docker容器SSL证书 [英] docker container ssl certificates
问题描述
是否有任何优雅的方法可以将ssl证书添加到来自docker pull的映像中??
Is there any elegant way to add ssl certificates to images that have come from docker pull?.
我正在寻找一种简单且可复制的添加ssl证书的方法。文件放入/ etc / ssl / certs并运行update-ca-certificates。 (这应该涵盖ubuntu和debian映像。)
I'm looking for a simple and reproducible way of adding a file into /etc/ssl/certs and run update-ca-certificates. (This should cover ubuntu and debian images).
我在CoreOS上使用docker,而coreos机器信任所需的ssl证书,但是docker容器显然只有默认值。
I'm using docker on CoreOS, and the coreos machine trusts the needed ssl certificates, but the docker containers obviously only have the default.
我尝试使用 docker run --entrypoint = / bin / bash 然后添加证书并运行 update-ca-certificates ,但这似乎会永久覆盖入口点。
I've tried using docker run --entrypoint=/bin/bash to then add the cert and run update-ca-certificates, but this seems to permanently override the entry point.
我现在也想知道,从主机副本中将 / etc / ssl / certs 挂载到容器中会更优雅吗?这样做将隐式地允许容器信任与主机相同的事物。
I'm also wondering now, would it be more elegant to just mount /etc/ssl/certs on the container from the host machines copy? Doing this would implicitly allow the containers to trust the same things as the host.
我正在使用一个烦人的代理,该代理会丢弃所有内容:(。这会破坏SSL并使容器有些奇怪。
I'm at work with an annoying proxy that resigns everything :(. Which breaks SSL and makes containers kind-of strange to work with.
推荐答案
使用以下方法将证书安装到Docker 容器上 -v :
Mount the certs onto the Docker container using -v:
docker run -v /host/path/to/certs:/container/path/to/certs -d IMAGE_ID "update-ca-certificates"
这篇关于docker容器SSL证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
