证书由未知权限签名

证书由未知权限签名

本文介绍了运行golang http.Docker的Docker容器客户端收到错误的``证书由未知权限签名''的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我创建了一个docker容器,用于使用GoLang与Google api通讯。我开始使用SCRATCH容器,并在更改为ubuntu / alpine时收到错误证书由未知授权机构签名,但我仍然收到错误。

I created a docker container for talking to the google api using GoLang. I started off using a SCRATCH container and am getting the error certificate signed by unknown authority upon changing to ubuntu/alpine i still get the error.

resp,err:= client.Get( https://www.googleapis.com/oauth2/v3/userinfo)

任何帮助解决此问题的方法都将非常有用。我可以在Mac上正常运行代码。

Any help solving this issue would be great. I can run the code fine on my mac.

进行了一些研究,我可以看到问题

Having done some research I can see the issuehttps://github.com/golang/go/issues/24652

但我不知道这是否直接相关或是否我需要与容器共享一些证书。

but I dont know if this is directly related or if I need to share some certificate with the container.

推荐答案

从头开始,除了图像中的应用程序之外,还需要包括受信任的证书。例如

With scratch, you need to include the trusted certificates in addition to your application inside the image. E.g.

FROM scratch
ADD ca-certificates.crt /etc/ssl/certs/
ADD main /
CMD ["/main"]

如果您使用Alpine和多级构建,如下所示:

If you are using Alpine and a multi stage build, that looks like:

FROM golang:alpine as build
RUN apk --no-cache add ca-certificates
WORKDIR /go/src/app
COPY . .
RUN CGO_ENABLED=0 go-wrapper install -ldflags '-extldflags "-static"'

FROM scratch
COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=build /go/bin/app /app
ENTRYPOINT ["/app"]

这篇关于运行golang http.Docker的Docker容器客户端收到错误的``证书由未知权限签名''的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-24 12:22