Docker !!
An exciting new technology which has been introduced and adopted widely in a short span of time.
Its been just over a year I have started leveraging the benefits of Docker, but in this post as the title suggest I wanted to list some of the most useful commands in Docker which comes in handy while embarking on any project.
Background: I have installed Docker for windows and all the commands below are relating to the same.
https://docs.docker.com/desktop/windows/install/
Pull a python base image from docker repo (https://docs.docker.com/engine/reference/commandline/pull/)
docker pull python:3.8-slim-buster
Run the above pulled image as container (https://docs.docker.com/engine/reference/commandline/run/)
docker run -t -d --name my-python python:3.8-slim-buster
Connect to running container (https://docs.docker.com/engine/reference/commandline/exec/)
docker exec -it my-python /bin/bash
And now once you are connected and try to install any python packages to setup your build you encounter the following error.
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1131)’))
And this brings me to the next part of this blog:
Configure the SSL certificate in Docker container running in Host with Netskope
To overcome the above error we need to add our anti-virus PEM keys to the container cert and set it into our PIP config, with the following commands
Copy you anti-virus PEM keys to a dev location
(for Netskope usually found in the following user location “C:\ProgramData\netskope\stagent\data”)
Obtain the running container ID via the following command
docker container ls
Use the docker copy command to move the PEM files from host to docker container
docker cp .\nscacert.pem 3f8dfa413517:/etc/ssl/certs/nscacert.pem
docker cp .\nstenantcert.pem 3f8dfa413517:/etc/ssl/certs/nstenantcert.pem
Now if connect back to your container and view the content of the folder our PEM files will appear which needs to be appended to the “ca-certificates.crt” file via the following command
cat nscacert.pem >> ca-certificates.crt
cat nstenantcert.pem >> ca-certificates.crt
And finally configure the PIP to leverage this new “ca-certificates.crt” file for any SSL auth, and ensure the path is set correctly.
pip3 config set global.cert /etc/ssl/certs/ca-certificates.crt
pip3 config list -v
And now when you run the command as regular package install, Voila you see what you expect.
I hope the above help for any one finding difficulty configuring the docker environment behind the SSL (anti-virus) connection issues.
The above steps can be wrapped in any DockerFile for composition command as pre-requisite for you app.
