ssl_client:raw.githubusercontent.com:证书验证失败:自签名证书位于 [英] ssl_client: raw.githubusercontent.com: certificate verification failed: self signed certificate in

问题描述

构建docker映像时出现以下错误，特别是在openjdk安装上

I am having the following error when building my docker image, specially on the openjdk install

ssl_client:raw.githubusercontent.com:证书验证失败:自签名证书证书链wget:错误获取响应:对等重置连接

ssl_client: raw.githubusercontent.com: certificate verification failed: self signed certificate in certificate chain wget: error getting response: Connection reset by peer

我尝试了另一个SO问题中提到的方法

I tried this as mentioned in another SO question

RUN  apk update
RUN apk add ca-certificates
RUN  update-ca-certificates

但随后我收到此警告:

警告:ca-certificates.crt不完全包含一个证书或CRL:跳过

WARNING: ca-certificates.crt does not contain exactly one certificate or CRL: skipping

这是我的整个docker文件:

This is my entire docker file:

FROM alpine:3.10 as builder

ARG VERSION=7.12.0
ARG DISTRO=tomcat
ARG SNAPSHOT=true

ARG EE=false
ARG USER
ARG PASSWORD

RUN apk add --no-cache \
        ca-certificates \
        maven \
        tar \
        wget \
        xmlstarlet

COPY settings.xml download.sh camunda-tomcat.sh camunda-wildfly.sh  /tmp/

RUN /tmp/download.sh


##### FINAL IMAGE #####

FROM alpine:3.10

ARG VERSION=7.12.0

#MSSQL SERVER JDBC DRIVER INSTALL
COPY sqljdbc_7.2.2.0_enu.tar.gz /tmp/
WORKDIR /tmp
RUN tar -xf sqljdbc_7.2.2.0_enu.tar.gz
ENV CLASSPATH=${CLASSPATH}:/tmp/sqljdbc_7.2/enu/mssql-jdbc-7.2.2.jre11.jar
ARG CLASSPATH=${CLASSPATH}:/tmp/sqljdbc_7.2/enu/mssql-jdbc-7.2.2.jre11.jar
RUN echo $CLASSPATH

ENV CAMUNDA_VERSION=${VERSION}
ENV DB_DRIVER=com.microsoft.sqlserver.jdbc.SQLServerDriver
ENV DB_URL=jdbc:sqlserver://xx.database.windows.net:1433;database=camundadb;user=demo@xx;password=xx.;encrypt=true;trustServerCertificate=false;hostNameInCertificate=*.database.windows.net;loginTimeout=30;
ENV DB_USERNAME=demo@xx
ENV DB_PASSWORD=xx
ENV DB_CONN_MAXACTIVE=20
ENV DB_CONN_MINIDLE=5
ENV DB_CONN_MAXIDLE=20
ENV DB_VALIDATE_ON_BORROW=false
ENV DB_VALIDATION_QUERY="SELECT 1"
ENV SKIP_DB_CONFIG=
ENV WAIT_FOR=
ENV WAIT_FOR_TIMEOUT=120
ENV TZ=UTC
ENV DEBUG=TRUE
ENV JAVA_OPTS="-Xmx768m -XX:MaxMetaspaceSize=256m"

EXPOSE 8080 8000

RUN  apk update
RUN apk add ca-certificates
RUN  update-ca-certificates

# Downgrading wait-for-it is necessary until this PR is merged
# https://github.com/vishnubob/wait-for-it/pull/68
RUN apk add --no-cache \
        bash \
        ca-certificates \
        openjdk11-jre-headless \
        tzdata \
        tini \
        xmlstarlet \
    && wget -O /usr/local/bin/wait-for-it.sh \
      "https://raw.githubusercontent.com/vishnubob/wait-for-it/a454892f3c2ebbc22bd15e446415b8fcb7c1cfa4/wait-for-it.sh" \
    && chmod +x /usr/local/bin/wait-for-it.sh

RUN addgroup -g 1000 -S camunda && \
    adduser -u 1000 -S camunda -G camunda -h /camunda -s /bin/bash -D camunda
WORKDIR /camunda
USER camunda

#ENTRYPOINT ["/sbin/tini", "--"]
#CMD ["./camunda.sh"]

#COPY --chown=camunda:camunda --from=builder /camunda .

推荐答案

在更新 ca 后将其添加到您的 Dockerfile 中:

add this to your Dockerfile after updateing the ca:

RUN apk add openssl

这篇关于ssl_client:raw.githubusercontent.com:证书验证失败:自签名证书位于的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！