Jenkins : 발신 SSL 통신 Docker Container

Question

나는 Jenkins 도커 컨테이너를 사용하려고했습니다.

저는 Docker_container 모듈을 사용하여 Anagers에 컨테이너를 구축하고 있습니다. 그래서 같은 "명령"옵션에서 컨테이너의 추가 설정 옵션을 제공하고 있습니다 :

--httpPort=-1 --httpsPort=8443 --httpsKeyStore={{ keystore_path }} --httpsKeyStorePassword={{ keystore_password }} 

키 저장소 파일에 그대로 내 전체 루트 체인 적절히 구성된 위탁 서명 javakeystore이다 (나는했습니다

내가 스핀 업 앱을 얻을하고 적절하게 (TLS를 구성하고 올바르게 서명 보여) 키 도구를 통해 확인) 및 플러그인 커뮤니티에 연결하면 잘 작동 (I 다운로드 및 플러그인과 종속성을 구성 할 수 있습니다.)

하지만 동일한 루트 저자가 서명 한 SSL을 통해 다른 리소스와 통신하려고하면 나는 큰 실수를하고있어. '오류. https 주소로 구성된 플러그인을 사용하거나 말아서 빌드를 설정하면 문제가되지 않습니다 ... 둘 다 실패합니다. 정보, curl -k 잘 작동합니다 (예상대로)

키 저장소와 함께 일부 구성이 누락 되었습니까? 컨테이너를 배포하는 동안이 아닌 다른 곳에서 키 저장소에 참조를 추가해야합니까?

% Total % Received % Xferd Average Speed Time Time  Time Current 
           Dload Upload Total Spent Left Speed 

    0  0 0  0 0  0  0  0 --:--:-- --:--:-- --:--:--  0 
    0  0 0  0 0  0  0  0 --:--:-- --:--:-- --:--:--  0 
curl: (60) SSL certificate problem: unable to get local issuer certificate 
More details here: https://curl.haxx.se/docs/sslcerts.html 

내가 플러그인을 통해 그것을 할 경우를 heres : 나는 컬을 통해 그것을 할 경우

가 여기에 콘솔 출력에 표시 무슨 ... 높고 낮은 검색 한 꽤 난처한 상황에 빠진거야 스택 추적 :

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) 
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959) 
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) 
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) 
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514) 
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) 
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) 
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:961) 
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072) 
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385) 
    at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:757) 
    at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123) 
    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82) 
    at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140) 
    at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:506) 
    at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114) 
    at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096) 
    at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398) 
    at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) 
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) 
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323) 
    at jenkins.plugins.mattermost.StandardMattermostService.publish(StandardMattermostService.java:99) 
    at jenkins.plugins.mattermost.StandardMattermostService.publish(StandardMattermostService.java:41) 
    at jenkins.plugins.mattermost.MattermostNotifier$DescriptorImpl.doTestConnection(MattermostNotifier.java:413) 
    at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627) 
    at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343) 
    at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184) 
    at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117) 
    at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:129) 
    at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) 
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715) 
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845) 
    at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:248) 
    at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) 
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715) 
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845) 
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649) 
    at org.kohsuke.stapler.Stapler.service(Stapler.java:238) 
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) 
    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812) 
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669) 
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:135) 
    at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:138) 
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) 
    at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:80) 
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) 
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) 
    at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) 
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) 
    at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117) 
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) 
    at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) 
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) 
    at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142) 
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) 
    at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) 
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) 
    at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:92) 
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) 
    at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) 
    at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) 
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) 
    at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90) 
    at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) 
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) 
    at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) 
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) 
    at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82) 
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) 
     at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) 
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) 
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585) 
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) 
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:553) 
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223) 
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127) 
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515) 
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) 
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061) 
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) 
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) 
    at org.eclipse.jetty.server.Server.handle(Server.java:499) 
    at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311) 
    at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257) 
    at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544) 
    at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) 
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) 
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) 
    at java.lang.Thread.run(Thread.java:748) 

Answer 1

경우에 따라 OS 자체에 인증서를 추가하십시오. 나는 보통 내 이미지와는 어떤
은 다음과 같습니다

• 하나가 새로운 이미지를 생성, 어디 COPY mycert /usr/local/share/ca-certificates 및 RUN update-ca-certificates

• 또는 기존 컨테이너 :

  docker cp mycert my-container:/usr/local/share/ca-certificates 
  docker exec -u root -t my-container update-ca-certificates 
  

그리고 더블 -jck가 실제로 사용되는지 확인하여 <jdk>/jre/lib/security/cacerts 키 저장소를 패치했는지 확인하십시오.