Installation of certificate in Docker: הבדלים בין גרסאות בדף
שורה 14: | שורה 14: | ||
# --- NETFREE CERT INTSALL --- | # --- NETFREE CERT INTSALL --- | ||
− | ADD https:// | + | ADD https://netfree.link/dl/unix-ca.sh /home/netfree-unix-ca.sh |
RUN cat /home/netfree-unix-ca.sh | sh | RUN cat /home/netfree-unix-ca.sh | sh | ||
ENV NODE_EXTRA_CA_CERTS=/etc/ca-bundle.crt | ENV NODE_EXTRA_CA_CERTS=/etc/ca-bundle.crt |
גרסה מ־06:01, 14 בינואר 2022
לעברית לחצו כאן
To switch from edit view to read view
Home page > Security certificate > Installation of certificate in Docker
Docker is a system that allows creating self-contained environments within the hosting OS.
Dealing with certificate errors from apps within the container
A Docker container is a self-contained system; almost like a seperate computer. Tools and apps that run within the container and try to connect to the Internet will not recognize Netfree's certificate, therefore it is nessecary to install Netfree's root certificate into the container
Installing the certificate in popular images
Add the following lines to the DOCEKRFILE under the FROM line. (Adavnced users can add the lines at a later stage - before the first stage that requires Internet connectivity):
# --- NETFREE CERT INTSALL --- ADD https://netfree.link/dl/unix-ca.sh /home/netfree-unix-ca.sh RUN cat /home/netfree-unix-ca.sh | sh ENV NODE_EXTRA_CA_CERTS=/etc/ca-bundle.crt ENV REQUESTS_CA_BUNDLE=/etc/ca-bundle.crt ENV SSL_CERT_FILE=/etc/ca-bundle.crt # --- END NETFREE CERT INTSALL ---
The commands have been tested succesfully on images based on Ubuntu, Alpine & Centos. It also correctly sets the environment variables for correct running of nodejs & Python
Dealing with problems and instructions for other images
Obviously every image/app has it's own requirements, if you encounter difficulties you can ask in the support center (always include the content of the DOCKERFILE if possible, or at minimun the base image, and a full error log).
Another option
https://github.com/AriFordsham/docker-cert
The above project provides a wrapper script for the docker comand. Put the script somehwere in you PATH where it has precedence to the built in docker command. The script will transparently import root certificates from the host to the container obviating the need to edit the image. The script is known to work in Linux or WSL2 environments. For questions and problems, ask at: https://forum.netfree.link/topic/9301 or open a Github issue.
Errors originating from the Docker daemon
The Docker daemon itself also uses the Internet to download images from repositories such as Docker Hub. In general it does not encounter issues because it uses the OS certificate store. אם אתם נתקלים בשגיאה בשלב הזה (בד"כ בשורת FROM של קובץ Dockerfile או בפקודת docker pull או docker run), השגיאה נראית ככה:
Get https://registry-1.docker.io/v2/: x509: certificate signed by unknown authority
או
Error response from daemon: Get https://registry-1.docker.io/v2/: x509: certificate signed by unknown authority.
- ראשית ודאו שהתקנתם את התעודה של נטפרי במערכת שלכם (אם זה עתה התקנתם את התעודה, יש להפעיל מחדש את הDocker, הפעלת המחשב מחדש כמובן גם טובה).
- אם מדובר בהתקנה של Docker Toolbox, אז לא די בתעודה ברמת המערכת הפעלה כי מערכת זו עושה שימוש במערכת וירטואלית לפעולות של Docker עצמה.
במקרה זה הפעילו את הטרמינל של Docker והריצו בו את הפקודות הבאות:
docker-machine ssh default curl -L http://api.internal.netfree.link/ca/netfree-ca.crt | sudo tee -a /etc/ssl/certs/ca-certificates.crt /var/lib/boot2docker/certs sudo /etc/init.d/docker restart exit
Errors in the Minikube software level
Minikube software provides a system for running kubernetes, and operates an internal Docker environment, if you encounter a security certificate error or alternatively installing its packages does not work smoothly.
In this case, run the minikube terminal and run the following commands:
minikube ssh curl -sL http://netfree.link/dl/ubuntuCertInstallNetFree.sh | sudo -E bash - sudo /etc/init.d/docker restart exit