Docker容器无法卷曲,SSL版本号错误

Question

Docker容器无法卷曲,SSL版本号错误

我正在开发公司代理,使用Linux Mint Sylvia(Docker是通过Ubuntu 16.04.3 Xenial源安装的).

$ docker -v
Docker version 17.12.1-ce, build 7390fc6

Run Code Online (Sandbox Code Playgroud)

我按照这些步骤通过docker pull实际下载了一些图像.

使用systemd控制Docker(HTTP/HTTPS代理)

我的http-proxy.conf:

$ cat /etc/systemd/system/docker.service.d/http-proxy.conf 
[Service]
Environment="HTTP_PROXY=http://my_user:my_pass@company_proxy:3128/"
Environment="HTTPS_PROXY=https://my_user:my_pass@company_proxy:3128/"
Environment="NO_PROXY=localhost,127.0.0.0/8"

Run Code Online (Sandbox Code Playgroud)

我的/etc/default/docker:

# If you need Docker to use an HTTP proxy, it can also be specified here.
#export http_proxy="http://127.0.0.1:3128/"
export http_proxy="http://my_user:my_pass@company_proxy:3128"
export https_proxy="https://my_user:my_pass@company_proxy:3128"
export HTTP_PROXY="http://my_user:my_pass@company_proxy:3128"
export HTTPS_PROXY="https://my_user:my_pass@company_proxy:3128"

Run Code Online (Sandbox Code Playgroud)

我需要curl在多级Alpine容器内运行,为了简单起见,我构建了这个类似于我想要完成的简单图像并且具有相同的错误.

FROM alpine:3.7

ENV HTTP_PROXY http://my_user:my_pass@company_proxy:3128
ENV HTTPS_PROXY https://my_user:my_pass@company_proxy:3128

RUN apk add --no-cache curl

CMD ["curl","-v","--tlsv1","https://www.docker.io/"]

Run Code Online (Sandbox Code Playgroud)

内置

$ docker build --network host --rm -t test/alpine:curl .

Run Code Online (Sandbox Code Playgroud)

没有跑--network host.

$ docker run --rm test/alpine:curl                      
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Could not resolve proxy: company_proxy
* Closing connection 0
curl: (5) Could not resolve proxy: company_proxy

Run Code Online (Sandbox Code Playgroud)

跑步--network host.

$ docker run --network host --rm test/alpine:curl
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 10.2.255.0...
* TCP_NODELAY set
* Connected to company_proxy (10.2.255.0) port 3128 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [233 bytes data]
* error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Closing connection 0
curl: (35) error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number

Run Code Online (Sandbox Code Playgroud)

我是Docker的初学者,已经在2个wifi网络中测试了这个图像(两个都没有代理),容器运行良好.有关可能导致此SSL错误的任何提示？

编辑:这是我原来的问题,我有一个多阶段的docker镜像运行代码来从firebase卷曲一些东西.

// main.go
package main

import (
    "os/exec"
    "os"
    "log"
)

func main() {
    c := exec.Command("curl","--tlsv1","-kv","-X","PATCH","-d",`{"something" : "something"}`, `https://<firebase-link>`);

    c.Stdout = os.Stdout
    c.Stderr = os.Stderr
    err := c.Run()
    checkerr(err)
}


func checkerr(err error) {
    if err != nil{
        log.Fatal(err.Error())
        panic(err)
    }
}

Run Code Online (Sandbox Code Playgroud)

原始的Dockerfile:

# This image only builds the go binaries
FROM golang:1.10-alpine as goalpine-image

ENV HTTP_PROXY http://my_user:my_pass@company_proxy:3128
ENV HTTPS_PROXY https://my_user:my_pass@company_proxy:3128
ENV FULL_PATH /go/src/<project-name>

WORKDIR $FULL_PATH

# Add the source code:

ADD . $FULL_PATH

# Build it:
RUN cd $FULL_PATH \
    && CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o bin/<project-name>

# This image holds the binaries from the previous

FROM alpine

RUN apk add --no-cache bash curl\
    && mkdir build

ENV WORD_DIR=/build

WORKDIR WORK_DIR

COPY --from=goalpine-image /go/src/<project-name>/bin ./

CMD ["./<project-name>"]

Run Code Online (Sandbox Code Playgroud)

Answer 1

Ari*_*stu 3

我已经编辑了我的问题以包含有关我的原始问题的更多信息，奇怪的是问题仍然存在于玩具图像中。所以，如果有人再次遇到这个问题，这就是我解决的问题。

多阶段 Dockerfile。似乎两个阶段都需要访问代理环境。

# This image only builds the go binaries
FROM golang:1.10-alpine as goalpine-image

ARG http_proxy
ARG https_proxy

ENV HTTP_PROXY $http_proxy
ENV HTTPS_PROXY $https_proxy

# Build envs
ENV FULL_PATH /go/src/<project-name>

WORKDIR $FULL_PATH

# Add the source code:

ADD . $FULL_PATH

# Build it:
RUN cd $FULL_PATH \
    && apk update \
    && apk add --no-cache curl \
    && CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o bin/<project-name>

# This image holds the binaries from the previous

FROM alpine:3.7

ENV HTTP_PROXY $http_proxy
ENV HTTPS_PROXY $https_proxy

RUN apk update \
    && apk add --no-cache bash curl\
    && mkdir build

ENV WORD_DIR=/build

WORKDIR WORK_DIR

COPY --from=goalpine-image /go/src/<project-name>/bin ./

CMD ["./<project-name>"]

Run Code Online (Sandbox Code Playgroud)

建筑：

确保设置http_proxy和https_proxy作为环境变量，我的位于/etc/profile.

docker build --rm --build-arg http_proxy=$http_proxy --build-arg https_proxy=$https_proxy --network host -t <project-name>:multi-stage .

Run Code Online (Sandbox Code Playgroud)

跑步：

docker container run --rm --network host <project-name>:multi-stage

Run Code Online (Sandbox Code Playgroud)

归档时间：	7 年，6 月前
查看次数：	8873 次
最近记录：	6 年，8 月前