errors after changing docker location on windows Add SSL Certificate to Windows Docker Container Git on Windows- SSL certificate error CouchDB for Windows - SSL certificate - Connection error ERROR - Docker-compose/docker Windows Error setting up docker on Windows
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM