I installed Docker Desktop on my work M2 Macbook Air and then I ran a Dockerfile to create a build but the build process fails.
This is my docker file
FROM node:16-alpine as build-step
COPY package*.json /app/
RUN npm install
COPY ./ /app/
RUN npm run build
COPY --from=build-step /app/build/ /usr/share/nginx/html
RUN rm /etc/nginx/conf.d/default.conf
COPY --from=build-step /app/nginx.conf /etc/nginx/conf.d/default.conf
the process exits on npm install step, this is the error:
npm ERR! code UNABLE_TO_GET_ISSUER_CERT_LOCALLY
npm ERR! errno UNABLE_TO_GET_ISSUER_CERT_LOCALLY
npm ERR! request to https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz failed, reason: unable to get local issuer certificate
I googled regarding this error and tried the available solutions nothing worked.
My colleague has the same laptop, they installed the docker app and ran the above dockerfile and it ran perfectly fine. No errors. I am doing exactly the same thing, why does it not work on my system?
I also tried running diagnostics on docker app but on diagnose window it just shows “Diagnosing…” for very long time. So I tried to run diagnose from terminal but the docker’s /bin folder doesn’t have docker-diagnose!
It doesn’t seem reasonable that the ca-certificates that come with the node:16-alpine image works on one machine, but not on another, if no forced http proxy or tls inspection is involved. I tried to understand if tls inspection happens on the network, but since it happens from home (without enabled vpn connection to the company network) as well, it seems save to say tls inspection is not the issue here.
It could be a whole different deal if https://registry.npmjs.org would be a private registry with self-signed certificates, but this is also not the case, since it is a publicly reachable registry with a certificate issued by Cloudflare Inc ECC CA-3.
Does it make a difference, if you use docker build --pull ... ( with ... being the rest of your command)? The --pull argument makes sure the latest version of the base image is pulled. This would prevent that an existing image for the repo:tag would be used, and instead the most recent image for the repo:tag is pulled and used when building your image.
Note: Node 16 is EOL since exactly two months (see: https://nodejs.org/en/blog/announcements/nodejs16-eol). Effectively basing your work on Node 16, means that you are willingly postponing to fix the technical depth migrating your image (and probably your code) to node 18 (or new) to the near future.
'Im not sure how i could help. In your first post you mentioned that your colleague did the same with no errors. Somehow you should find out what the difference is between the machines. Let’s say everything is the same (which is not likelybecause there are always small differences we don’t even think of), then something must be different in the environment.
On Windows, I would say that you should check the end of line characters in the config files, because the git client on Windows can change it automatically when the project is checked out, but on Mac, it doesn’t happen.
Old operating systems could also be a problem (in container) which could be different for different users if one of the users pulled the image later, but you tried a newer node image as well.
You can try curl -vvv in the container to see if that can handle the certs.
Some people recommend using a http url instead of https and disable strict ssl in npm,
but ven if that helps, it doesn’t explain why your Dockerfile works in one machine and not on another.