I am trying to create a simple docker image that runs .NET Core APIs. The problem is, my environment is behind a proxy with self-signed certificate i.e. not trusted 🙁
Following is my docker file
## runtime:3.1 does not support certoc or openssl or powershell which forced me to change image to nanoserver-1809
#FROM mcr.microsoft.com/dotnet/core/runtime:3.1
FROM mcr.microsoft.com/dotnet/core/runtime:3.1-nanoserver-1809
ARG source
ARG BUILD_ENV=development
# Option - 1
# ADD z-scaler-certificate.crt /usr/local/share/ca-certificates/z-scaler-certificate.crt
# RUN certoc -addstore root /usr/local/share/ca-certificates/z-scaler-certificate.crt
# Option - 2
# RUN powershell IMPORT-CERTIFICATE -FilePath /usr/z-scaler-certificate.crt -CertStoreLocation 'Cert:\LocalMachineRoot'
# Option - 3
# RUN CERT_DIR=(openssl version -d | cut -f2 -d ")/certs; cp /usr/z-scaler-certificate.crt $CERT_DIR; update-ca-certificates; fi
# Option - 4
ADD z-scaler-certificate.crt /container/cert/path
RUN update-ca-certificates
WORKDIR /app
COPY ${source:-bin/Debug/netcoreapp3.1} .
ENTRYPOINT ["dotnet", "Webjob.dll"]
I tried almost all possible options I could try from internet but all fails with the same error –
executor failed running [cmd /S /C update-ca-certificates]: unable to find user ContainerUser: invalid argument
I need help in figuring out what is that I am doing wrong that the certificate is not being added to the store?
2
Answers
In order to execute admin tasks you should use
ContainerAdministrator
userWhen working with containers, I’d recommend keeping to standard Linux tech unless there is a good reason. This is the most standard option and will work on the MS Debian images:
I am assuming here that your CRT file is a valid root certificate.