Docker – Important Commands and SSH PEM Config (Netskope) for Python

Docker !!
An exciting new technology which has been introduced and adopted widely in a short span of time.

Its been just over a year I have started leveraging the benefits of Docker, but in this post as the title suggest I wanted to list some of the most useful commands in Docker which comes in handy while embarking on any project.

Background: I have installed Docker for windows and all the commands below are relating to the same.
https://docs.docker.com/desktop/windows/install/

Pull a python base image from docker repo (https://docs.docker.com/engine/reference/commandline/pull/)

docker pull python:3.8-slim-buster

Run the above pulled image as container (https://docs.docker.com/engine/reference/commandline/run/)

docker run -t -d --name my-python python:3.8-slim-buster

Connect to running container (https://docs.docker.com/engine/reference/commandline/exec/)

docker exec -it my-python /bin/bash

And now once you are connected and try to install any python packages to setup your build you encounter the following error.

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1131)’))

And this brings me to the next part of this blog:

Configure the SSL certificate in Docker container running in Host with Netskope

To overcome the above error we need to add our anti-virus PEM keys to the container cert and set it into our PIP config, with the following commands

Copy you anti-virus PEM keys to a dev location

(for Netskope usually found in the following user location “C:\ProgramData\netskope\stagent\data”)

Obtain the running container ID via the following command

docker container ls

Use the docker copy command to move the PEM files from host to docker container

docker cp .\nscacert.pem 3f8dfa413517:/etc/ssl/certs/nscacert.pem
docker cp .\nstenantcert.pem 3f8dfa413517:/etc/ssl/certs/nstenantcert.pem

Now if connect back to your container and view the content of the folder our PEM files will appear which needs to be appended to the “ca-certificates.crt” file via the following command

cat nscacert.pem >> ca-certificates.crt
cat nstenantcert.pem >> ca-certificates.crt

And finally configure the PIP to leverage this new “ca-certificates.crt” file for any SSL auth, and ensure the path is set correctly.

pip3 config set global.cert /etc/ssl/certs/ca-certificates.crt
pip3 config list -v

And now when you run the command as regular package install, Voila you see what you expect.

I hope the above help for any one finding difficulty configuring the docker environment behind the SSL (anti-virus) connection issues.

The above steps can be wrapped in any DockerFile for composition command as pre-requisite for you app.

Leave a Reply

Your email address will not be published. Required fields are marked *

*