Backend Development
Golang
How to Fix Docker Multi-Stage Image Build Errors: \'x509: Certificate Signed by Unknown Authority\'?
How to Fix Docker Multi-Stage Image Build Errors: \'x509: Certificate Signed by Unknown Authority\'?
Nov 03, 2024 pm 08:46 PM
Docker Multi-Stage Image Build Error: x509: Certificate Signed by Unknown Authority
This error occurs when building Docker images that rely on Git for dependency management, such as those using the docker-multi-stage-build technique.
Problem Overview
During image building, Git uses the system CA store to verify SSL certificates. However, in private networks, this store may not contain the necessary certificates to connect to external servers like GitHub and proxy.golang.org, resulting in the "x509: certificate signed by unknown authority" error.
Workaround
The problem can be fixed by importing the certificates into the system CA store.
Solution
- Install OpenSSL: Install the OpenSSL package on the host machine.
-
Get Certificates: Retrieve the certificates for the problematic servers using the following OpenSSL commands:
- For GitHub: openssl s_client -showcerts -connect github.com:443 < /dev/null 2> /dev/null | openssl x509 -outform PEM > ${cert_location}/github.crt
- For proxy.golang.org: openssl s_client -showcerts -connect proxy.golang.org:443 < /dev/null 2> /dev/null | openssl x509 -outform PEM > ${cert_location}/proxy.golang.crt
- Import Certificates: Import the certificates into the system CA store using the update-ca-certificates command.
Revised Dockerfile
The following revised Dockerfile incorporates the certificate import steps:
<code class="dockerfile">FROM golang:latest as builder
RUN apt-get update && apt-get install -y ca-certificates openssl
ARG cert_location=/usr/local/share/ca-certificates
# Get certificate from "github.com"
RUN openssl s_client -showcerts -connect github.com:443 < /dev/null 2> /dev/null | openssl x509 -outform PEM > ${cert_location}/github.crt
# Get certificate from "proxy.golang.org"
RUN openssl s_client -showcerts -connect proxy.golang.org:443 < /dev/null 2> /dev/null | openssl x509 -outform PEM > ${cert_location}/proxy.golang.crt
# Update certificates
RUN update-ca-certificates
WORKDIR /app
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN GO111MODULE="on" CGO_ENABLED=0 GOOS=linux go build -o main ${MAIN_PATH}
FROM alpine:latest
LABEL maintainer="Kozmo"
RUN apk add --no-cache bash
WORKDIR /app
COPY --from=builder /app/main .
EXPOSE 8080
CMD ["/app/main"]</code>
Note: The update-ca-certificates command may take a few minutes to complete. Once it is finished, subsequent Docker builds should proceed without the "x509: certificate signed by unknown authority" error.
The above is the detailed content of How to Fix Docker Multi-Stage Image Build Errors: \'x509: Certificate Signed by Unknown Authority\'?. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1794
16
1740
56
1591
29
1474
72
267
587
Strategies for Integrating Golang Services with Existing Python Infrastructure
Jul 02, 2025 pm 04:39 PM
TointegrateGolangserviceswithexistingPythoninfrastructure,useRESTAPIsorgRPCforinter-servicecommunication,allowingGoandPythonappstointeractseamlesslythroughstandardizedprotocols.1.UseRESTAPIs(viaframeworkslikeGininGoandFlaskinPython)orgRPC(withProtoco
Understanding the Performance Differences Between Golang and Python for Web APIs
Jul 03, 2025 am 02:40 AM
Golangofferssuperiorperformance,nativeconcurrencyviagoroutines,andefficientresourceusage,makingitidealforhigh-traffic,low-latencyAPIs;2.Python,whileslowerduetointerpretationandtheGIL,provideseasierdevelopment,arichecosystem,andisbettersuitedforI/O-bo
Is golang frontend or backend
Jul 08, 2025 am 01:44 AM
Golang is mainly used for back-end development, but it can also play an indirect role in the front-end field. Its design goals focus on high-performance, concurrent processing and system-level programming, and are suitable for building back-end applications such as API servers, microservices, distributed systems, database operations and CLI tools. Although Golang is not the mainstream language for web front-end, it can be compiled into JavaScript through GopherJS, run on WebAssembly through TinyGo, or generate HTML pages with a template engine to participate in front-end development. However, modern front-end development still needs to rely on JavaScript/TypeScript and its ecosystem. Therefore, Golang is more suitable for the technology stack selection with high-performance backend as the core.
How to completely and cleanly uninstall Golang from my system?
Jun 30, 2025 am 01:58 AM
TocompletelyuninstallGolang,firstdeterminehowitwasinstalled(packagemanager,binary,source,etc.),thenremoveGobinariesanddirectories,cleanupenvironmentvariables,anddeleterelatedtoolsandcaches.Beginbycheckinginstallationmethod:commonmethodsincludepackage
How to marshal a golang struct to JSON with custom field names?
Jun 30, 2025 am 01:59 AM
In Go, if you want the structure field to use a custom field name when converting to JSON, you can implement it through the json tag of the structure field. 1. Use the json: "custom_name" tag to specify the key name of the field in JSON. For example, Namestringjson: "username"" will make the Name field output as "username"; 2. Add, omitempty can control that the output is omitted when the field is empty, such as Emailstringjson: "email,omitempty""
How to install Go
Jul 09, 2025 am 02:37 AM
The key to installing Go is to select the correct version, configure environment variables, and verify the installation. 1. Go to the official website to download the installation package of the corresponding system. Windows uses .msi files, macOS uses .pkg files, Linux uses .tar.gz files and unzip them to /usr/local directory; 2. Configure environment variables, edit ~/.bashrc or ~/.zshrc in Linux/macOS to add PATH and GOPATH, and Windows set PATH to Go in the system properties; 3. Use the government command to verify the installation, and run the test program hello.go to confirm that the compilation and execution are normal. PATH settings and loops throughout the process
How to fix 'go: command not found' after installation?
Jun 30, 2025 am 01:54 AM
"Go:commandnotfound" is usually caused by incorrect configuration of environment variables; 1. Check whether Go has been installed correctly and use whichgo to confirm the path; 2. Manually add Go's bin directory (such as /usr/local/go/bin) to the PATH environment variable; 3. Modify the corresponding shell's configuration file (such as .bashrc or .zshrc) and execute source to make the configuration take effect; 4. Optionally set GOROOT and GOPATH to avoid subsequent module problems. After completing the above steps, run government and verify whether it is repaired.
Resource Consumption (CPU/Memory) Benchmarks for Typical Golang vs Python Web Services
Jul 03, 2025 am 02:38 AM
Golang usually consumes less CPU and memory than Python when building web services. 1. Golang's goroutine model is efficient in scheduling, has strong concurrent request processing capabilities, and has lower CPU usage; 2. Go is compiled into native code, does not rely on virtual machines during runtime, and has smaller memory usage; 3. Python has greater CPU and memory overhead in concurrent scenarios due to GIL and interpretation execution mechanism; 4. Although Python has high development efficiency and rich ecosystem, it consumes a high resource, which is suitable for scenarios with low concurrency requirements.
