How to resolve tls: failed to verify certificate: x509: certificate signed by unknown authority while building a go dockerfile in windows

huangapple go评论161阅读模式
英文:

How to resolve tls: failed to verify certificate: x509: certificate signed by unknown authority while building a go dockerfile in windows

问题

我有以下的dockerfile,当我尝试运行docker build时,出现错误。

dockerfile

  1. # 基于go的镜像
  2. FROM golang:latest as builder
  3. RUN mkdir /app
  4. COPY . /app
  5. WORKDIR /app
  6. RUN CGO_ENABLED=0 go build -o brokerApp ./cmd/api
  7. RUN chmod +x /app/brokerApp
  8. # 构建一个小型的docker镜像
  9. FROM alpine:latest
  10. RUN mkdir /app
  11. COPY --from=builder /app/brokerApp /app
  12. CMD ["/app/brokerApp"]

错误信息

  1. $ docker build -t test -f broker-service.dockerfile .
  2. Sending build context to Docker daemon 7.79MB
  3. Step 1/10 : FROM golang:latest as builder
  4. ---> c48137eaf961
  5. Step 2/10 : RUN mkdir /app
  6. ---> Running in 0caaa78d39ad
  7. Removing intermediate container 0caaa78d39ad
  8. ---> 260a46b545a8
  9. Step 3/10 : COPY . /app
  10. ---> 17c49c16a2ea
  11. Step 4/10 : WORKDIR /app
  12. ---> Running in 056c8e90776a
  13. Removing intermediate container 056c8e90776a
  14. ---> 55ef7bc5f453
  15. Step 5/10 : RUN CGO_ENABLED=0 go build -o brokerApp ./cmd/api
  16. ---> Running in e1d6ae8ddbb6
  17. go: downloading github.com/go-chi/chi/v5 v5.0.8
  18. go: downloading github.com/go-chi/cors v1.2.1
  19. cmd/api/routes.go:6:2: github.com/go-chi/chi/v5@v5.0.8: Get "https://proxy.golang.org/github.com/go-chi/chi/v5/@v/v5.0.8.zip": tls: failed to verify certificate: x509: certificate signed by unknown authority
  20. cmd/api/routes.go:7:2: github.com/go-chi/chi/v5@v5.0.8: Get "https://proxy.golang.org/github.com/go-chi/chi/v5/@v/v5.0.8.zip": tls: failed to verify certificate: x509: certificate signed by unknown authority
  21. cmd/api/routes.go:8:2: github.com/go-chi/cors@v1.2.1: Get "https://proxy.golang.org/github.com/go-chi/cors/@v/v1.2.1.zip": tls: failed to verify certificate: x509: certificate signed by unknown authority
  22. The command '/bin/sh -c CGO_ENABLED=0 go build -o brokerApp ./cmd/api' returned a non-zero code: 1

有趣的是,当我直接在浏览器上访问https://proxy.golang.org/github.com/go-chi/chi/v5/@v/v5.0.8.zip时,可以正常下载zip文件。

我已经困扰于这个问题几天了,尝试了几乎所有类似的帖子。

go版本:go1.19.5 windows/amd64

操作系统:Windows

英文:

I am having below dockerfile and when I try to run docker build, I get an error.

dockerfile

  1. # base go image
  2. FROM golang:latest as builder
  3. RUN mkdir /app
  4. COPY . /app
  5. WORKDIR /app
  6. RUN CGO_ENABLED=0 go build -o brokerApp ./cmd/api
  7. RUN chmod +x /app/brokerApp
  8. # build a tiny docker image
  9. FROM alpine:latest
  10. RUN mkdir /app
  11. COPY --from=builder /app/brokerApp /app
  12. CMD [ "/app/brokerApp" ]

error

  1. $ docker build -t test -f broker-service.dockerfile .
  2. Sending build context to Docker daemon 7.79MB
  3. Step 1/10 : FROM golang:latest as builder
  4. ---> c48137eaf961
  5. Step 2/10 : RUN mkdir /app
  6. ---> Running in 0caaa78d39ad
  7. Removing intermediate container 0caaa78d39ad
  8. ---> 260a46b545a8
  9. Step 3/10 : COPY . /app
  10. ---> 17c49c16a2ea
  11. Step 4/10 : WORKDIR /app
  12. ---> Running in 056c8e90776a
  13. Removing intermediate container 056c8e90776a
  14. ---> 55ef7bc5f453
  15. Step 5/10 : RUN CGO_ENABLED=0 go build -o brokerApp ./cmd/api
  16. ---> Running in e1d6ae8ddbb6
  17. go: downloading github.com/go-chi/chi/v5 v5.0.8
  18. go: downloading github.com/go-chi/cors v1.2.1
  19. cmd/api/routes.go:6:2: github.com/go-chi/chi/v5@v5.0.8: Get "https://proxy.golang.org/github.com/go-chi/chi/v5/@v/v5.0.8.zip": tls: failed to verify certificate: x509: certificate signed by unknown authority
  20. cmd/api/routes.go:7:2: github.com/go-chi/chi/v5@v5.0.8: Get "https://proxy.golang.org/github.com/go-chi/chi/v5/@v/v5.0.8.zip": tls: failed to verify certificate: x509: certificate signed by unknown authority
  21. cmd/api/routes.go:8:2: github.com/go-chi/cors@v1.2.1: Get "https://proxy.golang.org/github.com/go-chi/cors/@v/v1.2.1.zip": tls: failed to verify certificate: x509: certificate signed by unknown authority
  22. The command '/bin/sh -c CGO_ENABLED=0 go build -o brokerApp ./cmd/api' returned a non-zero code: 1

Interestingly, when I directly hit the url on browser https://proxy.golang.org/github.com/go-chi/chi/v5/@v/v5.0.8.zip, it downloads the zip just fine.

I am stuck on this issue since a couple of days and have tried almost all similar posts.

go version go1.19.5 windows/amd64

os- windows

答案1

得分: 1

我通过将机器的证书添加到Docker容器中解决了这个错误:

  1. ca-bundle.crt复制到/etc/ssl/certs/ca-bundle.crt
  2. ca-bundle.trust.crt复制到/etc/ssl/certs/ca-bundle.trust.crt
英文:

I solved this error by adding the machine's certificates to docker container:

  1. COPY ca-bundle.crt /etc/ssl/certs/ca-bundle.crt
  2. COPY ca-bundle.trust.crt /etc/ssl/certs/ca-bundle.trust.crt

答案2

得分: 1

我刚刚遇到了同样的错误。在我的情况下,我使用ubuntu作为容器的基础镜像,但它没有提供我应用程序所需的根证书,以便信任目标服务。我将基础镜像切换为centos,问题就解决了。

英文:

I just had the same error. In my case I was using ubuntu as the base image for my container which happen didn't provide the root certificates needed by my application to trust the targeted service. I switched to centos as my base image and it worked fine.

huangapple
  • 本文由 发表于 2023年3月10日 21:23:49
  • 转载请务必保留本文链接:https://go.coder-hub.com/75696690.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定