我正在按照文档here建立概念证明,包括Ubuntu 20.04.5 LTS上的自托管Docker代理在内的Azure Devops Server环境。 当我尝试使用此命令启动容器时,它由于curl的SSL错误而失败:
myuser@ubuntu20-04dockertest:~$ sudo docker run -e AZP_URL=https://win-k58ocndvak6/DefaultCollection -e AZP_TOKEN=XXXXXXXXXXXXXXXXXXXXXXXXXXXX -e AZP_AGENT_NAME=scs-docker-agent dockeragent:latest
[sudo] password for myuser:
1. Determining matching Azure Pipelines agent...
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
我尝试在Azure Devops Server IIS绑定中使用自签名证书,并通过安装Active Directory证书服务并将Azure Devops Server配置为独立的根CA,颁发证书并应用Azure Devops Server IIS绑定。自签名证书和CA证书都被导入到Ubuntu计算机受信任证书存储中。这些配置都不起作用,但是对Azure Devops Server URL运行curl似乎很好:
myuser@ubuntu20-04dockertest:~$ curl -v https://win-k58ocndvak6/DefaultCollection
* Trying 192.168.122.204:443...
* TCP_NODELAY set
* Connected to win-k58ocndvak6 (192.168.122.204) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=AU; ST=WA; L=Perth; O=WIN-K58OCNDVAK6; OU=SCS-DEV; CN=WIN-K58OCNDVAK6
* start date: Sep 24 08:06:11 2020 GMT
* expire date: Sep 24 08:16:11 2021 GMT
* common name: WIN-K58OCNDVAK6 (matched)
* issuer: CN=WIN-K58OCNDVAK6-CA-1
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x55d60c17ddb0)
> GET /DefaultCollection HTTP/2
> Host: win-k58ocndvak6
> user-agent: curl/7.68.0
> accept: */*
有人知道这是怎么回事吗?
让“ docker run”命令不关心SSL的方法也很好,这只是概念开发的证明。
谢谢:)