我正在扩展node-red docker图像,该图像(当前)基于node:6
泊坞窗图像。
我想在docker-image的证书库中添加自定义SSL证书。到目前为止,我做了如下:
FROM nodered/node-red-docker
ADD DigiCertCA.crt /usr/local/share/ca-certificates/
RUN update-ca-certificates
ADD settings.js /data/settings.js
RUN npm install node-red-contrib-ttn
RUN npm install node-red-contrib-influxdb
RUN npm install node-red-admin
RUN npm install node-red-node-geohash
CMD ["npm", "start", "--", "--userDir", "/data"]
构建此映像失败,因为RUN
作为非root用户node
执行。
Updating certificates in /etc/ssl/certs... ln: failed to create symbolic link '/etc/ssl/certs/DigiCertCA.pem': Permission denied
The command '/bin/sh -c update-ca-certificates' returned a non-zero code: 1
我意识到,作为非root用户,这样的操作是不可能的。但是,使用自定义CA证书扩展现有图像的有效概念是什么?
答案 0 :(得分:1)
为什么不将用户切换到root运行命令以添加证书然后切换回来?
FROM nodered/node-red-docker
ADD DigiCertCA.crt /usr/local/share/ca-certificates/
USER root
RUN update-ca-certificates
USER node-red
ADD settings.js /data/settings.js
RUN npm install node-red-contrib-ttn
RUN npm install node-red-contrib-influxdb
RUN npm install node-red-admin
RUN npm install node-red-node-geohash
CMD ["npm", "start", "--", "--userDir", "/data"]
答案 1 :(得分:0)
这是代理和证书的完整示例。
使用 npm config set cafile
Dockerfile:
docker build --build-arg http_proxy=$http_proxy --build-arg https_proxy=$https_proxy --tag mynode .
并运行:
.babelrc