问题
I created a docker container for talking to the google api using GoLang. I started off using a SCRATCH container and am getting the error certificate signed by unknown authority upon changing to ubuntu/alpine i still get the error.
resp, err := client.Get("https://www.googleapis.com/oauth2/v3/userinfo")
Any help solving this issue would be great. I can run the code fine on my mac.
Having done some research I can see the issue https://github.com/golang/go/issues/24652
but I dont know if this is directly related or if I need to share some certificate with the container.
回答1:
With scratch, you need to include the trusted certificates in addition to your application inside the image. E.g.
FROM scratch
ADD ca-certificates.crt /etc/ssl/certs/
ADD main /
CMD ["/main"]
If you are using Alpine and a multi stage build, that looks like:
FROM golang:alpine as build
RUN apk --no-cache add ca-certificates
WORKDIR /go/src/app
COPY . .
RUN CGO_ENABLED=0 go-wrapper install -ldflags '-extldflags "-static"'
FROM scratch
COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=build /go/bin/app /app
ENTRYPOINT ["/app"]
回答2:
You can use the self sign certificate specially for ubuntu. Before you begin, you should have a non-root user configured with sudo privileges. You can learn how to set up such a user account by following our initial server setup for Ubuntu 16.04.
来源:https://stackoverflow.com/questions/52969195/docker-container-running-golang-http-client-getting-error-certificate-signed-by