Docker Container with golang http.获取错误"certificate signed by unknown authority"

我可能需要在链接的答案中更加清楚，第一个示例中的副本是一个单阶段示例，其中您有一个证书文件要注入到构建上下文中(通常包含Dockerfile的目录(：

FROM scratch
ADD ca-certificates.crt /etc/ssl/certs/
ADD main /
CMD ["/main"]

你有一个多阶段的构建，可以遵循链接答案后半部分的多阶段方法。这将在分发供应商的另一个阶段安装证书，并将它们复制到您的暂存阶段：

FROM golang:alpine as build
RUN apk --no-cache add ca-certificates
WORKDIR /go/src/app
COPY . .
RUN CGO_ENABLED=0 go-wrapper install -ldflags '-extldflags "-static"'
FROM scratch
COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=build /go/bin/app /app
ENTRYPOINT ["/app"]

然而，第二个例子假设Alpine作为第一阶段的基础，使用apk。(它还假设证书需要安装在基本映像中，而当前golang映像中的情况并非如此。(例如，它基于golang:1.15映像中的Debian。为此，您通常需要apt-get命令，但在这种情况下，ca-certificates包已经安装，因此您可以复制结果：

FROM golang:1.15 AS builder
COPY . /greeting
WORKDIR /greeting
ENV GO111MODULE=on
RUN CGO_ENABLED=0 GOOS=linux go build -o greeting
FROM scratch
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=builder /greeting /
CMD ["/greeting"]

在构建器阶段安装ca cert并复制到最终映像。类似于：

FROM golang:1.15 AS builder
RUN apk update
RUN apk add -U --no-cache ca-certificates && update-ca-certificates
WORKDIR /GreetingAPI
COPY . /greeting
WORKDIR /greeting
ENV GO111MODULE=on
RUN CGO_ENABLED=0 GOOS=linux go build -o greeting
FROM scratch
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=builder /greeting .
CMD ["./greeting"]