Can build docker image

I installed Docker Desktop on my work M2 Macbook Air and then I ran a Dockerfile to create a build but the build process fails.
This is my docker file

FROM node:16-alpine as build-step

WORKDIR /app

COPY package*.json /app/

RUN npm install

COPY ./ /app/

RUN npm run build

FROM nginx:1.25-alpine

COPY --from=build-step /app/build/ /usr/share/nginx/html

RUN rm /etc/nginx/conf.d/default.conf

COPY --from=build-step /app/nginx.conf /etc/nginx/conf.d/default.conf

EXPOSE 80

the process exits on npm install step, this is the error:

npm ERR! code UNABLE_TO_GET_ISSUER_CERT_LOCALLY
npm ERR! errno UNABLE_TO_GET_ISSUER_CERT_LOCALLY
npm ERR! request to https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz failed, reason: unable to get local issuer certificate

I googled regarding this error and tried the available solutions nothing worked.

My colleague has the same laptop, they installed the docker app and ran the above dockerfile and it ran perfectly fine. No errors. I am doing exactly the same thing, why does it not work on my system?

I also tried running diagnostics on docker app but on diagnose window it just shows “Diagnosing…” for very long time. So I tried to run diagnose from terminal but the docker’s /bin folder doesn’t have docker-diagnose!

Does this happen in the office, or when connected to your company’s vpn, but does not if you are at home?

Are you in the same network?

I tried on my personal network as well, same issue.

Yes, we are on the same network.

Now I realized @meyay basically asked for the same information in a different way, I just didn’t notice then :open_mouth:

If your MacBook hardware is the same, is your macOS version the same too?

Yes, same OS as well, Sonoma 14.0

It doesn’t seem reasonable that the ca-certificates that come with the node:16-alpine image works on one machine, but not on another, if no forced http proxy or tls inspection is involved. I tried to understand if tls inspection happens on the network, but since it happens from home (without enabled vpn connection to the company network) as well, it seems save to say tls inspection is not the issue here.

It could be a whole different deal if https://registry.npmjs.org would be a private registry with self-signed certificates, but this is also not the case, since it is a publicly reachable registry with a certificate issued by Cloudflare Inc ECC CA-3.

Does it make a difference, if you use docker build --pull ... ( with ... being the rest of your command)? The --pull argument makes sure the latest version of the base image is pulled. This would prevent that an existing image for the repo:tag would be used, and instead the most recent image for the repo:tag is pulled and used when building your image.

Note: Node 16 is EOL since exactly two months (see: https://nodejs.org/en/blog/announcements/nodejs16-eol). Effectively basing your work on Node 16, means that you are willingly postponing to fix the technical depth migrating your image (and probably your code) to node 18 (or new) to the near future.

I added the --pull option to the build command, still the same error
although docker did fail to get the node-16:alpine in this case so I changed it to node:18-alpine

There is an ongoing issue now with docker pull, so I recommend waiting until it is resolved so you can be sure whatever error you see is related to your issue and not caused by this

1 Like

@meyay @rimelek
Hi can anyone help me with this issue? I’m really stuck!

'Im not sure how i could help. In your first post you mentioned that your colleague did the same with no errors. Somehow you should find out what the difference is between the machines. Let’s say everything is the same (which is not likelybecause there are always small differences we don’t even think of), then something must be different in the environment.

On Windows, I would say that you should check the end of line characters in the config files, because the git client on Windows can change it automatically when the project is checked out, but on Mac, it doesn’t happen.

Old operating systems could also be a problem (in container) which could be different for different users if one of the users pulled the image later, but you tried a newer node image as well.

You can try curl -vvv in the container to see if that can handle the certs.

Some people recommend using a http url instead of https and disable strict ssl in npm,

but ven if that helps, it doesn’t explain why your Dockerfile works in one machine and not on another.