如何在运行Go的Busybox Docker容器中进行HTTPS调用？

有多种select，你可以有

从主机分享证书

正如您所指出的，您可以从主机共享/etc/ssl/certs 。

使用busybox与证书

您可以使用已安装证书的odise/busybox-curl等图像。

为此，使用docker-compose和共享卷

这是一个更好的方法，因为它不需要你依赖主机

 version: '2' services: busybox: image: busybox command: sleep 1000 volumes: - certificates:/etc/ssl/certs:ro certifcate_installer: image: alpine command: sh -c 'apk update && apk add ca-certificates' volumes: - certificates:/etc/ssl/certs volumes: certificates: 

使用多阶段Dockerfile构build它

 FROM alpine as certs RUN apk update && apk add ca-certificates FROM busybox COPY --from=certs /etc/ssl/certs /etc/ssl/certs 

然后像普通文件一样构build它

 vagrant@vagrant:~/certs$ docker build -t busyboxcerts . Sending build context to Docker daemon 49.66kB Step 1/4 : FROM alpine as certs ---> 4a415e366388 Step 2/4 : RUN apk update && apk add ca-certificates ---> Running in 0059f93b5fc5 fetch http://dl-cdn.alpinelinux.org/alpine/v3.5/main/x86_64/APKINDEX.tar.gz fetch http://dl-cdn.alpinelinux.org/alpine/v3.5/community/x86_64/APKINDEX.tar.gz v3.5.2-131-g833fa41a4d [http://dl-cdn.alpinelinux.org/alpine/v3.5/main] v3.5.2-125-g9cb91a548a [http://dl-cdn.alpinelinux.org/alpine/v3.5/community] OK: 7966 distinct packages available (1/1) Installing ca-certificates (20161130-r1) Executing busybox-1.25.1-r0.trigger Executing ca-certificates-20161130-r1.trigger OK: 5 MiB in 12 packages ---> 1a84422237e4 Removing intermediate container 0059f93b5fc5 Step 3/4 : FROM busybox ---> efe10ee6727f Step 4/4 : COPY --from=certs /etc/ssl/certs /etc/ssl/certs ---> af9936f55fc4 Removing intermediate container 1af54c34a5b5 Successfully built af9936f55fc4 Successfully tagged busyboxcerts:latest vagrant@vagrant:~/certs$ docker run busyboxcerts:latest ls /etc/ssl/certs 02265526.0 024dc131.0 03179a64.0 

有关多级构build的更多详细信息，请参阅https://docs.docker.com/engine/userguide/eng-image/multistage-build/#before-multi-stage-builds

所有的方法都有自己的优点和缺点。 我个人更喜欢最后一个或倒数第二个方法

使用apk add ca-certificates && update-ca-certificates certificates在你的容器中安装CA证书，如下所述。