Windows上的docker工具箱，然后docker run hello-world获取x509：未知授权机构签名的证书

Question

尝试了许多示例，但没有一个对我有用。

我的Docker版本：

C:\>docker version
Client:
 Version:      1.12.2
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   bb80604
 Built:        Tue Oct 11 17:00:50 2016
 OS/Arch:      windows/amd64
Server:
 Version:      1.12.3
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   6b644ec
 Built:        Wed Oct 26 23:26:11 2016
 OS/Arch:      linux/amd64

我确实将证书（* .pem）复制到了/etc/docker/certs.d位置，但是没有任何效果。

docker@default:~$ l /etc/docker/certs.d/
total 24
drwxr-xr-x    2 root     root          4096 Nov 30 17:59 ./
drwxr-xr-x    3 root     root          4096 Nov 30 17:16 ../
-rwxr-xr-x    1 root     root          1679 Nov 30 17:59 ca-key.pem
-rwxr-xr-x    1 root     root          1038 Nov 30 17:59 ca.pem
-rwxr-xr-x    1 root     root          1078 Nov 30 17:59 cert.pem
-rwxr-xr-x    1 root     root          1675 Nov 30 17:59 key.pem

证书是创建虚拟机时生成的证书。

感谢您的帮助。 花了一天时间尝试解决此问题。

运行docker run hello-world日志时生成消息，日志来自/ var / lib / boot2docker /中的docker.log

time="2016-11-30T18:25:14.233037149Z" level=debug msg="Client and server don't have the same version (client: 1.12.2, server: 1.12.3 )"
time="2016-11-30T18:25:14.233712555Z" level=error msg="Handler for POST /v1.24/containers/create returned error: No such image: hello-world:latest"
time="2016-11-30T18:25:14.244589790Z" level=debug msg="Calling GET /v1.24/info"
time="2016-11-30T18:25:14.244626594Z" level=debug msg="Client and server don't have the same version (client: 1.12.2, server: 1.12.3)"
time="2016-11-30T18:25:14.249913910Z" level=debug msg="Calling POST /v1.24/images/create?fromImage=hello-world&tag=latest"
time="2016-11-30T18:25:14.249943955Z" level=debug msg="Client and server don't have the same version (client: 1.12.2, server: 1.12.3)"
time="2016-11-30T18:25:14.250041478Z" level=debug msg="Trying to pull hello-world from https://registry-1.docker.io v2"
time="2016-11-30T18:25:14.327535482Z" level=warning msg="Error getting v2 registry: Get https://registry-1.docker.io/v2/: x509: certificate signed by unknown authority"
time="2016-11-30T18:25:14.327561850Z" level=error msg="Attempting next endpoint for pull after error: Get https://registry-1.docker.io/v2/: x509: certificate signed by unknown authority"
time="2016-11-30T18:25:14.327574917Z" level=debug msg="Trying to pull hello-world from https://index.docker.io v1"
time="2016-11-30T18:25:14.327587833Z" level=debug msg="hostDir: /etc/docker/certs.d/docker.io"
time="2016-11-30T18:25:14.327858818Z" level=debug msg="[registry] Calling GET https://index.docker.io/v1/repositories/library/hello-world/images"
time="2016-11-30T18:25:14.501831878Z" level=error msg="Not continuing with pull after error: Error while pulling image: Get https://index.docker.io/v1/repositories/library/hello-world/images: x509: certificate signed by unknown authority"

Answer 1

您可能是代理人。 试试这个sudo vi / var / lib / boot2docker / profile

在配置文件的末尾添加以下内容

# replace with your office's proxy environment
export "HTTP_PROXY=http://PROXY:PORT"
export "HTTPS_PROXY=http://PROXY:PORT"
# you can add more no_proxy with your environment. 
export "NO_PROXY=192.168.99.*,*.local,169.254/16,*.example.com,192.168.59.*"

然后重新启动boot2docker

以上步骤对我有用。 我在窗户上。

Answer 2

事实证明，我们在代理后面，但是这些设置不适用于我们的Zscalar代理系统。 Zscalar插入了自己的证书，并且将这些证书添加到Docker的设置中的事件将不起作用。 Zscalar确实具有SSL绕过设置，该设置可免除给定URL的SSL处理。

对于Docker，您必须使用.docker.io和.cloudfront.net的URL