I installed Docker Desktop on my work M2 Macbook Air and then I ran a Dockerfile to create a build but the build process fails.
This is my docker file
FROM node:16-alpine as build-step
WORKDIR /app
COPY package*.json /app/
RUN npm install
COPY ./ /app/
RUN npm run build
FROM nginx:1.25-alpine
COPY --from=build-step /app/build/ /usr/share/nginx/html
RUN rm /etc/nginx/conf.d/default.conf
COPY --from=build-step /app/nginx.conf /etc/nginx/conf.d/default.conf
EXPOSE 80
the process exits on npm install step, this is the error:
npm ERR! code UNABLE_TO_GET_ISSUER_CERT_LOCALLY
npm ERR! errno UNABLE_TO_GET_ISSUER_CERT_LOCALLY
npm ERR! request to https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz failed, reason: unable to get local issuer certificate
I googled regarding this error and tried the available solutions nothing worked.
My colleague has the same laptop, they installed the docker app and ran the above dockerfile and it ran perfectly fine. No errors. I am doing exactly the same thing, why does it not work on my system?
I also tried running diagnostics on docker app but on diagnose window it just shows âDiagnosingâŠâ for very long time. So I tried to run diagnose from terminal but the dockerâs /bin folder doesnât have docker-diagnose!
It doesnât seem reasonable that the ca-certificates that come with the node:16-alpine image works on one machine, but not on another, if no forced http proxy or tls inspection is involved. I tried to understand if tls inspection happens on the network, but since it happens from home (without enabled vpn connection to the company network) as well, it seems save to say tls inspection is not the issue here.
It could be a whole different deal if https://registry.npmjs.org would be a private registry with self-signed certificates, but this is also not the case, since it is a publicly reachable registry with a certificate issued by Cloudflare Inc ECC CA-3.
Does it make a difference, if you use docker build --pull ... ( with ... being the rest of your command)? The --pull argument makes sure the latest version of the base image is pulled. This would prevent that an existing image for the repo:tag would be used, and instead the most recent image for the repo:tag is pulled and used when building your image.
Note: Node 16 is EOL since exactly two months (see: https://nodejs.org/en/blog/announcements/nodejs16-eol). Effectively basing your work on Node 16, means that you are willingly postponing to fix the technical depth migrating your image (and probably your code) to node 18 (or new) to the near future.
I added the --pull option to the build command, still the same error
although docker did fail to get the node-16:alpine in this case so I changed it to node:18-alpine
There is an ongoing issue now with docker pull, so I recommend waiting until it is resolved so you can be sure whatever error you see is related to your issue and not caused by this
'Im not sure how i could help. In your first post you mentioned that your colleague did the same with no errors. Somehow you should find out what the difference is between the machines. Letâs say everything is the same (which is not likelybecause there are always small differences we donât even think of), then something must be different in the environment.
On Windows, I would say that you should check the end of line characters in the config files, because the git client on Windows can change it automatically when the project is checked out, but on Mac, it doesnât happen.
Old operating systems could also be a problem (in container) which could be different for different users if one of the users pulled the image later, but you tried a newer node image as well.
You can try curl -vvv in the container to see if that can handle the certs.
Some people recommend using a http url instead of https and disable strict ssl in npm,
but ven if that helps, it doesnât explain why your Dockerfile works in one machine and not on another.