时间戳

首页 > 解决方案 > mac 验证失败 - docker-compose up 时出现认证异常阻止 ASPNETCORE Docker-Container 启动

docker - mac 验证失败 - docker-compose up 时出现认证异常阻止 ASPNETCORE Docker-Container 启动

问题描述

首先,我不是 linux 和证书相关主题的专家。我尝试编写 webapi-service 并将其发布为 docker-container。

我的编码环境是 Visual Studio,在 VM 中的 Windows 10 上运行。在这里,一切都已启动并正在运行。

我的目标环境是 Ubuntu 18.04.4 LTS,Docker 版本为 19.03.6-rc1。

由于我希望将来拥有多项服务,因此我尝试使用无法正常工作的“docker-compose up”。

我做的步骤:

  1. Windows VS 2017 中的代码
  2. 在 Docker.hub 上发布
  3. 尝试在 Ubuntu 上作曲

更详细...

1. Windows VS 2017 中的代码

在调试模式下,一切都对我有用。

我有一个 docker-compose 项目和 api 项目。docker-compose 项目包括 docker-compose.yml 和一个覆盖文件。

这是我在 VS 中的项目:VS2017 中的项目

码头工人-compose.yml

version: '3.4'

    services:
      logs.api:
        env_file: .env
        image: ${DOCKER_REGISTRY-}logsapi
        build:
          context: .
          dockerfile: logs.api/Dockerfile

docker-compose.override.yml

version: '3.4'

services:
  logs.api:
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ASPNETCORE_URLS=https://+:443;http://+:80
      - ASPNETCORE_HTTPS_PORT=44374
      - ConnectionString=${CONNECTION_STRING}
    ports:
      - "50530:80"
      - "44374:443"
    volumes:
      - ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
      - ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro

Dockerfile

FROM microsoft/dotnet:2.1-aspnetcore-runtime AS base
WORKDIR /app
EXPOSE 80
EXPOSE 443

FROM microsoft/dotnet:2.1-sdk AS build
WORKDIR /src
COPY logs.api/logs.api.csproj logs.api/
RUN dotnet restore logs.api/logs.api.csproj
COPY . .
WORKDIR /src/logs.api
RUN dotnet build logs.api.csproj -c Release -o /app

FROM build AS publish
RUN dotnet publish logs.api.csproj -c Release -o /app

FROM base AS final
WORKDIR /app
COPY --from=publish /app .
ENTRYPOINT ["dotnet", "logs.api.dll"]

3. 尝试在 Ubuntu 上作曲

我尝试使用以下命令和修改的 .yml 文件在 ubuntu 中编写。在我使用docker login.

编写命令:sudo docker-compose -f docker-compose.yml -f docker-compose.production.yml up

码头工人-compose.yml

version: '3.4'

services:
  logs.api:
    env_file: .env
    image: autoempire/logsapi

docker-compose.production.yml

version: '3.4'

services:
  logs.api:
    environment:
      - ASPNETCORE_ENVIRONMENT=Production
      - ASPNETCORE_URLS=https://+:443;http://+:80
      - ASPNETCORE_HTTPS_PORT=44374
      - ConnectionString=${CONNECTION_STRING}
      - ASPNETCORE_Kestrel__Certificates__Default__Password=""
      - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/logs.api.pfx
    volumes:
      - ${HOME}/.aspnet/https:/https/
    ports:
      - "50530:80"
      - "44374:443"
    build:
      context: "http://${GIT_USR}:${GIT_PWD}@github.com/r...s/mymicroservices.git#master"
      dockerfile: logs.api/Dockerfile

在这里你看,我已经改变了音量。有了这些秘密,我不知道该怎么做,所以我删除了它们,因为我没有证书的任何密码。但这可能是另一个话题。

我在 stackoverflow 上添加了 ASPNETCORE_Kestrel__Certificates__Default__PasswordASPNETCORE_Kestrel__Certificates__Default__Path关于一些有用的描述,并在 ubuntu 上创建了一个自签名证书,我移至该证书~/.aspnet/https/logs.api.pfx

这就是我得到的:

logs.api_1  | info: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[0]
logs.api_1  |       User profile is available. Using '/root/.aspnet/DataProtection-Keys' as key repository; keys will not be encrypted at rest.
logs.api_1  | crit: Microsoft.AspNetCore.Server.Kestrel[0]
logs.api_1  |       Unable to start Kestrel.
logs.api_1  | Interop+Crypto+OpenSslCryptographicException: error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure
logs.api_1  |    at Internal.Cryptography.Pal.OpenSslPkcs12Reader.Decrypt(SafePasswordHandle password)
logs.api_1  |    at Internal.Cryptography.Pal.PkcsFormatReader.TryReadPkcs12(OpenSslPkcs12Reader pfx, SafePasswordHandle password, Boolean single, ICertificatePal& readPal, List`1& readCerts)
logs.api_1  |    at Internal.Cryptography.Pal.PkcsFormatReader.TryReadPkcs12(SafeBioHandle bio, SafePasswordHandle password, Boolean single, ICertificatePal& readPal, List`1& readCerts, Exception& openSslException)
logs.api_1  |    at Internal.Cryptography.Pal.CertificatePal.FromBio(SafeBioHandle bio, SafePasswordHandle password)
logs.api_1  |    at Internal.Cryptography.Pal.CertificatePal.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
logs.api_1  |    at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
logs.api_1  |    at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
logs.api_1  |    at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadCertificate(CertificateConfig certInfo, String endpointName)
logs.api_1  |    at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadDefaultCert(ConfigurationReader configReader)
logs.api_1  |    at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Load()
logs.api_1  |    at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.ValidateOptions()
logs.api_1  |    at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
logs.api_1  |
logs.api_1  | Unhandled Exception: Interop+Crypto+OpenSslCryptographicException: error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure
logs.api_1  |    at Internal.Cryptography.Pal.OpenSslPkcs12Reader.Decrypt(SafePasswordHandle password)
logs.api_1  |    at Internal.Cryptography.Pal.PkcsFormatReader.TryReadPkcs12(OpenSslPkcs12Reader pfx, SafePasswordHandle password, Boolean single, ICertificatePal& readPal, List`1& readCerts)
logs.api_1  |    at Internal.Cryptography.Pal.PkcsFormatReader.TryReadPkcs12(SafeBioHandle bio, SafePasswordHandle password, Boolean single, ICertificatePal& readPal, List`1& readCerts, Exception& openSslException)
logs.api_1  |    at Internal.Cryptography.Pal.CertificatePal.FromBio(SafeBioHandle bio, SafePasswordHandle password)
logs.api_1  |    at Internal.Cryptography.Pal.CertificatePal.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
logs.api_1  |    at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
logs.api_1  |    at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
logs.api_1  |    at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadCertificate(CertificateConfig certInfo, String endpointName)
logs.api_1  |    at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadDefaultCert(ConfigurationReader configReader)
logs.api_1  |    at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Load()
logs.api_1  |    at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.ValidateOptions()
logs.api_1  |    at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
logs.api_1  |    at Microsoft.AspNetCore.Hosting.Internal.WebHost.StartAsync(CancellationToken cancellationToken)
logs.api_1  |    at Microsoft.AspNetCore.Hosting.WebHostExtensions.RunAsync(IWebHost host, CancellationToken token, String shutdownMessage)
logs.api_1  |    at Microsoft.AspNetCore.Hosting.WebHostExtensions.RunAsync(IWebHost host, CancellationToken token)
logs.api_1  |    at Microsoft.AspNetCore.Hosting.WebHostExtensions.Run(IWebHost host)
logs.api_1  |    at logs.api.Program.Main(String[] args) in /src/logs.api/Program.cs:line 18
reco_logs.api_1 exited with code 139

production.yml 中证书的位置似乎没问题,因为当我更改它时,出现“找不到文件”之类的错误。我尝试了带和不带密码的证书。没关系……也许注册的不是很好?

标签: dockerasp.net-coredocker-composemicroservicesubuntu-18.04

解决方案

推荐阅读