How to resolve tls: failed to verify certificate: x509: certificate signed by unknown authority while building a go dockerfile in windows

huangapple go评论137阅读模式
英文:

How to resolve tls: failed to verify certificate: x509: certificate signed by unknown authority while building a go dockerfile in windows

问题

我有以下的dockerfile,当我尝试运行docker build时,出现错误。

dockerfile

# 基于go的镜像
FROM golang:latest as builder
RUN mkdir /app

COPY . /app

WORKDIR /app

RUN CGO_ENABLED=0 go build -o brokerApp ./cmd/api

RUN chmod +x /app/brokerApp

# 构建一个小型的docker镜像
FROM alpine:latest

RUN mkdir /app

COPY --from=builder /app/brokerApp /app

CMD ["/app/brokerApp"]

错误信息

$ docker build -t test -f broker-service.dockerfile .
Sending build context to Docker daemon   7.79MB
Step 1/10 : FROM golang:latest as builder
 ---> c48137eaf961
Step 2/10 : RUN mkdir /app
 ---> Running in 0caaa78d39ad
Removing intermediate container 0caaa78d39ad
 ---> 260a46b545a8
Step 3/10 : COPY . /app
 ---> 17c49c16a2ea
Step 4/10 : WORKDIR /app
 ---> Running in 056c8e90776a
Removing intermediate container 056c8e90776a
 ---> 55ef7bc5f453
Step 5/10 : RUN CGO_ENABLED=0 go build -o brokerApp ./cmd/api
 ---> Running in e1d6ae8ddbb6
go: downloading github.com/go-chi/chi/v5 v5.0.8
go: downloading github.com/go-chi/cors v1.2.1
cmd/api/routes.go:6:2: github.com/go-chi/chi/v5@v5.0.8: Get "https://proxy.golang.org/github.com/go-chi/chi/v5/@v/v5.0.8.zip": tls: failed to verify certificate: x509: certificate signed by unknown authority
cmd/api/routes.go:7:2: github.com/go-chi/chi/v5@v5.0.8: Get "https://proxy.golang.org/github.com/go-chi/chi/v5/@v/v5.0.8.zip": tls: failed to verify certificate: x509: certificate signed by unknown authority
cmd/api/routes.go:8:2: github.com/go-chi/cors@v1.2.1: Get "https://proxy.golang.org/github.com/go-chi/cors/@v/v1.2.1.zip": tls: failed to verify certificate: x509: certificate signed by unknown authority
The command '/bin/sh -c CGO_ENABLED=0 go build -o brokerApp ./cmd/api' returned a non-zero code: 1

有趣的是,当我直接在浏览器上访问https://proxy.golang.org/github.com/go-chi/chi/v5/@v/v5.0.8.zip时,可以正常下载zip文件。

我已经困扰于这个问题几天了,尝试了几乎所有类似的帖子。

go版本:go1.19.5 windows/amd64

操作系统:Windows

英文:

I am having below dockerfile and when I try to run docker build, I get an error.

dockerfile

# base go image
FROM golang:latest as builder
RUN mkdir /app

COPY . /app

WORKDIR /app

RUN CGO_ENABLED=0 go build -o brokerApp ./cmd/api

RUN chmod +x /app/brokerApp

# build a tiny docker image
FROM alpine:latest

RUN mkdir /app

COPY --from=builder /app/brokerApp /app

CMD [ "/app/brokerApp" ]

error

$ docker build -t test -f broker-service.dockerfile .
Sending build context to Docker daemon   7.79MB
Step 1/10 : FROM golang:latest as builder
 ---> c48137eaf961
Step 2/10 : RUN mkdir /app
 ---> Running in 0caaa78d39ad
Removing intermediate container 0caaa78d39ad
 ---> 260a46b545a8
Step 3/10 : COPY . /app
 ---> 17c49c16a2ea
Step 4/10 : WORKDIR /app
 ---> Running in 056c8e90776a
Removing intermediate container 056c8e90776a
 ---> 55ef7bc5f453
Step 5/10 : RUN CGO_ENABLED=0 go build -o brokerApp ./cmd/api
 ---> Running in e1d6ae8ddbb6
go: downloading github.com/go-chi/chi/v5 v5.0.8
go: downloading github.com/go-chi/cors v1.2.1
cmd/api/routes.go:6:2: github.com/go-chi/chi/v5@v5.0.8: Get "https://proxy.golang.org/github.com/go-chi/chi/v5/@v/v5.0.8.zip": tls: failed to verify certificate: x509: certificate signed by unknown authority
cmd/api/routes.go:7:2: github.com/go-chi/chi/v5@v5.0.8: Get "https://proxy.golang.org/github.com/go-chi/chi/v5/@v/v5.0.8.zip": tls: failed to verify certificate: x509: certificate signed by unknown authority
cmd/api/routes.go:8:2: github.com/go-chi/cors@v1.2.1: Get "https://proxy.golang.org/github.com/go-chi/cors/@v/v1.2.1.zip": tls: failed to verify certificate: x509: certificate signed by unknown authority
The command '/bin/sh -c CGO_ENABLED=0 go build -o brokerApp ./cmd/api' returned a non-zero code: 1

Interestingly, when I directly hit the url on browser https://proxy.golang.org/github.com/go-chi/chi/v5/@v/v5.0.8.zip, it downloads the zip just fine.

I am stuck on this issue since a couple of days and have tried almost all similar posts.

go version go1.19.5 windows/amd64

os- windows

答案1

得分: 1

我通过将机器的证书添加到Docker容器中解决了这个错误:

将ca-bundle.crt复制到/etc/ssl/certs/ca-bundle.crt
将ca-bundle.trust.crt复制到/etc/ssl/certs/ca-bundle.trust.crt
英文:

I solved this error by adding the machine's certificates to docker container:

COPY ca-bundle.crt /etc/ssl/certs/ca-bundle.crt
COPY ca-bundle.trust.crt /etc/ssl/certs/ca-bundle.trust.crt 

答案2

得分: 1

我刚刚遇到了同样的错误。在我的情况下,我使用ubuntu作为容器的基础镜像,但它没有提供我应用程序所需的根证书,以便信任目标服务。我将基础镜像切换为centos,问题就解决了。

英文:

I just had the same error. In my case I was using ubuntu as the base image for my container which happen didn't provide the root certificates needed by my application to trust the targeted service. I switched to centos as my base image and it worked fine.

huangapple
  • 本文由 发表于 2023年3月10日 21:23:49
  • 转载请务必保留本文链接:https://go.coder-hub.com/75696690.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定