I am trying to learn about Docker by installing it on an Oracle Linux 7 VM on top of VirtualBox on my work laptop. My work laptop uses Zscaler. I had a bunch of certificate issues and ended up learning a lot about Docker by working around them. I tried to do the Sample Application – really the simplest first step in the Docker documentation – and had all kinds of trouble getting it to work. Ultimately, I ended up with a Dockerfile that looked like this:
[root@docker ~]# cat Dockerfile # syntax=docker/dockerfile:1 FROM oraclelinux:7 COPY z.pem /etc/pki/ca-trust/source/anchors/z.pem RUN update-ca-trust RUN echo sslverify=false >> /etc/yum.conf RUN yum install -y oracle-nodejs-release-el7 oracle-release-el7 RUN yum install -y nodejs RUN npm install -g npm RUN npm install -g yarn WORKDIR /app COPY . . RUN yarn config set "strict-ssl" false -g RUN yarn install --production CMD ["node", "src/index.js"] EXPOSE 3000
By contrast the Dockerfile that was supposed to work looks like this:
# syntax=docker/dockerfile:1 FROM node:12-alpine RUN apk add --no-cache python2 g++ make WORKDIR /app COPY . . RUN yarn install --production CMD ["node", "src/index.js"] EXPOSE 3000
I ended up using the oraclelinux:7 image because it had more stuff installed such as update-ca-trust. Because I could not get anything to work with Zscaler I had to start with an image that did not require me to pull more stuff down with yum. Then, after playing with it I still ended up disabling SSL verification on yum and yarn. I had to install node since I was starting with a plain Linux image and not a node image.
I had these instructions for getting Zscaler to work on my Oracle Linux 7 VirtualBox VMs on my company computer:
Had to extract Zscaler .cer root ca from Chrome browser as z.cer. Moved to linux and ran: openssl x509 -inform der -in z.cer -outform der -out z.pem copied z.pem to /etc/pki/ca-trust/source/anchors/ ran update-ca-trust worked.
I do not know if this is really doing anything. It affects curl so that I can use curl without the -k option to disable SSL verification. Maybe things that use curl under the covers are affected by adding z.pem to the trusted certificates.
Anyway, I just wanted to document this for myself. Maybe someone out there will benefit also.