I’m having trouble with my Docker setup on Windows 10 using WSL 2 Ubuntu. Everything was fine when I ran npm ci in the Ubuntu terminal after setting up some certificate stuff. But now when I try to build with Docker, it’s giving me certificate errors again.
Here’s what I’ve tried:
# In Ubuntu terminal (works fine)
export NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt
npm config set cafile /etc/ssl/certs/ca-certificates.crt
# In Dockerfile (doesn't work)
ENV NODE_EXTRA_CA_CERTS=/usr/local/share/ca-certificates/my-ca.crt
I also installed ca-certificates with apt-get, but no luck. The error message mentions something about not being able to get a local issuer certificate when trying to download a grpc-tools package.
Any ideas why it works in the terminal but not in Docker? I’m using a company VPN if that matters. Thanks!
It sounds like your Docker environment isn’t inheriting the certificate configuration from your WSL Ubuntu setup. This is a common issue when dealing with corporate VPNs and Docker.
Try copying your company’s CA certificate into your Docker build context and then add these lines to your Dockerfile:
COPY my-company-ca.crt /usr/local/share/ca-certificates/
RUN update-ca-certificates
ENV NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt
This should add your company’s CA to the Docker image’s trusted certificate store. Make sure to replace ‘my-company-ca.crt’ with your actual CA file name.
If that doesn’t work, you might need to configure npm to use a specific registry that your company allows. You can do this by adding:
RUN npm config set registry https://your-company-registry.com/
I’ve run into similar issues with Docker and certificates, especially when working behind a corporate VPN. One thing that worked for me was to use the --network host flag when building the Docker image. This essentially tells Docker to use the host’s network stack, which includes the VPN connection and certificate settings.
Try running your Docker build command like this:
docker build --network host -t your-image-name .
If that doesn’t solve it, you might need to manually copy the certificates from your WSL environment into the Docker container. You can do this by adding these lines to your Dockerfile:
This copies the certificates from your WSL environment directly into the Docker image. Just make sure the path to the certificates in your WSL setup matches what’s in the COPY command.
Lastly, if you’re still having trouble, you might want to check if your company has a specific npm mirror or registry you should be using. Sometimes that can bypass certificate issues altogether.