docker - mac 验证失败 - docker-compose up 时出现认证异常阻止 ASPNETCORE Docker-Container 启动
问题描述
首先,我不是 linux 和证书相关主题的专家。我尝试编写 webapi-service 并将其发布为 docker-container。
我的编码环境是 Visual Studio,在 VM 中的 Windows 10 上运行。在这里,一切都已启动并正在运行。
我的目标环境是 Ubuntu 18.04.4 LTS,Docker 版本为 19.03.6-rc1。
由于我希望将来拥有多项服务,因此我尝试使用无法正常工作的“docker-compose up”。
我做的步骤:
- Windows VS 2017 中的代码
- 在 Docker.hub 上发布
- 尝试在 Ubuntu 上作曲
更详细...
1. Windows VS 2017 中的代码
在调试模式下,一切都对我有用。
我有一个 docker-compose 项目和 api 项目。docker-compose 项目包括 docker-compose.yml 和一个覆盖文件。
这是我在 VS 中的项目:VS2017 中的项目
码头工人-compose.yml
version: '3.4'
services:
logs.api:
env_file: .env
image: ${DOCKER_REGISTRY-}logsapi
build:
context: .
dockerfile: logs.api/Dockerfile
docker-compose.override.yml
version: '3.4'
services:
logs.api:
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=https://+:443;http://+:80
- ASPNETCORE_HTTPS_PORT=44374
- ConnectionString=${CONNECTION_STRING}
ports:
- "50530:80"
- "44374:443"
volumes:
- ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
- ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro
Dockerfile
FROM microsoft/dotnet:2.1-aspnetcore-runtime AS base
WORKDIR /app
EXPOSE 80
EXPOSE 443
FROM microsoft/dotnet:2.1-sdk AS build
WORKDIR /src
COPY logs.api/logs.api.csproj logs.api/
RUN dotnet restore logs.api/logs.api.csproj
COPY . .
WORKDIR /src/logs.api
RUN dotnet build logs.api.csproj -c Release -o /app
FROM build AS publish
RUN dotnet publish logs.api.csproj -c Release -o /app
FROM base AS final
WORKDIR /app
COPY --from=publish /app .
ENTRYPOINT ["dotnet", "logs.api.dll"]
3. 尝试在 Ubuntu 上作曲
我尝试使用以下命令和修改的 .yml 文件在 ubuntu 中编写。在我使用docker login
.
编写命令:sudo docker-compose -f docker-compose.yml -f docker-compose.production.yml up
码头工人-compose.yml
version: '3.4'
services:
logs.api:
env_file: .env
image: autoempire/logsapi
docker-compose.production.yml
version: '3.4'
services:
logs.api:
environment:
- ASPNETCORE_ENVIRONMENT=Production
- ASPNETCORE_URLS=https://+:443;http://+:80
- ASPNETCORE_HTTPS_PORT=44374
- ConnectionString=${CONNECTION_STRING}
- ASPNETCORE_Kestrel__Certificates__Default__Password=""
- ASPNETCORE_Kestrel__Certificates__Default__Path=/https/logs.api.pfx
volumes:
- ${HOME}/.aspnet/https:/https/
ports:
- "50530:80"
- "44374:443"
build:
context: "http://${GIT_USR}:${GIT_PWD}@github.com/r...s/mymicroservices.git#master"
dockerfile: logs.api/Dockerfile
在这里你看,我已经改变了音量。有了这些秘密,我不知道该怎么做,所以我删除了它们,因为我没有证书的任何密码。但这可能是另一个话题。
我在 stackoverflow 上添加了 ASPNETCORE_Kestrel__Certificates__Default__Password
和ASPNETCORE_Kestrel__Certificates__Default__Path
关于一些有用的描述,并在 ubuntu 上创建了一个自签名证书,我移至该证书~/.aspnet/https/logs.api.pfx
。
这就是我得到的:
logs.api_1 | info: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[0]
logs.api_1 | User profile is available. Using '/root/.aspnet/DataProtection-Keys' as key repository; keys will not be encrypted at rest.
logs.api_1 | crit: Microsoft.AspNetCore.Server.Kestrel[0]
logs.api_1 | Unable to start Kestrel.
logs.api_1 | Interop+Crypto+OpenSslCryptographicException: error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure
logs.api_1 | at Internal.Cryptography.Pal.OpenSslPkcs12Reader.Decrypt(SafePasswordHandle password)
logs.api_1 | at Internal.Cryptography.Pal.PkcsFormatReader.TryReadPkcs12(OpenSslPkcs12Reader pfx, SafePasswordHandle password, Boolean single, ICertificatePal& readPal, List`1& readCerts)
logs.api_1 | at Internal.Cryptography.Pal.PkcsFormatReader.TryReadPkcs12(SafeBioHandle bio, SafePasswordHandle password, Boolean single, ICertificatePal& readPal, List`1& readCerts, Exception& openSslException)
logs.api_1 | at Internal.Cryptography.Pal.CertificatePal.FromBio(SafeBioHandle bio, SafePasswordHandle password)
logs.api_1 | at Internal.Cryptography.Pal.CertificatePal.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
logs.api_1 | at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
logs.api_1 | at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
logs.api_1 | at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadCertificate(CertificateConfig certInfo, String endpointName)
logs.api_1 | at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadDefaultCert(ConfigurationReader configReader)
logs.api_1 | at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Load()
logs.api_1 | at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.ValidateOptions()
logs.api_1 | at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
logs.api_1 |
logs.api_1 | Unhandled Exception: Interop+Crypto+OpenSslCryptographicException: error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure
logs.api_1 | at Internal.Cryptography.Pal.OpenSslPkcs12Reader.Decrypt(SafePasswordHandle password)
logs.api_1 | at Internal.Cryptography.Pal.PkcsFormatReader.TryReadPkcs12(OpenSslPkcs12Reader pfx, SafePasswordHandle password, Boolean single, ICertificatePal& readPal, List`1& readCerts)
logs.api_1 | at Internal.Cryptography.Pal.PkcsFormatReader.TryReadPkcs12(SafeBioHandle bio, SafePasswordHandle password, Boolean single, ICertificatePal& readPal, List`1& readCerts, Exception& openSslException)
logs.api_1 | at Internal.Cryptography.Pal.CertificatePal.FromBio(SafeBioHandle bio, SafePasswordHandle password)
logs.api_1 | at Internal.Cryptography.Pal.CertificatePal.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
logs.api_1 | at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
logs.api_1 | at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
logs.api_1 | at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadCertificate(CertificateConfig certInfo, String endpointName)
logs.api_1 | at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadDefaultCert(ConfigurationReader configReader)
logs.api_1 | at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Load()
logs.api_1 | at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.ValidateOptions()
logs.api_1 | at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
logs.api_1 | at Microsoft.AspNetCore.Hosting.Internal.WebHost.StartAsync(CancellationToken cancellationToken)
logs.api_1 | at Microsoft.AspNetCore.Hosting.WebHostExtensions.RunAsync(IWebHost host, CancellationToken token, String shutdownMessage)
logs.api_1 | at Microsoft.AspNetCore.Hosting.WebHostExtensions.RunAsync(IWebHost host, CancellationToken token)
logs.api_1 | at Microsoft.AspNetCore.Hosting.WebHostExtensions.Run(IWebHost host)
logs.api_1 | at logs.api.Program.Main(String[] args) in /src/logs.api/Program.cs:line 18
reco_logs.api_1 exited with code 139
production.yml 中证书的位置似乎没问题,因为当我更改它时,出现“找不到文件”之类的错误。我尝试了带和不带密码的证书。没关系……也许注册的不是很好?
解决方案
推荐阅读
- node.js - 错误:默认 Firebase 应用不存在
- python - 对照某一行检查变量。Python
- java - 我可以在我的 Android 应用中的 NavigationView 项目中使用 Google 登录吗?
- ios - Swift iOS -Second UIWindow 有时会从错误的坐标动画
- python - 无法在 Mac OS High Sierra 版本 10.13.5 上安装 virtualenv
- angular - 在 Azure 中部署 Angular 应用并使用 VSTS 配置 CI/CD
- esp8266 - ESP8266 没有唤醒?
- php - 一次查询获取视频和类别
- c# - 如何修改代码,以便在方法 getProductTransaction 中返回交易列表而不是单个交易
- ios - Xcode 9.0 和 Firebase 5.0.4 上的位码版本无效