2

我一直在寻找任何证书管理器的这张图片,但我找不到任何可以帮助我安装 .cer 证书的东西。1709 nanoserver 映像不附带 powershell,因此为了使用它,我必须使用 microsoft/windowsservercore 映像进行多阶段构建,但我不太确定如何去做,我可以似乎没有通过谷歌找到任何有帮助的东西。

如果有人知道使用或不使用多阶段构建来安装证书的方法,将不胜感激。

对于那些感兴趣的人,这是我的 docker-compose.yml 和 Dockerfile

码头工人-compose.yml

version: '3'

services:
  myapp:
    image: myapp
    ports:
    - "5000:80"
    build:
      context: .
      dockerfile: MyApp\Dockerfile
    container_name: "myapp"
    hostname: "myapp"
    depends_on:
      - db
  db:
    image: "microsoft/mssql-server-windows-express"
    environment:
      SA_PASSWORD: ""
      ACCEPT_EULA: "Y"
    container_name: "myapp"
    hostname: "myapp"

Dockerfile

FROM microsoft/aspnetcore:2.0-nanoserver-1709 AS base
WORKDIR /app
EXPOSE 80

FROM microsoft/aspnetcore-build:2.0-nanoserver-1709 AS build
WORKDIR /src
COPY MyApp.sln ./
COPY MyApp/MyApp.csproj MyApp/
RUN dotnet restore -nowarn:msb3202,nu1503
COPY . .
WORKDIR /src/MyApp
RUN dotnet restore
RUN dotnet ef database update
RUN dotnet build -c Release -o /app

FROM build AS publish
RUN dotnet publish -c Release -o /app

FROM base AS final
WORKDIR /app
COPY --from=publish /app .
ENTRYPOINT ["dotnet", "MyApp.dll"]

谢谢!

4

1 回答 1

3

在某些图像上,有一个名为certoc.exe允许您导入证书的工具(用法:)certoc.exe -addstore root my_root_certificate.cer。此工具不存在于 1709 图像上,但存在于诸如microsoft/nanoserver:sac2016.

总而言之,我发现处理该问题的最佳方法是将其更改Dockerfile为包含以下内容:

FROM microsoft/nanoserver:sac2016 as tool COPY --from=tool /Windows/System32/certoc.exe . USER ContainerAdministrator RUN certoc.exe -addstore root my_root_certificate.cer

此处提供完整示例:https ://pvlerick.github.io/2018/11/how-to-run-an-https-asp.net-core-app-using-test-certificates-in-nanoserver-1709-1803 -with-docker

在这里非常感谢 Joshua Chini:https ://joshuachini.com/2018/02/08/how-to-import-an-enterprise-certificate-into-a-windows-container/

于 2018-10-10T14:05:42.897 回答