Hi
In another series of blogs relating to Docker config for NodeJS, I present the list of command handy and essential for configuring the SSL PEM for the container.
In this blog I would take the current “getting-started” example on docker website and will configure the step in-between to make the entire tutorial work behind you enterprise security in a secure manner.
Docker Tutorial:
https://docs.docker.com/get-started/
Following upon the tutorial on the website when I reach the following step
docker build -t getting-started .
I come across the following error:
And this leads to my first solution in this process, add the following commands in the existing DockerFile in the project and your initial build would be good back again.
Earlier
# syntax=docker/dockerfile:1
FROM node:12-alpine
RUN apk add --no-cache python2 g++ make
WORKDIR /app
COPY . .
RUN yarn install --production
CMD ["node", "src/index.js"]
New (ensure you have copied the “cert” folder containing the “nscacert.pem” and “nstenantcert.pem” in you project folder)
# syntax=docker/dockerfile:1
FROM node:12-alpine
WORKDIR /etc/ssl/certs
COPY cert/nscacert.pem /etc/ssl/certs/nscacert.pem
COPY cert/nstenantcert.pem /etc/ssl/certs/nstenantcert.pem
RUN cat nscacert.pem >> ca-certificates.crt
RUN cat nstenantcert.pem >> ca-certificates.crt
RUN apk add --no-cache python3 g++ make
WORKDIR /app
COPY . .
RUN yarn config set cafile /etc/ssl/certs/ca-certificates.crt
RUN yarn install --production
CMD ["node", "src/index.js"]
And Voila again, you have you first new successful image build.
Now the rest of the steps in the tutorial should be easy to follow, but you would face challenge on another step in the process where the container is scanned by the 3rd party service called as “snyk“.
docker scan getting-started
Now as soon this command is executed after few seconds the following error appeared
And this took me some time to work out what was the internal config of this command to ensure it works seamlessly. And then I worked out that internally “docker scan” command routes to another app which is installed with docker
And finding similarity of the “snyk.exe” app icon similar to NodeJs, and further investigation I worked out that the NodeJS config are applicable to the above application, so to make the “docker scan ” work all we need to is set the environment variables in the server to point to our valid PEM files for ssh validation
Run the command “sysdm.cpl” and set the following variables
NODE_EXTRA_CA_CERTS – C:\ProgramData\netskope\stagent\data\nscacert.pem
NODE_TLS_REJECT_UNAUTHORIZED – 1
And post the above ensure you re-start your terminal/VS code for the new environment variables to be loaded.
And there you go, you should have a successful run as expected.
I hope the above tricks help, in jump starting your Docker journey.
