代理后面的Docker更改ssl证书 [英] Docker behind proxy that changes ssl certificate
问题描述
我正在尝试运行以下docker命令:
I am trying to run the following docker command:
docker run -i -t ubuntu /bin/bash
但是我收到错误:
Unable to find image 'ubuntu' (tag: latest) locally
Pulling repository ubuntu
2013/11/28 14:00:24 Get https://index.docker.io/v1/images/ubuntu/ancestry: x509: certificate signed by unknown authority
我知道我们公司即时替换了SSL证书,用于https请求。
I know that our company replaces the SSL Certificate on the fly for https requests.
我试图通过将公司的CA证书放在:
I tried to trust our company's CA certificate by putting it in:
/etc/pki/tls/certs/ca-bundle.crt
和
/etc/pki/tls/cert.pem
但它仍然不起作用。
任何想法?
推荐答案
要配置docker使用代理系统,您首先需要添加HTTPS_PROXY / HTT P_PROXY环境变量到docker sysconfig文件。但是,根据您是否使用init.d或服务工具,您需要添加export语句。作为解决方法,您可以在docker的sysconfig文件中简单添加两种变体:
To configure docker to work with a proxy system you first need to add the HTTPS_PROXY / HTTP_PROXY environment variable to the docker sysconfig file. However depending on if you use init.d or the services tool you need to add the "export" statement. As a workaround you can simply add both variants in the sysconfig file of docker:
/etc/sysconfig/docker
HTTPS_PROXY="https://<user>:<password>@<proxy-host>:<proxy-port>"
HTTP_PROXY="https://<user>:<password>@<proxy-host>:<proxy-port>"
export HTTP_PROXY="https://<user>:<password>@<proxy-host>:<proxy-port>"
export HTTPS_PROXY="https://<user>:<password>@<proxy-host>:<proxy-port>"
$ b 。
To get docker working with ssl intercepting proxies you have to add the proxy root certificate to the systems trust store.
对于CentOS,将文件复制到/ etc / pki / ca-trust / source / anchors /并更新ca信任存储。之后再重新启动码头服务。
如果您的代理使用NTLM身份验证 - 有必要使用像cntlm这样的中间代理。
此博客文章详细解释
For CentOS copy the file to /etc/pki/ca-trust/source/anchors/ and update the ca trust store. Restart the docker service afterwards. If your proxy uses NTLM authentication - it's necessary to use intermediate proxies like cntlm. This blog post explains it in detail
这篇关于代理后面的Docker更改ssl证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!