docker - Nginxplus docker 构建失败，Centos 7 出现 403 禁止错误

Question

我正在尝试使用 centos 7 构建 nginx 和 docker 镜像。下面是我正在使用的 Dockerfile。

FROM centos:7
MAINTAINER NGINX Docker Maintainers "x@x.com"
RUN yum install -y wget

# Copy certificate and key to the build context
ADD nginx-repo.crt /etc/ssl/nginx/
ADD nginx-repo.key /etc/ssl/nginx/
COPY nginx.conf /etc/nginx/nginx.conf

# Get other files required for installation
RUN wget -q -O /etc/ssl/nginx/CA.crt https://cs.nginx.com/static/files/CA.crt
RUN wget -q -O /etc/yum.repos.d/nginx-plus-7.repo https://cs.nginx.com/static/files/nginx-plus-7.repo

# Install NGINX Plus
RUN yum install -y nginx-plus

# forward request logs to Docker log collector
RUN ln -sf /dev/stdout /var/log/nginx/access.log
RUN ln -sf /dev/stderr /var/log/nginx/error.log

EXPOSE 80 443
CMD ["nginx", "-g", "daemon off;"]

我有 nginx-repo.crt 和 nginx-repo.key 用于开发者许可证。当我用它做 docker build 时，我收到以下错误。

Step 10/14 : RUN yum install -y nginx-plus
 ---> Running in 4e8ccb452b81
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
 * base: mirrors.mit.edu
 * extras: mirror.umd.edu
 * updates: centos.servint.com
https://plus-pkgs.nginx.com/centos/7/x86_64/repodata/repomd.xml: [Errno 14] HTTPS Error 403 - Forbidden
Trying other mirror.
To address this issue please refer to the below wiki article

https://wiki.centos.org/yum-errors

If above article doesn't help to resolve this issue please use https://bugs.centos.org/.



 One of the configured repositories failed (nginx-plus repo),
 and yum doesn't have enough cached data to continue. At this point the only
 safe thing yum can do is fail. There are a few ways to work "fix" this:

     1. Contact the upstream for the repository and get them to fix the problem.

     2. Reconfigure the baseurl/etc. for the repository, to point to a working
        upstream. This is most often useful if you are using a newer
        distribution release than is supported by the repository (and the
        packages for the previous distribution release still work).

     3. Run the command with the repository temporarily disabled
            yum --disablerepo=nginx-plus ...

     4. Disable the repository permanently, so yum won't use it by default. Yum
        will then just ignore the repository until you permanently enable it
        again or use --enablerepo for temporary usage:

            yum-config-manager --disable nginx-plus
        or
            subscription-manager repos --disable=nginx-plus

     5. Configure the failing repository to be skipped, if it is unavailable.
        Note that yum will try to contact the repo. when it runs most commands,
        so will have to try and fail each time (and thus. yum will be be much
        slower). If it is a very temporary problem though, this is often a nice
        compromise:

            yum-config-manager --save --setopt=nginx-plus.skip_if_unavailable=true

failure: repodata/repomd.xml from nginx-plus: [Errno 256] No more mirrors to try.
https://plus-pkgs.nginx.com/centos/7/x86_64/repodata/repomd.xml: [Errno 14] HTTPS Error 403 - Forbidden
The command '/bin/sh -c yum install -y nginx-plus' returned a non-zero code: 1

无法弄清楚是什么问题。之前的步骤

RUN yum install -y nginx-plus

一切顺利

更新

问题在替换 repo 路径并更改为证书安装后得到解决。更新的 Docker 文件

FROM centos:centos7
MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com"
RUN yum install -y wget
# Download certificate and key from the customer portal (https://cs.nginx.com)
# and copy to the build context

ADD nginx-repo.crt /etc/ssl/nginx/
ADD nginx-repo.key /etc/ssl/nginx/

RUN  yum install ca-certificates

#Get other files required for installation
RUN  wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-7.4.repo

#Install NGINX Plus
RUN yum install -y nginx-plus

#forward request logs to Docker log collector
RUN ln -sf /dev/stdout /var/log/nginx/access.log
RUN ln -sf /dev/stderr /var/log/nginx/error.log
EXPOSE 80 443
CMD ["nginx", "-g", "daemon off;"]

Answer 1

根据 NGINX Docs 看来 repo 不可用, 你可以试试最新的nginx-plus-repo:

sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-7.4.repo

因此您的 Dockerfile 将如下所示:

FROM centos:7
MAINTAINER NGINX Docker Maintainers "x@x.com"
RUN yum install -y wget

# Copy certificate and key to the build context
ADD nginx-repo.crt /etc/ssl/nginx/
ADD nginx-repo.key /etc/ssl/nginx/
COPY nginx.conf /etc/nginx/nginx.conf

# Get other files required for installation
RUN yum install ca-certificates
RUN sudo wget -P /etc/yum.repos.d https://cs.nginx.com/static/files/nginx-plus-7.4.repo

# Install NGINX Plus
RUN yum install -y nginx-plus

# forward request logs to Docker log collector
RUN ln -sf /dev/stdout /var/log/nginx/access.log
RUN ln -sf /dev/stderr /var/log/nginx/error.log

EXPOSE 80 443
CMD ["nginx", "-g", "daemon off;"]