Docker 容器 SSL 证书 [英] Docker container SSL certificates

问题描述

有没有什么优雅的方法可以将 SSL 证书添加到来自 docker pull 的图像中?

Is there any elegant way to add SSL certificates to images that have come from docker pull?.

我正在寻找一种简单且可重复的方式将文件添加到/etc/ssl/certs 并运行 update-ca-certificates.(这应该涵盖 ubuntu 和 Debian 镜像).

I'm looking for a simple and reproducible way of adding a file into /etc/ssl/certs and run update-ca-certificates. (This should cover ubuntu and Debian images).

我在 CoreOS 上使用 docker，CoreOS 机器信任所需的 SSL 证书，但 docker 容器显然只有默认值.

I'm using docker on CoreOS, and the CoreOS machine trusts the needed SSL certificates, but the docker containers obviously only have the default.

我尝试使用 docker run --entrypoint=/bin/bash 然后添加证书并运行 update-ca-certificates，但这似乎是永久的覆盖入口点.

I've tried using docker run --entrypoint=/bin/bash to then add the cert and run update-ca-certificates, but this seems to permanently override the entry point.

我现在也想知道，从主机副本将 /etc/ssl/certs 挂载到容器上会更优雅吗?这样做会隐式地允许容器信任与主机相同的东西.

I'm also wondering now, would it be more elegant to just mount /etc/ssl/certs on the container from the host machines copy? Doing this would implicitly allow the containers to trust the same things as the host.

我正在使用一个烦人的代理，它会放弃一切:(.这破坏了 SSL 并使容器变得有点奇怪.

I'm at work with an annoying proxy that resigns everything :(. Which breaks SSL and makes containers kind-of strange to work with.

推荐答案

使用 -v 将证书挂载到 Docker 容器:

Mount the certs onto the Docker container using -v:

docker run -v /host/path/to/certs:/container/path/to/certs -d IMAGE_ID "update-ca-certificates"

这篇关于Docker 容器 SSL 证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！