问题:

I'm trying to get the helloworld sample to run. Problem is my company using a MITM proxy that replaces all certs on https connections with its own. So all tools that try to go to an https url fail.

In this case it is the code that downloads a Docker image from the official registry:

resource script '/opt/resource/check []' failed: exit status 1  stderr: failed to ping registry: 2 error(s) occurred:  * ping https: Get https://registry-1.docker.io/v2/: x509: certificate signed by unknown authority * ping http: Get https://registry-1.docker.io/v2/: x509: certificate signed by unknown authority

I tried to add the insecure_registries option but that doesn't seem to work:

jobs: - name: hello-world plan: - task: say-hello   config:     platform: linux     image_resource:       type: docker-image       source:          repository: ubuntu,         insecure_registries: ["docker.io:80"]      run:       path: echo       args: ["Hello, world!"]

Any ideas what I might be doing wrong?

回答1:

This is a problem a number of users have encountered and one we are trying to find a general solution to that we can use for all resources. If you are interested in our progress on that, you can read more on this GitHub issue.

In the meantime, you can try using the ca_certs option to pass your man in the middle proxy's certificates into the resource. Note that ca_certs can not be used in combination with insecure_registries. Without seeing your exact configuration I can't give an exact solution but if ca_certs does not solve your issue, you should also look into the client_certs flag.

You can read more about all of these options in the docker-image-resource documentation here.

转载请标明出处:can't get concourse to accept self signed certs when looking up Docker images

文章来源: can't get concourse to accept self signed certs when looking up Docker images

标签

sign