如何在扩展(node.js)泊坞窗图像上添加自定义CA证书
我正在扩展节点 – 红色docker图像,它(当前)基于node:6
泊坞窗图像。
我想将自定义的SSL证书添加到docker-image的证书存储中。 到目前为止,我做了如下:
FROM nodered/node-red-docker ADD DigiCertCA.crt /usr/local/share/ca-certificates/ RUN update-ca-certificates ADD settings.js /data/settings.js RUN npm install node-red-contrib-ttn RUN npm install node-red-contrib-influxdb RUN npm install node-red-admin RUN npm install node-red-node-geohash CMD ["npm", "start", "--", "--userDir", "/data"]
构build此映像失败,因为RUN
作为非root用户node
。
Updating certificates in /etc/ssl/certs... ln: failed to create symbolic link '/etc/ssl/certs/DigiCertCA.pem': Permission denied The command '/bin/sh -c update-ca-certificates' returned a non-zero code: 1
我知道,作为非root这样的操作是不可能的。 但是,使用自定义CA证书来扩展现有图像的有效概念是什么?
为什么不把用户切换到root来运行命令来添加证书,然后切换回来?
FROM nodered/node-red-docker ADD DigiCertCA.crt /usr/local/share/ca-certificates/ USER root RUN update-ca-certificates USER node-red ADD settings.js /data/settings.js RUN npm install node-red-contrib-ttn RUN npm install node-red-contrib-influxdb RUN npm install node-red-admin RUN npm install node-red-node-geohash CMD ["npm", "start", "--", "--userDir", "/data"]