时间戳

首页 > 解决方案 > 带有 golang http.Get 错误“证书由未知机构签名”的 Docker 容器

docker - 带有 golang http.Get 错误“证书由未知机构签名”的 Docker 容器

问题描述

我有一个调用 https api 的 Golang 容器。我正在使用临时容器,当我尝试运行时,我得到了一个certificate signed by unknown authority

url := "https://restcountries.eu/rest/v2/name/" + params.Get("country")
response, err := http.Get(url)

我的 Dockerfile 是这样的:

FROM golang:1.15 AS builder
WORKDIR /GreetingAPI
COPY . /greeting
WORKDIR /greeting
ENV GO111MODULE=on
RUN CGO_ENABLED=0 GOOS=linux go build -o greeting

FROM scratch
COPY --from=builder /greeting .
CMD ["./greeting"]

我使用这个 answare 更新了我的Dockerfile。但是当我尝试构建容器时,我得到 ERROR: "/ca-certificates.crt" not found: not foundfailed to solve: rpc error: code = Unknown desc = failed to compute cache key: "/ca-certificates.crt" not found: not found

FROM golang:1.15 AS builder
WORKDIR /GreetingAPI
COPY . /greeting
WORKDIR /greeting
ENV GO111MODULE=on
RUN CGO_ENABLED=0 GOOS=linux go build -o greeting

FROM scratch
ADD ca-certificates.crt /etc/ssl/certs/
COPY --from=builder /greeting .
CMD ["./greeting"]

标签: dockergodocker-composedocker-container

解决方案

我可能需要在链接的答案中更清楚,第一个示例中的副本是一个单阶段示例,您在构建上下文中注入了一个证书文件(通常包含您的 Dockerfile 的目录):

FROM scratch
ADD ca-certificates.crt /etc/ssl/certs/
ADD main /
CMD ["/main"]

您有一个多阶段构建,可以遵循链接答案后半部分的多阶段方法。这会在分发供应商的另一个阶段安装证书并将它们复制到您的暂存阶段:

FROM golang:alpine as build
RUN apk --no-cache add ca-certificates
WORKDIR /go/src/app
COPY . .
RUN CGO_ENABLED=0 go-wrapper install -ldflags '-extldflags "-static"'

FROM scratch
COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=build /go/bin/app /app
ENTRYPOINT ["/app"]

然而,第二个例子假设 Alpine 作为第一阶段的基础,使用 apk。(它还假设证书需要安装在基础映像中,但在当前的 golang 映像中并非如此。)对于您的示例,它基于golang:1.15映像中的 Debian。为此,您通常需要apt-get命令,但在这种情况下,ca-certificates软件包已经安装,因此您可以复制结果:

FROM golang:1.15 AS builder
COPY . /greeting
WORKDIR /greeting
ENV GO111MODULE=on
RUN CGO_ENABLED=0 GOOS=linux go build -o greeting

FROM scratch
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=builder /greeting /
CMD ["/greeting"]

推荐阅读