我有兴趣在公司 Zscaler 防火墙后面运行这样一个简单的图像:
FROM rocker/r-base
RUN apt-get update && apt-get install libssl-dev
CMD Rscript -e "install.packages('beepr')"
使用 docker build -t test .
构建镜像失败并出现如下错误:Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: ]
我已经尝试了 here 中的一些解决方案但他们不工作。例如:FROM rocker/r-base
# Add local certificate to Docker
ADD ./zscaler.cer /usr/local/share/ca-certificates/zscaler.crt
# Move the certificate to the cert dir of openssl and update certificates
RUN CERT_DIR=$(openssl version -d | cut -f2 -d \")/certs ; cp /usr/local/share/ca-certificates/zscaler.crt $CERT_DIR ; update-ca-certificates
# Try making https requests
RUN apt-get update && apt-get install libssl-dev
CMD Rscript -e "install.packages('beepr')"
docker build -t test .
仍然存在相同的错误.我已经在线阅读了一些可能的解决方案,但是对于 apt-get
,它们都不断失败。或使用 R
安装软件包.有没有人经历过这个并找到了解决办法?
最佳答案
显然,目前的建议有点错误。证书不应进入 /etc/ssl/certs/
(这是 CERT_DIR=$(openssl version -d | cut -f2 -d \")/certs
的结果),而是在 CERT_DIR=/usr/local/share/ca-certificates/
上(至少在这个 Ubuntu 图像上)。更改后,update-ca-certificates
正确更新证书,所有 HTTPS 请求都成功。
现在应该可以了:
FROM rocker/r-base
# Add local certificate to Docker
ADD ./zscaler.pem /usr/local/share/ca-certificates/ZscalerRootCertificate-2048-SHA256.crt
# update certificates
RUN update-ca-certificates
# Try making https requests
RUN apt-get update && apt-get install libssl-dev
CMD Rscript -e "install.packages('beepr')"
关于r - 在 Zscaler 防火墙后面的 Docker 镜像中发出 HTTPS 请求,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/67278376/