英文:
How to resolve tls: failed to verify certificate: x509: certificate signed by unknown authority while building a go dockerfile in windows
问题
我有以下的dockerfile,当我尝试运行docker build时,出现错误。
dockerfile
# 基于go的镜像
FROM golang:latest as builder
RUN mkdir /app
COPY . /app
WORKDIR /app
RUN CGO_ENABLED=0 go build -o brokerApp ./cmd/api
RUN chmod +x /app/brokerApp
# 构建一个小型的docker镜像
FROM alpine:latest
RUN mkdir /app
COPY --from=builder /app/brokerApp /app
CMD ["/app/brokerApp"]
错误信息
$ docker build -t test -f broker-service.dockerfile .
Sending build context to Docker daemon 7.79MB
Step 1/10 : FROM golang:latest as builder
---> c48137eaf961
Step 2/10 : RUN mkdir /app
---> Running in 0caaa78d39ad
Removing intermediate container 0caaa78d39ad
---> 260a46b545a8
Step 3/10 : COPY . /app
---> 17c49c16a2ea
Step 4/10 : WORKDIR /app
---> Running in 056c8e90776a
Removing intermediate container 056c8e90776a
---> 55ef7bc5f453
Step 5/10 : RUN CGO_ENABLED=0 go build -o brokerApp ./cmd/api
---> Running in e1d6ae8ddbb6
go: downloading github.com/go-chi/chi/v5 v5.0.8
go: downloading github.com/go-chi/cors v1.2.1
cmd/api/routes.go:6:2: github.com/go-chi/chi/v5@v5.0.8: Get "https://proxy.golang.org/github.com/go-chi/chi/v5/@v/v5.0.8.zip": tls: failed to verify certificate: x509: certificate signed by unknown authority
cmd/api/routes.go:7:2: github.com/go-chi/chi/v5@v5.0.8: Get "https://proxy.golang.org/github.com/go-chi/chi/v5/@v/v5.0.8.zip": tls: failed to verify certificate: x509: certificate signed by unknown authority
cmd/api/routes.go:8:2: github.com/go-chi/cors@v1.2.1: Get "https://proxy.golang.org/github.com/go-chi/cors/@v/v1.2.1.zip": tls: failed to verify certificate: x509: certificate signed by unknown authority
The command '/bin/sh -c CGO_ENABLED=0 go build -o brokerApp ./cmd/api' returned a non-zero code: 1
有趣的是,当我直接在浏览器上访问https://proxy.golang.org/github.com/go-chi/chi/v5/@v/v5.0.8.zip时,可以正常下载zip文件。
我已经困扰于这个问题几天了,尝试了几乎所有类似的帖子。
go版本:go1.19.5 windows/amd64
操作系统:Windows
英文:
I am having below dockerfile and when I try to run docker build, I get an error.
dockerfile
# base go image
FROM golang:latest as builder
RUN mkdir /app
COPY . /app
WORKDIR /app
RUN CGO_ENABLED=0 go build -o brokerApp ./cmd/api
RUN chmod +x /app/brokerApp
# build a tiny docker image
FROM alpine:latest
RUN mkdir /app
COPY --from=builder /app/brokerApp /app
CMD [ "/app/brokerApp" ]
error
$ docker build -t test -f broker-service.dockerfile .
Sending build context to Docker daemon 7.79MB
Step 1/10 : FROM golang:latest as builder
---> c48137eaf961
Step 2/10 : RUN mkdir /app
---> Running in 0caaa78d39ad
Removing intermediate container 0caaa78d39ad
---> 260a46b545a8
Step 3/10 : COPY . /app
---> 17c49c16a2ea
Step 4/10 : WORKDIR /app
---> Running in 056c8e90776a
Removing intermediate container 056c8e90776a
---> 55ef7bc5f453
Step 5/10 : RUN CGO_ENABLED=0 go build -o brokerApp ./cmd/api
---> Running in e1d6ae8ddbb6
go: downloading github.com/go-chi/chi/v5 v5.0.8
go: downloading github.com/go-chi/cors v1.2.1
cmd/api/routes.go:6:2: github.com/go-chi/chi/v5@v5.0.8: Get "https://proxy.golang.org/github.com/go-chi/chi/v5/@v/v5.0.8.zip": tls: failed to verify certificate: x509: certificate signed by unknown authority
cmd/api/routes.go:7:2: github.com/go-chi/chi/v5@v5.0.8: Get "https://proxy.golang.org/github.com/go-chi/chi/v5/@v/v5.0.8.zip": tls: failed to verify certificate: x509: certificate signed by unknown authority
cmd/api/routes.go:8:2: github.com/go-chi/cors@v1.2.1: Get "https://proxy.golang.org/github.com/go-chi/cors/@v/v1.2.1.zip": tls: failed to verify certificate: x509: certificate signed by unknown authority
The command '/bin/sh -c CGO_ENABLED=0 go build -o brokerApp ./cmd/api' returned a non-zero code: 1
Interestingly, when I directly hit the url on browser https://proxy.golang.org/github.com/go-chi/chi/v5/@v/v5.0.8.zip, it downloads the zip just fine.
I am stuck on this issue since a couple of days and have tried almost all similar posts.
go version go1.19.5 windows/amd64
os- windows
答案1
得分: 1
我通过将机器的证书添加到Docker容器中解决了这个错误:
将ca-bundle.crt复制到/etc/ssl/certs/ca-bundle.crt
将ca-bundle.trust.crt复制到/etc/ssl/certs/ca-bundle.trust.crt
英文:
I solved this error by adding the machine's certificates to docker container:
COPY ca-bundle.crt /etc/ssl/certs/ca-bundle.crt
COPY ca-bundle.trust.crt /etc/ssl/certs/ca-bundle.trust.crt
答案2
得分: 1
我刚刚遇到了同样的错误。在我的情况下,我使用ubuntu作为容器的基础镜像,但它没有提供我应用程序所需的根证书,以便信任目标服务。我将基础镜像切换为centos,问题就解决了。
英文:
I just had the same error. In my case I was using ubuntu as the base image for my container which happen didn't provide the root certificates needed by my application to trust the targeted service. I switched to centos as my base image and it worked fine.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论